start working on new landing page

docker/heimdall/Dockerfile

@@ -0,0 +1,63 @@
+FROM alpine
+#
+# Include dist
+ADD dist/ /root/dist/
+#
+# Get and install dependencies & packages
+RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
+    apk -U --no-cache add \
+                       git \
+                       nginx \
+                       nginx-mod-http-headers-more \
+		       php7 \
+		       php7-cgi \
+		       php7-ctype \
+		       php7-fileinfo \
+		       php7-fpm \
+		       php7-json \
+		       php7-mbstring \
+		       php7-openssl \
+		       php7-pdo \
+		       php7-pdo_pgsql \
+		       php7-pdo_sqlite \
+		       php7-session \
+		       php7-sqlite3 \
+		       php7-tokenizer \
+		       php7-xml \
+		       php7-zip
+#
+# Clone Heimdall
+RUN git clone https://github.com/linuxserver/heimdall && \
+    cp -R heimdall/. /var/lib/nginx/html && \
+    rm -rf heimdall && \
+    cd /var/lib/nginx/html && \
+    cp .env.example .env && \
+    php artisan key:generate && \
+    mkdir -p /var/lib/nginx/html/storage/app/public/backgrounds/ && \
+    cp /root/dist/app/bg1.jpg /var/lib/nginx/html/public/img/bg1.jpg && \
+    #cp /root/dist/app/app.sqlite /var/lib/nginx/html/database/app.sqlite && \
+    cp /root/dist/html/favicon.ico /var/lib/nginx/html/public/favicon-16x16.png && \
+    cp /root/dist/html/favicon.ico /var/lib/nginx/html/public/favicon-32x32.png && \
+    cp /root/dist/html/favicon.ico /var/lib/nginx/html/public/favicon-96x96.png && \
+    cp /root/dist/html/favicon.ico /var/lib/nginx/html/public/favicon.ico && \
+    chown root:www-data -R /var/lib/nginx/html && \
+    chmod 775 -R /var/lib/nginx/html/storage && \
+    chmod 775 -R /var/lib/nginx/html/database && \
+# Setup configs
+    sed -i "s/user = nobody/user = nginx/g" /etc/php7/php-fpm.d/www.conf && \
+    sed -i "s/group = nobody/group = nginx/g" /etc/php7/php-fpm.d/www.conf && \
+    sed -i "s/9000/64304/g" /etc/php7/php-fpm.d/www.conf && \
+    sed -i "s/APP_NAME=Heimdall/APP_NAME=T-Pot/g" /var/lib/nginx/html/.env && \
+    #sed -i '/<?php/aecho("<title>T-Pot</title>");' /var/lib/nginx/html/public/index.php && \
+    mkdir -p /run/nginx && \
+    rm -rf /etc/nginx/conf.d/* /usr/share/nginx/html/* && \
+    cp /root/dist/conf/nginx.conf /etc/nginx/ && \
+    cp -R /root/dist/conf/ssl /etc/nginx/ && \
+    cp /root/dist/conf/tpotweb.conf /etc/nginx/conf.d/ && \
+#
+# Clean up
+    rm -rf /root/* && \
+    rm -rf /var/cache/apk/*
+#
+# Start nginx
+CMD php-fpm7 && exec nginx -g 'daemon off;'

