Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-04-19 21:52:27 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

add h0neytr4p honeypot

Browse source
This commit is contained in:
t3chn0m4g3 2024-11-12 21:51:39 +01:00
parent 4bedb8d39b
commit 817fac6b45
18 changed files with 389 additions and 190 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

233
README.md
View file

@ -89,7 +89,10 @@ env bash -c "$(curl -sL https://github.com/telekom-security/tpotce/raw/24.04.1/i
- [Licenses](#licenses) - [Licenses](#licenses)
- [Credits](#credits) - [Credits](#credits)
- [The developers and development communities of](#the-developers-and-development-communities-of) - [The developers and development communities of](#the-developers-and-development-communities-of)
- [**The following companies and organizations**](#the-following-companies-and-organizations)
- [**And of course ***YOU*** for joining the community!**](#and-of-course-you-for-joining-the-community)
- [Testimonials](#testimonials) - [Testimonials](#testimonials)
- [Thank you 💖](#thank-you-)
<!-- TOC --> <!-- TOC -->
<br><br> <br><br>
@ -106,38 +109,39 @@ T-Pot's main components have been moved into the `tpotinit` Docker image allowin
<br><br> <br><br>
## Honeypots and Tools ## Honeypots and Tools
T-Pot offers docker images for the following honeypots ... - T-Pot offers docker images for the following honeypots:<br>
* [adbhoney](https://github.com/huuck/ADBHoney) [adbhoney](https://github.com/huuck/ADBHoney),
* [beelzebub](https://github.com/mariocandela/beelzebub) [beelzebub](https://github.com/mariocandela/beelzebub),
* [ciscoasa](https://github.com/Cymmetria/ciscoasa_honeypot) [ciscoasa](https://github.com/Cymmetria/ciscoasa_honeypot),
* [citrixhoneypot](https://github.com/MalwareTech/CitrixHoneypot) [citrixhoneypot](https://github.com/MalwareTech/CitrixHoneypot),
* [conpot](http://conpot.org/) [conpot](http://conpot.org/),
* [cowrie](https://github.com/cowrie/cowrie) [cowrie](https://github.com/cowrie/cowrie),
* [ddospot](https://github.com/aelth/ddospot) [ddospot](https://github.com/aelth/ddospot),
* [dicompot](https://github.com/nsmfoo/dicompot) [dicompot](https://github.com/nsmfoo/dicompot),
* [dionaea](https://github.com/DinoTools/dionaea) [dionaea](https://github.com/DinoTools/dionaea),
* [elasticpot](https://gitlab.com/bontchev/elasticpot) [elasticpot](https://gitlab.com/bontchev/elasticpot),
* [endlessh](https://github.com/skeeto/endlessh) [endlessh](https://github.com/skeeto/endlessh),
* [galah](https://github.com/0x4D31/galah) [galah](https://github.com/0x4D31/galah),
* [go-pot](https://github.com/ryanolee/go-pot) [go-pot](https://github.com/ryanolee/go-pot),
* [glutton](https://github.com/mushorg/glutton) [glutton](https://github.com/mushorg/glutton),
* [hellpot](https://github.com/yunginnanet/HellPot) [h0neytr4p](https://github.com/pbssubhash/h0neytr4p),
* [heralding](https://github.com/johnnykv/heralding) [hellpot](https://github.com/yunginnanet/HellPot),
* [honeyaml](https://github.com/mmta/honeyaml) [heralding](https://github.com/johnnykv/heralding),
* [honeypots](https://github.com/qeeqbox/honeypots) [honeyaml](https://github.com/mmta/honeyaml),
* [honeytrap](https://github.com/armedpot/honeytrap/) [honeypots](https://github.com/qeeqbox/honeypots),
* [ipphoney](https://gitlab.com/bontchev/ipphoney) [honeytrap](https://github.com/armedpot/honeytrap/),
* [log4pot](https://github.com/thomaspatzke/Log4Pot) [ipphoney](https://gitlab.com/bontchev/ipphoney),
* [mailoney](https://github.com/awhitehatter/mailoney) [log4pot](https://github.com/thomaspatzke/Log4Pot),
* [medpot](https://github.com/schmalle/medpot) [mailoney](https://github.com/awhitehatter/mailoney),
* [miniprint](https://github.com/sa7mon/miniprint) [medpot](https://github.com/schmalle/medpot),
* [redishoneypot](https://github.com/cypwnpwnsocute/RedisHoneyPot) [miniprint](https://github.com/sa7mon/miniprint),
* [sentrypeer](https://github.com/SentryPeer/SentryPeer) [redishoneypot](https://github.com/cypwnpwnsocute/RedisHoneyPot),
* [snare](http://mushmush.org/) [sentrypeer](https://github.com/SentryPeer/SentryPeer),
* [tanner](http://mushmush.org/) [snare](http://mushmush.org/),
* [wordpot](https://github.com/gbrindisi/wordpot) [tanner](http://mushmush.org/),
[wordpot](https://github.com/gbrindisi/wordpot)
... alongside the following tools ... Alongside the following tools:
* [Autoheal](https://github.com/willfarrell/docker-autoheal) a tool to automatically restart containers with failed healthchecks. * [Autoheal](https://github.com/willfarrell/docker-autoheal) a tool to automatically restart containers with failed healthchecks.
* [Cyberchef](https://gchq.github.io/CyberChef/) a web app for encryption, encoding, compression and data analysis. * [Cyberchef](https://gchq.github.io/CyberChef/) a web app for encryption, encoding, compression and data analysis.
* [Elastic Stack](https://www.elastic.co/videos) to beautifully visualize all the events captured by T-Pot. * [Elastic Stack](https://www.elastic.co/videos) to beautifully visualize all the events captured by T-Pot.
@ -268,6 +272,7 @@ Besides the ports generally needed by the OS, i.e. obtaining a DHCP lease, DNS,
| 22 | tcp | incoming | Honeypot: Endlessh | | 22 | tcp | incoming | Honeypot: Endlessh |
| 80, 443, 8080, 8443 | tcp | incoming | Honeypot: Galah (LLM required) | | 80, 443, 8080, 8443 | tcp | incoming | Honeypot: Galah (LLM required) |
| 8080 | tcp | incoming | Honeypot: Go-pot | | 8080 | tcp | incoming | Honeypot: Go-pot |
| 80, 443 | tcp | incoming | Honeypot: H0neytr4p |
| 21, 22, 23, 25, 80, 110, 143, 443, 993, 995, 1080, 5432, 5900 | tcp | incoming | Honeypot: Heralding | | 21, 22, 23, 25, 80, 110, 143, 443, 993, 995, 1080, 5432, 5900 | tcp | incoming | Honeypot: Heralding |
| 3000 | tcp | incoming | Honeypot: Honeyaml | | 3000 | tcp | incoming | Honeypot: Honeyaml |
| 21, 22, 23, 25, 80, 110, 143, 389, 443, 445, 631, 1080, 1433, 1521, 3306, 3389, 5060, 5432, 5900, 6379, 6667, 8080, 9100, 9200, 11211 | tcp | incoming | Honeypot: qHoneypots | | 21, 22, 23, 25, 80, 110, 143, 389, 443, 445, 631, 1080, 1433, 1521, 3306, 3389, 5060, 5432, 5900, 6379, 6667, 8080, 9100, 9200, 11211 | tcp | incoming | Honeypot: qHoneypots |
@ -783,79 +788,123 @@ Use the search function, it is possible a similar discussion has been opened alr
# Licenses # Licenses
The software that T-Pot is built on uses the following licenses. The software that T-Pot is built on uses the following licenses.
<br>GPLv2: [conpot](https://github.com/mushorg/conpot/blob/master/LICENSE.txt), [galah](https://github.com/0x4D31/galah?tab=Apache-2.0-1-ov-file#readme), [dionaea](https://github.com/DinoTools/dionaea/blob/master/LICENSE), [honeytrap](https://github.com/armedpot/honeytrap/blob/master/LICENSE), [suricata](https://suricata.io/features/open-source/) <br>GPLv2:
