torjus/oubliette
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2026-03-09. You can view files and clone it. You cannot open issues or pull requests or push a commit.
Files
5d0c8cc20c8cac12b46845f3574136bf7bfdc0eb
oubliette/README.md
Torjus Håkestad 8ff029fcb7 feat: add Banking TUI shell using bubbletea 
Add an 80s-style green-on-black bank terminal shell ("banking") using
charmbracelet/bubbletea for full-screen TUI rendering over SSH.

Screens: login, main menu, account summary, account detail with
transactions, wire transfer wizard (6-step form capturing routing
number, destination, beneficiary, amount, memo, auth code), transaction
history with pagination, secure messages with breadcrumb content (fake
internal IPs, vault codes), change PIN, and hidden admin access (99)
that locks after 3 failed attempts with COBOL-style error output.

All key actions (login, navigation, wire transfers, admin attempts) are
logged to the session store. Wire transfer data is the honeypot gold.

Configurable via [shell.banking] in TOML: bank_name, terminal_id, region.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-14 23:17:12 +01:00

2.6 KiB
Raw Blame History

Oubliette

An SSH honeypot that logs login attempts, presents fake shells to "successful" logins, and tries to detect when a real human is poking around.

Named after the medieval dungeon - a place you throw people into and forget about them.

Status

Early development. See PLAN.md for the roadmap.

Usage

Build

# With Nix
nix build

# With Go
nix develop -c go build ./cmd/oubliette

Configure

Copy and edit the example config:

cp oubliette.toml.example oubliette.toml

Key settings:

  • ssh.listen_addr — listen address (default :2222)
  • ssh.host_key_path — Ed25519 host key, auto-generated if missing
  • auth.accept_after — accept login after N failures per IP (default 10)
  • auth.credential_ttl — how long to remember accepted credentials (default 24h)
  • auth.static_credentials — always-accepted username/password pairs (optional shell field routes to a specific shell)
  • Available shells: bash (fake Linux shell), fridge (Samsung Smart Fridge OS), banking (80s-style bank terminal TUI)
  • storage.db_path — SQLite database path (default oubliette.db)
  • storage.retention_days — auto-prune records older than N days (default 90)
  • storage.retention_interval — how often to run retention (default 1h)
  • shell.hostname — hostname shown in shell prompts (default ubuntu-server)
  • shell.banner — banner displayed on connection
  • shell.fake_user — override username in prompt; empty uses the authenticated user
  • web.enabled — enable the web dashboard (default false)
  • web.listen_addr — web dashboard listen address (default :8080)
    • Session detail pages at /sessions/{id} include terminal replay via xterm.js
  • detection.enabled — enable human detection scoring (default false)
  • detection.threshold — score threshold (0.01.0) for flagging sessions (default 0.6)
  • detection.update_interval — how often to recompute scores (default 5s)
  • notify.webhooks — list of webhook endpoints for notifications (see example config)

Run

./oubliette -config oubliette.toml

Test with:

ssh -o StrictHostKeyChecking=no -p 2222 root@localhost

NixOS Module

Add the flake as an input and enable the service:

{
  services.oubliette = {
    enable = true;
    package = inputs.oubliette.packages.${system}.default;
    settings = {
      ssh.listen_addr = ":2222";
      auth.accept_after = 10;
      auth.static_credentials = [
        { username = "root"; password = "toor"; }
      ];
    };
  };
}

Alternatively, use configFile to pass a pre-written TOML file instead of settings.

Reference in New Issue View Git Blame Copy Permalink