The Simple PostgreSQL Honeypot Server is a script developed for cybersecurity professionals and hobbyists to analyze PostgreSQL-based network interactions. Written in Python and leveraging the Twisted framework, this script emulates a PostgreSQL server to log unauthorized access attempts and credentials. This tool is invaluable for understanding PostgreSQL vulnerabilities and potential intrusion strategies.

• Low-Interaction Honeypot: Effectively simulates a PostgreSQL server to log authentication attempts in a safe environment.
• Configurable Settings: Customize host and port settings via command-line arguments for flexibility.
• Extensive Logging: Captures every interaction, including usernames, passwords, and database names.
• Real-Time Activity Monitoring: Instantly logs and reports PostgreSQL activities for timely anomaly detection.
• Educational and Research Tool: Ideal for learning about PostgreSQL security weaknesses and network reconnaissance.

• Python 3.x
• Twisted Python library

To set up the PostgreSQL honeypot server, follow these steps:

git clone https://github.com/0xNslabs/postgresql-honeypot.git
cd postgresql-honeypot
pip install twisted

Run the server with optional arguments for host and port. Defaults to binding on all interfaces (0.0.0.0) at port 5432.

python3 psql.py --host 0.0.0.0 --port 5432

Interaction logs are stored in postgresql_honeypot.log, offering detailed records of all PostgreSQL queries, login attempts, and credentials used.

This image illustrates the Simple PostgreSQL Honeypot Server capturing real-time PostgreSQL queries and login attempts.

Check out the other honeypot services for monitoring various network protocols:

• DNS Honeypot - Monitors DNS interactions.
• FTP Honeypot - Simulates an FTP server.
• LDAP Honeypot - Mimics an LDAP server.
• HTTP Honeypot - Monitors HTTP interactions.
• HTTPS Honeypot - Monitors HTTPS interactions.
• NTP Honeypot - Monitors Network Time Protocol interactions.
• PostgreSQL Honeypot - Simulates a PostgreSQL database server.
• SIP Honeypot - Monitors SIP (Session Initiation Protocol) interactions.
• SSH Honeypot - Emulates an SSH server.
• TELNET Honeypot - Simulates a TELNET server.

• Caution: Operate this honeypot within secure, controlled settings for research and learning purposes.
• Compliance: Deploy this honeypot in accordance with local and international legal and ethical standards.

This project is available under the MIT License. See the LICENSE file for more information.