<br>GPLv3: [adbhoney](https://github.com/huuck/ADBHoney), [elasticpot](https://gitlab.com/bontchev/elasticpot/-/blob/master/LICENSE), [ewsposter](https://github.com/telekom-security/ews/), [log4pot](https://github.com/thomaspatzke/Log4Pot/blob/master/LICENSE), [fatt](https://github.com/0x4D31/fatt/blob/master/LICENSE), [heralding](https://github.com/johnnykv/heralding/blob/master/LICENSE.txt), [ipphoney](https://gitlab.com/bontchev/ipphoney/-/blob/master/LICENSE), [miniprint](https://github.com/sa7mon/miniprint?tab=GPL-3.0-1-ov-file#readme), [redishoneypot](https://github.com/cypwnpwnsocute/RedisHoneyPot/blob/main/LICENSE), [sentrypeer](https://github.com/SentryPeer/SentryPeer/blob/main/LICENSE.GPL-3.0-only), [snare](https://github.com/mushorg/snare/blob/master/LICENSE), [tanner](https://github.com/mushorg/snare/blob/master/LICENSE) [conpot](https://github.com/mushorg/conpot/blob/master/LICENSE.txt),
<br>Apache 2 License: [cyberchef](https://github.com/gchq/CyberChef/blob/master/LICENSE), [dicompot](https://github.com/nsmfoo/dicompot/blob/master/LICENSE), [elasticsearch](https://github.com/elasticsearch/elasticsearch/blob/master/LICENSE.txt), [go-pot](https://github.com/ryanolee/go-pot?tab=License-1-ov-file#readme), [logstash](https://github.com/elasticsearch/logstash/blob/master/LICENSE), [kibana](https://github.com/elasticsearch/kibana/blob/master/LICENSE.md), [docker](https://github.com/docker/docker/blob/master/LICENSE) [galah](https://github.com/0x4D31/galah?tab=Apache-2.0-1-ov-file#readme),
<br>MIT license: [autoheal](https://github.com/willfarrell/docker-autoheal?tab=MIT-1-ov-file#readme), [beelzebub](https://github.com/mariocandela/beelzebub?tab=MIT-1-ov-file#readme), [ciscoasa](https://github.com/Cymmetria/ciscoasa_honeypot/blob/master/LICENSE), [ddospot](https://github.com/aelth/ddospot/blob/master/LICENSE), [elasticvue](https://github.com/cars10/elasticvue/blob/master/LICENSE), [glutton](https://github.com/mushorg/glutton/blob/master/LICENSE), [hellpot](https://github.com/yunginnanet/HellPot/blob/master/LICENSE), [honeyaml](https://github.com/mmta/honeyaml?tab=MIT-1-ov-file#readme), [maltrail](https://github.com/stamparm/maltrail/blob/master/LICENSE) [dionaea](https://github.com/DinoTools/dionaea/blob/master/LICENSE),
<br> Unlicense: [endlessh](https://github.com/skeeto/endlessh/blob/master/UNLICENSE) [honeytrap](https://github.com/armedpot/honeytrap/blob/master/LICENSE),
<br> Other: [citrixhoneypot](https://github.com/MalwareTech/CitrixHoneypot#licencing-agreement-malwaretech-public-licence), [cowrie](https://github.com/cowrie/cowrie/blob/master/LICENSE.rst), [mailoney](https://github.com/awhitehatter/mailoney), [Elastic License](https://www.elastic.co/licensing/elastic-license), [Wordpot](https://github.com/gbrindisi/wordpot) [suricata](https://suricata.io/features/open-source/)
<br> AGPL-3.0: [honeypots](https://github.com/qeeqbox/honeypots/blob/main/LICENSE) <br>GPLv3:
<br> [Public Domain (CC)](https://creativecommons.org/publicdomain/zero/1.0/): [Harvard Dataverse](https://dataverse.harvard.edu/dataverse/harvard/?q=dicom) [adbhoney](https://github.com/huuck/ADBHoney),
[elasticpot](https://gitlab.com/bontchev/elasticpot/-/blob/master/LICENSE),
[ewsposter](https://github.com/telekom-security/ews/),
[log4pot](https://github.com/thomaspatzke/Log4Pot/blob/master/LICENSE),
[fatt](https://github.com/0x4D31/fatt/blob/master/LICENSE),
[heralding](https://github.com/johnnykv/heralding/blob/master/LICENSE.txt),
[ipphoney](https://gitlab.com/bontchev/ipphoney/-/blob/master/LICENSE),
[miniprint](https://github.com/sa7mon/miniprint?tab=GPL-3.0-1-ov-file#readme),
[redishoneypot](https://github.com/cypwnpwnsocute/RedisHoneyPot/blob/main/LICENSE),
[sentrypeer](https://github.com/SentryPeer/SentryPeer/blob/main/LICENSE.GPL-3.0-only),
[snare](https://github.com/mushorg/snare/blob/master/LICENSE),
[tanner](https://github.com/mushorg/snare/blob/master/LICENSE)
<br>Apache 2 License:
[cyberchef](https://github.com/gchq/CyberChef/blob/master/LICENSE),
[dicompot](https://github.com/nsmfoo/dicompot/blob/master/LICENSE),
[elasticsearch](https://github.com/elasticsearch/elasticsearch/blob/master/LICENSE.txt),
[go-pot](https://github.com/ryanolee/go-pot?tab=License-1-ov-file#readme),
[h0neytr4p](https://github.com/pbssubhash/h0neytr4p?tab=Apache-2.0-1-ov-file#readme),
[logstash](https://github.com/elasticsearch/logstash/blob/master/LICENSE),
[kibana](https://github.com/elasticsearch/kibana/blob/master/LICENSE.md),
[docker](https://github.com/docker/docker/blob/master/LICENSE)
<br>MIT license:
[autoheal](https://github.com/willfarrell/docker-autoheal?tab=MIT-1-ov-file#readme),
[beelzebub](https://github.com/mariocandela/beelzebub?tab=MIT-1-ov-file#readme),
[ciscoasa](https://github.com/Cymmetria/ciscoasa_honeypot/blob/master/LICENSE),
[ddospot](https://github.com/aelth/ddospot/blob/master/LICENSE),
[elasticvue](https://github.com/cars10/elasticvue/blob/master/LICENSE),
[glutton](https://github.com/mushorg/glutton/blob/master/LICENSE),
[hellpot](https://github.com/yunginnanet/HellPot/blob/master/LICENSE),
[honeyaml](https://github.com/mmta/honeyaml?tab=MIT-1-ov-file#readme),
[maltrail](https://github.com/stamparm/maltrail/blob/master/LICENSE)
<br>Unlicense:
[endlessh](https://github.com/skeeto/endlessh/blob/master/UNLICENSE)
<br>Other:
[citrixhoneypot](https://github.com/MalwareTech/CitrixHoneypot#licencing-agreement-malwaretech-public-licence),
[cowrie](https://github.com/cowrie/cowrie/blob/master/LICENSE.rst),
[mailoney](https://github.com/awhitehatter/mailoney),
[Elastic License](https://www.elastic.co/licensing/elastic-license),
[Wordpot](https://github.com/gbrindisi/wordpot)
<br>AGPL-3.0:
[honeypots](https://github.com/qeeqbox/honeypots/blob/main/LICENSE)
<br>[Public Domain (CC)](https://creativecommons.org/publicdomain/zero/1.0/):
[Harvard Dataverse](https://dataverse.harvard.edu/dataverse/harvard/?q=dicom)
<br><br> <br><br>
# Credits # Credits
Without open source and the development community we are proud to be a part of, T-Pot would not have been possible! Our thanks are extended but not limited to the following people and organizations: Without open source and the development community we are proud to be a part of, T-Pot would not have been possible! Our thanks are extended but not limited to the following people and organizations:
### The developers and development communities of
* [adbhoney](https://github.com/huuck/ADBHoney/graphs/contributors)
* [beelzebub](https://github.com/mariocandela/beelzebub/graphs/contributors)
* [ciscoasa](https://github.com/Cymmetria/ciscoasa_honeypot/graphs/contributors)
* [citrixhoneypot](https://github.com/MalwareTech/CitrixHoneypot/graphs/contributors)
* [conpot](https://github.com/mushorg/conpot/graphs/contributors)
* [cowrie](https://github.com/cowrie/cowrie/graphs/contributors)
* [ddospot](https://github.com/aelth/ddospot/graphs/contributors)
* [dicompot](https://github.com/nsmfoo/dicompot/graphs/contributors)
