-
Notifications
You must be signed in to change notification settings - Fork 38
/
honeycreds.conf
51 lines (41 loc) · 1.24 KB
/
honeycreds.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
# --------- SETTINGS ----------
# You can set these once or specify them on the command line.
# Please... change these... really. If I see this on a pentest, I will cry.
[general]
#Choose a legit looking username
def_username = honeycreds
#This can match your current Short Domain
def_domain = EMC
#Make this whatever you want. Note: HTTP requests will send this in plaintext
def_password = This is a honey cred account.
#The FQDN. Leave .local at ethe end.
def_fqdn = emc.com.local
#The hostname that DOES NOT EXIST but looks legit.
def_hostname = SQLDEV01
#The log file and location
def_logfile = honeycreds.log
[protocols]
#Ability to turn SMB or HTTP on or off. Set to "OFF" to turn off.
SMB = ON
HTTP = ON
#The time to pause in seconds between requests.
SMB_SLEEP = 5
HTTP_SLEEP = 5
[forwarders]
#Forwarders - set to ON to enable.
SPLUNK = OFF
ELK = OFF #Coming Soon
[splunk]
#Splunk Forwarding
#To assign a password or token, add =
#To leave an item blank, do not include the = sign.
#The free version of splunk does not take a password. Just the username of admin.
#Example:
#SPLUNK_PASSWORD = Letmein123!
#SPLUNK_TOKEN = abc1234
SPLUNK_HOSTNAME = localhost
SPLUNK_PORT = 8089
SPLUNK_USERNAME = admin
SPLUNK_PASSWORD
SPLUNK_TOKEN
SPLUNK_INDEX = honeycreds