Aldrovanda

A samba server honeypot with payload disarm and analysis capabilities

docker build -t aldrovanda .

docker run -d -p 80:80 -p 139:139 -p 445:445 aldrovanda

Deployment & Monitoring Overview

Files uploaded to the unauthenticated share are hashed, encrypted and relocated. The original file is deleted.
Encrypted files remain on the system and can be downloaded for later analysis.
Use the decrypt.py script along with the password established in the configuration file.
All Samba sessions are closed with a subprocess call to smbcontrol, thusly reducing the window for follow on actions by an intruder.

The web interface displays a listing of unique hashes, filenames and IP addresses The file listing allows for file retrieval.

\

Name		Name	Last commit message	Last commit date
Latest commit History 12 Commits
config		config
scripts		scripts
src		src
templates		templates
terraform		terraform
.gitignore		.gitignore
Dockerfile		Dockerfile
Jenkinsfile		Jenkinsfile
LICENSE		LICENSE
README.md		README.md
app.py		app.py
requirements.txt		requirements.txt
scheduler.py		scheduler.py

Provide feedback