* [dionaea](https://github.com/DinoTools/dionaea/graphs/contributors)
* [docker](https://github.com/docker/docker/graphs/contributors)
* [elasticpot](https://gitlab.com/bontchev/elasticpot/-/project_members)
* [elasticsearch](https://github.com/elastic/elasticsearch/graphs/contributors)
* [elasticvue](https://github.com/cars10/elasticvue/graphs/contributors)
* [endlessh](https://github.com/skeeto/endlessh/graphs/contributors)
* [ewsposter](https://github.com/armedpot/ewsposter/graphs/contributors)
* [fatt](https://github.com/0x4D31/fatt/graphs/contributors)
* [galah](https://github.com/0x4D31/galah/graphs/contributors)
* [glutton](https://github.com/mushorg/glutton/graphs/contributors)
* [go-pot](https://github.com/ryanolee/go-pot/graphs/contributors)
* [hellpot](https://github.com/yunginnanet/HellPot/graphs/contributors)
* [heralding](https://github.com/johnnykv/heralding/graphs/contributors)
* [honeyaml](https://github.com/mmta/honeyaml/graphs/contributors)
* [honeypots](https://github.com/qeeqbox/honeypots/graphs/contributors)
* [honeytrap](https://github.com/armedpot/honeytrap/graphs/contributors)
* [ipphoney](https://gitlab.com/bontchev/ipphoney/-/project_members)
* [kibana](https://github.com/elastic/kibana/graphs/contributors)
* [logstash](https://github.com/elastic/logstash/graphs/contributors)
* [log4pot](https://github.com/thomaspatzke/Log4Pot/graphs/contributors)
* [mailoney](https://github.com/awhitehatter/mailoney)
* [maltrail](https://github.com/stamparm/maltrail/graphs/contributors)
* [medpot](https://github.com/schmalle/medpot/graphs/contributors)
* [miniprint](https://github.com/sa7mon/miniprint/graphs/contributors)
* [p0f](http://lcamtuf.coredump.cx/p0f3/)
* [redishoneypot](https://github.com/cypwnpwnsocute/RedisHoneyPot/graphs/contributors)
* [sentrypeer](https://github.com/SentryPeer/SentryPeer/graphs/contributors)
* [spiderfoot](https://github.com/smicallef/spiderfoot)
* [snare](https://github.com/mushorg/snare/graphs/contributors)
* [tanner](https://github.com/mushorg/tanner/graphs/contributors)
* [suricata](https://github.com/OISF/suricata/graphs/contributors)
* [wordpot](https://github.com/gbrindisi/wordpot)
**The following companies and organizations**
* [docker](https://www.docker.com/)
* [elastic.io](https://www.elastic.co/)
* [honeynet project](https://www.honeynet.org/)
**... and of course ***you*** for joining the community!**
<br><br> <br><br>
Thank you for playing 💖 ## The developers and development communities of
* [adbhoney](https://github.com/huuck/ADBHoney/graphs/contributors),
[beelzebub](https://github.com/mariocandela/beelzebub/graphs/contributors),
[ciscoasa](https://github.com/Cymmetria/ciscoasa_honeypot/graphs/contributors),
[citrixhoneypot](https://github.com/MalwareTech/CitrixHoneypot/graphs/contributors),
[conpot](https://github.com/mushorg/conpot/graphs/contributors),
[cowrie](https://github.com/cowrie/cowrie/graphs/contributors),
[ddospot](https://github.com/aelth/ddospot/graphs/contributors),
[dicompot](https://github.com/nsmfoo/dicompot/graphs/contributors),
[dionaea](https://github.com/DinoTools/dionaea/graphs/contributors),
[docker](https://github.com/docker/docker/graphs/contributors),
[elasticpot](https://gitlab.com/bontchev/elasticpot/-/project_members),
[elasticsearch](https://github.com/elastic/elasticsearch/graphs/contributors),
[elasticvue](https://github.com/cars10/elasticvue/graphs/contributors),
[endlessh](https://github.com/skeeto/endlessh/graphs/contributors),
[ewsposter](https://github.com/armedpot/ewsposter/graphs/contributors),
[fatt](https://github.com/0x4D31/fatt/graphs/contributors),
[galah](https://github.com/0x4D31/galah/graphs/contributors),
[glutton](https://github.com/mushorg/glutton/graphs/contributors),
[go-pot](https://github.com/ryanolee/go-pot/graphs/contributors),
[h0neytr4p](https://github.com/pbssubhash/h0neytr4p/graphs/contributors),
[hellpot](https://github.com/yunginnanet/HellPot/graphs/contributors),
[heralding](https://github.com/johnnykv/heralding/graphs/contributors),
[honeyaml](https://github.com/mmta/honeyaml/graphs/contributors),
[honeypots](https://github.com/qeeqbox/honeypots/graphs/contributors),
[honeytrap](https://github.com/armedpot/honeytrap/graphs/contributors),
[ipphoney](https://gitlab.com/bontchev/ipphoney/-/project_members),
[kibana](https://github.com/elastic/kibana/graphs/contributors),
[logstash](https://github.com/elastic/logstash/graphs/contributors),
[log4pot](https://github.com/thomaspatzke/Log4Pot/graphs/contributors),
[mailoney](https://github.com/awhitehatter/mailoney),
[maltrail](https://github.com/stamparm/maltrail/graphs/contributors),
[medpot](https://github.com/schmalle/medpot/graphs/contributors),
[miniprint](https://github.com/sa7mon/miniprint/graphs/contributors),
[p0f](http://lcamtuf.coredump.cx/p0f3/),
[redishoneypot](https://github.com/cypwnpwnsocute/RedisHoneyPot/graphs/contributors),
[sentrypeer](https://github.com/SentryPeer/SentryPeer/graphs/contributors),
[spiderfoot](https://github.com/smicallef/spiderfoot),
[snare](https://github.com/mushorg/snare/graphs/contributors),
[tanner](https://github.com/mushorg/tanner/graphs/contributors),
[suricata](https://github.com/OISF/suricata/graphs/contributors),
[wordpot](https://github.com/gbrindisi/wordpot)
<br><br>
## **The following companies and organizations**
* [docker](https://www.docker.com/),
[elastic.io](https://www.elastic.co/),
[honeynet project](https://www.honeynet.org/)
<br><br>
## **And of course ***YOU*** for joining the community!**
<br><br>
# Testimonials # Testimonials
One of the greatest feedback we have gotten so far is by one of the Conpot developers:<br> One of the greatest feedback we have gotten so far is by one of the Conpot developers:<br>
***"[...] I highly recommend T-Pot which is ... it's not exactly a swiss army knife .. it's more like a swiss army soldier, equipped with a swiss army knife. Inside a tank. A swiss tank. [...]"*** ***"[...] I highly recommend T-Pot which is ... it's not exactly a swiss army knife .. it's more like a swiss army soldier, equipped with a swiss army knife. Inside a tank. A swiss tank. [...]"***
<br><br> <br><br>
And from @robcowart (creator of [ElastiFlow](https://github.com/robcowart/elastiflow)):<br> And from @robcowart (creator of [ElastiFlow](https://github.com/robcowart/elastiflow)):<br>
***"#TPot is one of the most well put together turnkey honeypot solutions. It is a must-have for anyone wanting to analyze and understand the behavior of malicious actors and the threat they pose to your organization."*** ***"#TPot is one of the most well put together turnkey honeypot solutions. It is a must-have for anyone wanting to analyze and understand the behavior of malicious actors and the threat they pose to your organization."***
<br><br> <br><br>
**Thank you!**
![Alt](https://repobeats.axiom.co/api/embed/75368f879326a61370e485df52906ae0c1f59fbb.svg "Repobeats analytics image") # Thank you 💖

