diff --git a/README.md b/README.md
index 5cbdfa38..3f867f36 100644
--- a/README.md
+++ b/README.md
@@ -88,8 +88,11 @@ env bash -c "$(curl -sL https://github.com/telekom-security/tpotce/raw/24.04.1/i
- [Discussions](#discussions)
- [Licenses](#licenses)
- [Credits](#credits)
- - [The developers and development communities of](#the-developers-and-development-communities-of)
+ - [The developers and development communities of](#the-developers-and-development-communities-of)
+ - [**The following companies and organizations**](#the-following-companies-and-organizations)
+ - [**And of course ***YOU*** for joining the community!**](#and-of-course-you-for-joining-the-community)
- [Testimonials](#testimonials)
+- [Thank you 💖](#thank-you-)
@@ -106,38 +109,39 @@ T-Pot's main components have been moved into the `tpotinit` Docker image allowin
## Honeypots and Tools
-T-Pot offers docker images for the following honeypots ...
-* [adbhoney](https://github.com/huuck/ADBHoney)
-* [beelzebub](https://github.com/mariocandela/beelzebub)
-* [ciscoasa](https://github.com/Cymmetria/ciscoasa_honeypot)
-* [citrixhoneypot](https://github.com/MalwareTech/CitrixHoneypot)
-* [conpot](http://conpot.org/)
-* [cowrie](https://github.com/cowrie/cowrie)
-* [ddospot](https://github.com/aelth/ddospot)
-* [dicompot](https://github.com/nsmfoo/dicompot)
-* [dionaea](https://github.com/DinoTools/dionaea)
-* [elasticpot](https://gitlab.com/bontchev/elasticpot)
-* [endlessh](https://github.com/skeeto/endlessh)
-* [galah](https://github.com/0x4D31/galah)
-* [go-pot](https://github.com/ryanolee/go-pot)
-* [glutton](https://github.com/mushorg/glutton)
-* [hellpot](https://github.com/yunginnanet/HellPot)
-* [heralding](https://github.com/johnnykv/heralding)
-* [honeyaml](https://github.com/mmta/honeyaml)
-* [honeypots](https://github.com/qeeqbox/honeypots)
-* [honeytrap](https://github.com/armedpot/honeytrap/)
-* [ipphoney](https://gitlab.com/bontchev/ipphoney)
-* [log4pot](https://github.com/thomaspatzke/Log4Pot)
-* [mailoney](https://github.com/awhitehatter/mailoney)
-* [medpot](https://github.com/schmalle/medpot)
-* [miniprint](https://github.com/sa7mon/miniprint)
-* [redishoneypot](https://github.com/cypwnpwnsocute/RedisHoneyPot)
-* [sentrypeer](https://github.com/SentryPeer/SentryPeer)
-* [snare](http://mushmush.org/)
-* [tanner](http://mushmush.org/)
-* [wordpot](https://github.com/gbrindisi/wordpot)
+- T-Pot offers docker images for the following honeypots:
+[adbhoney](https://github.com/huuck/ADBHoney),
+[beelzebub](https://github.com/mariocandela/beelzebub),
+[ciscoasa](https://github.com/Cymmetria/ciscoasa_honeypot),
+[citrixhoneypot](https://github.com/MalwareTech/CitrixHoneypot),
+[conpot](http://conpot.org/),
+[cowrie](https://github.com/cowrie/cowrie),
+[ddospot](https://github.com/aelth/ddospot),
+[dicompot](https://github.com/nsmfoo/dicompot),
+[dionaea](https://github.com/DinoTools/dionaea),
+[elasticpot](https://gitlab.com/bontchev/elasticpot),
+[endlessh](https://github.com/skeeto/endlessh),
+[galah](https://github.com/0x4D31/galah),
+[go-pot](https://github.com/ryanolee/go-pot),
+[glutton](https://github.com/mushorg/glutton),
+[h0neytr4p](https://github.com/pbssubhash/h0neytr4p),
+[hellpot](https://github.com/yunginnanet/HellPot),
+[heralding](https://github.com/johnnykv/heralding),
+[honeyaml](https://github.com/mmta/honeyaml),
+[honeypots](https://github.com/qeeqbox/honeypots),
+[honeytrap](https://github.com/armedpot/honeytrap/),
+[ipphoney](https://gitlab.com/bontchev/ipphoney),
+[log4pot](https://github.com/thomaspatzke/Log4Pot),
+[mailoney](https://github.com/awhitehatter/mailoney),
+[medpot](https://github.com/schmalle/medpot),
+[miniprint](https://github.com/sa7mon/miniprint),
+[redishoneypot](https://github.com/cypwnpwnsocute/RedisHoneyPot),
+[sentrypeer](https://github.com/SentryPeer/SentryPeer),
+[snare](http://mushmush.org/),
+[tanner](http://mushmush.org/),
+[wordpot](https://github.com/gbrindisi/wordpot)
-... alongside the following tools ...
+Alongside the following tools:
* [Autoheal](https://github.com/willfarrell/docker-autoheal) a tool to automatically restart containers with failed healthchecks.
* [Cyberchef](https://gchq.github.io/CyberChef/) a web app for encryption, encoding, compression and data analysis.
* [Elastic Stack](https://www.elastic.co/videos) to beautifully visualize all the events captured by T-Pot.
@@ -268,6 +272,7 @@ Besides the ports generally needed by the OS, i.e. obtaining a DHCP lease, DNS,
| 22 | tcp | incoming | Honeypot: Endlessh |
| 80, 443, 8080, 8443 | tcp | incoming | Honeypot: Galah (LLM required) |
| 8080 | tcp | incoming | Honeypot: Go-pot |
+| 80, 443 | tcp | incoming | Honeypot: H0neytr4p |
| 21, 22, 23, 25, 80, 110, 143, 443, 993, 995, 1080, 5432, 5900 | tcp | incoming | Honeypot: Heralding |
| 3000 | tcp | incoming | Honeypot: Honeyaml |
| 21, 22, 23, 25, 80, 110, 143, 389, 443, 445, 631, 1080, 1433, 1521, 3306, 3389, 5060, 5432, 5900, 6379, 6667, 8080, 9100, 9200, 11211 | tcp | incoming | Honeypot: qHoneypots |
@@ -783,79 +788,123 @@ Use the search function, it is possible a similar discussion has been opened alr
# Licenses
The software that T-Pot is built on uses the following licenses.
