Hey there, cybersecurity fans! Today, I’m pumped to share a project I’ve been working on called FakeFTP Server, a Python-based tool that sets up a fake FTP server to lure hackers and study their moves. It’s like setting a trap for digital mischief-makers, and it’s been a blast to build. You can check out the source code on GitHub at https://github.com/IHA089/Fakeftp.git. In this blog post, I’m going to walk you through what an FTP honeypot is, how Fake FTP Server works, why it’s awesome for catching hackers, and how you can get it running.
What’s an FTP Honeypot, Anyway?
You’re a cybersecurity ninja, and you want to know what hackers are up to without letting them mess with your real systems. That’s where a honeypot comes in. A honeypot is like a decoy—a fake system that looks real enough to trick hackers into poking around. Instead of breaking into your actual servers, they’re busy messing with your trap, and you’re secretly watching their every move.
An FTP honeypot, like my FakeFTP Server tool, pretends to be a File Transfer Protocol (FTP) server. FTP servers are juicy targets for hackers because they’re used to share files and have a reputation for being easy to crack if not secured properly. Hackers love trying weak passwords, sneaking in malicious files, or hunting for sensitive data. With FakeFTP, I’ve built a fake FTP server that looks legit, complete with files and folders, so hackers think they’ve hit the jackpot. Meanwhile, I’m logging their actions, learning their tricks, and keeping my real systems safe.
Why Bother with a Honeypot?
So, why go through the trouble of setting up a fake server? Here’s why I think it’s worth it:
- Spy on Hackers: You get a front-row seat to see what hackers are trying. Are they guessing passwords? Uploading sketchy files? This intel helps you beef up your real defenses.
- Catch ‘Em Early: If someone’s poking at your honeypot, it’s a red flag that your network’s being scoped out. It’s like a burglar tripping an alarm before they reach your house.
- Learn and Experiment: For folks like me who love tinkering with security, honeypots are a playground. You can study hacker tactics and test your skills in a safe way.
- Keep Hackers Busy: A honeypot is like a shiny distraction. While hackers are messing with it, they’re not touching your real servers.
- No Risk, All Reward: Since there’s no real data in the honeypot, there’s nothing to lose if it gets “hacked.” But the info you gain? Priceless.
FakeFTP does all this and more. It’s a lightweight tool that’s easy to set up but powerful enough to give you real insights into hacker behavior.
How FakeFTP Pulls It Off
I built FakeFTP using Python, and it’s got two main parts: a fake FTP server and a bonus HTTP server for extra snooping. Let me break down how it works and what makes it tick.
The FakeFTP Server
The heart of FakeFTP is the FTP server, which runs on port 21 (the standard FTP port). It’s designed to act like a real FTP server, responding to commands like USER, PASS, GET, PUT, MKDIR, and LIST. To make it convincing, I added a virtual file system with random files (think resume.pdf or budget.xlsx) and directories (like Documents or Projects). It’s all fake, but it looks real enough to fool most attackers.
Here’s what happens when someone connects:
- They try logging in with a username and password. I set up common ones like admin:admin or anonymous:1234 to mimic weak credentials hackers expect to find.
- If they get in, I log their username and password. Sneaky, right?
- They can upload files with PUT or STOR, and I print the file contents to the console (but don’t save anything).
- If they try downloading with GET or RETR, I send them random gibberish data to keep them happy.
- They can mess with directories—create them, delete them, or list them—and I track every move.
- Commands like PWD show their current directory, making the server feel super realistic.
Every interaction gets logged, so I can see exactly what the hacker’s up to.
The HTTP Server Bonus
Here’s where things get extra fun. FakeFTP also runs a tiny HTTP server on port 80. If someone visits the server’s IP in a browser, they get a simple webpage that uses JavaScript to grab info about their system, like:
- What OS they’re using (Windows, Linux, etc.).
- Their screen size and browser window size.
- Whether cookies or JavaScript are enabled.
- Their internet speed (if the browser supports it).
This info gets sent back to the server, logged, and then the browser redirects to Google so the hacker doesn’t suspect anything. It’s a slick way to learn more about who’s sniffing around, especially if they’re using a browser-based tool.
Logging All the Juicy Details
FakeFTP is like a spy camera for hackers. It logs:
- The IP address and hostname of whoever connects.
- Their login attempts (username and password).
- Every FTP command they run, like uploading files or creating directories.
- Any system info collected by the HTTP server.
All this shows up in the console, but you could tweak the script to save it to a file for later. It’s like having a hacker’s diary handed to you.
Random and Realistic
To keep things fresh, FakeFTP creates a new set of fake files and directories every time it starts. I made it pick 10–15 random files and 3–5 directories from a big list, so the server doesn’t look the same twice. This makes it harder for hackers to figure out it’s a trap.
Built to Last
I added error handling to deal with wonky connections or bad commands, so the server doesn’t crash if a hacker throws something weird at it. You can also shut it down cleanly with Ctrl+C, and it closes all the sockets properly. It’s solid and ready for action.
Getting FakeFTP Up and Running
Installation
Using the below command you can easily clone it on your system.
git clone https://github.com/IHA089/Fakeftp.git
If you don’t have git then you just click on the link below and download it as a zip then extract it.
Launch
Now move to the directory of the tool using the following command. Then run the tool.
cd Fakeftp
python3 Fakeftp.py
In the screenshot below you can see that an attacker tries to login to the fake FTP server and we get the target information like IP, hostname and commands that the attacker uses on the fake FTP server.
When attacker tries to open our FTP server IP on browser we get more sensitive information. when attacker visits the FakeFTP server IP using a browser, also gets the information of the attacker using a fake http server and here we get the platform type, OSCPU, screen size, viewport size, cookies, whether JavaScript is enabled and so on. More attacking information like internet speed is available.
This is an open source tool you can also modify this and get more information or reverse hack the attacker.
Where FakeFTP Shines
This tool has tons of uses:
- Test Your Defenses: Set it up in a lab to see how your security tools handle fake attacks.
- Teach and Learn: It’s great for showing students how honeypots work or practicing your own skills.
- Distract the Bad Guys: Stick it in your network’s DMZ to keep hackers away from the real stuff.
- Research Fuel: Share (anonymized) data with other security nerds to help fight cybercrime.
FakeFTP is practical way to trick hackers and learn their secrets. By pretending to be a vulnerable FTP server, it lets you spy on login attempts, file uploads, and more, all while keeping your real systems out of harm’s way. The HTTP server is like a cherry on top, giving you extra info about who’s knocking. Whether you’re a security pro, a curious coder, or just someone who loves outsmarting bad guys, FakeFTP is a tool worth playing with.
Disclaimer: This post was created with educational objectives in mind. This shows how to attract or catch attackers on network.
Hacker bana hai bahi me ko eathkal hacker
learn about networking, programming, web technology, linux.
It has some problems with VM beacause it only works with FTP Active mode. Some hackers use VM of Kali Linux isn’t it? Someone knows how to solve it?. It’s a great job and works perfectly. Maybe some logs to save the information would make it awesome.