21
compose/mac_win.yml
View file

@ -3,12 +3,12 @@ networks:
tpotinit_local: tpotinit_local:
adbhoney_local: adbhoney_local:
ciscoasa_local: ciscoasa_local:
citrixhoneypot_local:
cowrie_local: cowrie_local:
ddospot_local: ddospot_local:
dicompot_local: dicompot_local:
dionaea_local: dionaea_local:
elasticpot_local: elasticpot_local:
h0neytr4p_local:
heralding_local: heralding_local:
honeyaml_local: honeyaml_local:
ipphoney_local: ipphoney_local:
@ -237,6 +237,25 @@ services:
volumes: volumes:
- ${TPOT_DATA_PATH}/elasticpot/log:/opt/elasticpot/log - ${TPOT_DATA_PATH}/elasticpot/log:/opt/elasticpot/log
# H0neytr4p service
h0neytr4p:
container_name: h0neytr4p
restart: always
depends_on:
tpotinit:
condition: service_healthy
networks:
- h0neytr4p_local
ports:
- "443:443"
# - "80:80"
image: ${TPOT_REPO}/h0neytr4p:${TPOT_VERSION}
pull_policy: ${TPOT_PULL_POLICY}
read_only: true
volumes:
- ${TPOT_DATA_PATH}/h0neytr4p/log/:/opt/h0neytr4p/log/
- ${TPOT_DATA_PATH}/h0neytr4p/payloads/:/data/h0neytr4p/payloads/
# Heralding service # Heralding service
heralding: heralding:
container_name: heralding container_name: heralding

38
compose/mobile.yml
View file

@ -5,7 +5,6 @@
# desktop environment such as LXDE and meet the minimum requirements of 8GB RAM. # desktop environment such as LXDE and meet the minimum requirements of 8GB RAM.
networks: networks:
ciscoasa_local: ciscoasa_local:
citrixhoneypot_local:
conpot_local_IEC104: conpot_local_IEC104:
conpot_local_ipmi: conpot_local_ipmi:
conpot_local_kamstrup_382: conpot_local_kamstrup_382:
@ -13,6 +12,7 @@ networks:
dicompot_local: dicompot_local:
dionaea_local: dionaea_local:
elasticpot_local: elasticpot_local:
h0neytr4p_local:
heralding_local: heralding_local:
honeyaml_local: honeyaml_local:
ipphoney_local: ipphoney_local:
@ -79,23 +79,6 @@ services:
volumes: volumes:
- ${TPOT_DATA_PATH}/ciscoasa/log:/var/log/ciscoasa - ${TPOT_DATA_PATH}/ciscoasa/log:/var/log/ciscoasa
# CitrixHoneypot service
citrixhoneypot:
container_name: citrixhoneypot
restart: always
depends_on:
logstash:
condition: service_healthy
networks:
- citrixhoneypot_local
ports:
- "443:443"
image: ${TPOT_REPO}/citrixhoneypot:${TPOT_VERSION}
pull_policy: ${TPOT_PULL_POLICY}
read_only: true
volumes:
- ${TPOT_DATA_PATH}/citrixhoneypot/log:/opt/citrixhoneypot/logs
# Conpot IEC104 service # Conpot IEC104 service
conpot_IEC104: conpot_IEC104:
container_name: conpot_iec104 container_name: conpot_iec104
@ -276,6 +259,25 @@ services:
volumes: volumes:
- ${TPOT_DATA_PATH}/elasticpot/log:/opt/elasticpot/log - ${TPOT_DATA_PATH}/elasticpot/log:/opt/elasticpot/log
# H0neytr4p service
h0neytr4p:
container_name: h0neytr4p
restart: always
depends_on:
logstash:
condition: service_healthy
networks:
- h0neytr4p_local
ports:
- "443:443"
# - "80:80"
image: ${TPOT_REPO}/h0neytr4p:${TPOT_VERSION}
pull_policy: ${TPOT_PULL_POLICY}
read_only: true
volumes:
- ${TPOT_DATA_PATH}/h0neytr4p/log/:/opt/h0neytr4p/log/
- ${TPOT_DATA_PATH}/h0neytr4p/payloads/:/data/h0neytr4p/payloads/
# Heralding service # Heralding service
heralding: heralding:
container_name: heralding container_name: heralding

