Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-08-26 21:06:58 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Compare commits

base: Alex-Devera:1280bfd0961d0cf2b70b188b82c0211ab6c162ce
Branches Tags
Alex-Devera:master
Alex-Devera:24.04
Alex-Devera:alpha
Alex-Devera:22.04
Alex-Devera:dev
Alex-Devera:20.06
Alex-Devera:19.03
Alex-Devera:18.11
Alex-Devera:24.04.1
Alex-Devera:24.04.0
Alex-Devera:24.04.0beta
Alex-Devera:22.04.0
Alex-Devera:20.06.2
Alex-Devera:20.06.1
Alex-Devera:20.06.0
Alex-Devera:19.03.3
Alex-Devera:19.03.1
Alex-Devera:19.03
Alex-Devera:19.03.beta
Alex-Devera:18.11.1
Alex-Devera:18.11
Alex-Devera:17.10
Alex-Devera:17.10.beta
Alex-Devera:17.10.alpha
Alex-Devera:16.10.1
Alex-Devera:16.10
...
compare: Alex-Devera:b0eb74b0afebb362fac08874cdbe2ad2511e2274
Branches Tags
Alex-Devera:master
Alex-Devera:24.04
Alex-Devera:alpha
Alex-Devera:22.04
Alex-Devera:dev
Alex-Devera:20.06
Alex-Devera:19.03
Alex-Devera:18.11
Alex-Devera:24.04.1
Alex-Devera:24.04.0
Alex-Devera:24.04.0beta
Alex-Devera:22.04.0
Alex-Devera:20.06.2
Alex-Devera:20.06.1
Alex-Devera:20.06.0
Alex-Devera:19.03.3
Alex-Devera:19.03.1
Alex-Devera:19.03
Alex-Devera:19.03.beta
Alex-Devera:18.11.1
Alex-Devera:18.11
Alex-Devera:17.10
Alex-Devera:17.10.beta
Alex-Devera:17.10.alpha
Alex-Devera:16.10.1
Alex-Devera:16.10

7 commits
1280bfd096 ... b0eb74b0af

Author SHA1 Message Date
t3chn0m4g3
b0eb74b0af bump to latest master, optmize image 2024-11-29 17:58:07 +01:00
t3chn0m4g3
0b4a1fea68 housekeeping 2024-11-29 17:21:38 +01:00
t3chn0m4g3
23b11aabe9 bump to ubuntu 24.10 2024-11-29 17:19:08 +01:00
t3chn0m4g3
a0687e7c92 optimize build 2024-11-29 16:47:57 +01:00
t3chn0m4g3
646b0fddd3 revert build changes, keep optimization 2024-11-29 16:47:36 +01:00
t3chn0m4g3
ef8e71007c update go-pot to latest master 
tweaking
 2024-11-29 14:44:23 +01:00
t3chn0m4g3
8282084d49 bump to latest master, optimize 2024-11-29 13:01:18 +01:00
41 changed files with 270 additions and 1031 deletions
Show stats Expand all files Collapse all files

1
compose/mini.yml
View file

@ -225,6 +225,7 @@ services:
- "22:22"
- "23:23"
- "25:25"
- "67:67/udp"
- "53:53/udp"
- "80:80"
- "110:110"

12
compose/tarpit.yml
View file

@ -104,19 +104,19 @@ services:
networks:
- heralding_local
ports:
# - "21:21"
- "21:21"
# - "22:22"
# - "23:23"
# - "25:25"
- "23:23"
- "25:25"
# - "80:80"
- "110:110"
- "143:143"
# - "443:443"
- "443:443"
- "465:465"
- "993:993"
- "995:995"
# - "3306:3306"
# - "3389:3389"
- "3306:3306"
- "3389:3389"
- "1080:1080"
- "5432:5432"
- "5900:5900"

55
compose/tpot_services.yml
View file

@ -429,25 +429,25 @@ services:
- ${TPOT_DATA_PATH}/galah/cert:/opt/galah/config/cert
- ${TPOT_DATA_PATH}/galah/log:/opt/galah/log
# # Glutton service
# glutton:
# container_name: glutton
# restart: always
# depends_on:
# tpotinit:
# condition: service_healthy
# tmpfs:
# - /var/lib/glutton:uid=2000,gid=2000
# - /run:uid=2000,gid=2000
# network_mode: "host"
# cap_add:
# - NET_ADMIN
# image: ${TPOT_REPO}/glutton:${TPOT_VERSION}
# pull_policy: ${TPOT_PULL_POLICY}
# read_only: true
# volumes:
# - ${TPOT_DATA_PATH}/glutton/log:/var/log/glutton
# - ${TPOT_DATA_PATH}/glutton/payloads:/opt/glutton/payloads
# Glutton service
glutton:
container_name: glutton
restart: always
depends_on:
tpotinit:
condition: service_healthy
tmpfs:
- /var/lib/glutton:uid=2000,gid=2000
- /run:uid=2000,gid=2000
network_mode: "host"
cap_add:
- NET_ADMIN
image: ${TPOT_REPO}/glutton:${TPOT_VERSION}
pull_policy: ${TPOT_PULL_POLICY}
read_only: true
volumes:
- ${TPOT_DATA_PATH}/glutton/log:/var/log/glutton
- ${TPOT_DATA_PATH}/glutton/payloads:/opt/glutton/payloads
# Go-pot service
go-pot:
@ -514,19 +514,19 @@ services:
networks:
- heralding_local
ports:
# - "21:21"
# - "22:22"
# - "23:23"
# - "25:25"
# - "80:80"
- "21:21"
- "22:22"
- "23:23"
- "25:25"
- "80:80"
- "110:110"
- "143:143"
# - "443:443"
- "443:443"
- "465:465"
- "993:993"
- "995:995"
# - "3306:3306"
# - "3389:3389"
- "3306:3306"
- "3389:3389"
- "1080:1080"
- "5432:5432"
- "5900:5900"
@ -572,6 +572,7 @@ services:
- "23:23"
- "25:25"
- "53:53/udp"
- "67:67/udp"
- "80:80"
- "110:110"
- "123:123"

