add h0neytr4p honeypot

2025-07-02 01:27:27 -04:00 · 2024-11-12 21:51:39 +01:00
parent 4bedb8d39b
commit 817fac6b45
18 changed files with 389 additions and 190 deletions
--- a/docker/_builder/docker-compose.yml
+++ b/docker/_builder/docker-compose.yml
@ -144,6 +144,15 @@ services:
      context: ../go-pot/
      <<: *common-build

+# H0neytr4p
+  h0neytr4p:
+    image: ${TPOT_DOCKER_REPO}/h0neytr4p:${TPOT_VERSION}
+    build:
+      tags:
+        - ${TPOT_GHCR_REPO}/h0neytr4p:${TPOT_VERSION}
+      context: ../h0neytr4p/
+      <<: *common-build
+
 # Hellpot
  hellpot:
    image: ${TPOT_DOCKER_REPO}/hellpot:${TPOT_VERSION}
--- a/docker/elk/logstash/dist/http_output.conf
+++ b/docker/elk/logstash/dist/http_output.conf
@ -120,6 +120,13 @@ input {
    type => "Go-pot"
  }

+# H0neytr4p
+  file {
+    path => ["/data/h0neytr4p/log/log.json"]
+    codec => json
+    type => "H0neytr4p"
+  }
+
 # Hellpot
  file {
    path => ["/data/hellpot/log/hellpot.log"]
@ -536,6 +543,13 @@ filter {
    }
  }

+# H0neytr4p
+  if [type] == "H0neytr4p" {
+    date {
+      match => [ "timestamp", "ISO8601" ]
+    }
+  }
+
 # Heralding
  if [type] == "Heralding" {
    csv {
--- a/docker/elk/logstash/dist/logstash.conf
+++ b/docker/elk/logstash/dist/logstash.conf
@ -120,6 +120,13 @@ input {
    type => "Go-pot"
  }

+# H0neytr4p
+  file {
+    path => ["/data/h0neytr4p/log/log.json"]
+    codec => json
+    type => "H0neytr4p"
+  }
+
 # Hellpot
  file {
    path => ["/data/hellpot/log/hellpot.log"]
@ -536,6 +543,13 @@ filter {
    }
  }

+# H0neytr4p
+  if [type] == "H0neytr4p" {
+    date {
+      match => [ "timestamp", "ISO8601" ]
+    }
+  }
+
 # Heralding
  if [type] == "Heralding" {
    csv {
--- a/docker/elk/map/Dockerfile
+++ b/docker/elk/map/Dockerfile
@ -13,7 +13,7 @@ RUN apk --no-cache -U add \
 # Install from GitHub and setup
    mkdir -p /opt && \
    cd /opt/ && \
-    git clone https://github.com/t3chn0m4g3/t-pot-attack-map -b 2.2.5 && \
+    git clone https://github.com/t3chn0m4g3/t-pot-attack-map -b 2.2.6 && \
    cd t-pot-attack-map && \
    pip3 install --break-system-packages --upgrade pip && \
    pip3 install --break-system-packages -r requirements.txt && \
--- a/docker/h0neytr4p/Dockerfile
+++ b/docker/h0neytr4p/Dockerfile
@ -0,0 +1,30 @@
+FROM golang:1.21-alpine AS builder
+WORKDIR /app
+#
+RUN apk -U add git openssl
+RUN git clone https://github.com/t3chn0m4g3/h0neytr4p -b v0.32 /app
+RUN go mod download
+RUN go mod tidy
+RUN go build -o /app/main
+RUN openssl req \
+          -nodes \
+          -x509 \
+          -sha512 \
+          -newkey rsa:4096 \
+          -keyout "app.key" \
+          -out "app.crt" \
+          -days 3650 \
+          -subj '/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd'
+RUN chmod 444 app.key app.crt
+#
+FROM scratch
+#
+COPY --from=builder /app/main /opt/h0neytr4p/h0neytr4p
+COPY --from=builder /app/traps /opt/h0neytr4p/traps
+COPY --from=builder /app/app.key /opt/h0neytr4p/
+COPY --from=builder /app/app.crt /opt/h0neytr4p/
+#
+WORKDIR /opt/h0neytr4p
+USER 2000:2000
+CMD ["-cert=app.crt", "-key=app.key", "-log=log/log.json", "-catchall=false", "-payload=/data/h0neytr4p/payloads/", "-wildcard=true", "-traps=traps/"]
+ENTRYPOINT ["./h0neytr4p"]
--- a/docker/h0neytr4p/docker-compose.yml
+++ b/docker/h0neytr4p/docker-compose.yml
@ -0,0 +1,22 @@
+networks:
+  h0neytr4p_local:
+
+services:
+
+# H0neytr4p service
+  h0neytr4p:
+    build: .
+    container_name: h0neytr4p
+    restart: always
+#    cpu_count: 1
+#    cpus: 0.25
+    networks:
+     - h0neytr4p_local
+    ports:
+      - "80:80"
+      - "443:443"
+    image: "dtagdevsec/h0neytr4p:24.04"
+    read_only: true
+    volumes:
+      - $HOME/tpotce/data/h0neytr4p/log/:/opt/h0neytr4p/log/
+      - $HOME/tpotce/data/h0neytr4p/payloads/:/data/h0neytr4p/payloads/
--- a/docker/tpotinit/dist/bin/clean.sh
+++ b/docker/tpotinit/dist/bin/clean.sh
@ -32,12 +32,14 @@ fuLOGROTATE () {
  local myDIONAEABITGZ="/data/dionaea/bistreams.tgz"
  local myDIONAEABIN="/data/dionaea/binaries/"
  local myDIONAEABINTGZ="/data/dionaea/binaries.tgz"
-  local myMINIPRINTU="/data/miniprint/uploads/"
-  local myMINIPRINTTGZ="/data/miniprint/uploads.tgz"
+  local myH0NEYTR4PP="/data/h0neytr4p/payloads/"
+  local myH0NEYTR4PTGZ="/data/h0neytr4p/payloads.tgz"
  local myHONEYTRAPATTACKS="/data/honeytrap/attacks/"
  local myHONEYTRAPATTACKSTGZ="/data/honeytrap/attacks.tgz"
  local myHONEYTRAPDL="/data/honeytrap/downloads/"
  local myHONEYTRAPDLTGZ="/data/honeytrap/downloads.tgz"
+  local myMINIPRINTU="/data/miniprint/uploads/"
+  local myMINIPRINTTGZ="/data/miniprint/uploads.tgz"
  local myTANNERF="/data/tanner/files/"
  local myTANNERFTGZ="/data/tanner/files.tgz"

@ -56,22 +58,23 @@ if [ "$(fuEMPTY $myCOWRIETTYLOGS)" != "0" ]; then tar -I $myPIGZ -cvf $myCOWRIET
 if [ "$(fuEMPTY $myCOWRIEDL)" != "0" ]; then tar -I $myPIGZ -cvf $myCOWRIEDLTGZ $myCOWRIEDL; fi
 if [ "$(fuEMPTY $myDIONAEABI)" != "0" ]; then tar -I $myPIGZ -cvf $myDIONAEABITGZ $myDIONAEABI; fi
 if [ "$(fuEMPTY $myDIONAEABIN)" != "0" ]; then tar -I $myPIGZ -cvf $myDIONAEABINTGZ $myDIONAEABIN; fi
-if [ "$(fuEMPTY $myMINIPRINTU)" != "0" ]; then tar -I $myPIGZ -cvf $myMINIPRINTTGZ $myMINIPRINTU; fi
+if [ "$(fuEMPTY $myH0NEYTR4PP)" != "0" ]; then tar -I $myPIGZ -cvf $myH0NEYTR4PTGZ $myH0NEYTR4PP; fi
 if [ "$(fuEMPTY $myHONEYTRAPATTACKS)" != "0" ]; then tar -I $myPIGZ -cvf $myHONEYTRAPATTACKSTGZ $myHONEYTRAPATTACKS; fi
 if [ "$(fuEMPTY $myHONEYTRAPDL)" != "0" ]; then tar -I $myPIGZ -cvf $myHONEYTRAPDLTGZ $myHONEYTRAPDL; fi
+if [ "$(fuEMPTY $myMINIPRINTU)" != "0" ]; then tar -I $myPIGZ -cvf $myMINIPRINTTGZ $myMINIPRINTU; fi
 if [ "$(fuEMPTY $myTANNERF)" != "0" ]; then tar -I $myPIGZ -cvf $myTANNERFTGZ $myTANNERF; fi

 # Ensure correct permissions and ownership for previously created archives
-chmod 770 $myADBHONEYTGZ $myCOWRIETTYTGZ $myCOWRIEDLTGZ $myDIONAEABITGZ $myDIONAEABINTGZ $myHONEYTRAPATTACKSTGZ $myHONEYTRAPDLTGZ $myMINIPRINTTGZ $myTANNERFTGZ
-chown tpot:tpot $myADBHONEYTGZ $myCOWRIETTYTGZ $myCOWRIEDLTGZ $myDIONAEABITGZ $myDIONAEABINTGZ $myHONEYTRAPATTACKSTGZ $myHONEYTRAPDLTGZ $myMINIPRINTTGZ $myTANNERFTGZ
+chmod 770 $myADBHONEYTGZ $myCOWRIETTYTGZ $myCOWRIEDLTGZ $myDIONAEABITGZ $myDIONAEABINTGZ $myH0NEYTR4PTGZ $myHONEYTRAPATTACKSTGZ $myHONEYTRAPDLTGZ $myMINIPRINTTGZ $myTANNERFTGZ
+chown tpot:tpot $myADBHONEYTGZ $myCOWRIETTYTGZ $myCOWRIEDLTGZ $myDIONAEABITGZ $myDIONAEABINTGZ $myH0NEYTR4PTGZ $myHONEYTRAPATTACKSTGZ $myHONEYTRAPDLTGZ $myMINIPRINTTGZ $myTANNERFTGZ

 # Need to remove subfolders since too many files cause rm to exit with errors
-rm -rf $myADBHONEYDL $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL $myMINIPRINTU $myTANNERF
+rm -rf $myADBHONEYDL $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myH0NEYTR4PP $myHONEYTRAPATTACKS $myHONEYTRAPDL $myMINIPRINTU $myTANNERF

 # Recreate subfolders with correct permissions and ownership
-mkdir -p $myADBHONEYDL $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL $myMINIPRINTU $myTANNERF
-chmod 770 $myADBHONEYDL $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL $myMINIPRINTU $myTANNERF
-chown tpot:tpot $myADBHONEYDL $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL $myMINIPRINTU $myTANNERF
+mkdir -p $myADBHONEYDL $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myH0NEYTR4PP $myHONEYTRAPATTACKS $myHONEYTRAPDL $myMINIPRINTU $myTANNERF
+chmod 770 $myADBHONEYDL $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myH0NEYTR4PP $myHONEYTRAPATTACKS $myHONEYTRAPDL $myMINIPRINTU $myTANNERF
+chown tpot:tpot $myADBHONEYDL $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myH0NEYTR4PP $myHONEYTRAPATTACKS $myHONEYTRAPDL $myMINIPRINTU $myTANNERF

 # Run logrotate again to account for previously created archives - DO NOT FORCE HERE!
 logrotate -s $mySTATUS $myCONF
@ -225,6 +228,14 @@ fuGOPOT () {
  chown tpot:tpot /data/go-pot -R
 }

+# Let's create a function to clean up and prepare h0neytr4p data
+fuH0NEYTR4P () {
+  if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/h0neytr4p/*; fi
+  mkdir -vp /data/h0neytr4p/{log,payloads}
+  chmod 770 /data/h0neytr4p/ -R
+  chown tpot:tpot /data/h0neytr4p/ -R
+}
+
 # Let's create a function to clean up and prepare hellpot data
 fuHELLPOT () {
  if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/hellpot/log; fi
@ -420,6 +431,7 @@ fuFATT
 fuGALAH
 fuGLUTTON
 fuGOPOT
+fuH0NEYTR4P
 fuHERALDING
 fuHELLPOT
 fuHONEYAML
--- a/docker/tpotinit/dist/etc/logrotate/logrotate.conf
+++ b/docker/tpotinit/dist/etc/logrotate/logrotate.conf
@ -22,6 +22,7 @@
 /data/glutton/log/*.log
 /data/glutton/log/*.err
 /data/go-pot/log/*.json
+/data/h0neytr4p/log/*.json
 /data/hellpot/log/*.log
 /data/heralding/log/*.log
 /data/heralding/log/*.csv
@ -61,6 +62,7 @@
 /data/cowrie/downloads.tgz
 /data/dionaea/bistreams.tgz
 /data/dionaea/binaries.tgz
+/data/h0neytr4p/payloads.tgz
 /data/honeytrap/attacks.tgz
 /data/honeytrap/downloads.tgz
 /data/miniprint/uploads.tgz
--- a/docker/tpotinit/dist/etc/objects/elkbase.tgz
+++ b/docker/tpotinit/dist/etc/objects/elkbase.tgz
--- a/docker/tpotinit/dist/etc/objects/kibana_export.ndjson.zip
+++ b/docker/tpotinit/dist/etc/objects/kibana_export.ndjson.zip