Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-04-20 06:02:24 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

begin integration of dicompot

Browse source
This commit is contained in:
t3chn0m4g3 2020-06-18 16:38:43 +00:00
parent 2882668826
commit 697c5cb3f6
9 changed files with 99 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
README.md
View file

@ -87,6 +87,7 @@ In T-Pot we combine the dockerized honeypots ...
* [citrixhoneypot](https://github.com/MalwareTech/CitrixHoneypot), * [citrixhoneypot](https://github.com/MalwareTech/CitrixHoneypot),
* [conpot](http://conpot.org/), * [conpot](http://conpot.org/),
* [cowrie](http://www.micheloosterhof.com/cowrie/), * [cowrie](http://www.micheloosterhof.com/cowrie/),
* [dicompot](https://github.com/nsmfoo/dicompot),
* [dionaea](https://github.com/DinoTools/dionaea), * [dionaea](https://github.com/DinoTools/dionaea),
* [elasticpot](https://gitlab.com/bontchev/elasticpot), * [elasticpot](https://gitlab.com/bontchev/elasticpot),
* [glutton](https://github.com/mushorg/glutton), * [glutton](https://github.com/mushorg/glutton),
@ -421,7 +422,7 @@ You may opt out of the submission by removing the `# Ewsposter service` from `/o
restart: always restart: always
networks: networks:
- ewsposter_local - ewsposter_local
image: "dtagdevsec/ewsposter:1903" image: "dtagdevsec/ewsposter:2006"
volumes: volumes:
- /data:/data - /data:/data
- /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip
@ -475,7 +476,7 @@ We hope you understand that we cannot provide support on an individual basis. We
The software that T-Pot is built on uses the following licenses. The software that T-Pot is built on uses the following licenses.
<br>GPLv2: [conpot](https://github.com/mushorg/conpot/blob/master/LICENSE.txt), [dionaea](https://github.com/DinoTools/dionaea/blob/master/LICENSE), [honeypy](https://github.com/foospidy/HoneyPy/blob/master/LICENSE), [honeytrap](https://github.com/armedpot/honeytrap/blob/master/LICENSE), [suricata](http://suricata-ids.org/about/open-source/) <br>GPLv2: [conpot](https://github.com/mushorg/conpot/blob/master/LICENSE.txt), [dionaea](https://github.com/DinoTools/dionaea/blob/master/LICENSE), [honeypy](https://github.com/foospidy/HoneyPy/blob/master/LICENSE), [honeytrap](https://github.com/armedpot/honeytrap/blob/master/LICENSE), [suricata](http://suricata-ids.org/about/open-source/)
<br>GPLv3: [adbhoney](https://github.com/huuck/ADBHoney), [elasticpot](https://gitlab.com/bontchev/elasticpot/-/blob/master/LICENSE), [ewsposter](https://github.com/dtag-dev-sec/ews/), [fatt](https://github.com/0x4D31/fatt/blob/master/LICENSE), [rdpy](https://github.com/citronneur/rdpy/blob/master/LICENSE), [heralding](https://github.com/johnnykv/heralding/blob/master/LICENSE.txt), [snare](https://github.com/mushorg/snare/blob/master/LICENSE), [tanner](https://github.com/mushorg/snare/blob/master/LICENSE) <br>GPLv3: [adbhoney](https://github.com/huuck/ADBHoney), [elasticpot](https://gitlab.com/bontchev/elasticpot/-/blob/master/LICENSE), [ewsposter](https://github.com/dtag-dev-sec/ews/), [fatt](https://github.com/0x4D31/fatt/blob/master/LICENSE), [rdpy](https://github.com/citronneur/rdpy/blob/master/LICENSE), [heralding](https://github.com/johnnykv/heralding/blob/master/LICENSE.txt), [snare](https://github.com/mushorg/snare/blob/master/LICENSE), [tanner](https://github.com/mushorg/snare/blob/master/LICENSE)
