Add go-pot honeypot

docker/elk/logstash/dist/http_output.conf

@@ -113,6 +113,13 @@ input {
     type => "Glutton"
   }
 
+# Go-pot
+  file {
+    path => ["/data/go-pot/log/go-pot.json"]
+    codec => json
+    type => "Go-pot"
+  }
+
 # Hellpot
   file {
     path => ["/data/hellpot/log/hellpot.log"]
@@ -482,6 +489,16 @@ filter {
     }
   }
 
+# Go-pot
+  if [type] == "Go-pot" {
+    if ! [dest_port] {
+      drop {}
+    }
+    date {
+      match => [ "timestamp", "ISO8601" ]
+    }
+  }
+
 # Hellpot
   if [type] == "Hellpot" {
     date {

docker/elk/logstash/dist/logstash.conf

@@ -113,6 +113,13 @@ input {
     type => "Glutton"
   }
 
+# Go-pot
+  file {
+    path => ["/data/go-pot/log/go-pot.json"]
+    codec => json
+    type => "Go-pot"
+  }
+
 # Hellpot
   file {
     path => ["/data/hellpot/log/hellpot.log"]
@@ -474,6 +481,16 @@ filter {
     }
   }
 
+# Go-pot
+  if [type] == "Go-pot" {
+    if ! [dest_port] {
+      drop {}
+    }
+    date {
+      match => [ "timestamp", "ISO8601" ]
+    }
+  }
+
 # Glutton
   if [type] == "Glutton" {
     date {

docker/elk/map/Dockerfile

@@ -13,7 +13,7 @@ RUN apk --no-cache -U add \
 # Install from GitHub and setup
     mkdir -p /opt && \
     cd /opt/ && \
-    git clone https://github.com/t3chn0m4g3/t-pot-attack-map -b 2.2.2 && \
+    git clone https://github.com/t3chn0m4g3/t-pot-attack-map -b 2.2.3 && \
     cd t-pot-attack-map && \
     pip3 install --break-system-packages --upgrade pip && \
     pip3 install --break-system-packages -r requirements.txt && \

docker/go-pot/Dockerfile

@@ -0,0 +1,27 @@
+FROM golang:1.21-alpine AS builder
+RUN <<EOF
+apk -U add git
+mkdir -p /opt
+cd /opt
+git clone https://github.com/t3chn0m4g3/go-pot
+EOF
+WORKDIR /opt/go-pot
+#
+RUN go get github.com/ua-parser/uap-go/uaparser
+RUN go mod download
+RUN CGO_ENABLED=0 GOOS=linux go build -o /opt/go-pot/go-pot
+#
+FROM alpine:3.20
+#
+COPY --from=builder /opt/go-pot/go-pot /opt/go-pot/go-pot
+COPY --from=builder /opt/go-pot/config.yml /opt/go-pot/config.yml
+#
+# Setup user, groups and configs
+RUN <<EOF
+addgroup -g 2000 go-pot
+adduser -S -s /bin/ash -u 2000 -D -g 2000 go-pot
+EOF
+#
+WORKDIR /opt/go-pot
+CMD ["start", "--host", "0.0.0.0", "--config-file", "config.yml"]
+ENTRYPOINT ["./go-pot"]

docker/go-pot/docker-compose.yml

@@ -0,0 +1,20 @@
+networks:
+  go-pot_local:
+
+services:
+
+# Go-pot service
+  go-pot:
+    build: .
+    container_name: go-pot
+    restart: always
+#    cpu_count: 1
+#    cpus: 0.25
+    networks:
+     - go-pot_local
+    ports:
+      - "8080:8080"
+    image: dtagdevsec/go-pot:24.04
+    read_only: true
+    volumes:
+     - $HOME/tpotce/data/go-pot/log/:/opt/go-pot/log/

docker/tpotinit/dist/bin/clean.sh

@@ -206,7 +206,7 @@ fuGALAH () {
   chown tpot:tpot /data/galah/ -R
 }
 
-# Let's create a function to clean up and prepare glastopf data
+# Let's create a function to clean up and prepare glutton data
 fuGLUTTON () {
   if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/glutton/*; fi
   mkdir -vp /data/glutton/{log,payloads}
@@ -214,6 +214,14 @@ fuGLUTTON () {
   chown tpot:tpot /data/glutton -R
 }
 
+# Let's create a function to clean up and prepare go-pot data
+fuGOPOT () {
+  if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/go-pot/*; fi
+  mkdir -vp /data/go-pot/log
+  chmod 770 /data/go-pot -R
+  chown tpot:tpot /data/go-pot -R
+}
+
 # Let's create a function to clean up and prepare hellpot data
 fuHELLPOT () {
   if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/hellpot/log; fi
@@ -392,6 +400,7 @@ fuENDLESSH
 fuFATT
 fuGALAH
 fuGLUTTON
+fuGOPOT
 fuHERALDING
 fuHELLPOT
 fuHONEYSAP

docker/tpotinit/dist/etc/logrotate/logrotate.conf

@@ -21,6 +21,7 @@
 /data/galah/log/*.json
 /data/glutton/log/*.log
 /data/glutton/log/*.err
+/data/go-pot/log/*.json
 /data/hellpot/log/*.log
 /data/heralding/log/*.log
 /data/heralding/log/*.csv