-
GPLv2: [conpot](https://github.com/mushorg/conpot/blob/master/LICENSE.txt), [galah](https://github.com/0x4D31/galah?tab=Apache-2.0-1-ov-file#readme), [dionaea](https://github.com/DinoTools/dionaea/blob/master/LICENSE), [honeytrap](https://github.com/armedpot/honeytrap/blob/master/LICENSE), [suricata](https://suricata.io/features/open-source/)
-
GPLv3: [adbhoney](https://github.com/huuck/ADBHoney), [elasticpot](https://gitlab.com/bontchev/elasticpot/-/blob/master/LICENSE), [ewsposter](https://github.com/telekom-security/ews/), [log4pot](https://github.com/thomaspatzke/Log4Pot/blob/master/LICENSE), [fatt](https://github.com/0x4D31/fatt/blob/master/LICENSE), [heralding](https://github.com/johnnykv/heralding/blob/master/LICENSE.txt), [ipphoney](https://gitlab.com/bontchev/ipphoney/-/blob/master/LICENSE), [miniprint](https://github.com/sa7mon/miniprint?tab=GPL-3.0-1-ov-file#readme), [redishoneypot](https://github.com/cypwnpwnsocute/RedisHoneyPot/blob/main/LICENSE), [sentrypeer](https://github.com/SentryPeer/SentryPeer/blob/main/LICENSE.GPL-3.0-only), [snare](https://github.com/mushorg/snare/blob/master/LICENSE), [tanner](https://github.com/mushorg/snare/blob/master/LICENSE)
-
Apache 2 License: [cyberchef](https://github.com/gchq/CyberChef/blob/master/LICENSE), [dicompot](https://github.com/nsmfoo/dicompot/blob/master/LICENSE), [elasticsearch](https://github.com/elasticsearch/elasticsearch/blob/master/LICENSE.txt), [go-pot](https://github.com/ryanolee/go-pot?tab=License-1-ov-file#readme), [logstash](https://github.com/elasticsearch/logstash/blob/master/LICENSE), [kibana](https://github.com/elasticsearch/kibana/blob/master/LICENSE.md), [docker](https://github.com/docker/docker/blob/master/LICENSE)
-
MIT license: [autoheal](https://github.com/willfarrell/docker-autoheal?tab=MIT-1-ov-file#readme), [beelzebub](https://github.com/mariocandela/beelzebub?tab=MIT-1-ov-file#readme), [ciscoasa](https://github.com/Cymmetria/ciscoasa_honeypot/blob/master/LICENSE), [ddospot](https://github.com/aelth/ddospot/blob/master/LICENSE), [elasticvue](https://github.com/cars10/elasticvue/blob/master/LICENSE), [glutton](https://github.com/mushorg/glutton/blob/master/LICENSE), [hellpot](https://github.com/yunginnanet/HellPot/blob/master/LICENSE), [honeyaml](https://github.com/mmta/honeyaml?tab=MIT-1-ov-file#readme), [maltrail](https://github.com/stamparm/maltrail/blob/master/LICENSE)
-
Unlicense: [endlessh](https://github.com/skeeto/endlessh/blob/master/UNLICENSE)
-
Other: [citrixhoneypot](https://github.com/MalwareTech/CitrixHoneypot#licencing-agreement-malwaretech-public-licence), [cowrie](https://github.com/cowrie/cowrie/blob/master/LICENSE.rst), [mailoney](https://github.com/awhitehatter/mailoney), [Elastic License](https://www.elastic.co/licensing/elastic-license), [Wordpot](https://github.com/gbrindisi/wordpot)
-
AGPL-3.0: [honeypots](https://github.com/qeeqbox/honeypots/blob/main/LICENSE)
-
[Public Domain (CC)](https://creativecommons.org/publicdomain/zero/1.0/): [Harvard Dataverse](https://dataverse.harvard.edu/dataverse/harvard/?q=dicom)
+
GPLv2:
+[conpot](https://github.com/mushorg/conpot/blob/master/LICENSE.txt),
+[galah](https://github.com/0x4D31/galah?tab=Apache-2.0-1-ov-file#readme),
+[dionaea](https://github.com/DinoTools/dionaea/blob/master/LICENSE),
+[honeytrap](https://github.com/armedpot/honeytrap/blob/master/LICENSE),
+[suricata](https://suricata.io/features/open-source/)
+
GPLv3:
+[adbhoney](https://github.com/huuck/ADBHoney),
+[elasticpot](https://gitlab.com/bontchev/elasticpot/-/blob/master/LICENSE),
+[ewsposter](https://github.com/telekom-security/ews/),
+[log4pot](https://github.com/thomaspatzke/Log4Pot/blob/master/LICENSE),
+[fatt](https://github.com/0x4D31/fatt/blob/master/LICENSE),
+[heralding](https://github.com/johnnykv/heralding/blob/master/LICENSE.txt),
+[ipphoney](https://gitlab.com/bontchev/ipphoney/-/blob/master/LICENSE),
+[miniprint](https://github.com/sa7mon/miniprint?tab=GPL-3.0-1-ov-file#readme),
+[redishoneypot](https://github.com/cypwnpwnsocute/RedisHoneyPot/blob/main/LICENSE),
+[sentrypeer](https://github.com/SentryPeer/SentryPeer/blob/main/LICENSE.GPL-3.0-only),
+[snare](https://github.com/mushorg/snare/blob/master/LICENSE),
+[tanner](https://github.com/mushorg/snare/blob/master/LICENSE)
+
Apache 2 License:
+[cyberchef](https://github.com/gchq/CyberChef/blob/master/LICENSE),
+[dicompot](https://github.com/nsmfoo/dicompot/blob/master/LICENSE),
+[elasticsearch](https://github.com/elasticsearch/elasticsearch/blob/master/LICENSE.txt),
+[go-pot](https://github.com/ryanolee/go-pot?tab=License-1-ov-file#readme),
+[h0neytr4p](https://github.com/pbssubhash/h0neytr4p?tab=Apache-2.0-1-ov-file#readme),
+[logstash](https://github.com/elasticsearch/logstash/blob/master/LICENSE),