<br>Apache 2 License: [cyberchef](https://github.com/gchq/CyberChef/blob/master/LICENSE), [elasticsearch](https://github.com/elasticsearch/elasticsearch/blob/master/LICENSE.txt), [logstash](https://github.com/elasticsearch/logstash/blob/master/LICENSE), [kibana](https://github.com/elasticsearch/kibana/blob/master/LICENSE.md), [docker](https://github.com/docker/docker/blob/master/LICENSE), [elasticsearch-head](https://github.com/mobz/elasticsearch-head/blob/master/LICENCE) <br>Apache 2 License: [cyberchef](https://github.com/gchq/CyberChef/blob/master/LICENSE), [dicompot](https://github.com/nsmfoo/dicompot/blob/master/LICENSE), [elasticsearch](https://github.com/elasticsearch/elasticsearch/blob/master/LICENSE.txt), [logstash](https://github.com/elasticsearch/logstash/blob/master/LICENSE), [kibana](https://github.com/elasticsearch/kibana/blob/master/LICENSE.md), [docker](https://github.com/docker/docker/blob/master/LICENSE), [elasticsearch-head](https://github.com/mobz/elasticsearch-head/blob/master/LICENCE)
<br>MIT license: [ciscoasa](https://github.com/Cymmetria/ciscoasa_honeypot/blob/master/LICENSE), [glutton](https://github.com/mushorg/glutton/blob/master/LICENSE) <br>MIT license: [ciscoasa](https://github.com/Cymmetria/ciscoasa_honeypot/blob/master/LICENSE), [glutton](https://github.com/mushorg/glutton/blob/master/LICENSE)
<br> Other: [citrixhoneypot](https://github.com/MalwareTech/CitrixHoneypot#licencing-agreement-malwaretech-public-licence), [cowrie](https://github.com/micheloosterhof/cowrie/blob/master/LICENSE.md), [mailoney](https://github.com/awhitehatter/mailoney), [Debian licensing](https://www.debian.org/legal/licenses/) <br> Other: [citrixhoneypot](https://github.com/MalwareTech/CitrixHoneypot#licencing-agreement-malwaretech-public-licence), [cowrie](https://github.com/micheloosterhof/cowrie/blob/master/LICENSE.md), [mailoney](https://github.com/awhitehatter/mailoney), [Debian licensing](https://www.debian.org/legal/licenses/)
@ -493,6 +494,7 @@ Without open source and the fruitful development community (we are proud to be a
* [conpot](https://github.com/mushorg/conpot/graphs/contributors) * [conpot](https://github.com/mushorg/conpot/graphs/contributors)
* [cowrie](https://github.com/micheloosterhof/cowrie/graphs/contributors) * [cowrie](https://github.com/micheloosterhof/cowrie/graphs/contributors)
* [debian](http://www.debian.org/) * [debian](http://www.debian.org/)
* [dicompot](https://github.com/nsmfoo/dicompot/graphs/contributors)
* [dionaea](https://github.com/DinoTools/dionaea/graphs/contributors) * [dionaea](https://github.com/DinoTools/dionaea/graphs/contributors)
* [docker](https://github.com/docker/docker/graphs/contributors) * [docker](https://github.com/docker/docker/graphs/contributors)
* [elasticpot](https://gitlab.com/bontchev/elasticpot/-/project_members) * [elasticpot](https://gitlab.com/bontchev/elasticpot/-/project_members)

