update go-pot to latest master

tweaking
2025-04-20 06:02:24 +00:00 · 2024-11-29 14:44:23 +01:00 · 2024-11-29 14:44:23 +01:00 · ef8e71007c
commit ef8e71007c
parent 8282084d49
8 changed files with 46 additions and 60 deletions
--- a/compose/mini.yml
+++ b/compose/mini.yml
@ -225,6 +225,7 @@ services:
     - "22:22"
     - "23:23"
     - "25:25"
+     - "67:67/udp"
     - "53:53/udp"
     - "80:80"
     - "110:110"
--- a/compose/tarpit.yml
+++ b/compose/tarpit.yml
@ -104,19 +104,19 @@ services:
    networks:
     - heralding_local
    ports:
-    # - "21:21"
+     - "21:21"
    # - "22:22"
-    # - "23:23"
-    # - "25:25"
+     - "23:23"
+     - "25:25"
    # - "80:80"
     - "110:110"
     - "143:143"
-    # - "443:443"
+     - "443:443"
     - "465:465"
     - "993:993"
     - "995:995"
-    # - "3306:3306"
-    # - "3389:3389"
+     - "3306:3306"
+     - "3389:3389"
     - "1080:1080"
     - "5432:5432"
     - "5900:5900"
--- a/compose/tpot_services.yml
+++ b/compose/tpot_services.yml
@ -429,25 +429,25 @@ services:
     - ${TPOT_DATA_PATH}/galah/cert:/opt/galah/config/cert
     - ${TPOT_DATA_PATH}/galah/log:/opt/galah/log

-# # Glutton service
-  # glutton:
-    # container_name: glutton
-    # restart: always
-    # depends_on:
-      # tpotinit:
-        # condition: service_healthy
-    # tmpfs:
-     # - /var/lib/glutton:uid=2000,gid=2000
-     # - /run:uid=2000,gid=2000
-    # network_mode: "host"
-    # cap_add:
-     # - NET_ADMIN
-    # image: ${TPOT_REPO}/glutton:${TPOT_VERSION}
-    # pull_policy: ${TPOT_PULL_POLICY}
-    # read_only: true
-    # volumes:
-     # - ${TPOT_DATA_PATH}/glutton/log:/var/log/glutton
-     # - ${TPOT_DATA_PATH}/glutton/payloads:/opt/glutton/payloads
+# Glutton service
+  glutton:
+    container_name: glutton
+    restart: always
+    depends_on:
+      tpotinit:
+        condition: service_healthy
+    tmpfs:
+     - /var/lib/glutton:uid=2000,gid=2000
+     - /run:uid=2000,gid=2000
+    network_mode: "host"
+    cap_add:
+     - NET_ADMIN
+    image: ${TPOT_REPO}/glutton:${TPOT_VERSION}
+    pull_policy: ${TPOT_PULL_POLICY}
+    read_only: true
+    volumes:
+     - ${TPOT_DATA_PATH}/glutton/log:/var/log/glutton
+     - ${TPOT_DATA_PATH}/glutton/payloads:/opt/glutton/payloads

 # Go-pot service
  go-pot:
@ -514,19 +514,19 @@ services:
    networks:
     - heralding_local
    ports:
-    # - "21:21"
-    # - "22:22"
-    # - "23:23"
-    # - "25:25"
-    # - "80:80"
+     - "21:21"
+     - "22:22"
+     - "23:23"
+     - "25:25"
+     - "80:80"
     - "110:110"
     - "143:143"
-    # - "443:443"
+     - "443:443"
     - "465:465"
     - "993:993"
     - "995:995"
-    # - "3306:3306"
-    # - "3389:3389"
+     - "3306:3306"
+     - "3389:3389"
     - "1080:1080"
     - "5432:5432"
     - "5900:5900"
@ -572,6 +572,7 @@ services:
     - "23:23"
     - "25:25"
     - "53:53/udp"
+     - "67:67/udp"
     - "80:80"
     - "110:110"
     - "123:123"
--- a/docker/elk/logstash/dist/http_output.conf
+++ b/docker/elk/logstash/dist/http_output.conf
@ -518,6 +518,9 @@ filter {
    date {
      match => [ "timestamp", "ISO8601" ]
    }
+    mutate {
+      remove_field => ["ts"]
+    }
  }

 # Hellpot
--- a/docker/elk/logstash/dist/logstash.conf
+++ b/docker/elk/logstash/dist/logstash.conf
@ -510,6 +510,9 @@ filter {
    date {
      match => [ "timestamp", "ISO8601" ]
    }
+    mutate {
+      remove_field => ["ts"]
+    }
  }

 # Glutton
--- a/docker/go-pot/Dockerfile
+++ b/docker/go-pot/Dockerfile
@ -3,18 +3,18 @@ RUN <<EOF
 apk -U add git
 mkdir -p /opt
 cd /opt
-git clone https://github.com/t3chn0m4g3/go-pot
+git clone https://github.com/ryanolee/go-pot
+cd go-pot
+git checkout fbb3e66e454e5f6092b4294a52e2cfa44e5b7259
 EOF
 WORKDIR /opt/go-pot
 #
-RUN go get github.com/ua-parser/uap-go/uaparser
-RUN go mod download
 RUN CGO_ENABLED=0 GOOS=linux go build -o /opt/go-pot/go-pot
 #
 FROM scratch
 #
 COPY --from=builder /opt/go-pot/go-pot /opt/go-pot/go-pot
-COPY --from=builder /opt/go-pot/config.yml /opt/go-pot/config.yml
+COPY dist/config.yml /opt/go-pot/config.yml
 #
 STOPSIGNAL SIGINT
 USER 2000:2000
--- a/docker/go-pot/Dockerfile.dev
+++ b/docker/go-pot/Dockerfile.dev
@ -1,21 +0,0 @@
-FROM golang:1.23-alpine AS builder
-RUN <<EOF
-apk -U add git
-mkdir -p /opt
-cd /opt
-git clone https://github.com/ryanolee/go-pot
-EOF
-WORKDIR /opt/go-pot
-#
-RUN CGO_ENABLED=0 GOOS=linux go build -o /opt/go-pot/go-pot
-#
-FROM scratch
-#
-COPY --from=builder /opt/go-pot/go-pot /opt/go-pot/go-pot
-COPY dist/config.yml /opt/go-pot/config.yml
-#
-STOPSIGNAL SIGINT
-USER 2000:2000
-WORKDIR /opt/go-pot
-CMD ["start", "--host", "0.0.0.0", "--config-file", "config.yml"]
-ENTRYPOINT ["./go-pot"]
--- a/docker/go-pot/dist/config.yml
+++ b/docker/go-pot/dist/config.yml
@ -56,8 +56,7 @@ server:
    #   - device_brand: The type of device of the client (Inferred from the user agent)
    #   - phase: "start" or "end" depending on the phase of the request
    #   - duration: The duration of the request in milliseconds (Only available as a part of the end phase of a request)
-    #fields: "src_ip,method,path,qs,duration"
-    fields: "timestamp,id,status,src_ip,method,path,qs,dest_port,type,host,user_agent,browser,browser_version,os,os_version,device,device_brand,phase,duration"
+    fields_to_log: "timestamp,id,status,src_ip,method,path,qs,dest_port,type,host,user_agent,browser,browser_version,os,os_version,device,device_brand,phase,duration"

 # Configuration for logging related settings for go-pot
 logging: