Skip to content

colinmo/SusAF

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits

hackybash

hackybash

 
 

susaf

susaf

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

Repository files navigation

SusAF

Suspicious Activity Framework

What is it?

It's a framework designed to automate detection of compromised accounts, through the use of canary credentials.

How does it work?

The basic principle is:

  1. generate a canary credential (non-existent but plausible looking username and password) and submit it to a phishing site
  2. monitor auth logs for any auth attempts using the canary credential
  3. For any auth attempts, log the IP and save it as a "bad IP"
  4. monitor auth logs for any auth activity from bad IPs. Alert on successful auth.

When I looked at the code my eyes started to burn

I originally wrote this as a few horrible bash scripts. I've started to re-write it again in bash, mostly as psuedo code to demonstrate the principle. I will be devloping a version in python.

About

Suspicious Activity Framework

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 51.6%
  • HTML 34.0%
  • Shell 10.2%
  • CSS 3.6%
  • Mako 0.6%