bap is a webservice honeypot that logs HTTP basic authentication credentials in a 'parser friendly format'. The webservice responds with 401 WWW-Authenticate: Basic realm='ADMIN' for HEAD and GET requests, and generates an error response for other HTTP methods. No valid username/password exists, only credentials are logged. Configuration involves setting HTTP_ADDR and HTTP_PORT in bap.py, with default binding to *:8080. Running bap.py starts the service, while start-bap-debian.sh and stop-bap-debian.sh manage background execution. Logging occurs in pot.log in the same directory as bap.py, with entries in the format: [Date Time] Client_address:Client_port Auth_method Decoded_auth_string.
FEATURES
SIMILAR TOOLS
A low interaction honeypot to detect CVE-2018-2636 in Oracle Hospitality Applications.
An SDN honeypot tool for detecting and analyzing malicious activities in Software-Defined Networking environments.
A low-interaction honeypot to detect and analyze attempts to exploit the CVE-2017-10271 vulnerability in Oracle WebLogic Server
A WordPress plugin that logs failed login attempts to help monitor unauthorized access attempts on WordPress websites.
A low interaction client honeypot that detects malicious websites using signature, anomaly and pattern matching techniques with automated URL collection and JavaScript analysis capabilities.