From ce99588e0daec18e9fa25209690524a6b6d7b8ad Mon Sep 17 00:00:00 2001 From: delifer Date: Mon, 2 Mar 2026 20:08:24 +0700 Subject: [PATCH] Add HoneyPot --- x-ui.sh | 229 +++++++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 218 insertions(+), 11 deletions(-) diff --git a/x-ui.sh b/x-ui.sh index e018cf59..c6e5e9e3 100644 --- a/x-ui.sh +++ b/x-ui.sh @@ -1698,6 +1698,209 @@ run_librespeed() { fi } +create_honeypot() { + local server_ip=$(curl -s --max-time 3 https://4.ident.me) + + echo -e "${plain}Do you want to use: ${green}Apache ${plain}or ${green}Nginx" + + read -p "Apache or Nginx: " nginx_or_apache + + echo -e "${yellow}Downloading sources and Utilites..." + + if [ "$nginx_or_apache" = "Apache" ]; then + case "${release}" in + ubuntu) + apt-get update + apt-get install apache2 -y + ;; + debian) + apt-get update + apt-get install -y apache2 + ;; + armbian) + apt-get update && apt-get install apache2 -y + ;; + fedora | amzn | virtuozzo | rhel | almalinux | rocky | ol) + dnf -y update && dnf -y install httpd + ;; + centos) + yum -y install apache2 + ;; + arch | manjaro | parch) + pacman -Syu --noconfirm apache + ;; + *) + echo -e "${red}Unsupported operating system. Please check the script and install the necessary packages manually.${plain}\n" + exit 1 + ;; + esac + + # Start apache server for HoneyPot + case "${release}" in + ubuntu) + systemctl enable apache2 + systemctl start apache2 + ;; + debian) + systemctl enable apache2 + systemctl start apache2 + ;; + armbian) + systemctl enable apache2 + systemctl start apache2 + ;; + fedora | amzn | virtuozzo | rhel | almalinux | rocky | ol) + systemctl enable httpd + systemctl start httpd + ;; + centos) + systemctl enable httpd + systemctl start httpd + ;; + arch | manjaro | parch) + systemctl enable apache + systemctl start apache + ;; + *) + echo -e "${red}Cannot start apache service.${plain}\n" + exit 1 + ;; + esac + + + echo -e "${yellow}Installing HoneyPot..." + mv SpaceSaver/ /var/www/html/ + + # Config for apache2 + echo """ + + ServerName SpaceSaver + DocumentRoot /var/www/html/SpaceSaver + + + Options Indexes FollowSymLinks + AllowOverride All + Require all granted + + + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log combined +""" >> /etc/apache2/sites-available/spacesaver.conf + + ln -sf /etc/apache2/sites-available/spacesaver.conf /etc/apache2/sites-enabled/ + + # Restarting apache server + case "${release}" in + ubuntu) + systemctl reload apache2 + ;; + debian) + systemctl reload apache2 + ;; + armbian) + systemctl reload apache2 + ;; + fedora | amzn | virtuozzo | rhel | almalinux | rocky | ol) + systemctl reload httpd + ;; + centos) + systemctl reload httpd + ;; + arch | manjaro | parch) + systemctl reload httpd + ;; + *) + echo -e "${red}Cannot reload apache service.${plain}\n" + exit 1 + ;; + esac + + # Access rights to HoneyPot's files + chown -R www-data:www-data /var/www/html/SpaceSaver + chmod -R 755 /var/www/html/SpaceSaver + chmod 644 /var/www/html/SpaceSaver/index.html + + echo -e "${plain}Done!" + echo -e "${green}Available here -> http://$server_ip:80" + + elif [ "$nginx_or_apache" = "Nginx" ]; then + case "${release}" in + ubuntu) + apt-get update + apt-get install nginx -y + ;; + debian) + apt-get update + apt-get install -y nginx + ;; + armbian) + apt-get update && apt-get install nginx -y + ;; + fedora | amzn | virtuozzo | rhel | almalinux | rocky | ol) + dnf -y update && dnf -y install nginx + ;; + centos) + yum -y install nginx + ;; + arch | manjaro | parch) + pacman -Syu --noconfirm nginx + ;; + *) + echo -e "${red}Unsupported operating system. Please check the script and install the necessary packages manually.${plain}\n" + exit 1 + ;; + esac + + # Start nginx server for HoneyPot + systemctl enable nginx + systemctl start nginx + + mv SpaceSaver/ /var/www/html/ + + # Config for nginx + tee /etc/nginx/sites-available/spacesaver.conf >/dev/null << 'EOF' + server { + listen 80 default_server; # ← важно для локального доступа + server_name 127.0.0.1 localhost SpaceSaver _; + + root /var/www/html/SpaceSaver; + index index.html; + + # Security Headers + add_header X-Content-Type-Options nosniff always; + add_header X-Frame-Options SAMEORIGIN always; + add_header X-XSS-Protection "1; mode=block" always; + add_header Referrer-Policy strict-origin-when-cross-origin always; + add_header Permissions-Policy "interest-cohort=()" always; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + + server_tokens off; + + location / { + try_files $uri $uri/ /index.html; + } + + location ~ /\. { + deny all; + access_log off; + log_not_found off; + } + + access_log /var/log/nginx/spacesaver.access.log; + error_log /var/log/nginx/spacesaver.error.log; + } +EOF + + rm -f /etc/nginx/sites-enabled/default + ln -sf /etc/nginx/sites-available/spacesaver.conf /etc/nginx/sites-enabled/ + systemctl reload nginx + + echo -e "${plain}Done!" + echo -e "${green}Available here -> http://$server_ip:80" + + fi +} + change_dns() { echo -e "${yellow}Changing DNS resolver" echo -e "${plain}Enter resolver (default: quad9): " @@ -2267,16 +2470,17 @@ show_menu() { │ ${green}21.${plain} IP Limit Management │ │ ${green}22.${plain} Firewall Management │ │ ${green}23.${plain} SSH Port Forwarding Management │ -│ ${green}24.${plain} DNS Changer │ +│ ${green}24.${plain} HoneyPot (Fakesite) │ +│ ${green}25.${plain} DNS Changer │ │────────────────────────────────────────────────│ -│ ${green}25.${plain} Enable BBR │ -│ ${green}26.${plain} Update Geo Files │ -│ ${green}27.${plain} Speedtest by Ookla │ -│ ${green}28.${plain} Librespeed │ +│ ${green}26.${plain} Enable BBR │ +│ ${green}27.${plain} Update Geo Files │ +│ ${green}28.${plain} Speedtest by Ookla │ +│ ${green}29.${plain} Librespeed │ ╚────────────────────────────────────────────────╝ " show_status - echo && read -rp "Please enter your selection [0-28]: " num + echo && read -rp "Please enter your selection [0-29]: " num case "${num}" in 0) @@ -2352,22 +2556,25 @@ show_menu() { SSH_port_forwarding ;; 24) - change_dns + create_honeypot ;; 25) - bbr_menu + change_dns ;; 26) - update_geo + bbr_menu ;; 27) - run_speedtest + update_geo ;; 28) + run_speedtest + ;; + 29) run_librespeed ;; *) - LOGE "Please enter the correct number [0-28]" + LOGE "Please enter the correct number [0-29]" ;; esac }