Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-04-19 13:42:26 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

housekeeping

Browse source
This commit is contained in:
t3chn0m4g3 2024-11-29 17:21:38 +01:00
parent 23b11aabe9
commit 0b4a1fea68
20 changed files with 0 additions and 740 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
docker/deprecated/elasticpot.old/Dockerfile
View file

@ -1,34 +0,0 @@
FROM alpine:latest
#
# Include dist
ADD dist/ /root/dist/
#
# Install packages
RUN apk -U --no-cache add \
git \
py3-pip \
python3 && \
pip3 install --no-cache-dir bottle \
configparser \
datetime \
requests && \
mkdir -p /opt && \
cd /opt/ && \
git clone --depth=1 https://github.com/schmalle/ElasticpotPY.git && \
#
# Setup user, groups and configs
addgroup -g 2000 elasticpot && \
adduser -S -H -s /bin/ash -u 2000 -D -g 2000 elasticpot && \
mv /root/dist/elasticpot.cfg /opt/ElasticpotPY/ && \
mkdir /opt/ElasticpotPY/log && \
#
# Clean up
apk del --purge git && \
rm -rf /root/* && \
rm -rf /var/cache/apk/*
#
# Start elasticpot
STOPSIGNAL SIGINT
USER elasticpot:elasticpot
WORKDIR /opt/ElasticpotPY/
CMD ["/usr/bin/python3","main.py"]

15
docker/deprecated/elasticpot.old/README.md
View file

@ -1,15 +0,0 @@
[![](https://images.microbadger.com/badges/version/ghcr.io/telekom-security/elasticpot:1903.svg)](https://microbadger.com/images/ghcr.io/telekom-security/elasticpot:1903 "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/image/ghcr.io/telekom-security/elasticpot:1903.svg)](https://microbadger.com/images/ghcr.io/telekom-security/elasticpot:1903 "Get your own image badge on microbadger.com")
# elasticpot
[elasticpot](https://github.com/schmalle/ElasticPot) is a simple elastic search honeypot.
This dockerized version is part of the **[T-Pot community honeypot](http://telekom-security.github.io/)** of Deutsche Telekom AG.
The `Dockerfile` contains the blueprint for the dockerized elasticpot and will be used to setup the docker image.
The `docker-compose.yml` contains the necessary settings to test elasticpot using `docker-compose`. This will ensure to start the docker container with the appropriate permissions and port mappings.
# ElasticPot Dashboard
![ElasticPot Dashboard](doc/dashboard.png)

31
docker/deprecated/elasticpot.old/dist/elasticpot.cfg vendored
View file

@ -1,31 +0,0 @@
# ElasticPot Config
[MAIN]
# Manually set the externally accessible IP of the honeypot
ip = 192.168.1.1
[ELASTICPOT]
# ID pf the elasticpot instance
nodeid = elasticpot-community-01
# Location of the json logfile
logfile = log/elasticpot.log
# Set elasticpot = False to disable json logging and enable automatic attack submission to ews backend (soap)
elasticpot = True
[EWS]
# Note: Only relevant if "elasticpot = False"
# Username for ews submission
username = community-01-user
# Token for ews submission
token = foth{a5maiCee8fineu7
# API endpoint for ews submission
rhost_first = https://community.sicherheitstacho.eu/ews-0.1/alert/postSimpleMessage
# Ignore certificate warnings
ignorecert = false

BIN
docker/deprecated/elasticpot.old/doc/dashboard.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 789 KiB

20
docker/deprecated/elasticpot.old/docker-compose.yml
View file

@ -1,20 +0,0 @@
version: '2.3'
networks:
elasticpot_local:
services:
# Elasticpot service
elasticpot:
build: .
container_name: elasticpot
restart: always
networks:
- elasticpot_local
ports:
- "9200:9200"
image: "ghcr.io/telekom-security/elasticpot:2006"
read_only: true
volumes:
- /data/elasticpot/log:/opt/ElasticpotPY/log