1
docker/conpot/Dockerfile
View file

@ -85,6 +85,7 @@ RUN apk --no-cache -U add build-base \
libxslt-dev \
mariadb-dev \
pkgconfig \
py3-pip \
python3-dev \
wget && \
rm -rf /root/* \

4
docker/cowrie/Dockerfile
View file

@ -45,8 +45,8 @@ RUN apk --no-cache -U add \
git checkout 49c7c4aac87603e0d2449501c300841a1f59fd0f && \
mkdir -p log && \
cp /root/dist/requirements.txt . && \
pip3 install --break-system-packages --upgrade pip && \
pip3 install --break-system-packages -r requirements.txt && \
pip3 install --break-system-packages --upgrade --no-cache-dir pip && \
pip3 install --break-system-packages --no-cache-dir -r requirements.txt && \
#
# Setup configs
setcap cap_net_bind_service=+ep $(readlink -f $(type -P python3)) && \

34
docker/deprecated/elasticpot.old/Dockerfile
View file

@ -1,34 +0,0 @@
FROM alpine:latest
#
# Include dist
ADD dist/ /root/dist/
#
# Install packages
RUN apk -U --no-cache add \
git \
py3-pip \
python3 && \
pip3 install --no-cache-dir bottle \
configparser \
datetime \
requests && \
mkdir -p /opt && \
cd /opt/ && \
git clone --depth=1 https://github.com/schmalle/ElasticpotPY.git && \
#
# Setup user, groups and configs
addgroup -g 2000 elasticpot && \
adduser -S -H -s /bin/ash -u 2000 -D -g 2000 elasticpot && \
mv /root/dist/elasticpot.cfg /opt/ElasticpotPY/ && \
mkdir /opt/ElasticpotPY/log && \
#
# Clean up
apk del --purge git && \
rm -rf /root/* && \
rm -rf /var/cache/apk/*
#
# Start elasticpot
STOPSIGNAL SIGINT
USER elasticpot:elasticpot
WORKDIR /opt/ElasticpotPY/
CMD ["/usr/bin/python3","main.py"]

15
docker/deprecated/elasticpot.old/README.md
View file

@ -1,15 +0,0 @@
[![](https://images.microbadger.com/badges/version/ghcr.io/telekom-security/elasticpot:1903.svg)](https://microbadger.com/images/ghcr.io/telekom-security/elasticpot:1903 "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/image/ghcr.io/telekom-security/elasticpot:1903.svg)](https://microbadger.com/images/ghcr.io/telekom-security/elasticpot:1903 "Get your own image badge on microbadger.com")
# elasticpot
[elasticpot](https://github.com/schmalle/ElasticPot) is a simple elastic search honeypot.
This dockerized version is part of the **[T-Pot community honeypot](http://telekom-security.github.io/)** of Deutsche Telekom AG.
The `Dockerfile` contains the blueprint for the dockerized elasticpot and will be used to setup the docker image.
The `docker-compose.yml` contains the necessary settings to test elasticpot using `docker-compose`. This will ensure to start the docker container with the appropriate permissions and port mappings.
# ElasticPot Dashboard
![ElasticPot Dashboard](doc/dashboard.png)

31
docker/deprecated/elasticpot.old/dist/elasticpot.cfg vendored
View file

@ -1,31 +0,0 @@
# ElasticPot Config
[MAIN]
# Manually set the externally accessible IP of the honeypot
ip = 192.168.1.1
[ELASTICPOT]
# ID pf the elasticpot instance
nodeid = elasticpot-community-01
# Location of the json logfile
logfile = log/elasticpot.log
# Set elasticpot = False to disable json logging and enable automatic attack submission to ews backend (soap)
elasticpot = True
[EWS]
# Note: Only relevant if "elasticpot = False"
# Username for ews submission
username = community-01-user
# Token for ews submission
token = foth{a5maiCee8fineu7
# API endpoint for ews submission
rhost_first = https://community.sicherheitstacho.eu/ews-0.1/alert/postSimpleMessage
# Ignore certificate warnings
ignorecert = false

BIN
docker/deprecated/elasticpot.old/doc/dashboard.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 789 KiB

20
docker/deprecated/elasticpot.old/docker-compose.yml
View file

@ -1,20 +0,0 @@
version: '2.3'
networks:
elasticpot_local:
services:
# Elasticpot service
elasticpot:
build: .
container_name: elasticpot
restart: always
networks:
- elasticpot_local
ports:
- "9200:9200"
image: "ghcr.io/telekom-security/elasticpot:2006"
read_only: true
volumes:
- /data/elasticpot/log:/opt/ElasticpotPY/log

73
docker/deprecated/glastopf/Dockerfile
View file

@ -1,73 +0,0 @@
FROM alpine
# Include dist
ADD dist/ /root/dist/
# Install packages
RUN apk -U --no-cache add \
autoconf \
bind-tools \
build-base \
# cython \
git \
libffi \
libffi-dev \
libcap \
libxslt-dev \
make \
php7 \
php7-dev \
openssl-dev \
py-mysqldb \
py-openssl \
py-pip \
py-setuptools \
python \
python-dev && \
pip install --no-cache-dir --upgrade pip && \
# Install php sandbox from git
git clone --depth=1 https://github.com/mushorg/BFR /opt/BFR && \
cd /opt/BFR && \
phpize7 && \
./configure \
--with-php-config=/usr/bin/php-config7 \
--enable-bfr && \
make && \
make install && \
cd / && \
rm -rf /opt/BFR /tmp/* /var/tmp/* && \
echo "zend_extension = "$(find /usr -name bfr.so) >> /etc/php7/php.ini && \
# Install glastopf from git
git clone --depth=1 https://github.com/mushorg/glastopf.git /opt/glastopf && \
cd /opt/glastopf && \
cp /root/dist/requirements.txt . && \
pip install --no-cache-dir . && \
cd / && \
rm -rf /opt/glastopf /tmp/* /var/tmp/* && \
setcap cap_net_bind_service=+ep /usr/bin/python2.7 && \
# Setup user, groups and configs
addgroup -g 2000 glastopf && \
adduser -S -H -u 2000 -D -g 2000 glastopf && \
mkdir -p /etc/glastopf && \
mv /root/dist/glastopf.cfg /etc/glastopf/ && \
# Clean up
apk del --purge autoconf \
build-base \
file \
git \
libffi-dev \
php7-dev \
python-dev \
py-pip && \
rm -rf /root/* && \
rm -rf /var/cache/apk/*
# Set workdir and start glastopf
STOPSIGNAL SIGINT
USER glastopf:glastopf
WORKDIR /tmp/glastopf/
CMD cp /etc/glastopf/glastopf.cfg /tmp/glastopf && exec glastopf-runner

