Loading repository data…
Loading repository data…
yonathanpy / repository
NightForge is an advanced SSH/FTP honeypot written in Rust. It is designed for security research, threat intelligence, and training purposes.
NightForge is an advanced SSH/FTP honeypot written in Rust. It is designed for security research, threat intelligence, and training purposes. NightForge simulates interactive sessions, captures authentication attempts, logs commands, and provides a pseudo-filesystem environment for realistic attacker interaction.
NightForge operates by accepting SSH/FTP-like connections on a specified port. Each session is handled independently and supports multiple concurrent connections.
The honeypot captures:
LIST, GET, PUT)All interactions are logged using a thread-safe logging system and can be extended to persistent storage or external monitoring pipelines.
NightForge/
├── src/
│ ├── main.rs # Entry point
│ ├── logger.rs # Thread-safe session logger
│ ├── parser.rs # Command parsing engine
│ ├── session.rs # Session state management
│ ├── fs.rs # Pseudo-filesystem simulation
logger Handles all session and command logging.
parser Interprets incoming client commands.
USER, PASS, LIST, GET, PUT)session Maintains connection lifecycle and state.
fs Simulates a virtual filesystem.
Client (Attacker)
│
TCP Listener (0.0.0.0:2121)
│
New Thread → Session Created
│
Command Loop:
├─ Parse command
├─ Handle authentication
└─ Handle filesystem interaction
│
Logger → Store events
│
Client receives response
Install Rust (version 1.72 or higher)
Clone the repository:
git clone https://github.com/yonathanpy/NightForge.git
cd NightForge
Build and run:
cargo run
NightForge listens on:
0.0.0.0:2121
$ ftp 127.0.0.1 2121
Connected
USER guest
331 Username OK
PASS password
230 Login successful
LIST
file1.txt
file2.log
GET file1.txt
Top Secret Data
PUT newfile.txt HelloWorld
250 File stored
All commands and session activity are logged by the logger module.
NightForge can be extended with:
NightForge is strictly intended for controlled and authorized use. Deploying it outside authorized environments may violate local laws or regulations.