-
Notifications
You must be signed in to change notification settings - Fork 257
Home
Canarytokens is our take on tokens which are used to alert you when someone is looking at something they shouldn't. It allows you to embed links (HTTP or DNS) into almost anything that when touched would resolve or GET request a url. It allows you detect unwanted snooping around your valuables (technically speaking).
Please check out our Canarytokens docker images for easy installation of your own Canarytokens server. It's useful and a ton of fun.
Unfortunately, we haven't yet released our code for generating AWS ID Canarytokens, but the original work and consequent open source works are available. I've linked to them in this issue.
It is common for Windows to put a network block on downloaded files. In order for this document to trigger you will need to unblock the document. You can do this by right clicking on the document, selecting "Properties" and unchecking the "Unblock" checkbox at the bottom of the "Properties".
There really isn't a very nice way to do this, but i'll provide the steps that we would take. Essentially, you are going to drop into a redis shell in the redis container of your Canarytokens docker. And from there, you can start to look around (like listing all canarydrop objects).
- Gain access to the server running your Canarytokens docker containers (via
sshor some other means) - Run:
sudo docker exec -ti redis redis-cli - Run:
keys canarydrop:*. This will be list all the created Canarytokens.
If you would like to inspect the underlying data of a particular Canarytoken (canarydrop:xxxxxxxx), you can run hgetall canarydrop:xxxxxxxx. This will show you the Canarytoken type, the email/webhook its linked to, and a bunch more data.