15
docker/deprecated/glastopf/README.md
View file

@ -1,15 +0,0 @@
[![](https://images.microbadger.com/badges/version/ghcr.io/telekom-security/glastopf:1903.svg)](https://microbadger.com/images/ghcr.io/telekom-security/glastopf:1903 "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/image/ghcr.io/telekom-security/glastopf:1903.svg)](https://microbadger.com/images/ghcr.io/telekom-security/glastopf:1903 "Get your own image badge on microbadger.com")
# glastopf (deprecated)
[glastopf](https://github.com/mushorg/glastopf) is a python web application honeypot.
This dockerized version is part of the **[T-Pot community honeypot](http://telekom-security.github.io/)** of Deutsche Telekom AG.
The `Dockerfile` contains the blueprint for the dockerized glastopf and will be used to setup the docker image.
The `docker-compose.yml` contains the necessary settings to test glastopf using `docker-compose`. This will ensure to start the docker container with the appropriate permissions and port mappings.
# Glastopf Dashboard
![Glastopf Dashboard](doc/dashboard.png)

115
docker/deprecated/glastopf/dist/glastopf.cfg vendored
View file

@ -1,115 +0,0 @@
[webserver]
host = 0.0.0.0
port = 80
uid = glastopf
gid = glastopf
proxy_enabled = False
[ssl]
enabled = False
certfile =
keyfile =
#Generic logging for general monitoring
[logging]
consolelog_enabled = True
filelog_enabled = True
logfile = log/glastopf.log
[dork-db]
enabled = True
pattern = rfi
# Extracts dorks from a online dorks service operated by The Honeynet Project
# This service is down until further notice!
mnem_service = False
[hpfeed]
enabled = False
host = hpfriends.honeycloud.net
port = 20000
secret = 3wis3l2u5l7r3cew
# channels comma separated
chan_events = glastopf.events
chan_files = glastopf.files
ident = x8yer@hp1
[main-database]
#If disabled a sqlite database will be created (db/glastopf.db)
#to be used as dork storage.
enabled = True
#mongodb or sqlalchemy connection string, ex:
#mongodb://localhost:27017/glastopf
#mongodb://james:bond@localhost:27017/glastopf
#mysql://james:bond@somehost.com/glastopf
connection_string = sqlite:///db/glastopf.db
[surfcertids]
enabled = False
host = localhost
port = 5432
user =
password =
database = idsserver
[syslog]
enabled = False
socket = /dev/log
[mail]
enabled = False
# an email notification will be sent only if a specified matched pattern is identified.
# Use the wildcard char *, to be notified every time
patterns = rfi,lfi
user =
pwd =
mail_from =
mail_to =
smtp_host = smtp.gmail.com
smtp_port = 587
[taxii]
enabled = False
host = taxiitest.mitre.org
port = 80
inbox_path = /services/inbox/default/
use_https = False
use_auth_basic = False
auth_basic_username = your_username
auth_basic_password = your_password
use_auth_certificate = False
auth_certificate_keyfile = full_path_to_keyfile
auth_certificate_certfile = full_path_to_certfile
include_contact_info = False
contact_name = ...
contact_email = ...
[logstash]
enabled = False
host = localhost
port = 5659
handler = AMQP/TCP/UDP
[misc]
# set webserver banner
banner = Apache/2.0.48
[surface]
#https://www.google.com/webmasters/
google_meta =
#http://www.bing.com/toolbox/webmaster
bing_meta =
[sensor]
sensorid = None
[profiler]
enabled = False
[s3storage]
enabled = False
endpoint = http://localhost:8080/
aws_access_key_id = YOUR_aws_access_key_id
aws_secret_access_key = YOUR_aws_access_key_id
bucket = glastopf
region = eu-west-1
signature_version = s3

35
docker/deprecated/glastopf/dist/requirements.txt vendored
View file

@ -1,35 +0,0 @@
asn1crypto==0.24.0
BeautifulSoup==3.2.1
beautifulsoup4==4.6.1
botocore==1.11.6
certifi==2018.4.16
cffi==1.10.0
chardet==3.0.4
cryptography==2.1.4
cssselect==1.0.0
Cython==0.28.2
docutils==0.14
enum34==1.1.6
gevent==1.2.2
greenlet==0.4.13
hpfeeds==1.0
idna==2.6
ipaddress==1.0.22
Jinja2==2.9.6
jmespath==0.9.3
libtaxii==1.1.111
lxml==4.2.4
MarkupSafe==1.0
MySQL-python==1.2.5
pyasn1==0.4.2
pycparser==2.18
pylibinjection==0.2.4
pymongo==3.2.2
pyOpenSSL==17.2.0
python-dateutil==2.6.1
python-logstash==0.4.6
requests==2.18.4
six==1.11.0
SQLAlchemy==1.2.7
urllib3==1.22
WebOb==1.2.3

BIN
docker/deprecated/glastopf/doc/dashboard.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 793 KiB

23
docker/deprecated/glastopf/docker-compose.yml
View file

@ -1,23 +0,0 @@
version: '2.3'
networks:
glastopf_local:
services:
# Glastopf service
glastopf:
build: .
container_name: glastopf
tmpfs:
- /tmp/glastopf:uid=2000,gid=2000
restart: always
networks:
- glastopf_local
ports:
- "8081:80"
image: "ghcr.io/telekom-security/glastopf:1903"
read_only: true
volumes:
- /data/glastopf/db:/tmp/glastopf/db
- /data/glastopf/log:/tmp/glastopf/log

36
docker/deprecated/head/Dockerfile
View file

@ -1,36 +0,0 @@
FROM alpine:3.15
#
# Setup env and apt
RUN apk -U add \
curl \
git \
nodejs \
#nodejs-npm && \
npm && \
#
# Get and install packages
mkdir -p /usr/src/app/ && \
cd /usr/src/app/ && \
git clone https://github.com/mobz/elasticsearch-head . && \
git checkout 2d51fecac2980d350fcd3319fd9fe2999f63c9db && \
npm install http-server && \
sed -i "s#\"http\:\/\/localhost\:9200\"#window.location.protocol \+ \'\/\/\' \+ window.location.hostname \+ \'\:\' \+ window.location.port \+ \'\/es\/\'#" /usr/src/app/_site/app.js && \
#
# Setup user, groups and configs
addgroup -g 2000 head && \
adduser -S -H -s /bin/ash -u 2000 -D -g 2000 head && \
chown -R head:head /usr/src/app/ && \
#
# Clean up
apk del --purge git && \
rm -rf /root/* && \
rm -rf /tmp/* && \
rm -rf /var/cache/apk/*
#
# Healthcheck
HEALTHCHECK --retries=10 CMD curl -s -XGET 'http://127.0.0.1:9100'
#
# Start elasticsearch-head
USER head:head
WORKDIR /usr/src/app
CMD ["node_modules/http-server/bin/http-server", "_site", "-p", "9100"]

16
docker/deprecated/head/docker-compose.yml
View file

@ -1,16 +0,0 @@
version: '2.3'
services:
## Elasticsearch-head service
head:
build: .
container_name: head
restart: always
# depends_on:
# elasticsearch:
# condition: service_healthy
ports:
- "127.0.0.1:64302:9100"
image: "dtagdevsec/head:24.04"
read_only: true

55
docker/deprecated/honeypy/Dockerfile
View file

@ -1,55 +0,0 @@
FROM alpine:3.11
#
# Include dist
ADD dist/ /root/dist/
#
# Install packages
RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
apk -U --no-cache add \
build-base \
git \
libcap \
python2 \
python2-dev \
py2-pip && \
#
# Install virtualenv
pip install --no-cache-dir virtualenv && \
#
# Clone honeypy from git
git clone https://github.com/foospidy/HoneyPy /opt/honeypy && \
cd /opt/honeypy && \
git checkout feccab56ca922bcab01cac4ffd82f588d61ab1c5 && \
sed -i 's/local_host/dest_ip/g' /opt/honeypy/loggers/file/honeypy_file.py && \
sed -i 's/local_port/dest_port/g' /opt/honeypy/loggers/file/honeypy_file.py && \
sed -i 's/remote_host/src_ip/g' /opt/honeypy/loggers/file/honeypy_file.py && \
sed -i 's/remote_port/src_port/g' /opt/honeypy/loggers/file/honeypy_file.py && \
sed -i 's/service/proto/g' /opt/honeypy/loggers/file/honeypy_file.py && \
sed -i 's/event/event_type/g' /opt/honeypy/loggers/file/honeypy_file.py && \
sed -i 's/bytes/size/g' /opt/honeypy/loggers/file/honeypy_file.py && \
sed -i 's/date_time/timestamp/g' /opt/honeypy/loggers/file/honeypy_file.py && \
sed -i 's/data,/data.decode("hex"),/g' /opt/honeypy/loggers/file/honeypy_file.py && \
sed -i 's/urllib3/urllib3 == 1.21.1/g' /opt/honeypy/requirements.txt && \
virtualenv env && \
cp /root/dist/services.cfg /opt/honeypy/etc && \
cp /root/dist/honeypy.cfg /opt/honeypy/etc && \
/opt/honeypy/env/bin/pip install -r /opt/honeypy/requirements.txt && \
#
# Setup user, groups and configs
addgroup -g 2000 honeypy && \
adduser -S -H -s /bin/ash -u 2000 -D -g 2000 honeypy && \
chown -R honeypy:honeypy /opt/honeypy && \
setcap cap_net_bind_service=+ep /opt/honeypy/env/bin/python && \
#
# Clean up
apk del --purge build-base \
git \
python2-dev \
py2-pip && \
rm -rf /root/* && \
rm -rf /var/cache/apk/*
#
# Set workdir and start honeypy
USER honeypy:honeypy
WORKDIR /opt/honeypy
CMD ["/opt/honeypy/env/bin/python2", "/opt/honeypy/Honey.py", "-d"]

117
docker/deprecated/honeypy/dist/honeypy.cfg vendored
View file

@ -1,117 +0,0 @@
# HoneyPy/etc/honeypy.cfg
# https://github.com/foospidy/HoneyPy
[honeypy]
# select any name for this HoneyPy node, it can be anything you want (default is: honeypy).
# It will be displayed in tweets, Slack messages, and other integrations.
nodename = honeypy
#add a comma seperated list of ip addresses to supress logging of your local scanners
#whitelist = 192.168.0.5, 192.168.0.21
#include the following service profiles (comma seperated), all services will be combined.
#enabling this will disable the use of service.cfg, which will not be processed
#service_profiles = services.databases.profile, services.linux.profile
# Limit internal log files to a single day. Useful for deployments with limited disk space.
limit_internal_logs = Yes
# Directory for internal HoneyPy logs (not external loggers).
# Use leading slash for absolute path, or omit for relative path
internal_log_dir = log/
# Tweet events on Twitter. Having a dedicated Twitter account for this purpose is recommended.
# You will need to Twitter API credentials for this to work. See https://dev.twitter.com/oauth/application-only
[twitter]
enabled = No
consumerkey =
consumersecret =
oauthtoken =
oauthsecret =
########################################################################################################
# Animus is dead! (http://morris.guru/the-life-and-death-of-animus/) This feature should be use no more.
# enable tweats to include querying Animus Threat Bot (https://github.com/threatbot)
# ask_animus = No
########################################################################################################
#
# Animus rises from the ashes! https://animus.io/
#
########################################################################################################
#
# Animus falls again. https://github.com/hslatman/awesome-threat-intelligence/pull/101
#
########################################################################################################
# Post your events to HoneyDB. Your HoneyPy honepots can contribute threat information to HoneyDB.
# You will need to create API credentails for this to work. See https://riskdiscovery.com/honeydb/#threats
[honeydb]
enabled = No
api_id =
api_key =
# Post your events to a Slack channel. Having a dedicated Slack channel for this is recommended.
# For setting up your Slack webhook see https://api.slack.com/incoming-webhooks
[slack]
enabled = No
webhook_url =
[logstash]
enabled = No
host =
port =
[elasticsearch]
enabled = No
# Elasticsearch url should include ":port/index/type
# example: http://localhost:9200/honeypot/honeypy
es_url =
[telegram]
# You need to add your bot to channel or group, and get the bot token see https://core.telegram.org/bots
enabled = No
# Telegram bot HTTP API Token
bot_id =
[sumologic]
enabled = No
# create a http collector source and use the url provided
# https://help.sumologic.com/Send-Data/Sources/02Sources-for-Hosted-Collectors/HTTP-Source/Upload-Data-to-an-HTTP-Source
url =
custom_source_host =
custom_source_name =
custom_source_category =
[splunk]
enabled = No
# /services/receivers/simple api endpoint
url = https://localhost:8089/services/receivers/simple
username =
password =
[rabbitmq]
enabled = No
# Here you need create rabbitmq config url to be used with pika python lib
# For ex. 1) amqp://username:password@rabbitmq_host/%2f
# 2) amqp://username:password@127.0.0.1/%2f
url_param =
# Name of the Rabbitmq Exchange
# Ex. mycoolexchange
exchange =
# Rabbitmq routing Key if not configured in rabbitmq leave it
# Ex. honeypy
routing_key =
[file]
enabled = Yes
filename = log/json.log
[hpfeeds]
enabled = No
persistent = Yes
server = 127.0.0.1
port = 20000
ident = ident
secret = secret
channel = channel
serverid = id