38
compose/sensor.yml
View file

@ -2,7 +2,6 @@
networks: networks:
adbhoney_local: adbhoney_local:
ciscoasa_local: ciscoasa_local:
citrixhoneypot_local:
conpot_local_IEC104: conpot_local_IEC104:
conpot_local_guardian_ast: conpot_local_guardian_ast:
conpot_local_ipmi: conpot_local_ipmi:
@ -12,6 +11,7 @@ networks:
dicompot_local: dicompot_local:
dionaea_local: dionaea_local:
elasticpot_local: elasticpot_local:
h0neytr4p_local:
heralding_local: heralding_local:
honeyaml_local: honeyaml_local:
ipphoney_local: ipphoney_local:
@ -95,23 +95,6 @@ services:
volumes: volumes:
- ${TPOT_DATA_PATH}/ciscoasa/log:/var/log/ciscoasa - ${TPOT_DATA_PATH}/ciscoasa/log:/var/log/ciscoasa
# CitrixHoneypot service
citrixhoneypot:
container_name: citrixhoneypot
restart: always
depends_on:
tpotinit:
condition: service_healthy
networks:
- citrixhoneypot_local
ports:
- "443:443"
image: ${TPOT_REPO}/citrixhoneypot:${TPOT_VERSION}
pull_policy: ${TPOT_PULL_POLICY}
read_only: true
volumes:
- ${TPOT_DATA_PATH}/citrixhoneypot/log:/opt/citrixhoneypot/logs
# Conpot IEC104 service # Conpot IEC104 service
conpot_IEC104: conpot_IEC104:
container_name: conpot_iec104 container_name: conpot_iec104
@ -340,6 +323,25 @@ services:
volumes: volumes:
- ${TPOT_DATA_PATH}/elasticpot/log:/opt/elasticpot/log - ${TPOT_DATA_PATH}/elasticpot/log:/opt/elasticpot/log
# H0neytr4p service
h0neytr4p:
container_name: h0neytr4p
restart: always
depends_on:
tpotinit:
condition: service_healthy
networks:
- h0neytr4p_local
ports:
- "443:443"
# - "80:80"
image: ${TPOT_REPO}/h0neytr4p:${TPOT_VERSION}
pull_policy: ${TPOT_PULL_POLICY}
read_only: true
volumes:
- ${TPOT_DATA_PATH}/h0neytr4p/log/:/opt/h0neytr4p/log/
- ${TPOT_DATA_PATH}/h0neytr4p/payloads/:/data/h0neytr4p/payloads/
# Heralding service # Heralding service
heralding: heralding:
container_name: heralding container_name: heralding

52
compose/standard.yml
View file

@ -2,7 +2,6 @@
networks: networks:
adbhoney_local: adbhoney_local:
ciscoasa_local: ciscoasa_local:
citrixhoneypot_local:
conpot_local_IEC104: conpot_local_IEC104:
conpot_local_guardian_ast: conpot_local_guardian_ast:
conpot_local_ipmi: conpot_local_ipmi:
@ -12,6 +11,7 @@ networks:
dicompot_local: dicompot_local:
dionaea_local: dionaea_local:
elasticpot_local: elasticpot_local:
h0neytr4p_local:
heralding_local: heralding_local:
honeyaml_local: honeyaml_local:
ipphoney_local: ipphoney_local:
@ -97,23 +97,6 @@ services:
volumes: volumes:
- ${TPOT_DATA_PATH}/ciscoasa/log:/var/log/ciscoasa - ${TPOT_DATA_PATH}/ciscoasa/log:/var/log/ciscoasa
# CitrixHoneypot service
citrixhoneypot:
container_name: citrixhoneypot
restart: always
depends_on:
tpotinit:
condition: service_healthy
networks:
- citrixhoneypot_local
ports:
- "443:443"
image: ${TPOT_REPO}/citrixhoneypot:${TPOT_VERSION}
pull_policy: ${TPOT_PULL_POLICY}
read_only: true
volumes:
- ${TPOT_DATA_PATH}/citrixhoneypot/log:/opt/citrixhoneypot/logs
# Conpot IEC104 service # Conpot IEC104 service
conpot_IEC104: conpot_IEC104:
container_name: conpot_iec104 container_name: conpot_iec104
@ -342,22 +325,24 @@ services:
volumes: volumes:
- ${TPOT_DATA_PATH}/elasticpot/log:/opt/elasticpot/log - ${TPOT_DATA_PATH}/elasticpot/log:/opt/elasticpot/log
# Honeyaml service # H0neytr4p service
honeyaml: h0neytr4p:
container_name: honeyaml container_name: h0neytr4p
restart: always restart: always
depends_on: depends_on:
tpotinit: tpotinit:
condition: service_healthy condition: service_healthy
networks: networks:
- honeyaml_local - h0neytr4p_local
ports: ports:
- "3000:8080" - "443:443"
image: ${TPOT_REPO}/honeyaml:${TPOT_VERSION} # - "80:80"
image: ${TPOT_REPO}/h0neytr4p:${TPOT_VERSION}
pull_policy: ${TPOT_PULL_POLICY} pull_policy: ${TPOT_PULL_POLICY}
read_only: true read_only: true
volumes: volumes:
- ${TPOT_DATA_PATH}/honeyaml/log:/opt/honeyaml/log/ - ${TPOT_DATA_PATH}/h0neytr4p/log/:/opt/h0neytr4p/log/
- ${TPOT_DATA_PATH}/h0neytr4p/payloads/:/data/h0neytr4p/payloads/
# Heralding service # Heralding service
heralding: heralding:
@ -393,6 +378,23 @@ services:
volumes: volumes:
- ${TPOT_DATA_PATH}/heralding/log:/var/log/heralding - ${TPOT_DATA_PATH}/heralding/log:/var/log/heralding
# Honeyaml service
honeyaml:
container_name: honeyaml
restart: always
depends_on:
tpotinit:
condition: service_healthy
networks:
- honeyaml_local
ports:
- "3000:8080"
image: ${TPOT_REPO}/honeyaml:${TPOT_VERSION}
pull_policy: ${TPOT_PULL_POLICY}
read_only: true
volumes:
- ${TPOT_DATA_PATH}/honeyaml/log:/opt/honeyaml/log/
# Honeytrap service # Honeytrap service
honeytrap: honeytrap:
container_name: honeytrap container_name: honeytrap

20
compose/tpot_services.yml
View file

@ -19,6 +19,7 @@ networks:
endlessh_local: endlessh_local:
galah_local: galah_local:
go-pot_local: go-pot_local:
h0neytr4p_local:
hellpot_local: hellpot_local:
heralding_local: heralding_local:
honeyaml_local: honeyaml_local:
@ -465,6 +466,25 @@ services:
volumes: volumes:
- ${TPOT_DATA_PATH}/go-pot/log:/opt/go-pot/log/ - ${TPOT_DATA_PATH}/go-pot/log:/opt/go-pot/log/
# H0neytr4p service
h0neytr4p:
container_name: h0neytr4p
restart: always
depends_on:
tpotinit:
condition: service_healthy
networks:
- h0neytr4p_local
ports:
- "443:443"
# - "80:80"
image: ${TPOT_REPO}/h0neytr4p:${TPOT_VERSION}
pull_policy: ${TPOT_PULL_POLICY}
read_only: true
volumes:
- ${TPOT_DATA_PATH}/h0neytr4p/log/:/opt/h0neytr4p/log/
- ${TPOT_DATA_PATH}/h0neytr4p/payloads/:/data/h0neytr4p/payloads/
# Hellpot service # Hellpot service
hellpot: hellpot:
container_name: hellpot container_name: hellpot

BIN
doc/architecture.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 682 KiB

After

Width:  |  Height:  |  Size: 443 KiB

52
docker-compose.yml
View file

@ -2,7 +2,6 @@
networks: networks:
adbhoney_local: adbhoney_local:
ciscoasa_local: ciscoasa_local:
citrixhoneypot_local:
conpot_local_IEC104: conpot_local_IEC104:
conpot_local_guardian_ast: conpot_local_guardian_ast:
conpot_local_ipmi: conpot_local_ipmi:
@ -12,6 +11,7 @@ networks:
dicompot_local: dicompot_local:
dionaea_local: dionaea_local:
elasticpot_local: elasticpot_local:
h0neytr4p_local:
heralding_local: heralding_local:
honeyaml_local: honeyaml_local:
ipphoney_local: ipphoney_local:
@ -97,23 +97,6 @@ services:
volumes: volumes:
- ${TPOT_DATA_PATH}/ciscoasa/log:/var/log/ciscoasa - ${TPOT_DATA_PATH}/ciscoasa/log:/var/log/ciscoasa
# CitrixHoneypot service
citrixhoneypot:
container_name: citrixhoneypot
restart: always
depends_on:
tpotinit:
condition: service_healthy
networks:
- citrixhoneypot_local
ports:
- "443:443"
image: ${TPOT_REPO}/citrixhoneypot:${TPOT_VERSION}
pull_policy: ${TPOT_PULL_POLICY}
read_only: true
volumes:
- ${TPOT_DATA_PATH}/citrixhoneypot/log:/opt/citrixhoneypot/logs
# Conpot IEC104 service # Conpot IEC104 service
conpot_IEC104: conpot_IEC104:
container_name: conpot_iec104 container_name: conpot_iec104
@ -342,22 +325,24 @@ services:
volumes: volumes:
- ${TPOT_DATA_PATH}/elasticpot/log:/opt/elasticpot/log - ${TPOT_DATA_PATH}/elasticpot/log:/opt/elasticpot/log
# Honeyaml service # H0neytr4p service
honeyaml: h0neytr4p:
container_name: honeyaml container_name: h0neytr4p
restart: always restart: always
depends_on: depends_on:
tpotinit: tpotinit:
condition: service_healthy condition: service_healthy
networks: networks:
- honeyaml_local - h0neytr4p_local
ports: ports:
- "3000:8080" - "443:443"
image: ${TPOT_REPO}/honeyaml:${TPOT_VERSION} # - "80:80"
image: ${TPOT_REPO}/h0neytr4p:${TPOT_VERSION}
pull_policy: ${TPOT_PULL_POLICY} pull_policy: ${TPOT_PULL_POLICY}
read_only: true read_only: true
volumes: volumes:
- ${TPOT_DATA_PATH}/honeyaml/log:/opt/honeyaml/log/ - ${TPOT_DATA_PATH}/h0neytr4p/log/:/opt/h0neytr4p/log/
- ${TPOT_DATA_PATH}/h0neytr4p/payloads/:/data/h0neytr4p/payloads/
# Heralding service # Heralding service
heralding: heralding:
@ -393,6 +378,23 @@ services:
volumes: volumes:
- ${TPOT_DATA_PATH}/heralding/log:/var/log/heralding - ${TPOT_DATA_PATH}/heralding/log:/var/log/heralding
# Honeyaml service
honeyaml:
container_name: honeyaml
restart: always
depends_on:
tpotinit:
condition: service_healthy
networks:
- honeyaml_local
ports:
- "3000:8080"
image: ${TPOT_REPO}/honeyaml:${TPOT_VERSION}
pull_policy: ${TPOT_PULL_POLICY}
read_only: true
volumes:
- ${TPOT_DATA_PATH}/honeyaml/log:/opt/honeyaml/log/
# Honeytrap service # Honeytrap service
honeytrap: honeytrap:
container_name: honeytrap container_name: honeytrap

9
docker/_builder/docker-compose.yml
View file

@ -144,6 +144,15 @@ services:
context: ../go-pot/ context: ../go-pot/
<<: *common-build <<: *common-build
# H0neytr4p
h0neytr4p:
image: ${TPOT_DOCKER_REPO}/h0neytr4p:${TPOT_VERSION}
build:
tags:
- ${TPOT_GHCR_REPO}/h0neytr4p:${TPOT_VERSION}
context: ../h0neytr4p/
<<: *common-build
# Hellpot # Hellpot
hellpot: hellpot:
image: ${TPOT_DOCKER_REPO}/hellpot:${TPOT_VERSION} image: ${TPOT_DOCKER_REPO}/hellpot:${TPOT_VERSION}

14
docker/elk/logstash/dist/http_output.conf vendored
View file

@ -120,6 +120,13 @@ input {
type => "Go-pot" type => "Go-pot"
} }
# H0neytr4p
file {
path => ["/data/h0neytr4p/log/log.json"]
codec => json
type => "H0neytr4p"
}
# Hellpot # Hellpot
file { file {
path => ["/data/hellpot/log/hellpot.log"] path => ["/data/hellpot/log/hellpot.log"]
@ -536,6 +543,13 @@ filter {
} }
} }
# H0neytr4p
if [type] == "H0neytr4p" {
date {
match => [ "timestamp", "ISO8601" ]
}
}
# Heralding # Heralding
if [type] == "Heralding" { if [type] == "Heralding" {
csv { csv {