73
docker/deprecated/glastopf/Dockerfile
View file

@ -1,73 +0,0 @@
FROM alpine
# Include dist
ADD dist/ /root/dist/
# Install packages
RUN apk -U --no-cache add \
autoconf \
bind-tools \
build-base \
# cython \
git \
libffi \
libffi-dev \
libcap \
libxslt-dev \
make \
php7 \
php7-dev \
openssl-dev \
py-mysqldb \
py-openssl \
py-pip \
py-setuptools \
python \
python-dev && \
pip install --no-cache-dir --upgrade pip && \
# Install php sandbox from git
git clone --depth=1 https://github.com/mushorg/BFR /opt/BFR && \
cd /opt/BFR && \
phpize7 && \
./configure \
--with-php-config=/usr/bin/php-config7 \
--enable-bfr && \
make && \
make install && \
cd / && \
rm -rf /opt/BFR /tmp/* /var/tmp/* && \
echo "zend_extension = "$(find /usr -name bfr.so) >> /etc/php7/php.ini && \
# Install glastopf from git
git clone --depth=1 https://github.com/mushorg/glastopf.git /opt/glastopf && \
cd /opt/glastopf && \
cp /root/dist/requirements.txt . && \
pip install --no-cache-dir . && \
cd / && \
rm -rf /opt/glastopf /tmp/* /var/tmp/* && \
setcap cap_net_bind_service=+ep /usr/bin/python2.7 && \
# Setup user, groups and configs
addgroup -g 2000 glastopf && \
adduser -S -H -u 2000 -D -g 2000 glastopf && \
mkdir -p /etc/glastopf && \
mv /root/dist/glastopf.cfg /etc/glastopf/ && \
# Clean up
apk del --purge autoconf \
build-base \
file \
git \
libffi-dev \
php7-dev \
python-dev \
py-pip && \
rm -rf /root/* && \
rm -rf /var/cache/apk/*
# Set workdir and start glastopf
STOPSIGNAL SIGINT
USER glastopf:glastopf
WORKDIR /tmp/glastopf/
CMD cp /etc/glastopf/glastopf.cfg /tmp/glastopf && exec glastopf-runner

15
docker/deprecated/glastopf/README.md
View file

@ -1,15 +0,0 @@
[![](https://images.microbadger.com/badges/version/ghcr.io/telekom-security/glastopf:1903.svg)](https://microbadger.com/images/ghcr.io/telekom-security/glastopf:1903 "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/image/ghcr.io/telekom-security/glastopf:1903.svg)](https://microbadger.com/images/ghcr.io/telekom-security/glastopf:1903 "Get your own image badge on microbadger.com")
# glastopf (deprecated)
[glastopf](https://github.com/mushorg/glastopf) is a python web application honeypot.
This dockerized version is part of the **[T-Pot community honeypot](http://telekom-security.github.io/)** of Deutsche Telekom AG.
The `Dockerfile` contains the blueprint for the dockerized glastopf and will be used to setup the docker image.
The `docker-compose.yml` contains the necessary settings to test glastopf using `docker-compose`. This will ensure to start the docker container with the appropriate permissions and port mappings.
# Glastopf Dashboard
![Glastopf Dashboard](doc/dashboard.png)

115
docker/deprecated/glastopf/dist/glastopf.cfg vendored
View file

@ -1,115 +0,0 @@
[webserver]
host = 0.0.0.0
port = 80
uid = glastopf
gid = glastopf
proxy_enabled = False
[ssl]
enabled = False
certfile =
keyfile =
#Generic logging for general monitoring
[logging]
consolelog_enabled = True
filelog_enabled = True
logfile = log/glastopf.log
[dork-db]
enabled = True
pattern = rfi
# Extracts dorks from a online dorks service operated by The Honeynet Project
# This service is down until further notice!
mnem_service = False
[hpfeed]
enabled = False
host = hpfriends.honeycloud.net
port = 20000
secret = 3wis3l2u5l7r3cew
# channels comma separated
chan_events = glastopf.events
chan_files = glastopf.files
ident = x8yer@hp1
[main-database]
#If disabled a sqlite database will be created (db/glastopf.db)
#to be used as dork storage.
enabled = True
#mongodb or sqlalchemy connection string, ex:
#mongodb://localhost:27017/glastopf
#mongodb://james:bond@localhost:27017/glastopf
#mysql://james:bond@somehost.com/glastopf
connection_string = sqlite:///db/glastopf.db
[surfcertids]
enabled = False
host = localhost
port = 5432
user =
password =
database = idsserver
[syslog]
enabled = False
socket = /dev/log
[mail]
enabled = False
# an email notification will be sent only if a specified matched pattern is identified.
# Use the wildcard char *, to be notified every time
patterns = rfi,lfi
user =
pwd =
mail_from =
mail_to =
smtp_host = smtp.gmail.com
smtp_port = 587
[taxii]
enabled = False
host = taxiitest.mitre.org
port = 80
inbox_path = /services/inbox/default/
use_https = False
use_auth_basic = False
auth_basic_username = your_username
auth_basic_password = your_password
use_auth_certificate = False
auth_certificate_keyfile = full_path_to_keyfile
auth_certificate_certfile = full_path_to_certfile
include_contact_info = False
contact_name = ...
contact_email = ...
[logstash]
enabled = False
host = localhost
port = 5659
handler = AMQP/TCP/UDP
[misc]
# set webserver banner
banner = Apache/2.0.48
[surface]
#https://www.google.com/webmasters/
google_meta =
#http://www.bing.com/toolbox/webmaster
bing_meta =
[sensor]
sensorid = None
[profiler]
enabled = False
[s3storage]
enabled = False
endpoint = http://localhost:8080/
aws_access_key_id = YOUR_aws_access_key_id
aws_secret_access_key = YOUR_aws_access_key_id
bucket = glastopf
region = eu-west-1
signature_version = s3

35
docker/deprecated/glastopf/dist/requirements.txt vendored
View file

@ -1,35 +0,0 @@
asn1crypto==0.24.0
BeautifulSoup==3.2.1
beautifulsoup4==4.6.1
botocore==1.11.6
certifi==2018.4.16
cffi==1.10.0
chardet==3.0.4
cryptography==2.1.4
cssselect==1.0.0
Cython==0.28.2
docutils==0.14
enum34==1.1.6
gevent==1.2.2
greenlet==0.4.13
hpfeeds==1.0
idna==2.6
ipaddress==1.0.22
Jinja2==2.9.6
jmespath==0.9.3
libtaxii==1.1.111
lxml==4.2.4
MarkupSafe==1.0
MySQL-python==1.2.5
pyasn1==0.4.2
pycparser==2.18
pylibinjection==0.2.4
pymongo==3.2.2
pyOpenSSL==17.2.0
python-dateutil==2.6.1
python-logstash==0.4.6
requests==2.18.4
six==1.11.0
SQLAlchemy==1.2.7
urllib3==1.22
WebOb==1.2.3

BIN
docker/deprecated/glastopf/doc/dashboard.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 793 KiB

23
docker/deprecated/glastopf/docker-compose.yml
View file

@ -1,23 +0,0 @@
version: '2.3'
networks:
glastopf_local:
services:
# Glastopf service
glastopf:
build: .
container_name: glastopf
tmpfs:
- /tmp/glastopf:uid=2000,gid=2000
restart: always
networks:
- glastopf_local
ports:
- "8081:80"
image: "ghcr.io/telekom-security/glastopf:1903"
read_only: true
volumes:
- /data/glastopf/db:/tmp/glastopf/db
- /data/glastopf/log:/tmp/glastopf/log

36
docker/deprecated/head/Dockerfile
View file

@ -1,36 +0,0 @@
FROM alpine:3.15
#
# Setup env and apt
RUN apk -U add \
curl \
git \
nodejs \
#nodejs-npm && \
npm && \
#
# Get and install packages
mkdir -p /usr/src/app/ && \
cd /usr/src/app/ && \
git clone https://github.com/mobz/elasticsearch-head . && \
git checkout 2d51fecac2980d350fcd3319fd9fe2999f63c9db && \
npm install http-server && \
sed -i "s#\"http\:\/\/localhost\:9200\"#window.location.protocol \+ \'\/\/\' \+ window.location.hostname \+ \'\:\' \+ window.location.port \+ \'\/es\/\'#" /usr/src/app/_site/app.js && \
#
# Setup user, groups and configs
addgroup -g 2000 head && \
adduser -S -H -s /bin/ash -u 2000 -D -g 2000 head && \
chown -R head:head /usr/src/app/ && \
#
# Clean up
apk del --purge git && \
rm -rf /root/* && \
rm -rf /tmp/* && \
rm -rf /var/cache/apk/*
#
# Healthcheck
HEALTHCHECK --retries=10 CMD curl -s -XGET 'http://127.0.0.1:9100'
#
# Start elasticsearch-head
USER head:head
WORKDIR /usr/src/app
CMD ["node_modules/http-server/bin/http-server", "_site", "-p", "9100"]

16
docker/deprecated/head/docker-compose.yml
View file

@ -1,16 +0,0 @@
version: '2.3'
services:
## Elasticsearch-head service
head:
build: .
container_name: head
restart: always
# depends_on:
# elasticsearch:
# condition: service_healthy
ports:
- "127.0.0.1:64302:9100"
image: "dtagdevsec/head:24.04"
read_only: true

55
docker/deprecated/honeypy/Dockerfile
View file

@ -1,55 +0,0 @@
FROM alpine:3.11
#
# Include dist
ADD dist/ /root/dist/
#
# Install packages
RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
apk -U --no-cache add \
build-base \
git \
libcap \
python2 \
python2-dev \
py2-pip && \
#
# Install virtualenv
pip install --no-cache-dir virtualenv && \
#
# Clone honeypy from git
git clone https://github.com/foospidy/HoneyPy /opt/honeypy && \
cd /opt/honeypy && \
git checkout feccab56ca922bcab01cac4ffd82f588d61ab1c5 && \
sed -i 's/local_host/dest_ip/g' /opt/honeypy/loggers/file/honeypy_file.py && \
sed -i 's/local_port/dest_port/g' /opt/honeypy/loggers/file/honeypy_file.py && \
sed -i 's/remote_host/src_ip/g' /opt/honeypy/loggers/file/honeypy_file.py && \
sed -i 's/remote_port/src_port/g' /opt/honeypy/loggers/file/honeypy_file.py && \
sed -i 's/service/proto/g' /opt/honeypy/loggers/file/honeypy_file.py && \
sed -i 's/event/event_type/g' /opt/honeypy/loggers/file/honeypy_file.py && \
sed -i 's/bytes/size/g' /opt/honeypy/loggers/file/honeypy_file.py && \
sed -i 's/date_time/timestamp/g' /opt/honeypy/loggers/file/honeypy_file.py && \
sed -i 's/data,/data.decode("hex"),/g' /opt/honeypy/loggers/file/honeypy_file.py && \
sed -i 's/urllib3/urllib3 == 1.21.1/g' /opt/honeypy/requirements.txt && \
virtualenv env && \
cp /root/dist/services.cfg /opt/honeypy/etc && \
cp /root/dist/honeypy.cfg /opt/honeypy/etc && \
/opt/honeypy/env/bin/pip install -r /opt/honeypy/requirements.txt && \
#
# Setup user, groups and configs
addgroup -g 2000 honeypy && \
adduser -S -H -s /bin/ash -u 2000 -D -g 2000 honeypy && \
chown -R honeypy:honeypy /opt/honeypy && \
setcap cap_net_bind_service=+ep /opt/honeypy/env/bin/python && \
#
# Clean up
apk del --purge build-base \
git \
python2-dev \
py2-pip && \
rm -rf /root/* && \
rm -rf /var/cache/apk/*
#
# Set workdir and start honeypy
USER honeypy:honeypy
WORKDIR /opt/honeypy
CMD ["/opt/honeypy/env/bin/python2", "/opt/honeypy/Honey.py", "-d"]

117
docker/deprecated/honeypy/dist/honeypy.cfg vendored
View file

@ -1,117 +0,0 @@
# HoneyPy/etc/honeypy.cfg
# https://github.com/foospidy/HoneyPy
[honeypy]
# select any name for this HoneyPy node, it can be anything you want (default is: honeypy).
# It will be displayed in tweets, Slack messages, and other integrations.
nodename = honeypy
#add a comma seperated list of ip addresses to supress logging of your local scanners
#whitelist = 192.168.0.5, 192.168.0.21
#include the following service profiles (comma seperated), all services will be combined.
#enabling this will disable the use of service.cfg, which will not be processed
#service_profiles = services.databases.profile, services.linux.profile
# Limit internal log files to a single day. Useful for deployments with limited disk space.
limit_internal_logs = Yes
# Directory for internal HoneyPy logs (not external loggers).
# Use leading slash for absolute path, or omit for relative path
internal_log_dir = log/
# Tweet events on Twitter. Having a dedicated Twitter account for this purpose is recommended.
# You will need to Twitter API credentials for this to work. See https://dev.twitter.com/oauth/application-only
[twitter]
enabled = No
consumerkey =
consumersecret =
oauthtoken =
oauthsecret =
########################################################################################################
# Animus is dead! (http://morris.guru/the-life-and-death-of-animus/) This feature should be use no more.
# enable tweats to include querying Animus Threat Bot (https://github.com/threatbot)
# ask_animus = No
########################################################################################################
#
# Animus rises from the ashes! https://animus.io/
#
########################################################################################################
#
# Animus falls again. https://github.com/hslatman/awesome-threat-intelligence/pull/101
#
########################################################################################################
# Post your events to HoneyDB. Your HoneyPy honepots can contribute threat information to HoneyDB.
# You will need to create API credentails for this to work. See https://riskdiscovery.com/honeydb/#threats
[honeydb]
enabled = No
api_id =
api_key =
# Post your events to a Slack channel. Having a dedicated Slack channel for this is recommended.
# For setting up your Slack webhook see https://api.slack.com/incoming-webhooks
[slack]
enabled = No
webhook_url =
[logstash]
enabled = No
host =
port =
[elasticsearch]
enabled = No
# Elasticsearch url should include ":port/index/type
# example: http://localhost:9200/honeypot/honeypy
es_url =
[telegram]
# You need to add your bot to channel or group, and get the bot token see https://core.telegram.org/bots
enabled = No
# Telegram bot HTTP API Token
bot_id =
[sumologic]
enabled = No
# create a http collector source and use the url provided
# https://help.sumologic.com/Send-Data/Sources/02Sources-for-Hosted-Collectors/HTTP-Source/Upload-Data-to-an-HTTP-Source
url =
custom_source_host =
custom_source_name =
custom_source_category =
[splunk]
enabled = No
# /services/receivers/simple api endpoint
url = https://localhost:8089/services/receivers/simple
username =
password =
[rabbitmq]
enabled = No
# Here you need create rabbitmq config url to be used with pika python lib
# For ex. 1) amqp://username:password@rabbitmq_host/%2f
# 2) amqp://username:password@127.0.0.1/%2f
url_param =
# Name of the Rabbitmq Exchange
# Ex. mycoolexchange
exchange =
# Rabbitmq routing Key if not configured in rabbitmq leave it
# Ex. honeypy
routing_key =
[file]
enabled = Yes
filename = log/json.log
[hpfeeds]
enabled = No
persistent = Yes
server = 127.0.0.1
port = 20000
ident = ident
secret = secret
channel = channel
serverid = id

67
docker/deprecated/honeypy/dist/services.cfg vendored
View file

@ -1,67 +0,0 @@
# HoneyPy Copyright (C) 2013-2017 foospidy
# services.default.profile
# Important: service names must not contain spaces.
# Important: use port redirecting for services that listen on ports below 1024 (see https://github.com/foospidy/ipt-kit).
[Echo]
plugin = Echo
low_port = tcp:7
port = tcp:7
description = Echo back data received via tcp.
enabled = Yes
[Echo.udp]
plugin = Echo_udp
low_port = udp:7
port = udp:7
description = Echo back data received via udp.
enabled = Yes
[MOTD]
plugin = MOTD
low_port = tcp:8
port = tcp:8
description = Send a message via tcp and close connection.
enabled = Yes
[MOTD.udp]
plugin = MOTD_udp
low_port = udp:8
port = udp:8
description = Send a message via udp.
enabled = Yes
[Telnet]
plugin = TelnetUnix
low_port = tcp:2323
port = tcp:2323
description = Emulate Debian telnet login via tcp.
enabled = Yes
[Telnet.Windows]
plugin = TelnetWindows
low_port = tcp:2324
port = tcp:2324
description = Emulate Windows telnet login via tcp.
enabled = Yes
[Random]
plugin = Random
low_port = tcp:2048
port = tcp:2048
description = Send random data via tcp.
enabled = Yes
[HashCountRandom]
plugin = HashCountRandom
low_port = tcp:4096
port = tcp:4096
description = Send random data prefixed with a hash of a counter via tcp.
enabled = Yes
[Elasticsearch]
plugin = Elasticsearch
low_port = tcp:9200
port = tcp:9200
description = Send basic elasticsearch like replies
enabled = Yes

26
docker/deprecated/honeypy/docker-compose.yml
View file

@ -1,26 +0,0 @@
version: '2.3'
networks:
honeypy_local:
services:
# HoneyPy service
honeypy:
build: .
container_name: honeypy
restart: always
networks:
- honeypy_local
ports:
- "7:7"
- "8:8"
- "2048:2048"
- "2323:2323"
- "2324:2324"
- "4096:4096"
- "9200:9200"
image: "dtagdevsec/honeypy:24.04"
read_only: true
volumes:
- /data/honeypy/log:/opt/honeypy/log

42
docker/deprecated/hpfeeds/Dockerfile
View file

@ -1,42 +0,0 @@
### This is only for testing purposes, do NOT use for production
FROM alpine:latest
#
ADD dist/ /root/dist/
#
# Install packages
RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
apk -U --no-cache add \
build-base \
coreutils \
git \
libffi \
libffi-dev \
py-gevent \
py-pip \
python \
python-dev \
sqlite && \
#
# Install php sandbox from git
git clone --depth=1 https://github.com/rep/hpfeeds /opt/hpfeeds && \
cd /opt/hpfeeds/broker && \
sed -i -e '87d;88d' database.py && \
cp /root/dist/adduser.sql . && \
cd /opt/hpfeeds/broker && timeout 5 python broker.py || : && \
sqlite3 db.sqlite3 < adduser.sql && \
#
#python setup.py build && \
#python setup.py install && \
#
# Clean up
apk del --purge autoconf \
build-base \
coreutils \
libffi-dev \
python-dev && \
rm -rf /root/* && \
rm -rf /var/cache/apk/*
#
# Set workdir and start glastopf
WORKDIR /opt/hpfeeds/broker
CMD python broker.py

1
docker/deprecated/hpfeeds/dist/adduser.sql vendored
View file

@ -1 +0,0 @@
insert into authkeys (owner, ident, secret, pubchans, subchans) values ('testID', 'testID', 'testSecret', '["ciscoasa", "rdpy-channel", "mailoney.mail","mailoney.commands",mailoney.shellcode"]', '["ciscoasa", "rdpy-channel", "mailoney.mail","mailoney.commands",mailoney.shellcode"]');

19
docker/deprecated/hpfeeds/docker-compose.yml
View file

@ -1,19 +0,0 @@
### This is only for testing purposes, do NOT use for production
version: '2.3'
networks:
hpfeeds_local:
services:
# hpfeeds service
hpfeeds:
build: .
container_name: hpfeeds
restart: always
stop_signal: SIGKILL
networks:
- hpfeeds_local
ports:
- "20000:20000"
image: "ghcr.io/telekom-security/hpfeeds:latest"