BW-Pot Logo

BW-Pot

0
Free
Visit Website

BW-Pot (Breakable Web applications honeyPot) is a highly interactive honeypot targeting HTTP or HTTPS, observing access from attackers by building easily targeted and compromised web applications. It forwards logs to Google BigQuery for accumulation and visualization, features frequent attack target web app environment usage, daily automatic restoration to a clean environment, real-time log integration with Google BigQuery, automatic log rotation, and saving packet capture files for detailed analysis, operable on low-spec servers. Architecture/Specification: Refer to the architecture diagram and detailed specifications. Installation: Hardware Requirements: 2GB RAM, 10GB SSD, Internet Connection. Software Requirements: Docker, Docker-Compose, logrotate. Service Account Requirements: Google Cloud Platform Account. Usage: Analyze logs forwarded to BigQuery using SQL execution in BigQuery's WebUI, create dashboards specifying BigQuery tables as data sources in the data portal. Licenses: Apache License v2 for Docker, Fluentd, Apache Tomcat; GPL v2 for Wireshark (tshark), WordPress, phpMyAdmin; BSD License for WOWHoneypot. Author: graneed. ToDo: Add Drupal to web applications, store network capture files in /data/tshark/dump/ for download and inspection with WireShark, etc., for log preservation, consider Amazon S3.

FEATURES

ALTERNATIVES

A tutorial on setting up Dionaea on an EC2 instance in 20 minutes

The DShield Raspberry Pi Sensor is a tool that turns a Raspberry Pi into a honeypot to collect and submit security logs to the DShield project for analysis.

A low interaction honeypot for detecting CVE-2018-0101 vulnerability in Cisco ASA component.

A Perl honeypot program for monitoring hostile traffic and wasting hackers' time.

A list of services and how to claim (sub)domains with dangling DNS records.

A basic Flask-based Outlook Web App (OWA) honeypot for cybersecurity experimentation.

Apache 2 based honeypot for detecting and blocking Struts CVE 2017-5638 exploit with added support for content disposition filename parsing vulnerability.

A honeypot agent for running honeypots with service and data at threatwar.com.