14
docker/elk/logstash/dist/logstash.conf vendored
View file

@ -120,6 +120,13 @@ input {
type => "Go-pot" type => "Go-pot"
} }
# H0neytr4p
file {
path => ["/data/h0neytr4p/log/log.json"]
codec => json
type => "H0neytr4p"
}
# Hellpot # Hellpot
file { file {
path => ["/data/hellpot/log/hellpot.log"] path => ["/data/hellpot/log/hellpot.log"]
@ -536,6 +543,13 @@ filter {
} }
} }
# H0neytr4p
if [type] == "H0neytr4p" {
date {
match => [ "timestamp", "ISO8601" ]
}
}
# Heralding # Heralding
if [type] == "Heralding" { if [type] == "Heralding" {
csv { csv {

2
docker/elk/map/Dockerfile
View file

@ -13,7 +13,7 @@ RUN apk --no-cache -U add \
# Install from GitHub and setup # Install from GitHub and setup
mkdir -p /opt && \ mkdir -p /opt && \
cd /opt/ && \ cd /opt/ && \
git clone https://github.com/t3chn0m4g3/t-pot-attack-map -b 2.2.5 && \ git clone https://github.com/t3chn0m4g3/t-pot-attack-map -b 2.2.6 && \
cd t-pot-attack-map && \ cd t-pot-attack-map && \
pip3 install --break-system-packages --upgrade pip && \ pip3 install --break-system-packages --upgrade pip && \
pip3 install --break-system-packages -r requirements.txt && \ pip3 install --break-system-packages -r requirements.txt && \

30
docker/h0neytr4p/Dockerfile Normal file
View file

@ -0,0 +1,30 @@
FROM golang:1.21-alpine AS builder
WORKDIR /app
#
RUN apk -U add git openssl
RUN git clone https://github.com/t3chn0m4g3/h0neytr4p -b v0.32 /app
RUN go mod download
RUN go mod tidy
RUN go build -o /app/main
RUN openssl req \
-nodes \
-x509 \
-sha512 \
-newkey rsa:4096 \
-keyout "app.key" \
-out "app.crt" \
-days 3650 \
-subj '/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd'
RUN chmod 444 app.key app.crt
#
FROM scratch
#
COPY --from=builder /app/main /opt/h0neytr4p/h0neytr4p
COPY --from=builder /app/traps /opt/h0neytr4p/traps
COPY --from=builder /app/app.key /opt/h0neytr4p/
COPY --from=builder /app/app.crt /opt/h0neytr4p/
#
WORKDIR /opt/h0neytr4p
USER 2000:2000
CMD ["-cert=app.crt", "-key=app.key", "-log=log/log.json", "-catchall=false", "-payload=/data/h0neytr4p/payloads/", "-wildcard=true", "-traps=traps/"]
ENTRYPOINT ["./h0neytr4p"]

22
docker/h0neytr4p/docker-compose.yml Normal file
View file

@ -0,0 +1,22 @@
networks:
h0neytr4p_local:
services:
# H0neytr4p service
h0neytr4p:
build: .
container_name: h0neytr4p
restart: always
# cpu_count: 1
# cpus: 0.25
networks:
- h0neytr4p_local
ports:
- "80:80"
- "443:443"
image: "dtagdevsec/h0neytr4p:24.04"
read_only: true
volumes:
- $HOME/tpotce/data/h0neytr4p/log/:/opt/h0neytr4p/log/
- $HOME/tpotce/data/h0neytr4p/payloads/:/data/h0neytr4p/payloads/