+[kibana](https://github.com/elasticsearch/kibana/blob/master/LICENSE.md),
+[docker](https://github.com/docker/docker/blob/master/LICENSE)
+
MIT license:
+[autoheal](https://github.com/willfarrell/docker-autoheal?tab=MIT-1-ov-file#readme),
+[beelzebub](https://github.com/mariocandela/beelzebub?tab=MIT-1-ov-file#readme),
+[ciscoasa](https://github.com/Cymmetria/ciscoasa_honeypot/blob/master/LICENSE),
+[ddospot](https://github.com/aelth/ddospot/blob/master/LICENSE),
+[elasticvue](https://github.com/cars10/elasticvue/blob/master/LICENSE),
+[glutton](https://github.com/mushorg/glutton/blob/master/LICENSE),
+[hellpot](https://github.com/yunginnanet/HellPot/blob/master/LICENSE),
+[honeyaml](https://github.com/mmta/honeyaml?tab=MIT-1-ov-file#readme),
+[maltrail](https://github.com/stamparm/maltrail/blob/master/LICENSE)
+
Unlicense:
+[endlessh](https://github.com/skeeto/endlessh/blob/master/UNLICENSE)
+
Other:
+[citrixhoneypot](https://github.com/MalwareTech/CitrixHoneypot#licencing-agreement-malwaretech-public-licence),
+[cowrie](https://github.com/cowrie/cowrie/blob/master/LICENSE.rst),
+[mailoney](https://github.com/awhitehatter/mailoney),
+[Elastic License](https://www.elastic.co/licensing/elastic-license),
+[Wordpot](https://github.com/gbrindisi/wordpot)
+
AGPL-3.0:
+[honeypots](https://github.com/qeeqbox/honeypots/blob/main/LICENSE)
+
[Public Domain (CC)](https://creativecommons.org/publicdomain/zero/1.0/):
+[Harvard Dataverse](https://dataverse.harvard.edu/dataverse/harvard/?q=dicom)
# Credits
Without open source and the development community we are proud to be a part of, T-Pot would not have been possible! Our thanks are extended but not limited to the following people and organizations:
-
-### The developers and development communities of
-
-* [adbhoney](https://github.com/huuck/ADBHoney/graphs/contributors)
-* [beelzebub](https://github.com/mariocandela/beelzebub/graphs/contributors)
-* [ciscoasa](https://github.com/Cymmetria/ciscoasa_honeypot/graphs/contributors)
-* [citrixhoneypot](https://github.com/MalwareTech/CitrixHoneypot/graphs/contributors)
-* [conpot](https://github.com/mushorg/conpot/graphs/contributors)
-* [cowrie](https://github.com/cowrie/cowrie/graphs/contributors)
-* [ddospot](https://github.com/aelth/ddospot/graphs/contributors)
-* [dicompot](https://github.com/nsmfoo/dicompot/graphs/contributors)
-* [dionaea](https://github.com/DinoTools/dionaea/graphs/contributors)
-* [docker](https://github.com/docker/docker/graphs/contributors)
-* [elasticpot](https://gitlab.com/bontchev/elasticpot/-/project_members)
-* [elasticsearch](https://github.com/elastic/elasticsearch/graphs/contributors)
-* [elasticvue](https://github.com/cars10/elasticvue/graphs/contributors)
-* [endlessh](https://github.com/skeeto/endlessh/graphs/contributors)
-* [ewsposter](https://github.com/armedpot/ewsposter/graphs/contributors)
-* [fatt](https://github.com/0x4D31/fatt/graphs/contributors)
-* [galah](https://github.com/0x4D31/galah/graphs/contributors)
-* [glutton](https://github.com/mushorg/glutton/graphs/contributors)
-* [go-pot](https://github.com/ryanolee/go-pot/graphs/contributors)
-* [hellpot](https://github.com/yunginnanet/HellPot/graphs/contributors)
-* [heralding](https://github.com/johnnykv/heralding/graphs/contributors)
-* [honeyaml](https://github.com/mmta/honeyaml/graphs/contributors)
-* [honeypots](https://github.com/qeeqbox/honeypots/graphs/contributors)
-* [honeytrap](https://github.com/armedpot/honeytrap/graphs/contributors)
-* [ipphoney](https://gitlab.com/bontchev/ipphoney/-/project_members)
-* [kibana](https://github.com/elastic/kibana/graphs/contributors)
-* [logstash](https://github.com/elastic/logstash/graphs/contributors)
-* [log4pot](https://github.com/thomaspatzke/Log4Pot/graphs/contributors)
-* [mailoney](https://github.com/awhitehatter/mailoney)
-* [maltrail](https://github.com/stamparm/maltrail/graphs/contributors)
-* [medpot](https://github.com/schmalle/medpot/graphs/contributors)
-* [miniprint](https://github.com/sa7mon/miniprint/graphs/contributors)
-* [p0f](http://lcamtuf.coredump.cx/p0f3/)
-* [redishoneypot](https://github.com/cypwnpwnsocute/RedisHoneyPot/graphs/contributors)
-* [sentrypeer](https://github.com/SentryPeer/SentryPeer/graphs/contributors)
-* [spiderfoot](https://github.com/smicallef/spiderfoot)
-* [snare](https://github.com/mushorg/snare/graphs/contributors)
-* [tanner](https://github.com/mushorg/tanner/graphs/contributors)
-* [suricata](https://github.com/OISF/suricata/graphs/contributors)
-* [wordpot](https://github.com/gbrindisi/wordpot)
-
-**The following companies and organizations**
-* [docker](https://www.docker.com/)
-* [elastic.io](https://www.elastic.co/)
-* [honeynet project](https://www.honeynet.org/)
-
-**... and of course ***you*** for joining the community!**
