From b06052f4ebc5f4d0db17383fd3c7d9306ed2996a Mon Sep 17 00:00:00 2001
From: Domenico Del Giudice <114437746+domedg@users.noreply.github.com>
Date: Sun, 2 Mar 2025 14:08:49 +0100
Subject: [PATCH] Update README.md
---
README.md | 98 +++++++++++++++++++++++++------------------------------
1 file changed, 45 insertions(+), 53 deletions(-)
diff --git a/README.md b/README.md
index 4d2aec7f..6122b91d 100644
--- a/README.md
+++ b/README.md
@@ -8,13 +8,12 @@
- [Architecture](#architecture)
- [Supported Honeypots](#supported-honeypots)
- [Tools Included](#tools-included)
+ - [Required Ports](#required-ports)
- [MacOS Installation](#macos-installation)
- [Installation Issues](#installation-issues)
- [Management Tips](#management-tips)
- [Testing ConPot](#testing-conpot)
- - [Required Ports](#required-ports)
- [Update Script](#update-script)
- - [Uninstall T-Pot](#uninstall-tpot)
- [Data Analysis and Insights](#data-analysis-and-insights)
- [Conclusion](#conclusion)
@@ -98,6 +97,50 @@ T-Pot also includes the following tools:
- **Spiderfoot**: An open-source intelligence automation tool.
- **Suricata**: A Network Security Monitoring engine.
+---
+
+### 2.4 Required Ports ๐
+Besides the ports generally needed by the OS, i.e. obtaining a DHCP lease, DNS, etc. T-Pot will require the following ports for incoming / outgoing connections. Review the [T-Pot Architecture](#technical-architecture) for a visual representation. Also some ports will show up as duplicates, which is fine since used in different editions.
+
+| Port | Protocol | Direction | Description |
+| :------------------------------------------------------------------------------------------------------------------------------------ | :------- | :-------- | :-------------------------------------------------------------------------------------------------- |
+| 80, 443 | tcp | outgoing | T-Pot Management: Install, Updates, Logs (i.e. OS, GitHub, DockerHub, Sicherheitstacho, etc. |
+| 11434 | tcp | outgoing | LLM based honeypots: Access your Ollama installation |
+| 64294 | tcp | incoming | T-Pot Management: Sensor data transmission to hive (through NGINX reverse proxy) to 127.0.0.1:64305 |
+| 64295 | tcp | incoming | T-Pot Management: Access to SSH |
+| 64297 | tcp | incoming | T-Pot Management Access to NGINX reverse proxy |
+| 5555 | tcp | incoming | Honeypot: ADBHoney |
+| 22 | tcp | incoming | Honeypot: Beelzebub (LLM required) |
+| 5000 | udp | incoming | Honeypot: CiscoASA |
+| 8443 | tcp | incoming | Honeypot: CiscoASA |
+| 443 | tcp | incoming | Honeypot: CitrixHoneypot |
+| 80, 102, 502, 1025, 2404, 10001, 44818, 47808, 50100 | tcp | incoming | Honeypot: Conpot |
+| 161, 623 | udp | incoming | Honeypot: Conpot |
+| 22, 23 | tcp | incoming | Honeypot: Cowrie |
+| 19, 53, 123, 1900 | udp | incoming | Honeypot: Ddospot |
+| 11112 | tcp | incoming | Honeypot: Dicompot |
+| 21, 42, 135, 443, 445, 1433, 1723, 1883, 3306, 8081 | tcp | incoming | Honeypot: Dionaea |
+| 69 | udp | incoming | Honeypot: Dionaea |
+| 9200 | tcp | incoming | Honeypot: Elasticpot |
+| 22 | tcp | incoming | Honeypot: Endlessh |
+| 80, 443, 8080, 8443 | tcp | incoming | Honeypot: Galah (LLM required) |
+| 8080 | tcp | incoming | Honeypot: Go-pot |
+| 80, 443 | tcp | incoming | Honeypot: H0neytr4p |
+| 21, 22, 23, 25, 80, 110, 143, 443, 993, 995, 1080, 5432, 5900 | tcp | incoming | Honeypot: Heralding |
+| 3000 | tcp | incoming | Honeypot: Honeyaml |
+| 21, 22, 23, 25, 80, 110, 143, 389, 443, 445, 631, 1080, 1433, 1521, 3306, 3389, 5060, 5432, 5900, 6379, 6667, 8080, 9100, 9200, 11211 | tcp | incoming | Honeypot: qHoneypots |
+| 53, 123, 161, 5060 | udp | incoming | Honeypot: qHoneypots |
+| 631 | tcp | incoming | Honeypot: IPPHoney |
+| 80, 443, 8080, 9200, 25565 | tcp | incoming | Honeypot: Log4Pot |
+| 25 | tcp | incoming | Honeypot: Mailoney |
+| 2575 | tcp | incoming | Honeypot: Medpot |
+| 9100 | tcp | incoming | Honeypot: Miniprint |
+| 6379 | tcp | incoming | Honeypot: Redishoneypot |
+| 5060 | tcp/udp | incoming | Honeypot: SentryPeer |
+| 80 | tcp | incoming | Honeypot: Snare (Tanner) |
+| 8090 | tcp | incoming | Honeypot: Wordpot |
+
+
---
## 2 MacOS Installation ๐
@@ -390,49 +433,6 @@ sqlmap -u "http:///page?id=1" --risk=3 --level=5
nc -v 80
```
----
-
-### 2.4 Required Ports ๐
-Besides the ports generally needed by the OS, i.e. obtaining a DHCP lease, DNS, etc. T-Pot will require the following ports for incoming / outgoing connections. Review the [T-Pot Architecture](#technical-architecture) for a visual representation. Also some ports will show up as duplicates, which is fine since used in different editions.
