What you'll see when running a server and sensors

In previous posts, I covered creating an MHN Server and deploying MHN Sensors. This post shows you some of MHN's capabilities.

Server Side

On the server, you can observe the following via the web interface.

Map

See a map updated near real-time of attack sources and targets.

Deploy

Deploy new sensors as covered in a previous post.

Attacks

View near real-time data on attacks hitting your sensors.

Payloads

Download and interact with actual payloads deposited in hacking attempts on your sensors. Use extreme caution with these. They are likely live exploits. You will want to have a segregated environment and experience doing malware analysis.

Rules

You can view rules for applicable sensors like Snort rules here.

Sensors

View deployed sensors and the number of hits they've received.

Charts

You can view some interesting statistics from Kippo and Cowrie sensors here including top passwords and usernames observed in attacks and top attackers.

Top captured usernames and passwords:

Kippo/Cowrie top attackers:

On Honeypots

On the individual honeypots, you can look further at the information collected. Some may not be readily visible on the MHN Server.

Consult the project site for the individual honeypot you're interested in exploring deeper for more information.