Canary Tokens

OpenCanary is a multi-protocol network honeypot. It's primary use-case is to catch hackers after they've breached non-public networks. It has extremely low resource requirements and can be tweaked, modified, and extended.

Overview

OpenCanary runs as a daemon and implements multiple common network protocols. When attackers breach networks and interact with the honeypot, OpenCanary will send you alerts via a variety of mechanisms.

OpenCanary is implemented in Python, so the core honeypot is cross-platform; however, certain features require specific OSes. Running on Linux will give you the most options. It has extremely low resource requirements; for example, it can be deployed happily on a Raspberry Pi or a VM with minimal resources.

This README describes how to install and configure OpenCanary on Ubuntu Linux and MacOS.

OpenCanary is the Open Source version of our commercial Thinkst Canary honeypot.

Table of Contents

• Prerequisites
• Features
• Installation
  • Installation on Ubuntu
  • Installation on macOS
  • Installation via Git
  • Installation for Docker
• Configuring OpenCanary
  • Creating the initial configuration
  • Enabling protocol modules and alerting
  • Optional modules
    • SNMP
    • Portscan
    • Samba Setup
• Running OpenCanary
  • Directly on Linux or macOS
  • With docker-compose
  • With Docker
• Documentation
• Project Participation
  • Contributing
  • Security Vulnerability Reports
  • Bug reports
  • Feature Requests
  • Code of Conduct

Prerequisites

• AMD64: Python 3.7 (Recommended Python 3.7+)
• ARM64: Python 3.9+
• Optional SNMP requires the Python library Scapy
• Optional Samba module needs a working installati