tpotce/collector/README.MD

# HoneyPot Data collector

HoneyPot Data collector is software intended to collect information from all TPot CE honey pots, deployed in DAEU.

## Requirements

 - Python 3.9
 - PostgreSQL (developed on 13.4, but should work on any)

## Installation

1. Clone repo

``
git cone https://github.com/satanasov/HoneyPotCollector.git
``

2. Install requirements

```
cd HonePotCollector 
pip install -r requirements.txt
```

3. Config SQL user
4. Make migrations
```
python3 manage.py migrate
```

5. Create super user
```
python manage.py createsuperuser
```
6. Start server as daemon
```
nohup python3 manage.py runserver 0.0.0.0:8000 > ~/collector.log &
```

## Configuration

### SSH Keys

Please create private/public key pair for the user you are going to run the server. Copy public keys to all machines you are going to scrape.

### Add target servers

Go to `http://<serverip>:8000/admin` and login with superuser. 

Go to "Collectorapi" > "Honey pot servers" and add servers, with IPs (use `0000` as key to generate random key)

### Automate

Add crontab to run `collector.sh` each 15 minutes (+1 just in case)

```
1,16,31,46 * * * * /bin/bash /home/collector/HoneyPotCollector/collector.sh 1> /home/collector/cron.log
```

# API Documentation

## CollectorAPI

### /API/targets

Get list of all active IPs we have to crawl

**Responds only on localhost requests**

### /API/from_time

Get from time for the current request

**Responds only on localhost requests**

### /API/to_time

Get to time for the current request

**Responds only on localhost requests**

### /API/post_local

Local post instance. Accepts only from localhost and is used to load the JSON files we get with the collector scripts.

**Responds only on localhost requests**

### /API/post

Remote post instance. Accepts only from verified active keys and servers. Loads the remote send JSON files.

### /API/report/ips

Returns JSON formatted list of results related to attacking IPs

Accepts the following GET paramaters:
    
- **days** (int) - how many hours back should the report return
- **limit** (int)- How many results should it return
- **iso** (str) - for which country should results be returned
- **no_count** - boolen for should the attack count be returned

### /API/report/countries

Returns JSON formatted list of results related to attacking countries

Accepts the following GET paramaters:
    
- **days** (int) - how many hours back should the report return
- **limit** (int)- How many results should it return
- **no_count** - boolen for should the attack count be returned

### /API/report/protocols

Returns JSON formatted list of results related to attacked protocols

Accepts the following GET paramaters:
    
- **days** (int) - how many hours back should the report return
- **limit** (int)- How many results should it return
- **no_count** - boolen for should the attack count be returned
Upload-collector Upload-collector 2024-06-05 07:52:53 +00:00			`# HoneyPot Data collector`

			`HoneyPot Data collector is software intended to collect information from all TPot CE honey pots, deployed in DAEU.`

			`## Requirements`

			`- Python 3.9`
			`- PostgreSQL (developed on 13.4, but should work on any)`

			`## Installation`

			`1. Clone repo`

			``
			`git cone https://github.com/satanasov/HoneyPotCollector.git`
			``

			`2. Install requirements`

			```
			`cd HonePotCollector`
			`pip install -r requirements.txt`
			```

			`3. Config SQL user`
			`4. Make migrations`
			```
			`python3 manage.py migrate`
			```

			`5. Create super user`
			```
			`python manage.py createsuperuser`
			```
			`6. Start server as daemon`
			```
			`nohup python3 manage.py runserver 0.0.0.0:8000 > ~/collector.log &`
			```

			`## Configuration`

			`### SSH Keys`

			`Please create private/public key pair for the user you are going to run the server. Copy public keys to all machines you are going to scrape.`

			`### Add target servers`

			Go to `http://<serverip>:8000/admin` and login with superuser.

			Go to "Collectorapi" > "Honey pot servers" and add servers, with IPs (use `0000` as key to generate random key)

			`### Automate`

			Add crontab to run `collector.sh` each 15 minutes (+1 just in case)

			```
			`1,16,31,46 * * * * /bin/bash /home/collector/HoneyPotCollector/collector.sh 1> /home/collector/cron.log`
			```

			`# API Documentation`

			`## CollectorAPI`

			`### /API/targets`

			`Get list of all active IPs we have to crawl`

			`Responds only on localhost requests`

			`### /API/from_time`

			`Get from time for the current request`

			`Responds only on localhost requests`

			`### /API/to_time`

			`Get to time for the current request`

			`Responds only on localhost requests`

			`### /API/post_local`

			`Local post instance. Accepts only from localhost and is used to load the JSON files we get with the collector scripts.`

			`Responds only on localhost requests`

			`### /API/post`

			`Remote post instance. Accepts only from verified active keys and servers. Loads the remote send JSON files.`

			`### /API/report/ips`

			`Returns JSON formatted list of results related to attacking IPs`

			`Accepts the following GET paramaters:`

			`- days (int) - how many hours back should the report return`
			`- limit (int)- How many results should it return`
			`- iso (str) - for which country should results be returned`
			`- no_count - boolen for should the attack count be returned`

			`### /API/report/countries`

			`Returns JSON formatted list of results related to attacking countries`

			`Accepts the following GET paramaters:`

			`- days (int) - how many hours back should the report return`
			`- limit (int)- How many results should it return`
			`- no_count - boolen for should the attack count be returned`

			`### /API/report/protocols`

			`Returns JSON formatted list of results related to attacked protocols`

			`Accepts the following GET paramaters:`

			`- days (int) - how many hours back should the report return`
			`- limit (int)- How many results should it return`
			`- no_count - boolen for should the attack count be returned`