67
docker/deprecated/honeypy/dist/services.cfg vendored
View file

@ -1,67 +0,0 @@
# HoneyPy Copyright (C) 2013-2017 foospidy
# services.default.profile
# Important: service names must not contain spaces.
# Important: use port redirecting for services that listen on ports below 1024 (see https://github.com/foospidy/ipt-kit).
[Echo]
plugin = Echo
low_port = tcp:7
port = tcp:7
description = Echo back data received via tcp.
enabled = Yes
[Echo.udp]
plugin = Echo_udp
low_port = udp:7
port = udp:7
description = Echo back data received via udp.
enabled = Yes
[MOTD]
plugin = MOTD
low_port = tcp:8
port = tcp:8
description = Send a message via tcp and close connection.
enabled = Yes
[MOTD.udp]
plugin = MOTD_udp
low_port = udp:8
port = udp:8
description = Send a message via udp.
enabled = Yes
[Telnet]
plugin = TelnetUnix
low_port = tcp:2323
port = tcp:2323
description = Emulate Debian telnet login via tcp.
enabled = Yes
[Telnet.Windows]
plugin = TelnetWindows
low_port = tcp:2324
port = tcp:2324
description = Emulate Windows telnet login via tcp.
enabled = Yes
[Random]
plugin = Random
low_port = tcp:2048
port = tcp:2048
description = Send random data via tcp.
enabled = Yes
[HashCountRandom]
plugin = HashCountRandom
low_port = tcp:4096
port = tcp:4096
description = Send random data prefixed with a hash of a counter via tcp.
enabled = Yes
[Elasticsearch]
plugin = Elasticsearch
low_port = tcp:9200
port = tcp:9200
description = Send basic elasticsearch like replies
enabled = Yes

26
docker/deprecated/honeypy/docker-compose.yml
View file

@ -1,26 +0,0 @@
version: '2.3'
networks:
honeypy_local:
services:
# HoneyPy service
honeypy:
build: .
container_name: honeypy
restart: always
networks:
- honeypy_local
ports:
- "7:7"
- "8:8"
- "2048:2048"
- "2323:2323"
- "2324:2324"
- "4096:4096"
- "9200:9200"
image: "dtagdevsec/honeypy:24.04"
read_only: true
volumes:
- /data/honeypy/log:/opt/honeypy/log

42
docker/deprecated/hpfeeds/Dockerfile
View file

@ -1,42 +0,0 @@
### This is only for testing purposes, do NOT use for production
FROM alpine:latest
#
ADD dist/ /root/dist/
#
# Install packages
RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
apk -U --no-cache add \
build-base \
coreutils \
git \
libffi \
libffi-dev \
py-gevent \
py-pip \
python \
python-dev \
sqlite && \
#
# Install php sandbox from git
git clone --depth=1 https://github.com/rep/hpfeeds /opt/hpfeeds && \
cd /opt/hpfeeds/broker && \
sed -i -e '87d;88d' database.py && \
cp /root/dist/adduser.sql . && \
cd /opt/hpfeeds/broker && timeout 5 python broker.py || : && \
sqlite3 db.sqlite3 < adduser.sql && \
#
#python setup.py build && \
#python setup.py install && \
#
# Clean up
apk del --purge autoconf \
build-base \
coreutils \
libffi-dev \
python-dev && \
rm -rf /root/* && \
rm -rf /var/cache/apk/*
#
# Set workdir and start glastopf
WORKDIR /opt/hpfeeds/broker
CMD python broker.py

1
docker/deprecated/hpfeeds/dist/adduser.sql vendored
View file

@ -1 +0,0 @@
insert into authkeys (owner, ident, secret, pubchans, subchans) values ('testID', 'testID', 'testSecret', '["ciscoasa", "rdpy-channel", "mailoney.mail","mailoney.commands",mailoney.shellcode"]', '["ciscoasa", "rdpy-channel", "mailoney.mail","mailoney.commands",mailoney.shellcode"]');

19
docker/deprecated/hpfeeds/docker-compose.yml
View file

@ -1,19 +0,0 @@
### This is only for testing purposes, do NOT use for production
version: '2.3'
networks:
hpfeeds_local:
services:
# hpfeeds service
hpfeeds:
build: .
container_name: hpfeeds
restart: always
stop_signal: SIGKILL
networks:
- hpfeeds_local
ports:
- "20000:20000"
image: "ghcr.io/telekom-security/hpfeeds:latest"

3
docker/elk/logstash/dist/http_output.conf vendored
View file

@ -518,6 +518,9 @@ filter {
date {
match => [ "timestamp", "ISO8601" ]
}
mutate {
remove_field => ["ts"]
}
}
# Hellpot

3
docker/elk/logstash/dist/logstash.conf vendored
View file

@ -510,6 +510,9 @@ filter {
date {
match => [ "timestamp", "ISO8601" ]
}
mutate {
remove_field => ["ts"]
}
}
# Glutton

8
docker/go-pot/Dockerfile
View file

@ -3,18 +3,18 @@ RUN <<EOF
apk -U add git
mkdir -p /opt
cd /opt
git clone https://github.com/t3chn0m4g3/go-pot
git clone https://github.com/ryanolee/go-pot
cd go-pot
git checkout fbb3e66e454e5f6092b4294a52e2cfa44e5b7259
EOF
WORKDIR /opt/go-pot
#
RUN go get github.com/ua-parser/uap-go/uaparser
RUN go mod download
RUN CGO_ENABLED=0 GOOS=linux go build -o /opt/go-pot/go-pot
#
FROM scratch
#
COPY --from=builder /opt/go-pot/go-pot /opt/go-pot/go-pot
COPY --from=builder /opt/go-pot/config.yml /opt/go-pot/config.yml
COPY dist/config.yml /opt/go-pot/config.yml
#
STOPSIGNAL SIGINT
USER 2000:2000

21
docker/go-pot/Dockerfile.dev
View file

@ -1,21 +0,0 @@
FROM golang:1.23-alpine AS builder
RUN <<EOF
apk -U add git
mkdir -p /opt
cd /opt
git clone https://github.com/ryanolee/go-pot
EOF
WORKDIR /opt/go-pot
#
RUN CGO_ENABLED=0 GOOS=linux go build -o /opt/go-pot/go-pot
#
FROM scratch
#
COPY --from=builder /opt/go-pot/go-pot /opt/go-pot/go-pot
COPY dist/config.yml /opt/go-pot/config.yml
#
STOPSIGNAL SIGINT
USER 2000:2000
WORKDIR /opt/go-pot
CMD ["start", "--host", "0.0.0.0", "--config-file", "config.yml"]
ENTRYPOINT ["./go-pot"]

3
docker/go-pot/dist/config.yml vendored
View file

@ -56,8 +56,7 @@ server:
# - device_brand: The type of device of the client (Inferred from the user agent)
# - phase: "start" or "end" depending on the phase of the request
# - duration: The duration of the request in milliseconds (Only available as a part of the end phase of a request)
#fields: "src_ip,method,path,qs,duration"
fields: "timestamp,id,status,src_ip,method,path,qs,dest_port,type,host,user_agent,browser,browser_version,os,os_version,device,device_brand,phase,duration"
fields_to_log: "timestamp,id,status,src_ip,method,path,qs,dest_port,type,host,user_agent,browser,browser_version,os,os_version,device,device_brand,phase,duration"
# Configuration for logging related settings for go-pot
logging:

18
docker/honeypots/Dockerfile
View file

@ -1,4 +1,4 @@
FROM alpine:3.19
FROM alpine:3.20
#
# Include dist
COPY dist/ /root/dist/
@ -26,22 +26,15 @@ RUN apk --no-cache -U add \
py3-flask \
py3-future \
py3-hiredis \
py3-impacket \
py3-itsdangerous \
py3-jinja2 \
py3-ldap3 \
py3-markupsafe \
py3-netifaces \
py3-openssl \
py3-packaging \
py3-paramiko \
py3-pip \
# py3-psutil \
py3-psycopg2 \
py3-pycryptodomex \
py3-requests \
py3-service_identity \
py3-twisted \
py3-werkzeug \
py3-wheel \
python3 \
@ -52,13 +45,9 @@ RUN apk --no-cache -U add \
mkdir -p /opt \
/var/log/honeypots && \
cd /opt/ && \
git clone https://github.com/qeeqbox/honeypots && \
git clone https://github.com/t3chn0m4g3/honeypots && \
cd honeypots && \
git checkout a990b2c1ab04ffafde229e478ced54ffbb665d5c && \
# git checkout 5b3bfbecbf85c1f5235b320b333bdeff2d312372 && \
# cp /root/dist/pyproject.toml . && \
pip3 install --break-system-packages --upgrade pip && \
pip3 install --break-system-packages . && \
pip3 install --break-system-packages --no-cache-dir . && \
setcap cap_net_bind_service=+ep $(readlink -f $(type -P python3)) && \
#
# Setup user, groups and configs
@ -76,6 +65,7 @@ RUN apk --no-cache -U add \
libffi-dev \
openssl-dev \
postgresql-dev \
py3-pip \
python3-dev \
zlib-dev && \
rm -rf /root/* \

87
docker/honeypots/Dockerfile.old Normal file
View file

@ -0,0 +1,87 @@
FROM alpine:3.20
#
# Include dist
COPY dist/ /root/dist/
#
# Install packages
RUN apk --no-cache -U add \
build-base \
freetds \
freetds-dev \
gcc \
git \
hiredis \
jpeg-dev \
libcap \
libffi-dev \
libpq \
musl-dev \
openssl \
openssl-dev \
postgresql-dev \
py3-chardet \
py3-click \
py3-cryptography \
py3-dnspython \
py3-flask \
py3-future \
py3-hiredis \
py3-impacket \
py3-itsdangerous \
py3-jinja2 \
py3-ldap3 \
py3-markupsafe \
py3-netifaces \
py3-openssl \
py3-packaging \
py3-paramiko \
py3-pip \
# py3-psutil \
py3-psycopg2 \
py3-pycryptodomex \
py3-requests \
py3-service_identity \
py3-twisted \
py3-werkzeug \
py3-wheel \
python3 \
python3-dev \
zlib-dev && \
#
# Install honeypots from GitHub and setup
mkdir -p /opt \
/var/log/honeypots && \
cd /opt/ && \
git clone https://github.com/qeeqbox/honeypots && \
cd honeypots && \
git checkout 7283529c1773c6fc26e072fa9c78074d66fe9fa6 && \
pip3 install --break-system-packages --upgrade pip && \
pip3 install --break-system-packages . && \
setcap cap_net_bind_service=+ep $(readlink -f $(type -P python3)) && \
#
# Setup user, groups and configs
addgroup -g 2000 honeypots && \
adduser -S -H -s /bin/ash -u 2000 -D -g 2000 honeypots && \
chown honeypots:honeypots -R /opt/honeypots && \
chown honeypots:honeypots -R /var/log/honeypots && \
mv /root/dist/config.json /opt/honeypots/ && \
#
# Clean up
apk del --purge build-base \
freetds-dev \
git \
jpeg-dev \
libffi-dev \
openssl-dev \
postgresql-dev \
python3-dev \
zlib-dev && \
rm -rf /root/* \
/var/cache/apk/* \
/opt/honeypots/.git
#
# Start honeypots
STOPSIGNAL SIGINT
USER honeypots:honeypots
WORKDIR /opt/honeypots/
CMD python3 -E -m honeypots --setup all --config config.json

39
docker/honeypots/Dockerfile.testing Normal file
View file

@ -0,0 +1,39 @@
FROM alpine:3.20
#
# Include dist
COPY dist/ /root/dist/
#
# Install packages
RUN apk --no-cache -U add \
build-base \
libcap \
libffi-dev \
musl-dev \
openssl \
openssl-dev \
py3-pip \
python3 \
python3-dev && \
#
# Install honeypots from GitHub and setup
pip3 install --break-system-packages --no-cache-dir honeypots && \
setcap cap_net_bind_service=+ep $(readlink -f $(type -P python3)) && \
#
# Setup user, groups and configs
mkdir -p /etc/honeypots/ && \
cp /root/dist/config.json /etc/honeypots/ && \
#
# Clean up
apk del --purge \
build-base \
libffi-dev \
musl-dev \
openssl-dev \
py3-pip \
python3-dev && \
rm -rf /root/* \
#
# Start honeypots
STOPSIGNAL SIGINT
USER 2000:2000
CMD python3 -E -m honeypots --setup all --config /etc/honeypots/config.json

9
docker/honeypots/dist/config.json vendored
View file

@ -8,6 +8,15 @@
"filter":"",
"interface":"",
"honeypots":{
"dhcp":{
"port":67,
"ip":"0.0.0.0",
"username":"administrator",
"password":"123456",
"log_file_name":"dhcp.log",
"max_bytes":0,
"backup_count":10
},
"dns":{
"port":53,
"ip":"0.0.0.0",

150
docker/honeypots/dist/pyproject.toml vendored
View file

@ -1,150 +0,0 @@
[build-system]
requires = [
"setuptools>=61.2",
]
build-backend = "setuptools.build_meta"
[project]
name = "honeypots"
version = "0.65"
authors = [
{ name = "QeeqBox", email = "gigaqeeq@gmail.com" },
]
description = "30 different honeypots in one package! (dhcp, dns, elastic, ftp, http proxy, https proxy, http, https, imap, ipp, irc, ldap, memcache, mssql, mysql, ntp, oracle, pjl, pop3, postgres, rdp, redis, sip, smb, smtp, snmp, socks5, ssh, telnet, vnc)"
readme = "README.rst"
requires-python = ">=3.8"
dependencies = [
"twisted",
"psutil",
"psycopg2-binary",
"pycryptodome",
"requests",
"requests[socks]",
"impacket",
"paramiko",
"scapy",
"service_identity",
"netifaces",
]
license = {text = "AGPL-3.0"}
[project.urls]
Homepage = "https://github.com/qeeqbox/honeypots"
[project.optional-dependencies]
dev = [
"dnspython==2.4.2",
"elasticsearch",
"ldap3",
"mysql-connector",
"pre-commit",
"pymssql",
"pysnmplib",
"pytest",
"redis",
"redis",
"vncdotool",
]
[project.scripts]
honeypots = "honeypots.__main__:main_logic"
[tool.setuptools]
packages = [
"honeypots",
"honeypots.data",
]
include-package-data = true
[tool.setuptools.package-data]
"honeypots.data" = [
"*.html",
]
[tool.ruff]
select = [
"F",
"E",
"W",
"C90",
"N",
"UP",
"B",
"A",
"C4",
"EXE",
"FA",
"ISC",
"PIE",
"T20",
"PT",
"Q",
"RET",
"SIM",
"TCH",
"ARG",
"PTH",
"ERA",
"PL",
"PLR",
"PLW",
"PERF",
"RUF",
]
ignore = [
"A003",
"PERF203",
"PERF401",
"RUF001",
"RUF002",
"RUF003",
"RUF015",
# pydantic only supports these from python>=3.9
"UP006",
"UP007",
# rules may cause conflicts when used with the formatter
"ISC001",
"Q001",
]
fixable = [
"F",
"E",
"W",
"C90",
"N",
"UP",
"B",
"A",
"C4",
"EXE",
"FA",
"ISC",
"PIE",
"T20",
"PT",
"Q",
"RET",
"SIM",
"TCH",
"ARG",
"PTH",
"ERA",
"PL",
"PLR",
"PLW",
"PERF",
"RUF",
]
exclude = [
".git",
".ruff_cache",
".venv",
"venv",
"data",
]
line-length = 99
target-version = "py38"
[tool.ruff.lint.per-file-ignores]
# don't check for "magic value" in tests
"tests/*" = ["PLR2004"]

39
docker/honeypots/dist/setup.py vendored
View file

@ -1,39 +0,0 @@
from setuptools import setup
with open("README.rst", "r") as f:
long_description = f.read()
setup(
name='honeypots',
author='QeeqBox',
author_email='gigaqeeq@gmail.com',
description=r"23 different honeypots in a single pypi package! (dns, ftp, httpproxy, http, https, imap, mysql, pop3, postgres, redis, smb, smtp, socks5, ssh, telnet, vnc, mssql, elastic, ldap, ntp, memcache, snmp, oracle, sip and irc) ",
long_description=long_description,
version='0.51',
license="AGPL-3.0",
license_files=('LICENSE'),
url="https://github.com/qeeqbox/honeypots",
packages=['honeypots'],
entry_points={
"console_scripts": [
'honeypots=honeypots.__main__:main_logic'
]
},
include_package_data=True,
install_requires=[
'pycrypto',
'scapy',
'twisted',
'psutil',
'psycopg2-binary',
'requests',
'impacket',
'paramiko',
'service_identity',
'netifaces'
],
extras_require={
'test': ['redis', 'mysql-connector', 'elasticsearch', 'pymssql', 'ldap3', 'pysnmp']
},
python_requires='>=3.5'
)

1
docker/honeypots/docker-compose.yml
View file

@ -22,6 +22,7 @@ services:
- "23:23"
- "25:25"
- "53:53/udp"
- "67:67/udp"
- "80:80"
- "110:110"
- "123:123"

5
docker/honeytrap/Dockerfile
View file

@ -1,4 +1,4 @@
FROM ubuntu:22.04
FROM ubuntu:24.10
ENV DEBIAN_FRONTEND noninteractive
#
# Include dist
@ -6,6 +6,7 @@ COPY dist/ /root/dist/
#
# Install packages
RUN apt-get update && \
apt-get -y dist-upgrade && \
#
# Install packages
apt-get install -y autoconf \
@ -25,10 +26,8 @@ RUN apt-get update && \
wget && \
#
# Install honeytrap from source
# git clone https://github.com/armedpot/honeytrap /root/honeytrap && \
git clone https://github.com/t3chn0m4g3/honeytrap /root/honeytrap && \
cd /root/honeytrap/ && \
# git checkout 9aa4f734f2ea2f0da790b02d79afe18204a23982 && \
autoreconf -vfi && \
./configure \
--with-stream-mon=nfq \

6
docker/honeytrap/docker-compose.yml
View file

@ -15,6 +15,6 @@ services:
image: "dtagdevsec/honeytrap:24.04"
read_only: true
volumes:
- /data/honeytrap/attacks:/opt/honeytrap/var/attacks
- /data/honeytrap/downloads:/opt/honeytrap/var/downloads
- /data/honeytrap/log:/opt/honeytrap/var/log
- $HOME/tpotce/data/honeytrap/attacks:/opt/honeytrap/var/attacks
- $HOME/tpotce/data/honeytrap/downloads:/opt/honeytrap/var/downloads
- $HOME/tpotce/data/honeytrap/log:/opt/honeytrap/var/log

36
docker/ipphoney/Dockerfile
View file

@ -1,4 +1,4 @@
FROM alpine:3.19
FROM alpine:3.20 AS builder
#
# Include dist
COPY dist/ /root/dist/
@ -27,6 +27,7 @@ RUN apk --no-cache -U add \
py3-service_identity \
py3-setuptools \
py3-twisted \
py3-tz \
py3-wheel \
python3 \
python3-dev && \
@ -34,27 +35,22 @@ RUN apk --no-cache -U add \
cd /opt/ && \
git clone https://gitlab.com/bontchev/ipphoney.git/ && \
cd ipphoney && \
git checkout 7ab1cac437baba17cb2cd25d5bb1400327e1bb79 && \
cp /root/dist/requirements.txt . && \
pip3 install --break-system-packages -r requirements.txt && \
setcap cap_net_bind_service=+ep $(readlink -f $(type -P python3)) && \
git checkout 9da0a9e7f9d839e4522f56b3bb2b790d87d65457 && \
cp /root/dist/requirements.txt .
WORKDIR /opt/ipphoney
RUN pip3 install --break-system-packages pyinstaller
RUN pip3 install --break-system-packages -r requirements.txt
RUN pyinstaller ipphoney.py \
--hidden-import output_plugins \
--hidden-import output_plugins.jsonlog
#
# Setup user, groups and configs
addgroup -g 2000 ipphoney && \
adduser -S -H -s /bin/ash -u 2000 -D -g 2000 ipphoney && \
mv /root/dist/honeypot.cfg /opt/ipphoney/etc/ && \
#
# Clean up
apk del --purge build-base \
git \
libffi-dev \
openssl-dev \
postgresql-dev \
python3-dev && \
rm -rf /root/* /var/cache/apk/* /opt/ipphoney/.git
FROM alpine:3.20
COPY --from=builder /opt/ipphoney/dist/ /opt/
COPY --from=builder /opt/ipphoney/responses/ /opt/ipphoney/responses/
COPY dist/honeypot.cfg /opt/ipphoney/etc/
#
# Start ipphoney
STOPSIGNAL SIGINT
USER ipphoney:ipphoney
USER 2000:2000
WORKDIR /opt/ipphoney/
CMD ["/usr/bin/python3","ipphoney.py"]
CMD ["./ipphoney"]

60
docker/ipphoney/Dockerfile.old Normal file
View file

@ -0,0 +1,60 @@
FROM alpine:3.19
#
# Include dist
COPY dist/ /root/dist/
#
# Install packages
RUN apk --no-cache -U add \
build-base \
ca-certificates \
git \
libcap \
libffi-dev \
openssl \
openssl-dev \
postgresql-dev \
py3-cryptography \
py3-elasticsearch \
py3-geoip2 \
py3-maxminddb \
py3-mysqlclient \
py3-requests \
py3-packaging \
py3-pip \
py3-psycopg2 \
py3-redis \
py3-requests \
py3-service_identity \
py3-setuptools \
py3-twisted \
py3-wheel \
python3 \
python3-dev && \
mkdir -p /opt && \
cd /opt/ && \
git clone https://gitlab.com/bontchev/ipphoney.git/ && \
cd ipphoney && \
git checkout 7ab1cac437baba17cb2cd25d5bb1400327e1bb79 && \
cp /root/dist/requirements.txt . && \
pip3 install --break-system-packages -r requirements.txt && \
setcap cap_net_bind_service=+ep $(readlink -f $(type -P python3)) && \
#
# Setup user, groups and configs
addgroup -g 2000 ipphoney && \
adduser -S -H -s /bin/ash -u 2000 -D -g 2000 ipphoney && \
mv /root/dist/honeypot.cfg /opt/ipphoney/etc/ && \
#
# Clean up
apk del --purge build-base \
git \
libffi-dev \
openssl-dev \
postgresql-dev \
python3-dev && \
rm -rf /root/* /var/cache/apk/* /opt/ipphoney/.git
#
# Start ipphoney
STOPSIGNAL SIGINT
USER ipphoney:ipphoney
WORKDIR /opt/ipphoney/
CMD ["/usr/bin/python3","ipphoney.py"]