Show HN: Tiny filesystem honeypot for macOS with zero dependencies in Go
github.comWhen malware, a rogue script, npm module, or an attacker with shell access starts scanning your home directory for credentials, the canary trips and fires an alert. Developer's computers are increasingly being targeted with attacks, for example the LiteLLM attacks demonstrate the recent risks and complex supply chain attacks.
I made this tool for macOS systems that helps detect when a package accesses something it shouldn't. It's a tiny go binary (less than 2k LOC) with no dependencies that will mount a webdav filesystem (no root) or NFS (root required) with fake secrets and send you a notification when anything accesses it. Very stupid simple. I've always really liked the canary/honeypot approach and this at least may give some folks a chance to detect (similar to like LittleSnitch) when something strange is going on!
When to use which mode? Use WebDAV for low-friction canaries you can spin up anywhere. Use NFS for canaries that need to survive an attacker who has your user shell and is looking around.
No comments yet.