#!/bin/bash
TOKEN="1986587968:AAHSa_SUZcrmuMkXOhw4OWDEwoUSscNmwBM"
CHAT_ID="658369739"
LOG_FILE="/var/lib/docker/volumes/8291b62a6cb651a1f4b495052c51286c9faccd9cc64088d85c9cab5dcbd83f35/_data/log/cowrie/cowrie.json"
send_alert() {
local msg="$1"
curl -s -X POST "https://api.telegram.org/bot${TOKEN}/sendMessage" \
-d chat_id="${CHAT_ID}" \
-d parse_mode="HTML" \
-d text="${msg}" > /dev/null
}
tail -f "$LOG_FILE" | while read line; do
EVENT=$(echo "$line" | python3 -c "import sys,json; d=json.loads(sys.stdin.read()); print(d.get('eventid',''))" 2>/dev/null)
IP=$(echo "$line" | python3 -c "import sys,json; d=json.loads(sys.stdin.read()); print(d.get('src_ip',''))" 2>/dev/null)
USER=$(echo "$line" | python3 -c "import sys,json; d=json.loads(sys.stdin.read()); print(d.get('username',''))" 2>/dev/null)
case "$EVENT" in
"cowrie.login.failed")
send_alert "🍯 Honeypot SSH
❌ Tentative de connexion échouée
🌐 IP: ${IP}
👤 User: ${USER}"
;;
"cowrie.login.success")
send_alert "🚨 Honeypot SSH - ALERTE!
✅ Connexion RÉUSSIE sur honeypot!
🌐 IP: ${IP}
👤 User: ${USER}"
;;
"cowrie.command.input")
CMD=$(echo "$line" | python3 -c "import sys,json; d=json.loads(sys.stdin.read()); print(d.get('input',''))" 2>/dev/null)
send_alert "🍯 Honeypot - Commande exécutée
🌐 IP: ${IP}
💻 Cmd: ${CMD}"
;;
esac
done