Skip to content
/ tarpit-analyzer Public

A CLI to analyze and visualize tarpit log files. Endlessh (https://github.com/skeeto/endlessh) and SSH-Tarpit (https://github.com/Snawoot/ssh-tarpit) are supported 'till now.

License

GPL-3.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

pmoscode/tarpit-analyzer

BranchesTags

Repository files navigation

Logo

GPLv3 License

Tarpit Analyzer

If you have an ssh tarpit service running on you own, and you want somehow to analyze the logged data...

With Tarpit Analyzer you can dig into the data and do some analysis and generate visual outputs which you can then import in Google Maps or Openstreetmap.

Currently, supported tarpits:

Features

  • Import logs from two sources (Endlessh and ssh-tarpit) into internal database
  • Can run an analysis on selected date range of data
  • Outputs different visualizations of analyzed data:
  • lines (KML and GeoJson format)
  • place marks (on attacker country with number of attacks)

Endpoints used

To get the location of the ips, Tarpit-Analyzer uses following apis:

All endpoint can be used without a token / login.

Installation

Download binary from https://gitlab.com/pmoscode/tarpit-analyzer/-/releases for your arch. Or clone this repository and build on your own.

CLI documentation

Commands

import

endlessh_analyzer import [<file-source>]

"file-source" is optional. By default, it is set to "tarpit.log"

Flags:

Default Description
--type endlessh Import logs from 'endlessh' or 'sshTarpit'

analyze

endlessh_analyzer analyze

uses --target flag as destination output

export

endlessh_analyzer export <subcommand>
Subcommand: kml

Flags:

Default Description
--center-geo-location-latitude 50.840886980084086 Latitude you wish to be the target on the map. Default: Germany
--center-geo-location-longitude 10.276290870120306 Longitude you wish to be the target on the map. Default: Germany
Subcommand: geojson

Flags:

Default Description
--type point 'line': Creates line from attacker source to CenterGeoLocation.
'point': Places point on attacker country with sum of attacks (prefer for large amount of data)
--center-geo-location-latitude 50.840886980084086 Latitude you wish to be the target on the map (for 'line' type). Default: Germany
--center-geo-location-longitude 10.276290870120306 Longitude you wish to be the target on the map (for 'line' type). Default: Germany
Subcommand: csv

Flags:

Default Description
--separator , Separator to use as delimiter
Subcommand: json

No special flags.

General flags

Short Long Default Description
-h --help Show context-sensitive help.
-d --debug Enable debug mode.
-t --target unset filename where output should be saved
--start-date unset Only consider data starting at
--end-date unset Only consider data ending at

Usage/Examples

./endlessh_analyzer import <path-to>/endlessh.log --type=endlessh # Import Endlessh logs
./endlessh_analyzer analyze --target=analyze.txt # Generate analysis
./endlessh_analyzer export json --start-date=2021-07-16 --end-date=2021-07-18 --target=export.json # Exports a given data range to json format

Known issues

Tests missing O_o

About

A CLI to analyze and visualize tarpit log files. Endlessh (https://github.com/skeeto/endlessh) and SSH-Tarpit (https://github.com/Snawoot/ssh-tarpit) are supported 'till now.

Topics

tarpit endlessh endlessh-report-generator

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 2

0.2.0 Latest
Apr 27, 2024
+ 1 release

Contributors 3

  •  
  •  
  •  

Languages