Deploys and manages network honeypots using OpenCanary, T-Pot, or Cowrie to detect unauthorized access, lateral movement, and attacker reconnaissance in cybersecurity setups.
npx claudepluginhub killvxk/cybersecurity-skills-zhThis skill uses the workspace's default tool permissions.
- 部署欺骗技术以检测横向移动(Lateral Movement)
Deploys and manages network honeypots with OpenCanary, T-Pot, or Cowrie to detect unauthorized access, lateral movement, and attacker reconnaissance.
Deploys and manages network honeypots using OpenCanary, T-Pot, or Cowrie to detect unauthorized access, lateral movement, and attacker reconnaissance.
Deploys deception technologies including honeypots, honeytokens, and decoy systems to detect post-breach lateral movement, credential abuse, and reconnaissance for SOC teams.
Share bugs, ideas, or general feedback.
| 概念 | 描述 |
|---|---|
| OpenCanary | 轻量级 Python 蜜罐,具有模块化服务模拟功能 |
| Cowrie | 中等交互 SSH/Telnet 蜜罐,捕获命令执行 |
| T-Pot | 多蜜罐平台,集成 ELK 可视化 |
| 诱饵令牌(Canary Token) | 被访问时发出告警的陷阱凭据或文件 |
| 低交互(Low-Interaction) | 在协议级别模拟服务,无完整操作系统 |
| 高交互(High-Interaction) | 完整操作系统蜜罐,捕获完整攻击者会话 |
| 工具 | 用途 |
|---|---|
| OpenCanary | 模块化蜜罐守护进程,支持服务模拟 |
| Cowrie | SSH/Telnet 蜜罐,带会话录制功能 |
| T-Pot | 一体化多蜜罐平台 |
| Dionaea | 捕获恶意软件的蜜罐,用于漏洞利用检测 |
| Splunk/Elastic | 用于蜜罐告警聚合的 SIEM |
告警:HONEYPOT-[服务]-[日期]-[序号]
蜜罐:[主机名/IP]
服务:[SSH/HTTP/SMB/FTP/RDP]
源 IP:[攻击者 IP]
交互类型:[登录尝试/端口扫描/文件访问]
使用的凭据:[用户名:密码(如适用)]
执行的命令:[对于 SSH 蜜罐]
风险级别:[严重/高/中/低]