Cowrie

Cowrie 3.0.0 Released I'm happy to announce the release of Cowrie 3.0.0, the medium/high-interaction SSH and Telnet honeypot. The headline for this release: Cowrie can now be installed with pip. For over a decade, deploying Cowrie meant cloning the repo and running from a source checkout. With 3.0.0, you can pip install cowrie, run cowrie init in a directory of your choice, and start capturing attacks. That's it. Making this work required rearchitecting how Cowrie finds its files: - Fully self-contained package. Filesystem data, honeyfs file contents, and backend pool templates are now bundled inside the Python package instead of relying on loose files relative to the source tree. - cowrie init sets up your state directory. Config, logs, and PID files all live where you run the command. No more path-guessing or symlink gymnastics. - Config as overrides only. The bundled defaults load automatically. Your cowrie.cfg only needs the keys you want to change. For existing users running from a source checkout: everything still works. The repo root is recognized as an initialized state directory. See the changelog for migration details on removed config keys. https://lnkd.in/ec8XfvUB #cybersecurity #honeypot #infosec #opensourcesecurity #deception #threatintelligence

Cowrie 2.7.0 released! BREAKING CHANGES - ACTION REQUIRED: Install Cowrie into your virtual environment with pip install -e . bin/ directory removed: Scripts asciinema, createfs, fsctl, and playlog are no longer called from the bin/ directory. Python 3.9 no longer supported: Minimum Python version is now 3.10. SQL schema update required: If using MySQL/SQLite databases, run the migration script docs/sql/update16.sql to extend IP address fields for IPv6 support (VARCHAR length increased to 61 characters). SSH-DSS key support removed: The deprecated ssh-dss algorithm is no longer supported for improved security. Remove ssh-dss configuration if you use it. NEW FEATURES: New Output Plugins: PostgreSQL output plugin with automatic reconnection support Prometheus metrics output plugin for monitoring and alerting New Shell Commands: find command with basic options for file searching dig command for DNS lookups git command for version control simulation curl command now supports HEAD requests with -I option Enhanced Security: Network blocking for outbound connections from wget/curl/nc to reserved IP ranges Null byte password protection to prevent authentication bypasses Updated SSH algorithms and key management for better security posture Proxy Mode Improvements: SFTP file transfers now logged and captured in proxy mode Better SSH factory handling for improved stability CONFIGURATION CHANGES: New configuration options available for: PostgreSQL output plugin settings Prometheus metrics endpoint configuration Network blocking controls for command simulation INFRASTRUCTURE UPDATES: Docker: Improved local build support INFRASTRUCTURE UPDATES: Docker: Improved local build support Container signing with Cosign for supply chain security Updated base images and metadata Build System: Migrated to setuptools-scm for automatic version management PyPI package publishing now automated as trial for future development Dependencies: Twisted updated to 25.5.0 Elasticsearch client updated to 9.x Various security updates across all dependencies IMPROVED FEATURES: Enhanced MISP output plugin with overcuriosity protection and better threat intelligence integration Simplified Slack output formatting for better readability Better shell command substitution and subshell execution Improved error handling in wget with explicit timeouts ECS-compliant Logstash configuration template Enhanced history handling in shell sessions DEVELOPMENT: Added Python 3.14 development version support Added PyPy 3.11 support Improved test coverage and CI/CD pipelines