30
docker/tpotinit/dist/bin/clean.sh vendored
View file

@ -32,12 +32,14 @@ fuLOGROTATE () {
local myDIONAEABITGZ="/data/dionaea/bistreams.tgz" local myDIONAEABITGZ="/data/dionaea/bistreams.tgz"
local myDIONAEABIN="/data/dionaea/binaries/" local myDIONAEABIN="/data/dionaea/binaries/"
local myDIONAEABINTGZ="/data/dionaea/binaries.tgz" local myDIONAEABINTGZ="/data/dionaea/binaries.tgz"
local myMINIPRINTU="/data/miniprint/uploads/" local myH0NEYTR4PP="/data/h0neytr4p/payloads/"
local myMINIPRINTTGZ="/data/miniprint/uploads.tgz" local myH0NEYTR4PTGZ="/data/h0neytr4p/payloads.tgz"
local myHONEYTRAPATTACKS="/data/honeytrap/attacks/" local myHONEYTRAPATTACKS="/data/honeytrap/attacks/"
local myHONEYTRAPATTACKSTGZ="/data/honeytrap/attacks.tgz" local myHONEYTRAPATTACKSTGZ="/data/honeytrap/attacks.tgz"
local myHONEYTRAPDL="/data/honeytrap/downloads/" local myHONEYTRAPDL="/data/honeytrap/downloads/"
local myHONEYTRAPDLTGZ="/data/honeytrap/downloads.tgz" local myHONEYTRAPDLTGZ="/data/honeytrap/downloads.tgz"
local myMINIPRINTU="/data/miniprint/uploads/"
local myMINIPRINTTGZ="/data/miniprint/uploads.tgz"
local myTANNERF="/data/tanner/files/" local myTANNERF="/data/tanner/files/"
local myTANNERFTGZ="/data/tanner/files.tgz" local myTANNERFTGZ="/data/tanner/files.tgz"
@ -56,22 +58,23 @@ if [ "$(fuEMPTY $myCOWRIETTYLOGS)" != "0" ]; then tar -I $myPIGZ -cvf $myCOWRIET
if [ "$(fuEMPTY $myCOWRIEDL)" != "0" ]; then tar -I $myPIGZ -cvf $myCOWRIEDLTGZ $myCOWRIEDL; fi if [ "$(fuEMPTY $myCOWRIEDL)" != "0" ]; then tar -I $myPIGZ -cvf $myCOWRIEDLTGZ $myCOWRIEDL; fi
if [ "$(fuEMPTY $myDIONAEABI)" != "0" ]; then tar -I $myPIGZ -cvf $myDIONAEABITGZ $myDIONAEABI; fi if [ "$(fuEMPTY $myDIONAEABI)" != "0" ]; then tar -I $myPIGZ -cvf $myDIONAEABITGZ $myDIONAEABI; fi
if [ "$(fuEMPTY $myDIONAEABIN)" != "0" ]; then tar -I $myPIGZ -cvf $myDIONAEABINTGZ $myDIONAEABIN; fi if [ "$(fuEMPTY $myDIONAEABIN)" != "0" ]; then tar -I $myPIGZ -cvf $myDIONAEABINTGZ $myDIONAEABIN; fi
if [ "$(fuEMPTY $myMINIPRINTU)" != "0" ]; then tar -I $myPIGZ -cvf $myMINIPRINTTGZ $myMINIPRINTU; fi if [ "$(fuEMPTY $myH0NEYTR4PP)" != "0" ]; then tar -I $myPIGZ -cvf $myH0NEYTR4PTGZ $myH0NEYTR4PP; fi
if [ "$(fuEMPTY $myHONEYTRAPATTACKS)" != "0" ]; then tar -I $myPIGZ -cvf $myHONEYTRAPATTACKSTGZ $myHONEYTRAPATTACKS; fi if [ "$(fuEMPTY $myHONEYTRAPATTACKS)" != "0" ]; then tar -I $myPIGZ -cvf $myHONEYTRAPATTACKSTGZ $myHONEYTRAPATTACKS; fi
if [ "$(fuEMPTY $myHONEYTRAPDL)" != "0" ]; then tar -I $myPIGZ -cvf $myHONEYTRAPDLTGZ $myHONEYTRAPDL; fi if [ "$(fuEMPTY $myHONEYTRAPDL)" != "0" ]; then tar -I $myPIGZ -cvf $myHONEYTRAPDLTGZ $myHONEYTRAPDL; fi
if [ "$(fuEMPTY $myMINIPRINTU)" != "0" ]; then tar -I $myPIGZ -cvf $myMINIPRINTTGZ $myMINIPRINTU; fi
if [ "$(fuEMPTY $myTANNERF)" != "0" ]; then tar -I $myPIGZ -cvf $myTANNERFTGZ $myTANNERF; fi if [ "$(fuEMPTY $myTANNERF)" != "0" ]; then tar -I $myPIGZ -cvf $myTANNERFTGZ $myTANNERF; fi
# Ensure correct permissions and ownership for previously created archives # Ensure correct permissions and ownership for previously created archives
chmod 770 $myADBHONEYTGZ $myCOWRIETTYTGZ $myCOWRIEDLTGZ $myDIONAEABITGZ $myDIONAEABINTGZ $myHONEYTRAPATTACKSTGZ $myHONEYTRAPDLTGZ $myMINIPRINTTGZ $myTANNERFTGZ chmod 770 $myADBHONEYTGZ $myCOWRIETTYTGZ $myCOWRIEDLTGZ $myDIONAEABITGZ $myDIONAEABINTGZ $myH0NEYTR4PTGZ $myHONEYTRAPATTACKSTGZ $myHONEYTRAPDLTGZ $myMINIPRINTTGZ $myTANNERFTGZ
chown tpot:tpot $myADBHONEYTGZ $myCOWRIETTYTGZ $myCOWRIEDLTGZ $myDIONAEABITGZ $myDIONAEABINTGZ $myHONEYTRAPATTACKSTGZ $myHONEYTRAPDLTGZ $myMINIPRINTTGZ $myTANNERFTGZ chown tpot:tpot $myADBHONEYTGZ $myCOWRIETTYTGZ $myCOWRIEDLTGZ $myDIONAEABITGZ $myDIONAEABINTGZ $myH0NEYTR4PTGZ $myHONEYTRAPATTACKSTGZ $myHONEYTRAPDLTGZ $myMINIPRINTTGZ $myTANNERFTGZ
# Need to remove subfolders since too many files cause rm to exit with errors # Need to remove subfolders since too many files cause rm to exit with errors
rm -rf $myADBHONEYDL $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL $myMINIPRINTU $myTANNERF rm -rf $myADBHONEYDL $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myH0NEYTR4PP $myHONEYTRAPATTACKS $myHONEYTRAPDL $myMINIPRINTU $myTANNERF
# Recreate subfolders with correct permissions and ownership # Recreate subfolders with correct permissions and ownership
mkdir -p $myADBHONEYDL $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL $myMINIPRINTU $myTANNERF mkdir -p $myADBHONEYDL $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myH0NEYTR4PP $myHONEYTRAPATTACKS $myHONEYTRAPDL $myMINIPRINTU $myTANNERF
chmod 770 $myADBHONEYDL $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL $myMINIPRINTU $myTANNERF chmod 770 $myADBHONEYDL $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myH0NEYTR4PP $myHONEYTRAPATTACKS $myHONEYTRAPDL $myMINIPRINTU $myTANNERF
chown tpot:tpot $myADBHONEYDL $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL $myMINIPRINTU $myTANNERF chown tpot:tpot $myADBHONEYDL $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myH0NEYTR4PP $myHONEYTRAPATTACKS $myHONEYTRAPDL $myMINIPRINTU $myTANNERF
# Run logrotate again to account for previously created archives - DO NOT FORCE HERE! # Run logrotate again to account for previously created archives - DO NOT FORCE HERE!
logrotate -s $mySTATUS $myCONF logrotate -s $mySTATUS $myCONF
@ -225,6 +228,14 @@ fuGOPOT () {
chown tpot:tpot /data/go-pot -R chown tpot:tpot /data/go-pot -R
} }
# Let's create a function to clean up and prepare h0neytr4p data
fuH0NEYTR4P () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/h0neytr4p/*; fi
mkdir -vp /data/h0neytr4p/{log,payloads}
chmod 770 /data/h0neytr4p/ -R
chown tpot:tpot /data/h0neytr4p/ -R
}
# Let's create a function to clean up and prepare hellpot data # Let's create a function to clean up and prepare hellpot data
fuHELLPOT () { fuHELLPOT () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/hellpot/log; fi if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/hellpot/log; fi
@ -420,6 +431,7 @@ fuFATT
fuGALAH fuGALAH
fuGLUTTON fuGLUTTON
fuGOPOT fuGOPOT
fuH0NEYTR4P
fuHERALDING fuHERALDING
fuHELLPOT fuHELLPOT
fuHONEYAML fuHONEYAML

2
docker/tpotinit/dist/etc/logrotate/logrotate.conf vendored
View file

@ -22,6 +22,7 @@
/data/glutton/log/*.log /data/glutton/log/*.log
/data/glutton/log/*.err /data/glutton/log/*.err
/data/go-pot/log/*.json /data/go-pot/log/*.json
/data/h0neytr4p/log/*.json
/data/hellpot/log/*.log /data/hellpot/log/*.log
/data/heralding/log/*.log /data/heralding/log/*.log
/data/heralding/log/*.csv /data/heralding/log/*.csv
@ -61,6 +62,7 @@
/data/cowrie/downloads.tgz /data/cowrie/downloads.tgz
/data/dionaea/bistreams.tgz /data/dionaea/bistreams.tgz
/data/dionaea/binaries.tgz /data/dionaea/binaries.tgz
/data/h0neytr4p/payloads.tgz
/data/honeytrap/attacks.tgz /data/honeytrap/attacks.tgz
/data/honeytrap/downloads.tgz /data/honeytrap/downloads.tgz
/data/miniprint/uploads.tgz /data/miniprint/uploads.tgz

BIN
docker/tpotinit/dist/etc/objects/elkbase.tgz vendored
View file

Binary file not shown.

BIN
docker/tpotinit/dist/etc/objects/kibana_export.ndjson.zip vendored
View file

Binary file not shown.