BW-Pot Logo

BW-Pot

0
Free
Visit Website

BW-Pot (Breakable Web applications honeyPot) is a highly interactive honeypot targeting HTTP or HTTPS, observing access from attackers by building easily targeted and compromised web applications. It forwards logs to Google BigQuery for accumulation and visualization, features frequent attack target web app environment usage, daily automatic restoration to a clean environment, real-time log integration with Google BigQuery, automatic log rotation, and saving packet capture files for detailed analysis, operable on low-spec servers. Architecture/Specification: Refer to the architecture diagram and detailed specifications. Installation: Hardware Requirements: 2GB RAM, 10GB SSD, Internet Connection. Software Requirements: Docker, Docker-Compose, logrotate. Service Account Requirements: Google Cloud Platform Account. Usage: Analyze logs forwarded to BigQuery using SQL execution in BigQuery's WebUI, create dashboards specifying BigQuery tables as data sources in the data portal. Licenses: Apache License v2 for Docker, Fluentd, Apache Tomcat; GPL v2 for Wireshark (tshark), WordPress, phpMyAdmin; BSD License for WOWHoneypot. Author: graneed. ToDo: Add Drupal to web applications, store network capture files in /data/tshark/dump/ for download and inspection with WireShark, etc., for log preservation, consider Amazon S3.

FEATURES

ALTERNATIVES

Helix is a versatile honeypot designed to mimic the behavior of various protocols including Kubernetes API server, HTTP, TCP, and UDP.

Medium interaction SSH honeypot for logging brute force attacks and shell interactions.

A simple Postgres honey pot inspired by Elastichoney.

A collection of scripts for debugging SSRF, blind XSS, and XXE vulnerabilities

Medium interaction SSH Honeypot with multiple virtual hosts and sandboxed filesystems.

LaBrea is a 'sticky' honeypot and IDS tool that traps malicious actors by creating virtual servers on unused IP addresses.

A honeypot tool that simulates an open relay to capture and analyze spam

An Open-source intelligence (OSINT) honeypot that monitors reconnaissance attempts by threat actors and generates actionable intelligence for Blue Teamers.

PINNED