-Thank you for playing 💖
+## The developers and development communities of
+
+* [adbhoney](https://github.com/huuck/ADBHoney/graphs/contributors),
+[beelzebub](https://github.com/mariocandela/beelzebub/graphs/contributors),
+[ciscoasa](https://github.com/Cymmetria/ciscoasa_honeypot/graphs/contributors),
+[citrixhoneypot](https://github.com/MalwareTech/CitrixHoneypot/graphs/contributors),
+[conpot](https://github.com/mushorg/conpot/graphs/contributors),
+[cowrie](https://github.com/cowrie/cowrie/graphs/contributors),
+[ddospot](https://github.com/aelth/ddospot/graphs/contributors),
+[dicompot](https://github.com/nsmfoo/dicompot/graphs/contributors),
+[dionaea](https://github.com/DinoTools/dionaea/graphs/contributors),
+[docker](https://github.com/docker/docker/graphs/contributors),
+[elasticpot](https://gitlab.com/bontchev/elasticpot/-/project_members),
+[elasticsearch](https://github.com/elastic/elasticsearch/graphs/contributors),
+[elasticvue](https://github.com/cars10/elasticvue/graphs/contributors),
+[endlessh](https://github.com/skeeto/endlessh/graphs/contributors),
+[ewsposter](https://github.com/armedpot/ewsposter/graphs/contributors),
+[fatt](https://github.com/0x4D31/fatt/graphs/contributors),
+[galah](https://github.com/0x4D31/galah/graphs/contributors),
+[glutton](https://github.com/mushorg/glutton/graphs/contributors),
+[go-pot](https://github.com/ryanolee/go-pot/graphs/contributors),
+[h0neytr4p](https://github.com/pbssubhash/h0neytr4p/graphs/contributors),
+[hellpot](https://github.com/yunginnanet/HellPot/graphs/contributors),
+[heralding](https://github.com/johnnykv/heralding/graphs/contributors),
+[honeyaml](https://github.com/mmta/honeyaml/graphs/contributors),
+[honeypots](https://github.com/qeeqbox/honeypots/graphs/contributors),
+[honeytrap](https://github.com/armedpot/honeytrap/graphs/contributors),
+[ipphoney](https://gitlab.com/bontchev/ipphoney/-/project_members),
+[kibana](https://github.com/elastic/kibana/graphs/contributors),
+[logstash](https://github.com/elastic/logstash/graphs/contributors),
+[log4pot](https://github.com/thomaspatzke/Log4Pot/graphs/contributors),
+[mailoney](https://github.com/awhitehatter/mailoney),
+[maltrail](https://github.com/stamparm/maltrail/graphs/contributors),
+[medpot](https://github.com/schmalle/medpot/graphs/contributors),
+[miniprint](https://github.com/sa7mon/miniprint/graphs/contributors),
+[p0f](http://lcamtuf.coredump.cx/p0f3/),
+[redishoneypot](https://github.com/cypwnpwnsocute/RedisHoneyPot/graphs/contributors),
+[sentrypeer](https://github.com/SentryPeer/SentryPeer/graphs/contributors),
+[spiderfoot](https://github.com/smicallef/spiderfoot),
+[snare](https://github.com/mushorg/snare/graphs/contributors),
+[tanner](https://github.com/mushorg/tanner/graphs/contributors),
+[suricata](https://github.com/OISF/suricata/graphs/contributors),
+[wordpot](https://github.com/gbrindisi/wordpot)
+
+
+## **The following companies and organizations**
+* [docker](https://www.docker.com/),
+[elastic.io](https://www.elastic.co/),
+[honeynet project](https://www.honeynet.org/)
+
+
+## **And of course ***YOU*** for joining the community!**
+
# Testimonials
One of the greatest feedback we have gotten so far is by one of the Conpot developers:
***"[...] I highly recommend T-Pot which is ... it's not exactly a swiss army knife .. it's more like a swiss army soldier, equipped with a swiss army knife. Inside a tank. A swiss tank. [...]"***
+
And from @robcowart (creator of [ElastiFlow](https://github.com/robcowart/elastiflow)):
***"#TPot is one of the most well put together turnkey honeypot solutions. It is a must-have for anyone wanting to analyze and understand the behavior of malicious actors and the threat they pose to your organization."***
-**Thank you!**
-
+# Thank you 💖
\ No newline at end of file
diff --git a/compose/mac_win.yml b/compose/mac_win.yml
index 4d21742c..00164153 100644
--- a/compose/mac_win.yml
+++ b/compose/mac_win.yml
@@ -3,12 +3,12 @@ networks:
tpotinit_local:
adbhoney_local:
ciscoasa_local:
- citrixhoneypot_local:
cowrie_local:
ddospot_local:
dicompot_local:
dionaea_local:
elasticpot_local:
+ h0neytr4p_local:
heralding_local:
honeyaml_local:
ipphoney_local:
@@ -237,6 +237,25 @@ services:
volumes:
- ${TPOT_DATA_PATH}/elasticpot/log:/opt/elasticpot/log
+# H0neytr4p service
+ h0neytr4p:
+ container_name: h0neytr4p
+ restart: always
+ depends_on:
+ tpotinit:
+ condition: service_healthy
+ networks:
+ - h0neytr4p_local
+ ports:
+ - "443:443"
+ # - "80:80"
+ image: ${TPOT_REPO}/h0neytr4p:${TPOT_VERSION}
+ pull_policy: ${TPOT_PULL_POLICY}
+ read_only: true
+ volumes:
+ - ${TPOT_DATA_PATH}/h0neytr4p/log/:/opt/h0neytr4p/log/
+ - ${TPOT_DATA_PATH}/h0neytr4p/payloads/:/data/h0neytr4p/payloads/
+
# Heralding service
heralding:
container_name: heralding
diff --git a/compose/mobile.yml b/compose/mobile.yml
index 4e0ad5b8..3768c929 100644
--- a/compose/mobile.yml
+++ b/compose/mobile.yml
@@ -5,7 +5,6 @@
# desktop environment such as LXDE and meet the minimum requirements of 8GB RAM.
networks:
ciscoasa_local:
- citrixhoneypot_local:
conpot_local_IEC104:
conpot_local_ipmi:
conpot_local_kamstrup_382:
@@ -13,6 +12,7 @@ networks:
dicompot_local:
dionaea_local:
elasticpot_local:
+ h0neytr4p_local:
heralding_local:
honeyaml_local:
ipphoney_local:
@@ -79,23 +79,6 @@ services:
volumes:
- ${TPOT_DATA_PATH}/ciscoasa/log:/var/log/ciscoasa
-# CitrixHoneypot service
- citrixhoneypot:
- container_name: citrixhoneypot
- restart: always
- depends_on:
- logstash:
- condition: service_healthy
- networks:
- - citrixhoneypot_local
- ports:
- - "443:443"
- image: ${TPOT_REPO}/citrixhoneypot:${TPOT_VERSION}
- pull_policy: ${TPOT_PULL_POLICY}
- read_only: true
- volumes:
- - ${TPOT_DATA_PATH}/citrixhoneypot/log:/opt/citrixhoneypot/logs
-
# Conpot IEC104 service
conpot_IEC104:
container_name: conpot_iec104
@@ -276,6 +259,25 @@ services:
volumes:
- ${TPOT_DATA_PATH}/elasticpot/log:/opt/elasticpot/log
+# H0neytr4p service
+ h0neytr4p:
+ container_name: h0neytr4p
+ restart: always
+ depends_on:
+ logstash:
+ condition: service_healthy
+ networks:
+ - h0neytr4p_local
+ ports:
+ - "443:443"
+ # - "80:80"
+ image: ${TPOT_REPO}/h0neytr4p:${TPOT_VERSION}
+ pull_policy: ${TPOT_PULL_POLICY}
+ read_only: true
+ volumes:
+ - ${TPOT_DATA_PATH}/h0neytr4p/log/:/opt/h0neytr4p/log/
+ - ${TPOT_DATA_PATH}/h0neytr4p/payloads/:/data/h0neytr4p/payloads/
+
# Heralding service
heralding:
container_name: heralding
diff --git a/compose/sensor.yml b/compose/sensor.yml
index 198a9645..f881821f 100644
--- a/compose/sensor.yml
+++ b/compose/sensor.yml
@@ -2,7 +2,6 @@
networks:
adbhoney_local:
ciscoasa_local:
- citrixhoneypot_local:
conpot_local_IEC104:
conpot_local_guardian_ast:
conpot_local_ipmi:
@@ -12,6 +11,7 @@ networks:
dicompot_local:
dionaea_local:
elasticpot_local:
+ h0neytr4p_local:
heralding_local:
honeyaml_local:
ipphoney_local:
@@ -95,23 +95,6 @@ services:
volumes:
- ${TPOT_DATA_PATH}/ciscoasa/log:/var/log/ciscoasa
-# CitrixHoneypot service
- citrixhoneypot:
- container_name: citrixhoneypot
- restart: always
- depends_on:
- tpotinit:
- condition: service_healthy
- networks:
- - citrixhoneypot_local
- ports:
- - "443:443"
- image: ${TPOT_REPO}/citrixhoneypot:${TPOT_VERSION}
- pull_policy: ${TPOT_PULL_POLICY}
- read_only: true
- volumes:
- - ${TPOT_DATA_PATH}/citrixhoneypot/log:/opt/citrixhoneypot/logs
-
# Conpot IEC104 service
conpot_IEC104:
container_name: conpot_iec104
@@ -340,6 +323,25 @@ services:
volumes:
- ${TPOT_DATA_PATH}/elasticpot/log:/opt/elasticpot/log
+# H0neytr4p service
+ h0neytr4p:
+ container_name: h0neytr4p
+ restart: always
+ depends_on:
+ tpotinit:
+ condition: service_healthy
+ networks:
+ - h0neytr4p_local
+ ports:
+ - "443:443"
+ # - "80:80"
+ image: ${TPOT_REPO}/h0neytr4p:${TPOT_VERSION}
+ pull_policy: ${TPOT_PULL_POLICY}
+ read_only: true
+ volumes:
+ - ${TPOT_DATA_PATH}/h0neytr4p/log/:/opt/h0neytr4p/log/
+ - ${TPOT_DATA_PATH}/h0neytr4p/payloads/:/data/h0neytr4p/payloads/
+
# Heralding service
heralding:
container_name: heralding
diff --git a/compose/standard.yml b/compose/standard.yml
index 1a6625e0..e4c36dc1 100644
--- a/compose/standard.yml
+++ b/compose/standard.yml
@@ -2,7 +2,6 @@
networks:
adbhoney_local:
ciscoasa_local:
- citrixhoneypot_local:
conpot_local_IEC104:
conpot_local_guardian_ast:
conpot_local_ipmi:
@@ -12,6 +11,7 @@ networks:
dicompot_local:
dionaea_local:
elasticpot_local:
+ h0neytr4p_local:
heralding_local:
honeyaml_local:
ipphoney_local:
@@ -97,23 +97,6 @@ services:
volumes:
- ${TPOT_DATA_PATH}/ciscoasa/log:/var/log/ciscoasa
-# CitrixHoneypot service
- citrixhoneypot:
- container_name: citrixhoneypot
- restart: always
- depends_on:
- tpotinit:
- condition: service_healthy
- networks:
- - citrixhoneypot_local
- ports:
- - "443:443"
- image: ${TPOT_REPO}/citrixhoneypot:${TPOT_VERSION}
- pull_policy: ${TPOT_PULL_POLICY}
- read_only: true
- volumes:
- - ${TPOT_DATA_PATH}/citrixhoneypot/log:/opt/citrixhoneypot/logs
-
# Conpot IEC104 service
conpot_IEC104:
container_name: conpot_iec104
@@ -342,22 +325,24 @@ services:
volumes:
- ${TPOT_DATA_PATH}/elasticpot/log:/opt/elasticpot/log
-# Honeyaml service
- honeyaml:
- container_name: honeyaml
+# H0neytr4p service
+ h0neytr4p:
+ container_name: h0neytr4p
restart: always
depends_on:
tpotinit:
condition: service_healthy
networks:
- - honeyaml_local
+ - h0neytr4p_local
ports:
- - "3000:8080"
- image: ${TPOT_REPO}/honeyaml:${TPOT_VERSION}
+ - "443:443"
+ # - "80:80"
