Skip to content

Tool to sniff honeytokens from the system. There are 2 methods of detection. The first method leverages the use of DNS calls made by canarytokens to trigger emails by sniffing all DNS lookups from the target machine to check for canarytokens domain.

Notifications You must be signed in to change notification settings

aau-network-security/tokengrabber

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

tokengrabber

Tool to sniff honeytokens from the system. There are 2 methods of detection. The first method leverages the use of DNS calls made by canarytokens to trigger emails by sniffing all DNS lookups from the target machine to check for canarytokens domain.

The second method performs some reverse engineering and pattern matching to find canrytokens in their content. The usage is described below.

Usage:

DNS sniffer
$python dns_sniffer.py -i interface
example: $python dns_sniffer.py -i eth0

PDF Token
python pdf-parser.py -o 16 -O filename.pdf
the /URI of the object stream contains canarytokens.net

DOCX Token
python docx.py -f filename.docx

DIRECTORY Token
python folder.py --d dir_name

Screenshots

DNS Sniffer:

DNS

Detection for folder, pdf and docx Canarytokens:

Canary_token

About

Tool to sniff honeytokens from the system. There are 2 methods of detection. The first method leverages the use of DNS calls made by canarytokens to trigger emails by sniffing all DNS lookups from the target machine to check for canarytokens domain.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages