Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-07-01 20:42:11 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

include rdpy honeypot

Browse source
This commit is contained in:
Marco Ochse 2017-08-27 00:37:57 +00:00
parent 46eea25f38
commit 56ebd9f05c
9 changed files with 52 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
installer/bin/clean.sh
View file

@ -138,6 +138,14 @@ fuMAILONEY () {
chown tpot:tpot /data/mailoney/ -R chown tpot:tpot /data/mailoney/ -R
} }
# Let's create a function to clean up and prepare rdpy data
fuRDPY () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/rdpy/*; fi
mkdir -p /data/rdpy/log/
chmod 760 /data/rdpy/ -R
chown tpot:tpot /data/rdpy/ -R
}
# Let's create a function to prepare spiderfoot db # Let's create a function to prepare spiderfoot db
fuSPIDERFOOT () { fuSPIDERFOOT () {
mkdir -p /data/spiderfoot mkdir -p /data/spiderfoot
@ -202,6 +210,7 @@ if [ "$myPERSISTENCE" = "on" ];
fuGLASTOPF fuGLASTOPF
fuHONEYTRAP fuHONEYTRAP
fuMAILONEY fuMAILONEY
fuRDPY
fuSPIDERFOOT fuSPIDERFOOT
fuSURICATA fuSURICATA
fuP0F fuP0F

13
installer/etc/tpot/compose/all.yml
View file

@ -11,6 +11,7 @@ networks:
ewsposter_local: ewsposter_local:
glastopf_local: glastopf_local:
mailoney_local: mailoney_local:
rdpy_local:
spiderfoot_local: spiderfoot_local:
ui-for-docker_local: ui-for-docker_local:
vnclowpot_local: vnclowpot_local:
@ -240,6 +241,18 @@ services:
- /sys:/host/sys:ro - /sys:/host/sys:ro
- /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock
# Rdpy service
rdpy:
container_name: rdpy
restart: always
networks:
- rdpy_local
ports:
- "3389:3389"
image: "dtagdevsec/rdpy:1706"
volumes:
- /data/rdpy/log:/var/log/rdpy
# Spiderfoot service # Spiderfoot service
spiderfoot: spiderfoot:
container_name: spiderfoot container_name: spiderfoot

13
installer/etc/tpot/compose/hp.yml
View file

@ -9,6 +9,7 @@ networks:
ewsposter_local: ewsposter_local:
glastopf_local: glastopf_local:
mailoney_local: mailoney_local:
rdpy_local:
vnclowpot_local: vnclowpot_local:
services: services:
@ -130,6 +131,18 @@ services:
volumes: volumes:
- /data/mailoney/log:/opt/mailoney/logs - /data/mailoney/log:/opt/mailoney/logs
# Rdpy service
rdpy:
container_name: rdpy
restart: always
networks:
- rdpy_local
ports:
- "3389:3389"
image: "dtagdevsec/rdpy:1706"
volumes:
- /data/rdpy/log:/var/log/rdpy
# Vnclowpot service # Vnclowpot service
vnclowpot: vnclowpot:
container_name: vnclowpot container_name: vnclowpot

13
installer/etc/tpot/compose/tpot.yml
View file

@ -9,6 +9,7 @@ networks:
ewsposter_local: ewsposter_local:
glastopf_local: glastopf_local:
mailoney_local: mailoney_local:
rdpy_local:
spiderfoot_local: spiderfoot_local:
ui-for-docker_local: ui-for-docker_local:
vnclowpot_local: vnclowpot_local:
@ -210,6 +211,18 @@ services:
- /sys:/host/sys:ro - /sys:/host/sys:ro
- /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock
# Rdpy service
rdpy:
container_name: rdpy
restart: always
networks:
- rdpy_local
ports:
- "3389:3389"
image: "dtagdevsec/rdpy:1706"
volumes:
- /data/rdpy/log:/var/log/rdpy
# Spiderfoot service # Spiderfoot service
spiderfoot: spiderfoot:
container_name: spiderfoot container_name: spiderfoot

BIN
installer/etc/tpot/elkbase.tgz
View file

Binary file not shown.

BIN
installer/etc/tpot/kibana-objects.tgz
View file

Binary file not shown.

1
installer/etc/tpot/logrotate/logrotate.conf
View file

@ -22,6 +22,7 @@
/data/honeytrap/downloads.tgz /data/honeytrap/downloads.tgz
/data/mailoney/log/commands.log /data/mailoney/log/commands.log
/data/p0f/log/p0f.json /data/p0f/log/p0f.json
/data/rdpy/log/rdpy.log
/data/suricata/log/*.log /data/suricata/log/*.log
/data/suricata/log/*.json /data/suricata/log/*.json
/data/vnclowpot/log/vnclowpot.log /data/vnclowpot/log/vnclowpot.log

4
installer/etc/tpot/systemd/tpot.service
View file

@ -34,7 +34,7 @@ ExecStartPre=/sbin/iptables -w -A INPUT -s 127.0.0.1 -j ACCEPT
ExecStartPre=/sbin/iptables -w -A INPUT -d 127.0.0.1 -j ACCEPT ExecStartPre=/sbin/iptables -w -A INPUT -d 127.0.0.1 -j ACCEPT
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 64295:64303,7634 -j ACCEPT ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 64295:64303,7634 -j ACCEPT
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 20:23,25,42,69,80,135,443,445,1433,1723,1883,1900 -j ACCEPT ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 20:23,25,42,69,80,135,443,445,1433,1723,1883,1900 -j ACCEPT
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 3306,5060,5061,5601,5900,27017 -j ACCEPT ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 3306,3389,5060,5061,5601,5900,27017 -j ACCEPT
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 1025,50100,8080,8081,9200 -j ACCEPT ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 1025,50100,8080,8081,9200 -j ACCEPT
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -j NFQUEUE ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -j NFQUEUE
@ -49,7 +49,7 @@ ExecStopPost=/sbin/iptables -w -D INPUT -s 127.0.0.1 -j ACCEPT
ExecStopPost=/sbin/iptables -w -D INPUT -d 127.0.0.1 -j ACCEPT ExecStopPost=/sbin/iptables -w -D INPUT -d 127.0.0.1 -j ACCEPT
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 64295:64303,7634 -j ACCEPT ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 64295:64303,7634 -j ACCEPT
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 20:23,25,42,69,80,135,443,445,1433,1723,1883,1900 -j ACCEPT ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 20:23,25,42,69,80,135,443,445,1433,1723,1883,1900 -j ACCEPT
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 3306,5060,5061,5601,5900,27017 -j ACCEPT ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 3306,3389,5060,5061,5601,5900,27017 -j ACCEPT
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 1025,50100,8080,8081,9200 -j ACCEPT ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 1025,50100,8080,8081,9200 -j ACCEPT
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -j NFQUEUE ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -j NFQUEUE

1
installer/install.sh
View file

@ -448,6 +448,7 @@ mkdir -p /data/conpot/log \
/data/mailoney/log \ /data/mailoney/log \
/data/emobility/log \ /data/emobility/log \
/data/ews/conf \ /data/ews/conf \
/data/rdpy/log \
/data/spiderfoot \ /data/spiderfoot \
/data/suricata/log /home/tsec/.ssh/ \ /data/suricata/log /home/tsec/.ssh/ \
/data/p0f/log \ /data/p0f/log \