+ image: ${TPOT_REPO}/h0neytr4p:${TPOT_VERSION}
pull_policy: ${TPOT_PULL_POLICY}
read_only: true
volumes:
- - ${TPOT_DATA_PATH}/honeyaml/log:/opt/honeyaml/log/
+ - ${TPOT_DATA_PATH}/h0neytr4p/log/:/opt/h0neytr4p/log/
+ - ${TPOT_DATA_PATH}/h0neytr4p/payloads/:/data/h0neytr4p/payloads/
# Heralding service
heralding:
@@ -393,6 +378,23 @@ services:
volumes:
- ${TPOT_DATA_PATH}/heralding/log:/var/log/heralding
+# Honeyaml service
+ honeyaml:
+ container_name: honeyaml
+ restart: always
+ depends_on:
+ tpotinit:
+ condition: service_healthy
+ networks:
+ - honeyaml_local
+ ports:
+ - "3000:8080"
+ image: ${TPOT_REPO}/honeyaml:${TPOT_VERSION}
+ pull_policy: ${TPOT_PULL_POLICY}
+ read_only: true
+ volumes:
+ - ${TPOT_DATA_PATH}/honeyaml/log:/opt/honeyaml/log/
+
# Honeytrap service
honeytrap:
container_name: honeytrap
diff --git a/compose/tpot_services.yml b/compose/tpot_services.yml
index 342e3a9f..2dc2cb25 100644
--- a/compose/tpot_services.yml
+++ b/compose/tpot_services.yml
@@ -19,6 +19,7 @@ networks:
endlessh_local:
galah_local:
go-pot_local:
+ h0neytr4p_local:
hellpot_local:
heralding_local:
honeyaml_local:
@@ -465,6 +466,25 @@ services:
volumes:
- ${TPOT_DATA_PATH}/go-pot/log:/opt/go-pot/log/
+# H0neytr4p service
+ h0neytr4p:
+ container_name: h0neytr4p
+ restart: always
+ depends_on:
+ tpotinit:
+ condition: service_healthy
+ networks:
+ - h0neytr4p_local
+ ports:
+ - "443:443"
+ # - "80:80"
+ image: ${TPOT_REPO}/h0neytr4p:${TPOT_VERSION}
+ pull_policy: ${TPOT_PULL_POLICY}
+ read_only: true
+ volumes:
+ - ${TPOT_DATA_PATH}/h0neytr4p/log/:/opt/h0neytr4p/log/
+ - ${TPOT_DATA_PATH}/h0neytr4p/payloads/:/data/h0neytr4p/payloads/
+
# Hellpot service
hellpot:
container_name: hellpot
diff --git a/doc/architecture.png b/doc/architecture.png
index 8b5ab706..0888cd42 100644
Binary files a/doc/architecture.png and b/doc/architecture.png differ
diff --git a/docker-compose.yml b/docker-compose.yml
index 1a6625e0..e4c36dc1 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -2,7 +2,6 @@
networks:
adbhoney_local:
ciscoasa_local:
- citrixhoneypot_local:
conpot_local_IEC104:
conpot_local_guardian_ast:
conpot_local_ipmi:
@@ -12,6 +11,7 @@ networks:
dicompot_local:
dionaea_local:
elasticpot_local:
+ h0neytr4p_local:
heralding_local:
honeyaml_local:
ipphoney_local:
@@ -97,23 +97,6 @@ services:
volumes:
- ${TPOT_DATA_PATH}/ciscoasa/log:/var/log/ciscoasa
-# CitrixHoneypot service
- citrixhoneypot:
- container_name: citrixhoneypot
- restart: always
- depends_on:
- tpotinit:
- condition: service_healthy
- networks:
- - citrixhoneypot_local
- ports:
- - "443:443"
- image: ${TPOT_REPO}/citrixhoneypot:${TPOT_VERSION}
- pull_policy: ${TPOT_PULL_POLICY}
- read_only: true
- volumes:
- - ${TPOT_DATA_PATH}/citrixhoneypot/log:/opt/citrixhoneypot/logs
-
# Conpot IEC104 service
conpot_IEC104:
container_name: conpot_iec104
@@ -342,22 +325,24 @@ services:
volumes:
- ${TPOT_DATA_PATH}/elasticpot/log:/opt/elasticpot/log
-# Honeyaml service
- honeyaml:
- container_name: honeyaml
+# H0neytr4p service
+ h0neytr4p:
+ container_name: h0neytr4p
restart: always
depends_on:
tpotinit:
condition: service_healthy
networks:
- - honeyaml_local
+ - h0neytr4p_local
ports:
- - "3000:8080"
- image: ${TPOT_REPO}/honeyaml:${TPOT_VERSION}
+ - "443:443"
+ # - "80:80"
+ image: ${TPOT_REPO}/h0neytr4p:${TPOT_VERSION}
pull_policy: ${TPOT_PULL_POLICY}
read_only: true
volumes:
- - ${TPOT_DATA_PATH}/honeyaml/log:/opt/honeyaml/log/
+ - ${TPOT_DATA_PATH}/h0neytr4p/log/:/opt/h0neytr4p/log/
+ - ${TPOT_DATA_PATH}/h0neytr4p/payloads/:/data/h0neytr4p/payloads/
# Heralding service
heralding:
@@ -393,6 +378,23 @@ services:
volumes:
- ${TPOT_DATA_PATH}/heralding/log:/var/log/heralding
+# Honeyaml service
+ honeyaml:
+ container_name: honeyaml
+ restart: always
+ depends_on:
+ tpotinit:
+ condition: service_healthy
+ networks:
+ - honeyaml_local
+ ports:
+ - "3000:8080"
+ image: ${TPOT_REPO}/honeyaml:${TPOT_VERSION}
+ pull_policy: ${TPOT_PULL_POLICY}
+ read_only: true
+ volumes:
+ - ${TPOT_DATA_PATH}/honeyaml/log:/opt/honeyaml/log/
+
# Honeytrap service
honeytrap:
container_name: honeytrap
diff --git a/docker/_builder/docker-compose.yml b/docker/_builder/docker-compose.yml
index 947d7b8c..8612cc39 100644
--- a/docker/_builder/docker-compose.yml
+++ b/docker/_builder/docker-compose.yml
@@ -144,6 +144,15 @@ services:
context: ../go-pot/
<<: *common-build
+# H0neytr4p
+ h0neytr4p:
+ image: ${TPOT_DOCKER_REPO}/h0neytr4p:${TPOT_VERSION}
+ build:
+ tags:
+ - ${TPOT_GHCR_REPO}/h0neytr4p:${TPOT_VERSION}
+ context: ../h0neytr4p/
+ <<: *common-build
+
# Hellpot
hellpot:
image: ${TPOT_DOCKER_REPO}/hellpot:${TPOT_VERSION}
diff --git a/docker/elk/logstash/dist/http_output.conf b/docker/elk/logstash/dist/http_output.conf
index 7d6790ce..eb243e53 100644
--- a/docker/elk/logstash/dist/http_output.conf
+++ b/docker/elk/logstash/dist/http_output.conf
@@ -120,6 +120,13 @@ input {
type => "Go-pot"
}
+# H0neytr4p
+ file {
+ path => ["/data/h0neytr4p/log/log.json"]
+ codec => json
+ type => "H0neytr4p"
+ }
+
# Hellpot
file {
path => ["/data/hellpot/log/hellpot.log"]
@@ -536,6 +543,13 @@ filter {
}
}
+# H0neytr4p
+ if [type] == "H0neytr4p" {
+ date {
+ match => [ "timestamp", "ISO8601" ]
+ }
+ }
+
# Heralding
if [type] == "Heralding" {
csv {
diff --git a/docker/elk/logstash/dist/logstash.conf b/docker/elk/logstash/dist/logstash.conf
index 155f5740..f220bb0f 100644
--- a/docker/elk/logstash/dist/logstash.conf
+++ b/docker/elk/logstash/dist/logstash.conf
@@ -120,6 +120,13 @@ input {
type => "Go-pot"
}
+# H0neytr4p
+ file {
+ path => ["/data/h0neytr4p/log/log.json"]
+ codec => json
+ type => "H0neytr4p"
+ }
+
# Hellpot
file {
path => ["/data/hellpot/log/hellpot.log"]
@@ -536,6 +543,13 @@ filter {
}
}
+# H0neytr4p
+ if [type] == "H0neytr4p" {
+ date {
+ match => [ "timestamp", "ISO8601" ]
+ }
+ }
+
# Heralding
if [type] == "Heralding" {
csv {
diff --git a/docker/elk/map/Dockerfile b/docker/elk/map/Dockerfile
index b176504d..89a4246a 100644
--- a/docker/elk/map/Dockerfile
+++ b/docker/elk/map/Dockerfile
@@ -13,7 +13,7 @@ RUN apk --no-cache -U add \
# Install from GitHub and setup
mkdir -p /opt && \
cd /opt/ && \
- git clone https://github.com/t3chn0m4g3/t-pot-attack-map -b 2.2.5 && \
+ git clone https://github.com/t3chn0m4g3/t-pot-attack-map -b 2.2.6 && \
cd t-pot-attack-map && \
pip3 install --break-system-packages --upgrade pip && \
pip3 install --break-system-packages -r requirements.txt && \
diff --git a/docker/h0neytr4p/Dockerfile b/docker/h0neytr4p/Dockerfile
new file mode 100644
index 00000000..92449c4a
--- /dev/null
+++ b/docker/h0neytr4p/Dockerfile
@@ -0,0 +1,30 @@
+FROM golang:1.21-alpine AS builder
+WORKDIR /app
+#
+RUN apk -U add git openssl
+RUN git clone https://github.com/t3chn0m4g3/h0neytr4p -b v0.32 /app
+RUN go mod download
+RUN go mod tidy
+RUN go build -o /app/main
+RUN openssl req \
+ -nodes \
+ -x509 \
+ -sha512 \
+ -newkey rsa:4096 \
+ -keyout "app.key" \
+ -out "app.crt" \
+ -days 3650 \
+ -subj '/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd'
+RUN chmod 444 app.key app.crt
+#
+FROM scratch
+#
+COPY --from=builder /app/main /opt/h0neytr4p/h0neytr4p
+COPY --from=builder /app/traps /opt/h0neytr4p/traps
+COPY --from=builder /app/app.key /opt/h0neytr4p/
+COPY --from=builder /app/app.crt /opt/h0neytr4p/
+#
+WORKDIR /opt/h0neytr4p
+USER 2000:2000
+CMD ["-cert=app.crt", "-key=app.key", "-log=log/log.json", "-catchall=false", "-payload=/data/h0neytr4p/payloads/", "-wildcard=true", "-traps=traps/"]
+ENTRYPOINT ["./h0neytr4p"]
diff --git a/docker/h0neytr4p/docker-compose.yml b/docker/h0neytr4p/docker-compose.yml
new file mode 100644
index 00000000..907dc5af
--- /dev/null
+++ b/docker/h0neytr4p/docker-compose.yml
@@ -0,0 +1,22 @@
+networks:
+ h0neytr4p_local:
+
+services:
+
+# H0neytr4p service
+ h0neytr4p:
+ build: .
+ container_name: h0neytr4p
+ restart: always
+# cpu_count: 1
+# cpus: 0.25
+ networks:
+ - h0neytr4p_local
+ ports:
+ - "80:80"
+ - "443:443"
+ image: "dtagdevsec/h0neytr4p:24.04"
+ read_only: true
+ volumes:
+ - $HOME/tpotce/data/h0neytr4p/log/:/opt/h0neytr4p/log/
+ - $HOME/tpotce/data/h0neytr4p/payloads/:/data/h0neytr4p/payloads/
diff --git a/docker/tpotinit/dist/bin/clean.sh b/docker/tpotinit/dist/bin/clean.sh
index 1ce0e39b..d731912c 100755
--- a/docker/tpotinit/dist/bin/clean.sh
+++ b/docker/tpotinit/dist/bin/clean.sh
@@ -32,12 +32,14 @@ fuLOGROTATE () {
local myDIONAEABITGZ="/data/dionaea/bistreams.tgz"
local myDIONAEABIN="/data/dionaea/binaries/"
local myDIONAEABINTGZ="/data/dionaea/binaries.tgz"
- local myMINIPRINTU="/data/miniprint/uploads/"
- local myMINIPRINTTGZ="/data/miniprint/uploads.tgz"
+ local myH0NEYTR4PP="/data/h0neytr4p/payloads/"
+ local myH0NEYTR4PTGZ="/data/h0neytr4p/payloads.tgz"
local myHONEYTRAPATTACKS="/data/honeytrap/attacks/"
local myHONEYTRAPATTACKSTGZ="/data/honeytrap/attacks.tgz"
local myHONEYTRAPDL="/data/honeytrap/downloads/"
local myHONEYTRAPDLTGZ="/data/honeytrap/downloads.tgz"
+ local myMINIPRINTU="/data/miniprint/uploads/"
+ local myMINIPRINTTGZ="/data/miniprint/uploads.tgz"
local myTANNERF="/data/tanner/files/"
local myTANNERFTGZ="/data/tanner/files.tgz"
@@ -56,22 +58,23 @@ if [ "$(fuEMPTY $myCOWRIETTYLOGS)" != "0" ]; then tar -I $myPIGZ -cvf $myCOWRIET
if [ "$(fuEMPTY $myCOWRIEDL)" != "0" ]; then tar -I $myPIGZ -cvf $myCOWRIEDLTGZ $myCOWRIEDL; fi
