Skip to content

ELKFH - Elastic, Logstash, Kibana, Filebeat and Honeypot (HTTP, HTTPS, SSH, RDP, VNC, Redis, MySQL, MONGO, SMB, LDAP)

License

Notifications You must be signed in to change notification settings

qeeqbox/seahorse

Repository files navigation

Generic badge Generic badge Generic badge

ELKFH (Elastic, Logstash, Kibana, Filebeat and Honeypot) system for monitoring security tools that interact with (HTTP, HTTPS, SSH, RDP, VNC, Redis, MySQL, MONGO, SMB, LDAP)

Kibana Interface

General Features

  • Logs are accessible via Kibana
  • All services running in one container using supervisord
  • Ingress sniffer, layers and packet parser

Install and run

On Ubuntu 18 or 19 System (Auto-configure)

git clone https://github.com/qeeqbox/seahorse.git
cd seahorse
chmod +x ./run.sh
./run.sh auto_configure

Wait ~2-10 mins until the web browser opens up (until seahorse_initializer_1 exit with 0) - username is elastic and password is changeme

Current Servers

  • HTTP (Apache)
  • HTTPS (Apache)
  • SSH (Custom OpenSSH)
  • FTP (vsftpd)
  • SMB (samba)
  • ldap (slapd)
  • VNC (tightvncserver)
  • RDP (xrdp)
  • Redis (redis-server)
  • Mysql (mysql-community-server)

Changes

  • 2020.V.01.01

Roadmap

  • Add more services

Resources

elastic, scapy

Other Licenses

By using this framework, you are accepting the license terms of all these packages: elasticsearch, logstash, kibana, filebeat, openbsd, openbsd, Zlib, build-essential, libssl-dev, lsof, supervisord, rsyslog, openldap, mysql, redis, mongodb, Samba, Vsftpd, db-util, tvnserver, xrdp, apache, iptables, tcpdump, nmap, iputils-ping, python, Pip, psycopg, psmisc, dnsutils, python-ldap, FreeRDP, net-tools, sshpass, paramiko, connector-python, mongo-python-driver, pysmb, vncdotool, requests, cryptography

Disclaimer\Notes

  • Do not deploy without proper configuration
  • Setup some security group rules and remove default credentials
  • Please let me know if i missed a resource or dependency

Other Projects