9
bin/clean.sh
View file

@ -114,6 +114,14 @@ fuCOWRIE () {
chown tpot:tpot /data/cowrie -R chown tpot:tpot /data/cowrie -R
} }
# Let's create a function to clean up and prepare dicompot data
fuDICOMPOT () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/dicompot/*; fi
mkdir -p /data/dicompot/log
chmod 770 /data/dicompot -R
chown tpot:tpot /data/dicompot -R
}
# Let's create a function to clean up and prepare dionaea data # Let's create a function to clean up and prepare dionaea data
fuDIONAEA () { fuDIONAEA () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/dionaea/*; fi if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/dionaea/*; fi
@ -271,6 +279,7 @@ if [ "$myPERSISTENCE" = "on" ];
fuCITRIXHONEYPOT fuCITRIXHONEYPOT
fuCONPOT fuCONPOT
fuCOWRIE fuCOWRIE
fuDICOMPOT
fuDIONAEA fuDIONAEA
fuELASTICPOT fuELASTICPOT
fuELK fuELK

4
bin/hptest.sh
View file

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
myHOST="$1" myHOST="$1"
myPACKAGES="netcat nmap" myPACKAGES="dcmtk netcat nmap"
myMEDPOTPACKET=" myMEDPOTPACKET="
MSH|^~\&|ADT1|MCM|LABADT|MCM|198808181126|SECURITY|ADT^A01|MSG00001-|P|2.6 MSH|^~\&|ADT1|MCM|LABADT|MCM|198808181126|SECURITY|ADT^A01|MSG00001-|P|2.6
EVN|A01|198808181123 EVN|A01|198808181123
@ -85,6 +85,8 @@ echo "$myMEDPOTPACKET" | nc "$myHOST" 2575 &
curl -XGET "http://$myHOST:9200/logstash-*/_search" & curl -XGET "http://$myHOST:9200/logstash-*/_search" &
curl -XPOST -H "Content-Type: application/json" -d '{"name":"test","email":"test@test.com"}' "http://$myHOST:9200/test" & curl -XPOST -H "Content-Type: application/json" -d '{"name":"test","email":"test@test.com"}' "http://$myHOST:9200/test" &
echo "I20100" | timeout --foreground 3 nc "$myHOST" 10001 & echo "I20100" | timeout --foreground 3 nc "$myHOST" 10001 &
findscu -P -k PatientName="*" $myHOST 11112 &
getscu -P -k PatientName="*" $myHOST 11112 &
fuSCAN "180" "7,8,102,135,161,1025,1080,5000,9200" "$myHOST" "-sC -sS -sU -sV" fuSCAN "180" "7,8,102,135,161,1025,1080,5000,9200" "$myHOST" "-sC -sS -sU -sV"
fuSCAN "180" "2048,4096,5432" "$myHOST" "-sC -sS -sU -sV --version-light" fuSCAN "180" "2048,4096,5432" "$myHOST" "-sC -sS -sU -sV --version-light"
fuSCAN "120" "20,21" "$myHOST" "--script=ftp* -sC -sS -sV" fuSCAN "120" "20,21" "$myHOST" "--script=ftp* -sC -sS -sV"

42
docker/dicompot/Dockerfile Normal file
View file

@ -0,0 +1,42 @@
FROM alpine:latest
#
# Setup apk
RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
apk -U add \
build-base \
git \
g++ && \
apk -U add go --repository http://dl-3.alpinelinux.org/alpine/edge/community && \
#
# Setup go, build dicompot
mkdir -p /opt/go && \
export GOPATH=/opt/go/ && \
cd /opt/go/ && \
git clone https://github.com/nsmfoo/dicompot.git && \
cd dicompot && \
sed -i 's#dicompot.log#/var/log/dicompot/dicompot.log#g' server/server.go && \
go mod download && \
go install -a -x github.com/nsmfoo/dicompot/server && \
#
# Setup dicompot
mkdir -p /opt/dicompot && \
cp /opt/go/bin/server /opt/dicompot && \
#
# Setup user, groups and configs
addgroup -g 2000 dicompot && \
adduser -S -s /bin/ash -u 2000 -D -g 2000 dicompot && \
chown -R dicompot:dicompot /opt/dicompot && \
#
# Clean up
apk del --purge build-base \
git \
go \
g++ && \
rm -rf /var/cache/apk/* \
/opt/go \
/root/dist
#
# Start dicompot
WORKDIR /opt/dicompot
USER dicompot:dicompot
CMD ["./server","-ip","0.0.0.0"]