if [ "$(fuEMPTY $myDIONAEABI)" != "0" ]; then tar -I $myPIGZ -cvf $myDIONAEABITGZ $myDIONAEABI; fi
if [ "$(fuEMPTY $myDIONAEABIN)" != "0" ]; then tar -I $myPIGZ -cvf $myDIONAEABINTGZ $myDIONAEABIN; fi
-if [ "$(fuEMPTY $myMINIPRINTU)" != "0" ]; then tar -I $myPIGZ -cvf $myMINIPRINTTGZ $myMINIPRINTU; fi
+if [ "$(fuEMPTY $myH0NEYTR4PP)" != "0" ]; then tar -I $myPIGZ -cvf $myH0NEYTR4PTGZ $myH0NEYTR4PP; fi
if [ "$(fuEMPTY $myHONEYTRAPATTACKS)" != "0" ]; then tar -I $myPIGZ -cvf $myHONEYTRAPATTACKSTGZ $myHONEYTRAPATTACKS; fi
if [ "$(fuEMPTY $myHONEYTRAPDL)" != "0" ]; then tar -I $myPIGZ -cvf $myHONEYTRAPDLTGZ $myHONEYTRAPDL; fi
+if [ "$(fuEMPTY $myMINIPRINTU)" != "0" ]; then tar -I $myPIGZ -cvf $myMINIPRINTTGZ $myMINIPRINTU; fi
if [ "$(fuEMPTY $myTANNERF)" != "0" ]; then tar -I $myPIGZ -cvf $myTANNERFTGZ $myTANNERF; fi
# Ensure correct permissions and ownership for previously created archives
-chmod 770 $myADBHONEYTGZ $myCOWRIETTYTGZ $myCOWRIEDLTGZ $myDIONAEABITGZ $myDIONAEABINTGZ $myHONEYTRAPATTACKSTGZ $myHONEYTRAPDLTGZ $myMINIPRINTTGZ $myTANNERFTGZ
-chown tpot:tpot $myADBHONEYTGZ $myCOWRIETTYTGZ $myCOWRIEDLTGZ $myDIONAEABITGZ $myDIONAEABINTGZ $myHONEYTRAPATTACKSTGZ $myHONEYTRAPDLTGZ $myMINIPRINTTGZ $myTANNERFTGZ
+chmod 770 $myADBHONEYTGZ $myCOWRIETTYTGZ $myCOWRIEDLTGZ $myDIONAEABITGZ $myDIONAEABINTGZ $myH0NEYTR4PTGZ $myHONEYTRAPATTACKSTGZ $myHONEYTRAPDLTGZ $myMINIPRINTTGZ $myTANNERFTGZ
+chown tpot:tpot $myADBHONEYTGZ $myCOWRIETTYTGZ $myCOWRIEDLTGZ $myDIONAEABITGZ $myDIONAEABINTGZ $myH0NEYTR4PTGZ $myHONEYTRAPATTACKSTGZ $myHONEYTRAPDLTGZ $myMINIPRINTTGZ $myTANNERFTGZ
# Need to remove subfolders since too many files cause rm to exit with errors
-rm -rf $myADBHONEYDL $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL $myMINIPRINTU $myTANNERF
+rm -rf $myADBHONEYDL $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myH0NEYTR4PP $myHONEYTRAPATTACKS $myHONEYTRAPDL $myMINIPRINTU $myTANNERF
# Recreate subfolders with correct permissions and ownership
-mkdir -p $myADBHONEYDL $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL $myMINIPRINTU $myTANNERF
-chmod 770 $myADBHONEYDL $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL $myMINIPRINTU $myTANNERF
-chown tpot:tpot $myADBHONEYDL $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL $myMINIPRINTU $myTANNERF
+mkdir -p $myADBHONEYDL $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myH0NEYTR4PP $myHONEYTRAPATTACKS $myHONEYTRAPDL $myMINIPRINTU $myTANNERF
+chmod 770 $myADBHONEYDL $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myH0NEYTR4PP $myHONEYTRAPATTACKS $myHONEYTRAPDL $myMINIPRINTU $myTANNERF
+chown tpot:tpot $myADBHONEYDL $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myH0NEYTR4PP $myHONEYTRAPATTACKS $myHONEYTRAPDL $myMINIPRINTU $myTANNERF
# Run logrotate again to account for previously created archives - DO NOT FORCE HERE!
logrotate -s $mySTATUS $myCONF
@@ -225,6 +228,14 @@ fuGOPOT () {
chown tpot:tpot /data/go-pot -R
}
+# Let's create a function to clean up and prepare h0neytr4p data
+fuH0NEYTR4P () {
+ if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/h0neytr4p/*; fi
+ mkdir -vp /data/h0neytr4p/{log,payloads}
+ chmod 770 /data/h0neytr4p/ -R
+ chown tpot:tpot /data/h0neytr4p/ -R
+}
+
# Let's create a function to clean up and prepare hellpot data
fuHELLPOT () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/hellpot/log; fi
@@ -420,6 +431,7 @@ fuFATT
fuGALAH
fuGLUTTON
fuGOPOT
+fuH0NEYTR4P
fuHERALDING
fuHELLPOT
fuHONEYAML
diff --git a/docker/tpotinit/dist/etc/logrotate/logrotate.conf b/docker/tpotinit/dist/etc/logrotate/logrotate.conf
index fbd0655d..f4528616 100644
--- a/docker/tpotinit/dist/etc/logrotate/logrotate.conf
+++ b/docker/tpotinit/dist/etc/logrotate/logrotate.conf
@@ -22,6 +22,7 @@
/data/glutton/log/*.log
/data/glutton/log/*.err
/data/go-pot/log/*.json
+/data/h0neytr4p/log/*.json
/data/hellpot/log/*.log
/data/heralding/log/*.log
/data/heralding/log/*.csv
@@ -61,6 +62,7 @@
/data/cowrie/downloads.tgz
/data/dionaea/bistreams.tgz
/data/dionaea/binaries.tgz
+/data/h0neytr4p/payloads.tgz
/data/honeytrap/attacks.tgz
/data/honeytrap/downloads.tgz
/data/miniprint/uploads.tgz
diff --git a/docker/tpotinit/dist/etc/objects/elkbase.tgz b/docker/tpotinit/dist/etc/objects/elkbase.tgz
index dd9bdf8a..69196ab8 100644
Binary files a/docker/tpotinit/dist/etc/objects/elkbase.tgz and b/docker/tpotinit/dist/etc/objects/elkbase.tgz differ
diff --git a/docker/tpotinit/dist/etc/objects/kibana_export.ndjson.zip b/docker/tpotinit/dist/etc/objects/kibana_export.ndjson.zip
index 587e9bb0..444952ee 100644
Binary files a/docker/tpotinit/dist/etc/objects/kibana_export.ndjson.zip and b/docker/tpotinit/dist/etc/objects/kibana_export.ndjson.zip differ