CanaryTokens is a free offering by Thinkst Canary a Haas(Honeypot as a service provider) provider , although it exists since 2015 , i came across it recently and thought it was worth sharing (and also because our Blue Team Category looked a little pale ) .
So what can canarytokens do ?
Canary Tokens is what we could call subscribe and forget honeypot service all you need to do is head over to canarytokens.org and choose a token that fits you , there are old school url bugs to Bitcoin addresses to AWS keys , all you need to do is choose a token that fits you , write a note to yourself on why you created the token and provide a email to which the alert will be sent when a token is triggered that’s it , zero hackery involved . Now its time for you to get creative and put the tokens in the right place , my personal favourite is the AWS access token , i suggest you guys get one now and throw it in your home directory and forget about it .
Dockerized CanaryTokens :
If anybody wants their own CanaryTokens setup , its just a
git clone and
docker-compose up away , it provides almost all the feature available on the site .
What about SSH , FTP , telnet , git …?
Well canary tokens can’t exactly do that , but hey there’s Open Canary , it can emulate a bunch of services and send alerts to email when triggered , i found it to be quick and easy to deploy , give it a shot.