docker/heimdall/dist/conf/nginx.conf

@@ -0,0 +1,76 @@
+user nginx;
+worker_processes auto;
+pid /run/nginx.pid;
+load_module /usr/lib/nginx/modules/ngx_http_headers_more_filter_module.so;
+
+events {
+	worker_connections 768;
+	# multi_accept on;
+}
+
+http {
+
+	##
+	# Basic Settings
+	##
+
+	sendfile on;
+	tcp_nopush on;
+	tcp_nodelay on;
+	keepalive_timeout 65;
+	types_hash_max_size 2048;
+	# server_tokens off;
+
+	# server_names_hash_bucket_size 64;
+	# server_name_in_redirect off;
+
+	include /etc/nginx/mime.types;
+	default_type application/octet-stream;
+
+	##
+	# SSL Settings
+	##
+
+	#ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
+	ssl_protocols TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
+	ssl_prefer_server_ciphers on;
+
+	##
+	# Logging Settings
+	##
+
+        log_format le_json '{ "timestamp": "$time_iso8601", '
+ 	'"src_ip": "$remote_addr", '
+ 	'"remote_user": "$remote_user", '
+ 	'"body_bytes_sent": "$body_bytes_sent", '
+ 	'"request_time": "$request_time", '
+ 	'"status": "$status", '
+ 	'"request": "$request", '
+ 	'"request_method": "$request_method", '
+ 	'"http_referrer": "$http_referer", '
+ 	'"http_user_agent": "$http_user_agent" }';
+ 
+ 	access_log /var/log/nginx/access.log le_json;
+	error_log /var/log/nginx/error.log;
+
+	##
+	# Gzip Settings
+	##
+
+	gzip on;
+	gzip_disable "msie6";
+
+	# gzip_vary on;
+	# gzip_proxied any;
+	# gzip_comp_level 6;
+	# gzip_buffers 16 8k;
+	# gzip_http_version 1.1;
+	# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
+	##
+	# Virtual Host Configs
+	##
+
+	include /etc/nginx/conf.d/*.conf;
+	include /etc/nginx/sites-enabled/*;
+}

docker/heimdall/dist/conf/ssl/dhparam4096.pem

@@ -0,0 +1,13 @@
+-----BEGIN DH PARAMETERS-----
+MIICCAKCAgEAiHmfakVLOStSULBdaTbZY/zeFyEeQ19GY9Z5CJg06dIIgIzhxk9L
+4xsQdQk8giKOjP6SfX0ZgF5CYaurQ3ljYlP0UlAQQo9+fEErbqj3hCzAxtIpd6Yj
+SV6zFdnSjwxWuKAPPywiQNljnHH+Y1KBdbl5VQ9gC3ehtaLo1A4y8q96f6fC5rGU
+nfgw4lTxLvPD7NwaOdFTCyK8tTxvUGNJIvf7805IxZ0BvAiBuVaXStaMcqf5BHLP
+fYpvIiVaCrtto4elu18nL0tf2CN5n9ai4hlr0nPmNrE/Zrrur78Re5F4Ien9kr4d
+xabXvVJJQa9j2NdQO7vk7Cz/dAIiqt/1XKFhll4TTYBqrFVXIwF+FNx636zyOjcO
+nlZk/V+IL/UTPnZOv2PGt5+WetvJJubi6B9XgOgVLduI07woAp5qnRJJt6fJW1aA
+M86By6WLy5P31Py6eFj8nYgj1V703XgQ5lESKYpeVgqA0bh7daNzOCoGQvvUKlTP
+RTu6fs7clw5ta4yYUyvuIKTngH5yGBNdTuP0GWo6Y+Dy1BctVwl2xSw+FhYeuIf/
+EB2A3129H59HhbWyNH337+1dfntHfQRXBsT0YSyDxPurI5/FNGcmw+GZEYk4BB8j
+g7TwH3GBjbKnjnr7SnhanqmWgybgQw6oR9gDC399eR4LiOk9sbxpX1MCAQI=
+-----END DH PARAMETERS-----

docker/heimdall/dist/conf/ssl/gen-cert.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+# Got root?
+myWHOAMI=$(whoami)
+if [ "$myWHOAMI" != "root" ]
+  then
+    echo "Need to run as root ..."
+    exit
+fi
+
+openssl req -nodes -x509 -sha512 -newkey rsa:8192 -keyout "nginx.key" -out "nginx.crt" -days 3650
+

