diff --git a/README.md b/README.md index 589362ae..2c1357ab 100644 --- a/README.md +++ b/README.md @@ -13,12 +13,12 @@ - [Conclusion](#conclusion) --- - + ## 1. Introduction ๐ŸŒ **T-Pot** is an all-in-one honeypot platform designed by Deutsche Telekom. It supports multi-architectures (amd64, arm64) and offers a wide range of visualization options using the **Elastic Stack**, real-time animated attack maps, and numerous security tools to enhance the deception experience. ๐Ÿฏ --- - + ### 1.1 Features and Benefits ๐Ÿ’ก T-Pot provides several key features that make it a powerful tool for cybersecurity professionals and researchers: @@ -35,12 +35,12 @@ T-Pot provides several key features that make it a powerful tool for cybersecuri - **Community Data Sharing**: By default, T-Pot sends data to the **Sicherheitstacho** community backend, contributing to collective threat intelligence. This feature can be disabled if needed. --- - + ### 1.2 Architecture ๐Ÿ—๏ธ The core components of T-Pot have been moved into a Docker image called **tpotinit**. This change has made T-Pot compatible with multiple Linux distributions, macOS, and Windows (with some limitations due to Docker Desktop). T-Pot uses **Docker** and **Docker Compose** to run as many honeypots and tools as possible simultaneously, maximizing the host's hardware utilization. --- - + ### 1.3 Supported Honeypots ๐Ÿ›ก๏ธ T-Pot supports a wide range of honeypots, including: @@ -78,7 +78,7 @@ T-Pot supports a wide range of honeypots, including: 2. **[H0neytr4p](https://github.com/pbssubhash/h0neytr4p)**: A generic honeypot for capturing interactions with exposed services. --- - + ### 1.4 Tools Included ๐Ÿ› ๏ธ T-Pot also includes the following tools: - **Autoheal**: Automatically restarts containers with failed health checks. @@ -107,7 +107,7 @@ To get things up and running just follow these steps: 9. Stop T-Pot: `CTRL-C` (it if was running in the foreground) and / or `docker compose down -v` to stop T-Pot entirely. --- - + ### 2.1 Required Ports ๐Ÿ”Œ Besides the ports generally needed by the OS, i.e. obtaining a DHCP lease, DNS, etc. T-Pot will require the following ports for incoming / outgoing connections. Review the [T-Pot Architecture](#technical-architecture) for a visual representation. Also some ports will show up as duplicates, which is fine since used in different editions. @@ -150,7 +150,7 @@ Besides the ports generally needed by the OS, i.e. obtaining a DHCP lease, DNS, | 8090 | tcp | incoming | Honeypot: Wordpot | --- - + ### 2.2 Uninstall T-Pot ๐Ÿงน Uninstallation of T-Pot is only available on the [supported Linux distros](#choose-your-distro).
To uninstall T-Pot run ~/tpotce/uninstall.sh and follow the uninstaller instructions, you will have to enter your password at least once.
@@ -158,7 +158,7 @@ Once the uninstall is finished reboot the machine sudo reboot

--- - + ## 3 Data Analysis and Insights Recent studies, such as one conducted by **Jiuma Elhshik**, have demonstrated T-Pot's effectiveness in collecting and analyzing threat data. Over 48 hours, T-Pot captured **126,833 attacks**, providing valuable insights into current threat landscapes. Key findings include: @@ -180,6 +180,6 @@ Recent studies, such as one conducted by **Jiuma Elhshik**, have demonstrated T- - Detection of malware such as **Hajime**, a worm known for creating botnets. --- - + ## 4 Conclusion ๐Ÿ”š T-Pot is a powerful and versatile platform for cybersecurity professionals and researchers. Its ability to integrate multiple honeypots, provide advanced visualization tools, and scale across different environments makes it an essential tool for understanding and mitigating cyber threats. By contributing to collective threat intelligence, T-Pot helps build a safer digital world. ๐ŸŒ๐Ÿ”’