T-Pot framework

T-Pot is an All-In-One Multi Honeypot Platform, supporting 20+ honeypots and countless visualisation options using the Elastic Stack, animated live attack maps and lots of security tools to further improve the deception experience.

TL;DR

• Meet the system requirements. The T-Pot installation needs at least 8-16 GB RAM and 128 GB free disk space as well as a working (outgoing non-filtered) internet connection.

• Download the T-Pot ISO from GitHub according to your architecture (amd64, arm64) or create it yourself.

• Install the system in a VM or onphysical hardware with internet access.

• Enjoy your favorite beverage - watch and analyse.

Honeypot dockers

T-Pot offers docker images for the following honeypots:

Databases

• ElasticPot - A honeypot simulating a vulnerable Elasticsearch server opened to the Internet.

• RedisHoneyPot - High Interaction Honeypot Solution for Redis protocol.

Email

• Mailoney - SMTP honeypot, Open Relay, Cred Harvester written in python.

ICS/SCADA

• Conpot - An ICS honeypot with the goal to collect intelligence about the motives and methods of adversaries targeting industrial control systems.

Mobile

• Android Debug Bridge over TCP/IP - Low interaction honeypot that simulates an Android device running Android Debug Bridge (ADB) server process.

Network services

• Dionaea - A nepenthes successor, embedding python as scripting language, using libemu to detect shellcodes, supporting ipv6 and tls.

• Cisco ASA honeypot - A low interaction honeypot for the Cisco ASA component capable of detecting CVE-2018-0101, a DoS and remote code execution vulnerability.

• DDoSPot - NTP, DNS, SSDP, Chargen and generic UDP-based amplification DDoS honeypot.

Other

• CitrixHoneypot - Detect and log CVE-2019-19781 scan and exploitation attempts.

• Dicompot - DICOM Honeypot.

• Log4Pot - A honeypot for the Log4Shell vulnerability (CVE-2021-44228).

• medpot - HL7 / FHIR honeypot.

Server

• Glutton - All eating honeypot.

• Heralding - Credentials catching honeypot.

Service

• Honeypots - 25 different honeypots in a single pypi package! (dns, ftp, httpproxy, http, https, imap, mysql, pop3, postgres, redis, smb, smtp, socks5, ssh, telnet, vnc, mssql, elastic, ldap, ntp, memcache, snmp, oracle, sip and irc).

• Honeytrap - Advanced Honeypot framework written in Go that can be connected with other honeypot software.

• IPP Honey - A honeypot for the Internet Printing Protocol.

SIP

• SentryPeer - A fraud detection tool which lets bad actors try to make phone calls and saves the IP address they came from and number they tried to call.

SSH

• Cowrie - Cowrie SSH Honeypot (based on kippo).

• Endlessh - An SSH tarpit.

• Kippo - Medium interaction SSH honeypot.

Web applications

• HellPot - Honeypot that tries to crash the bots and clients that visit it’s location.

• Nodepot - NodeJS web application honeypot.

• SNARE - A web application honeypot sensor, the successor of Glastopf.

• TANNER - SNARES’ “brain”, allowing for changing the behaviour of sensors on the fly.