docker/heimdall/dist/conf/ssl/gen-dhparam.sh

@@ -0,0 +1,16 @@
+#!/bin/bash
+
+# Got root?
+myWHOAMI=$(whoami)
+if [ "$myWHOAMI" != "root" ]
+  then
+    echo "Need to run as root ..."
+    exit
+fi
+
+if [ "$1" = "2048" ] || [ "$1" = "4096" ] || [ "$1" = "8192" ]
+  then 
+    openssl dhparam -outform PEM -out dhparam$1.pem $1
+  else
+    echo "Usage: ./gen-dhparam [2048, 4096, 8192]..."
+fi

docker/heimdall/dist/conf/tpotweb.conf

@@ -0,0 +1,152 @@
+############################################
+### NGINX T-Pot configuration file by mo ###
+############################################
+
+server {
+
+    #########################
+    ### Basic server settings
+    #########################
+    listen 64297 ssl http2;
+    #index tpotweb.html;
+    index index.php;
+    ssl_protocols TLSv1.3;
+    server_name example.com;
+    error_page 300 301 302 400 401 402 403 404 500 501 502 503 504 /error.html;
+    root /var/lib/nginx/html/public;
+
+
+    ##############################################
+    ### Remove version number add different header
+    ##############################################
+    server_tokens off;
+    more_set_headers 'Server: apache';
+
+
+    ##############################################
+    ### SSL settings and Cipher Suites
+    ##############################################
+    ssl_certificate /etc/nginx/cert/nginx.crt;
+    ssl_certificate_key /etc/nginx/cert/nginx.key;
+    
+    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!DHE:!SHA:!SHA256';
+    ssl_ecdh_curve secp384r1;
+    ssl_dhparam /etc/nginx/ssl/dhparam4096.pem;
+
+    ssl_prefer_server_ciphers on;
+    ssl_session_cache shared:SSL:10m;
+
+
+    ####################################
+    ### OWASP recommendations / settings
+    ####################################
+
+    ### Size Limits & Buffer Overflows 
+    ### the size may be configured based on the needs. 
+    client_body_buffer_size  128k;
+    client_header_buffer_size 1k;
+    client_max_body_size 2M;
+    large_client_header_buffers 2 1k;
+
+    ### Mitigate Slow HHTP DoS Attack
+    ### Timeouts definition ##
+    client_body_timeout   10;
+    client_header_timeout 10;
+    keepalive_timeout     5 5;
+    send_timeout          10;
+
+    ### X-Frame-Options is to prevent from clickJacking attack
+    add_header X-Frame-Options SAMEORIGIN;
+
+    ### disable content-type sniffing on some browsers.
+    add_header X-Content-Type-Options nosniff;
+
+    ### This header enables the Cross-site scripting (XSS) filter
+    add_header X-XSS-Protection "1; mode=block";
+
+    ### This will enforce HTTP browsing into HTTPS and avoid ssl stripping attack
+    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
+
+
+    ##################################
+    ### Restrict access and basic auth
+    ##################################
+
+    # satisfy all;
+    satisfy any;
+
+    # allow 10.0.0.0/8;
+    # allow 172.16.0.0/12;
+    # allow 192.168.0.0/16;
+    allow 127.0.0.1;
+    allow ::1;
+    deny  all;
+
+    auth_basic           "closed site";
+    auth_basic_user_file /etc/nginx/nginxpasswd;
+
+
+    ############
+    ### Heimdall
+    ############
+
+    location / {
+        auth_basic           "closed site";
+        auth_basic_user_file /etc/nginx/nginxpasswd;
+        try_files $uri $uri/ /index.php?$query_string;
+    }
+
+    location ~ \.php$ {
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+        fastcgi_pass 127.0.0.1:64304;
+        fastcgi_index index.php;
+        include fastcgi_params;
+        fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
+    }
+
+    #################
+    ### Proxied sites
+    #################
+
+    ### Kibana
+    location /kibana/ {
+        proxy_pass http://127.0.0.1:64296;
+        rewrite /kibana/(.*)$ /$1 break;
+    }
+
+    ### ES 
+    location /es/ {
+        proxy_pass http://127.0.0.1:64298/;
+        rewrite /es/(.*)$ /$1 break;
+    }
+
+    ### head standalone 
+    location /myhead/ {
+        proxy_pass http://127.0.0.1:64302/;
+        rewrite /myhead/(.*)$ /$1 break;
+    }
+
+    ### CyberChef
+    location /cyberchef {
+        proxy_pass http://127.0.0.1:64299;
+        rewrite ^/cyberchef(.*)$ /$1 break;
+    }
+
+    ### spiderfoot
+    location /spiderfoot {
+        proxy_pass http://127.0.0.1:64303;
+    }
+
+        location /static {
+            proxy_pass http://127.0.0.1:64303/spiderfoot/static;
+        }
+
+        location /scanviz {
+            proxy_pass http://127.0.0.1:64303/spiderfoot/scanviz;
+        }
+        
+        location /scandelete {
+            proxy_pass http://127.0.0.1:64303/spiderfoot/scandelete;
+        }
+
+}

