Friday, 12 May 2017
One comments

Cowrie: SSH/Telnet Honeypot Tool

Cowrie: SSH/Telnet Honeypot Tool

Cowrie SSH/Telnet Honeypot Tool

Cowrie is a medium interaction SSH and Telnet honeypot designed to log brute force attacks and the shell interaction performed by the attacker.


Some interesting features:

  • Fake filesystem with the ability to add/remove files. A full fake filesystem resembling a Debian 5.0 installation is included
  • Possibility of adding fake file contents so the attacker can cat files such as /etc/passwd. Only minimal file contents are included
  • Session logs stored in an UML Compatible format for easy replay with original timings
  • Cowrie saves files downloaded with wget/curl or uploaded with SFTP and scp for later inspection

Additional functionality over standard kippo:

  • SFTP and SCP support for file upload
  • Support for SSH exec commands
  • Logging of direct-tcp connection attempts (ssh proxying)
  • Forward SMTP connections to SMTP Honeypot (e.g. mailoney)
  • Logging in JSON format for easy processing in log management solutions
  • Many, many additional commands


Software required:

  • Python 2.7+, (Python 3 not yet supported due to Twisted dependencies)
  • python-virtualenv

For Python dependencies, see requirements.txt

Files of interest:

cowrie.cfg - Cowrie's configuration file. Default values can be found in cowrie.cfg.dist
data/fs.pickle - fake filesystem
data/userdb.txt - credentials allowed or disallowed to access the honeypot
dl/ - files transferred from the attacker to the honeypot are stored here
honeyfs/ - file contents for the fake filesystem - feel free to copy a real system here or use bin/fsctl
log/cowrie.json - transaction output in JSON format
log/cowrie.log - log/debug output
log/tty/*.log - session logs
txtcmds/ - file contents for the fake commands
bin/createfs - used to create the fake filesystem
bin/playlog - utility to replay session logs

Cowrie is developed by Michel Oosterhof.


  1. i have an expert who is reliable in the game,i met him through a contact named Jessica and was scared at first to give a trust,after all i had encountered with previous hackers but glad to say didn't regret my actions as [email protected] helped me hacked into my ex phone and gave me proof i been in a lying ass relationship all along,i will forever be grateful to you [email protected],please contact him and tell him from Brenda as i owe him all my life for saving me at the moment.


Toggle Footer