20
docker/dicompot/docker-compose.yml Normal file
View file

@ -0,0 +1,20 @@
version: '2.3'
networks:
dicompot_local:
services:
# dicompot service
dicompot:
build: .
container_name: dicompot
restart: always
networks:
- dicompot_local
ports:
- "11112:11112"
image: "dtagdevsec/dicompot:2006"
read_only: true
volumes:
- /data/dicompot/log:/var/log/dicompot

5
docker/docker-compose.yml
View file

@ -32,6 +32,11 @@ services:
build: cowrie/. build: cowrie/.
image: "dtagdevsec/cowrie:2006" image: "dtagdevsec/cowrie:2006"
# Dicompot service
dicompot:
build: dicompot/.
image: "dtagdevsec/dicompot:2006"
# Dionaea service # Dionaea service
dionaea: dionaea:
build: dionaea/. build: dionaea/.

14
etc/compose/nextgen.yml
View file

@ -11,6 +11,7 @@ networks:
conpot_local_kamstrup_382: conpot_local_kamstrup_382:
cowrie_local: cowrie_local:
cyberchef_local: cyberchef_local:
dicompot_local:
elasticpot_local: elasticpot_local:
heralding_local: heralding_local:
honeypy_local: honeypy_local:
@ -175,6 +176,19 @@ services:
- /data/cowrie/log:/home/cowrie/cowrie/log - /data/cowrie/log:/home/cowrie/cowrie/log
- /data/cowrie/log/tty:/home/cowrie/cowrie/log/tty - /data/cowrie/log/tty:/home/cowrie/cowrie/log/tty
# Dicompot service
dicompot:
container_name: dicompot
restart: always
networks:
- dicompot_local
ports:
- "11112:11112"
image: "dtagdevsec/dicompot:2006"
read_only: true
volumes:
- /data/dicompot/log:/var/log/dicompot
# Dionaea service # Dionaea service
dionaea: dionaea:
container_name: dionaea container_name: dionaea

1
iso/installer/install.sh
View file

@ -780,6 +780,7 @@ mkdir -vp /data/adbhoney/{downloads,log} \
/data/conpot/log \ /data/conpot/log \
/data/citrixhoneypot/logs \ /data/citrixhoneypot/logs \
/data/cowrie/{downloads,keys,misc,log,log/tty} \ /data/cowrie/{downloads,keys,misc,log,log/tty} \
/data/dicompot/log \
/data/dionaea/{log,bistreams,binaries,rtp,roots,roots/ftp,roots/tftp,roots/www,roots/upnp} \ /data/dionaea/{log,bistreams,binaries,rtp,roots,roots/ftp,roots/tftp,roots/www,roots/upnp} \
/data/elasticpot/log \ /data/elasticpot/log \
/data/elk/{data,log} \ /data/elk/{data,log} \

1
update.sh
View file

@ -228,6 +228,7 @@ mkdir -vp /data/adbhoney/{downloads,log} \
/data/conpot/log \ /data/conpot/log \
/data/citrixhoneypot/logs \ /data/citrixhoneypot/logs \
/data/cowrie/{downloads,keys,misc,log,log/tty} \ /data/cowrie/{downloads,keys,misc,log,log/tty} \
/data/dicompot \
/data/dionaea/{log,bistreams,binaries,rtp,roots,roots/ftp,roots/tftp,roots/www,roots/upnp} \ /data/dionaea/{log,bistreams,binaries,rtp,roots,roots/ftp,roots/tftp,roots/www,roots/upnp} \
/data/elasticpot/log \ /data/elasticpot/log \
/data/elk/{data,log} \ /data/elk/{data,log} \