docker/heimdall/dist/html/navbar.html

@@ -0,0 +1,23 @@
+<!DOCTYPE html>
+<html lang="en_US">
+  <head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>T-Pot</title>
+  </head>
+  <link href="style.css" rel="stylesheet" type="text/css"/>
+
+  <body bgcolor="#E20074">
+    <center>
+      <a href="/tpotweb.html" target="_top" class="btn">Home</a>
+      <script language="JavaScript">
+        document.write('<a href="' + window.location.protocol + '//' + window.location.hostname + ':64294' + '" target="_blank" class="btn">Cockpit</a> ' );
+      </script>
+      <a href="/cyberchef/" target="_blank" class="btn">CyberChef</a>
+      <a href="/myhead/" target="_blank" class="btn">ES Head</a>
+      <a href="/kibana/" target="_blank" class="btn">Kibana</a>
+      <a href="/spiderfoot/" target="_blank" class="btn">Spiderfoot</a>
+    </center>
+  </body>
+</html>
+

docker/heimdall/dist/html/style.css

@@ -0,0 +1,17 @@
+.btn {
+  -webkit-border-radius: 0;
+  -moz-border-radius: 0;
+  border-radius: 0px;
+  font-family: Arial;
+  color: #ffffff;
+  font-size: 12px;
+  background: #E20074;
+  padding: 2px 30px 2px 30px;
+  text-decoration: none;
+}
+
+.btn:hover {
+  background: #c2c2c2;
+  text-decoration: none;
+}
+

docker/heimdall/dist/html/tpotweb.html

@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html lang="en_US">
+  <head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>T-Pot</title>
+  </head>
+
+  <frameset rows='20,*' border='0' frameborder='0' framespacing='0'>
+    <frame src='navbar.html' name='navbar' marginwidth='0' marginheight='0' scrolling='no' noresize>
+    <frame src='/kibana/' name='main' marginwidth='0' marginheight='0' scrolling='auto' noresize>
+    <noframes>
+    </noframes>
+  </frameset>
+</html>

docker/heimdall/docker-compose.yml

@@ -0,0 +1,26 @@
+version: '2.3'
+
+services:
+
+# nginx service
+  nginx:
+    build: .
+    container_name: nginx
+    restart: always
+    tmpfs:
+     - /var/tmp/nginx/client_body
+     - /var/tmp/nginx/proxy
+     - /var/tmp/nginx/fastcgi
+     - /var/tmp/nginx/uwsgi
+     - /var/tmp/nginx/scgi
+     - /run
+    network_mode: "host"
+    ports:
+     - "64297:64297"
+     - "127.0.0.1:64304:64304"
+    image: "dtagdevsec/nginx:1903"
+#    read_only: true
+    volumes:
+     - /data/nginx/cert/:/etc/nginx/cert/:ro
+     - /data/nginx/conf/nginxpasswd:/etc/nginx/nginxpasswd:ro
+     - /data/nginx/log/:/var/log/nginx/