Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-07-02 04:52:11 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

add new honeypots to nextgen to prep for ELK setup

Browse source 
honeytrap testing
This commit is contained in:
t3chn0m4g3 2021-10-01 16:18:10 +00:00
parent ab092faa2c
commit dd7fb325b6
3 changed files with 56 additions and 67 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
docker/honeytrap/Dockerfile
View file

@ -1,4 +1,4 @@
FROM ubuntu:18.04 FROM debian:bullseye-slim
ENV DEBIAN_FRONTEND noninteractive ENV DEBIAN_FRONTEND noninteractive
# #
# Include dist # Include dist
@ -27,10 +27,10 @@ RUN apt-get update && \
wget && \ wget && \
# #
# Install honeytrap from source # Install honeytrap from source
git clone https://github.com/armedpot/honeytrap /root/honeytrap && \ # git clone https://github.com/armedpot/honeytrap /root/honeytrap && \
# git clone https://github.com/t3chn0m4g3/honeytrap /root/honeytrap && \ git clone https://github.com/t3chn0m4g3/honeytrap /root/honeytrap && \
cd /root/honeytrap/ && \ cd /root/honeytrap/ && \
git checkout 9aa4f734f2ea2f0da790b02d79afe18204a23982 && \ # git checkout 9aa4f734f2ea2f0da790b02d79afe18204a23982 && \
autoreconf -vfi && \ autoreconf -vfi && \
./configure \ ./configure \
--with-stream-mon=nfq \ --with-stream-mon=nfq \

2
docker/honeytrap/docker-compose.yml
View file

@ -12,7 +12,7 @@ services:
network_mode: "host" network_mode: "host"
cap_add: cap_add:
- NET_ADMIN - NET_ADMIN
image: "ghcr.io/telekom-security/honeytrap:2006" image: "dtagdevsec/honeytrap:2006"
read_only: true read_only: true
volumes: volumes:
- /data/honeytrap/attacks:/opt/honeytrap/var/attacks - /data/honeytrap/attacks:/opt/honeytrap/var/attacks

113
etc/compose/nextgen.yml
View file

@ -10,11 +10,13 @@ networks:
conpot_local_guardian_ast: conpot_local_guardian_ast:
conpot_local_ipmi: conpot_local_ipmi:
conpot_local_kamstrup_382: conpot_local_kamstrup_382:
cowrie_local:
cyberchef_local: cyberchef_local:
dicompot_local: dicompot_local:
dionaea_local: dionaea_local:
ddospot_local:
elasticpot_local: elasticpot_local:
endlessh_local:
hellpot_local:
heralding_local: heralding_local:
honeypy_local: honeypy_local:
honeysap_local: honeysap_local:
@ -22,7 +24,7 @@ networks:
mailoney_local: mailoney_local:
medpot_local: medpot_local:
rdpy_local: rdpy_local:
tanner_local: redishoneypot_local:
ewsposter_local: ewsposter_local:
spiderfoot_local: spiderfoot_local:
@ -161,25 +163,24 @@ services:
volumes: volumes:
- /data/conpot/log:/var/log/conpot - /data/conpot/log:/var/log/conpot
# Cowrie service # Ddospot service
cowrie: ddospot:
container_name: cowrie container_name: ddospot
restart: always restart: always
tmpfs:
- /tmp/cowrie:uid=2000,gid=2000
- /tmp/cowrie/data:uid=2000,gid=2000
networks: networks:
- cowrie_local - ddospot_local
ports: ports:
- "22:22" - "19:19/udp"
- "23:23" - "53:53/udp"
image: "dtagdevsec/cowrie:2006" - "123:123/udp"
# - "161:161/udp"
- "1900:1900/udp"
image: "dtagdevsec/ddospot:2006"
read_only: true read_only: true
volumes: volumes:
- /data/cowrie/downloads:/home/cowrie/cowrie/dl - /data/ddospot/log:/opt/ddospot/ddospot/logs
- /data/cowrie/keys:/home/cowrie/cowrie/etc - /data/ddospot/bl:/opt/ddospot/ddospot/bl
- /data/cowrie/log:/home/cowrie/cowrie/log - /data/ddospot/db:/opt/ddospot/ddospot/db
- /data/cowrie/log/tty:/home/cowrie/cowrie/log/tty
# Dicompot service # Dicompot service
# Get the Horos Client for testing: https://horosproject.org/ # Get the Horos Client for testing: https://horosproject.org/
@ -248,6 +249,19 @@ services:
volumes: volumes:
- /data/elasticpot/log:/opt/elasticpot/log - /data/elasticpot/log:/opt/elasticpot/log
# Endlessh service
endlessh:
container_name: endlessh
restart: always
networks:
- endlessh_local
ports:
- "22:2222"
image: "dtagdevsec/endlessh:2006"
read_only: true
volumes:
- /data/endlessh/log:/var/log/endlessh
# Glutton service # Glutton service
glutton: glutton:
container_name: glutton container_name: glutton
@ -391,6 +405,19 @@ services:
volumes: volumes:
- /data/rdpy/log:/var/log/rdpy - /data/rdpy/log:/var/log/rdpy
# Redishoneypot service
redishoneypot:
container_name: redishoneypot
restart: always
networks:
- redishoneypot_local
ports:
- "6379:6379"
image: "dtagdevsec/redishoneypot:2006"
read_only: true
volumes:
- /data/redishoneypot/log:/var/log/redishoneypot
#### Snare / Tanner #### Snare / Tanner
## Tanner Redis Service ## Tanner Redis Service
tanner_redis: tanner_redis:
@ -429,56 +456,18 @@ services:
depends_on: depends_on:
- tanner_redis - tanner_redis
## Tanner WEB Service # Hellpot service
# tanner_web: hellpot:
# container_name: tanner_web container_name: hellpot
# restart: always
# tmpfs:
# - /tmp/tanner:uid=2000,gid=2000
# tty: true
# networks:
# - tanner_local
# image: "dtagdevsec/tanner:2006"
# command: tannerweb
# read_only: true
# volumes:
# - /data/tanner/log:/var/log/tanner
# depends_on:
# - tanner_redis
## Tanner Service
tanner:
container_name: tanner
restart: always restart: always
tmpfs:
- /tmp/tanner:uid=2000,gid=2000
tty: true
networks: networks:
- tanner_local - hellpot_local
image: "dtagdevsec/tanner:2006" ports:
command: tanner - "80:8080"
image: "dtagdevsec/hellpot:2006"
read_only: true read_only: true
volumes: volumes:
- /data/tanner/log:/var/log/tanner - /data/hellpot/log:/var/log/hellpot
- /data/tanner/files:/opt/tanner/files
depends_on:
- tanner_api
# - tanner_web
- tanner_phpox
## Snare Service
snare:
container_name: snare
restart: always
tty: true
networks:
- tanner_local
ports:
- "80:80"
image: "dtagdevsec/snare:2006"
depends_on:
- tanner
################## ##################
#### NSM #### NSM