Discover and explore top open-source AI tools and projects—updated daily.
cowrie by 
cowrie
SSH/Telnet honeypot with AI-driven interaction
Top 8.3% on SourcePulse
Summary
Cowrie is a medium to high interaction SSH and Telnet honeypot designed to log brute force attacks and attacker shell interactions. It offers an emulated UNIX system, proxying capabilities, and an experimental LLM mode for dynamic responses, benefiting security researchers and administrators by providing insights into attacker behavior.
How It Works
Cowrie emulates a UNIX system with a fake filesystem in its default shell mode, or acts as an SSH/Telnet proxy to monitor activity on other systems. An experimental LLM mode allows it to generate dynamic, context-aware responses to attacker commands without predefined scripts. All session logs are stored in a UML-compatible format for replayability with the playlog utility.
Quick Start & Requirements
- Installation: Docker (easiest for quick testing),
git clone(recommended for configuration), orpip(beta).- Docker quick start:
docker run -p 2222:2222 cowrie/cowrie:latestthenssh -p 2222 root@localhost. - Docker build:
make docker-build. - PyPI install:
pip install cowriefollowed bytwistd cowrie.
- Docker quick start:
- Requirements: Python 3.10+,
python-virtualenv. - Configuration: Key files include
etc/cowrie.cfg,etc/userdb.txt, and thehoneyfs/directory for fake filesystem contents. - Links: Documentation: https://docs.cowrie.org/en/latest/index.html, Slack: https://www.cowrie.org/slack/.
Highlighted Details
- Emulated filesystem resembling Debian 5.0, with fake file contents and support for
wget/curl, SFTP, and SCP file transfers. - Logs direct-TCP connection attempts and SSH exec commands.
- Experimental LLM backend for generating realistic, dynamic shell responses.
- Session logs are UML-compatible for replay with
playlogand JSON logging is available.
Maintenance & Community
Maintained by Michel Oosterhof. A Slack community is available. Notable past contributors are listed, including Upi Tamminen and Guilherme Borges.
Licensing & Compatibility
The README does not explicitly state the license. This requires clarification for commercial use or closed-source linking.
Limitations & Caveats
The pip installation method is still in beta and may not work as expected. The LLM mode is experimental.
3 days ago
Inactive
Explore Similar Projects
singularguy
samuelfaj
caidaoli
Chip Huyen(Author of "AI Engineering", "Designing Machine Learning Systems"), 
Wei-Lin Chiang(Cofounder of LMArena), and awesome-tensor-compilers by 
merrymercy
Shengjia Zhao(Chief Scientist at Meta Superintelligence Lab), Chip Huyen(Author of "AI Engineering", "Designing Machine Learning Systems"), and BIG-bench by 
google
Boris Cherny(Creator of Claude Code; MTS at Anthropic), 
Andrew Kane(Author of pgvector), and list_of_recommender_systems by 
grahamjenson
Lysandre Debut(Chief Open-Source Officer at Hugging Face), 
Shizhe Diao(Author of LMFlow; Research Scientist at NVIDIA), and simpletransformers by 
ThilinaRajapakse
Aravind Srinivas(Cofounder of Perplexity), Chip Huyen(Author of "AI Engineering", "Designing Machine Learning Systems"), and text-to-text-transfer-transformer by 
google-research
Jeff Hammerbacher(Cofounder of Cloudera), 
Tim J. Baek(Founder of Open WebUI), and server by 
triton-inference-server
Lei Zhang(Director Engineering AI at AMD), 
Philipp Schmid(DevRel at Google DeepMind), and nmt by 
tensorflow
Vaibhav Nivargi(Cofounder of Moveworks), 
Chuan Li(Chief Scientific Officer at Lambda), and 
visenger
Ewenwan