ENNAENNA

Cowrie

馃敩 Digital ForensicsPython

Cowrie is a medium to high interaction SSH and Telnet honeypot designed to log brute force attacks, shell interactions, and file downloads. It emulates a full Unix system with a fake filesystem, allowing attackers to interact naturally while all commands, keystrokes, and uploaded files are recorded. Cowrie supports SFTP/SCP file upload capture, session replay in real-time or asynchronously, and forwards connection metadata to ELK, Splunk, or JSON files. It can proxy connections to real systems for high-interaction scenarios. Used to collect threat intelligence on attack tools, credentials, and TTPs being used against SSH infrastructure.

6.3kstars
1.0kforks
60issues
Updated 14d ago
+I use this
View on GitHubOfficial Website

Installation

$ git clone https://github.com/cowrie/cowrie.git && cd cowrie && pip install -r requirements.txt

Use Cases

  • Capturing SSH brute force attack credentials and tools
  • Logging attacker shell sessions for TTP analysis
  • Collecting malware samples from automated attacks
  • Generating threat intelligence from attack patterns

Tags

honeypotsshtelnetthreat-intelligenceattack-loggingattackercowriecowrie-sshdeceptiondecoykipposcpsecuritysftptelnet-honeypotthreat-analysisthreat-sharingthreatintel

Details

Category
馃敩 Digital Forensics
Language
Python
Repository
cowrie/cowrie
Platforms
馃惂linux馃崕macos

Links

GitHub Repository

github.com/cowrie/cowrie

Official Website

www.cowrie.org

Releases

github.com/cowrie/cowrie/releases

Issues

github.com/cowrie/cowrie/issues

Sponsored

Your ad here

Reach security professionals and developers - ads@en-na.com

Used in 1 Workflow

馃嵂

Threat Hunting with Honeypots

Intermediate7 steps 路 6-12 hours

Community Reviews

Alternatives & Comparisons

Velociraptor

Go

Endpoint visibility and collection tool. Hunt for artifacts across thousands of endpoints simultaneously.

Compare Cowrie vs Velociraptor

Suricata

C/Rust

High-performance IDS/IPS and network monitoring engine. Multi-threaded with Snort-compatible rules and protocol logging.

Compare Cowrie vs Suricata

Wazuh

C/Python

Open-source SIEM and XDR platform. Endpoint detection, log analysis, vulnerability scanning, and compliance monitoring.

Compare Cowrie vs Wazuh

More in Digital Forensics

Volatility 3

Python

Advanced memory forensics framework. Extracts artifacts from RAM dumps - processes, network connections, registry.

memoryram-dumpartifact-extraction

Autopsy

Java

Digital forensics platform with GUI. Disk image analysis, timeline analysis, keyword search, hash filtering.

disk-forensicsguitimeline

Ghidra

Java

NSA's reverse engineering framework. Disassembly, decompilation, graphing, and scripting for binary analysis.

reverse-engineeringdecompilerbinary-analysis

Binwalk

Python

Firmware analysis tool. Searches binary images for embedded files, executables, and file systems.

firmwarebinaryextraction

YARA

C

Pattern matching swiss knife for malware researchers. Create rules to identify and classify malware samples.

malwarepattern-matchingrules

Velociraptor

Go

Endpoint visibility and collection tool. Hunt for artifacts across thousands of endpoints simultaneously.

endpointhuntingdfir