Honeylambda
| Project Name | Stars | Downloads | Repos Using This | Packages Using This | Most Recent Commit | Total Releases | Latest Release | Open Issues | License | Language |
|---|---|---|---|---|---|---|---|---|---|---|
| Serverless | 45,385 |  | 1,618 | 1,035 | 5 days ago | 2,353 | November 26, 2023 | 1,123 | mit | JavaScript |
| ⚡ Serverless Framework – Build web, mobile and IoT applications with serverless architectures using AWS Lambda, Azure Functions, Google CloudFunctions & more! – | ||||||||||
| Sst | 18,485 |  | 1 | 18 | 3 days ago | 478 | December 01, 2023 | 764 | mit | TypeScript |
| Build modern full-stack applications on AWS | ||||||||||
| Awesome Aws | 11,773 | a month ago | 1 | December 21, 2015 | 65 | other | Python | |||
| A curated list of awesome Amazon Web Services (AWS) libraries, open source repos, guides, blogs, and other resources. Featuring the Fiery Meter of AWSome. | ||||||||||
| Examples | 11,068 | a month ago | 19 | April 25, 2021 | 175 | other | JavaScript | |||
| Serverless Examples – A collection of boilerplates and examples of serverless architectures built with the Serverless Framework on AWS Lambda, Microsoft Azure, Google Cloud Functions, and more. | ||||||||||
| Chalice | 10,067 |  | 126 | 34 | a month ago | 88 | June 05, 2023 | 470 | apache-2.0 | Python |
| Python Serverless Microframework for AWS | ||||||||||
| Serverless Application Model | 9,154 |  | 84 | 19 | 4 days ago | 91 | November 23, 2023 | 98 | apache-2.0 | Python |
| The AWS Serverless Application Model (AWS SAM) transform is a AWS CloudFormation macro that transforms SAM templates into CloudFormation templates. | ||||||||||
| Up | 8,739 |  | 68 | 16 | 2 months ago | 11 | March 02, 2018 | 290 | mit | Go |
| Deploy infinitely scalable serverless apps, apis, and sites in seconds to AWS. | ||||||||||
| Webiny Js | 6,924 |  | 144 | 11 hours ago | 417 | November 24, 2023 | 305 | other | TypeScript | |
| Open-source serverless enterprise CMS. Includes a headless CMS, page builder, form builder, and file manager. Easy to customize and expand. Deploys to AWS. | ||||||||||
| Aws Sam Cli | 6,400 |  | 31 | 13 | 12 hours ago | 178 | November 16, 2023 | 419 | apache-2.0 | Python |
| CLI tool to build, test, debug, and deploy Serverless applications using AWS SAM | ||||||||||
| Docker Lambda | 5,852 |  | 38 | 17 | a year ago | 15 | June 30, 2018 | 68 | mit | C# |
| Docker images and test runners that replicate the live AWS Lambda environment | ||||||||||
Serverless trap
honey - a simple serverless application designed to create and monitor URL {honey}tokens, on top of AWS Lambda and Amazon API Gateway
- Slack notifications
- Email and SMS alerts
- Load config from local file or Amazon S3
- Customize the HTTP response for each token
- Threat Intelligence report (Source IP lookup)
- Using Cymon API v2
- Based on Serverless framework
- pay-what-you-use
- provider agnostic
Description
honey allows you to create and monitor fake HTTP endpoints automatically. You can then place these URL honeytokens in e.g. your inbox, documents, browser history, or embed them as {hidden} links in your web pages (Note: honeybits can be used for spreading breadcrumbs across your systems to lure the attackers toward your traps). Depending on how and where you implement honeytokens, you may detect human attackers, malicious insiders, content scrapers, or bad bots.
This application is based on Serverless framework and can be deployed in different cloud providers such as Amazon Web Services (AWS), Microsoft Azure, IBM OpenWhisk or Google Cloud (Only tested on AWS; the main function may need small changes to support other providers). If your cloud provider is AWS, it automatically creates HTTP endpoints using Amazon API Gateway and then starts monitoring the HTTP endpoints using honey Lambda function.
Setup
- Install Serverless framework:
npm install -g serverless
- Install honey:
serverless install --url https://github.com/0x4d31/honeyLambda
- Edit
serverless.ymland set HTTP endpoint path (default: /v1/get-pass) - Edit
config.jsonand fill in your Slack Webhook URL. Change the trap/token configs as you need - You can customize the HTTP response for each token
- For example you can return a 1x1px beacon image in response and embed the token in your decoy documents or email (tracking pixel!)
Deploy
- Set up your AWS Credentials
- In order to deploy honey, simply run:
serverless deploy
Output:
Serverless: Packaging service...
Serverless: Creating Stack...
Serverless: Checking Stack create progress...
.....
Serverless: Stack create finished...
Serverless: Uploading CloudFormation file to S3...
Serverless: Uploading artifacts...
Serverless: Uploading service .zip file to S3 (116.22 KB)...
Serverless: Validating template...
Serverless: Updating Stack...
Serverless: Checking Stack update progress...
.................................
Serverless: Stack update finished...
Service Information
service: honeyLambda
stage: dev
region: ap-southeast-2
api keys:
None
endpoints:
GET - https://rz1bEXAMPLE.execute-api.ap-southeast-2.amazonaws.com/dev/v1/get-pass
functions:
honeylambda: honeyLambda-dev-honeylambda
- Note: If you want to return binary in HTTP response (e.g. Content-Type: image/png), you have to manually configure Binary Support using the Amazon API Gateway console (it's not yet possible to set binary media types automatically using serverless):
Open the Amazon API Gateway console, add the binary media type */*, and save.
Once done, you have to re-deploy the API to the dev stage
Usage
Open the generated URL/endpoint in your browser to test if it works:
Slack Alert
TODO
- [x] Remote config: load config from Amazon S3
- [x] Beacon image / return image as HTTP response
- [x] Customize the HTTP response for each token
- [x] Check the source IP address against Threat Intelligence feeds (e.g. Cymon API)
- [x] Email alert
- [x] SMS alert (Twilio)
- [ ] HTTP Client Fingerprinting