-
-| Port | Protocol | Direction | Description |
-| :------------------------------------------------------------------------------------------------------------------------------------ | :------- | :-------- | :-------------------------------------------------------------------------------------------------- |
-| 80, 443 | tcp | outgoing | T-Pot Management: Install, Updates, Logs (i.e. OS, GitHub, DockerHub, Sicherheitstacho, etc. |
-| 11434 | tcp | outgoing | LLM based honeypots: Access your Ollama installation |
-| 64294 | tcp | incoming | T-Pot Management: Sensor data transmission to hive (through NGINX reverse proxy) to 127.0.0.1:64305 |
-| 64295 | tcp | incoming | T-Pot Management: Access to SSH |
-| 64297 | tcp | incoming | T-Pot Management Access to NGINX reverse proxy |
-| 5555 | tcp | incoming | Honeypot: ADBHoney |
-| 22 | tcp | incoming | Honeypot: Beelzebub (LLM required) |
-| 5000 | udp | incoming | Honeypot: CiscoASA |
-| 8443 | tcp | incoming | Honeypot: CiscoASA |
-| 443 | tcp | incoming | Honeypot: CitrixHoneypot |
-| 80, 102, 502, 1025, 2404, 10001, 44818, 47808, 50100 | tcp | incoming | Honeypot: Conpot |
-| 161, 623 | udp | incoming | Honeypot: Conpot |
-| 22, 23 | tcp | incoming | Honeypot: Cowrie |
-| 19, 53, 123, 1900 | udp | incoming | Honeypot: Ddospot |
-| 11112 | tcp | incoming | Honeypot: Dicompot |
-| 21, 42, 135, 443, 445, 1433, 1723, 1883, 3306, 8081 | tcp | incoming | Honeypot: Dionaea |
-| 69 | udp | incoming | Honeypot: Dionaea |
-| 9200 | tcp | incoming | Honeypot: Elasticpot |
-| 22 | tcp | incoming | Honeypot: Endlessh |
-| 80, 443, 8080, 8443 | tcp | incoming | Honeypot: Galah (LLM required) |
-| 8080 | tcp | incoming | Honeypot: Go-pot |
-| 80, 443 | tcp | incoming | Honeypot: H0neytr4p |
-| 21, 22, 23, 25, 80, 110, 143, 443, 993, 995, 1080, 5432, 5900 | tcp | incoming | Honeypot: Heralding |
-| 3000 | tcp | incoming | Honeypot: Honeyaml |
-| 21, 22, 23, 25, 80, 110, 143, 389, 443, 445, 631, 1080, 1433, 1521, 3306, 3389, 5060, 5432, 5900, 6379, 6667, 8080, 9100, 9200, 11211 | tcp | incoming | Honeypot: qHoneypots |
-| 53, 123, 161, 5060 | udp | incoming | Honeypot: qHoneypots |
-| 631 | tcp | incoming | Honeypot: IPPHoney |
-| 80, 443, 8080, 9200, 25565 | tcp | incoming | Honeypot: Log4Pot |
-| 25 | tcp | incoming | Honeypot: Mailoney |
-| 2575 | tcp | incoming | Honeypot: Medpot |
-| 9100 | tcp | incoming | Honeypot: Miniprint |
-| 6379 | tcp | incoming | Honeypot: Redishoneypot |
-| 5060 | tcp/udp | incoming | Honeypot: SentryPeer |
-| 80 | tcp | incoming | Honeypot: Snare (Tanner) |
-| 8090 | tcp | incoming | Honeypot: Wordpot |
-
---
### Update Script ๐
@@ -450,14 +450,6 @@ The update script will ...
- update all files in `~/tpotce` to be in sync with the T-Pot master branch
- restore your custom `ews.cfg` from `~/tpotce/data/ews/conf` and the T-Pot configuration (`~/tpotce/.env`).
----
-
-### 2.2 Uninstall T-Pot ๐งน
-Uninstallation of T-Pot is only available on the [supported Linux distros](#choose-your-distro).
-To uninstall T-Pot run ~/tpotce/uninstall.sh and follow the uninstaller instructions, you will have to enter your password at least once.
-Once the uninstall is finished reboot the machine sudo reboot
-
-
---