Skip to content
/ tokengrabber Public

Tool to sniff honeytokens from the system. There are 2 methods of detection. The first method leverages the use of DNS calls made by canarytokens to trigger emails by sniffing all DNS lookups from the target machine to check for canarytokens domain.

3 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

aau-network-security/tokengrabber

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
.idea
.idea
 
 
screenshots
screenshots
 
 
venv
venv
 
 
README.md
README.md
 
 
dns_sniffer.py
dns_sniffer.py
 
 
docx.py
docx.py
 
 
folder.py
folder.py
 
 
pdf-parser.py
pdf-parser.py
 
 

Repository files navigation

tokengrabber

Tool to sniff honeytokens from the system. There are 2 methods of detection. The first method leverages the use of DNS calls made by canarytokens to trigger emails by sniffing all DNS lookups from the target machine to check for canarytokens domain.

The second method performs some reverse engineering and pattern matching to find canrytokens in their content. The usage is described below.

Usage:

DNS sniffer
$python dns_sniffer.py -i interface
example: $python dns_sniffer.py -i eth0

PDF Token
python pdf-parser.py -o 16 -O filename.pdf
the /URI of the object stream contains canarytokens.net

DOCX Token
python docx.py -f filename.docx

DIRECTORY Token
python folder.py --d dir_name

Screenshots

DNS Sniffer:

DNS

Detection for folder, pdf and docx Canarytokens:

Canary_token

About

Tool to sniff honeytokens from the system. There are 2 methods of detection. The first method leverages the use of DNS calls made by canarytokens to trigger emails by sniffing all DNS lookups from the target machine to check for canarytokens domain.

Resources

Readme
Activity
Custom properties

Stars

3 stars

Watchers

5 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages