Blacknet is a low interaction SSH honeypot system with central logging capabilities.
It is used to gather SSH brute-force attempts on multiple IP addresses and
archive these login attempts in a SQL database.
Attackers and attack sessions can be displayed in real time on this website,
along with some statistics (computed regularly).
This project is an experimental project conducted during our computer
engineering studies at the Université de Technologie de Compiègne.
We initially featured a custom VirtualBox environment as a high interaction honeypot, gathering commands and events such as password changes. We then moved to supporting Kippo, a medium interaction SSH honeypot written in Python (easier to deploy).
Today's version uses a lightweight paramiko server as low-interaction honeypot. There are no more plans and no more time to handle higher levels of interaction and guarantee all the required security around this. Still, Blacknet SQL schemes still refer to commands or events just in case (and for backward compatibility). Also, it would be technically easy to use the Blacknet client with a modern SSH honeypot like Cowrie.
The original project was written in 2010 and is referred as Blacknet 1.0. It was rewritten in 2017 to lower maintenance and installation efforts, but also to match with modern python programming standards.