BW-Pot Logo

BW-Pot

0
Free
Visit Website

BW-Pot (Breakable Web applications honeyPot) is a highly interactive honeypot targeting HTTP or HTTPS, observing access from attackers by building easily targeted and compromised web applications. It forwards logs to Google BigQuery for accumulation and visualization, features frequent attack target web app environment usage, daily automatic restoration to a clean environment, real-time log integration with Google BigQuery, automatic log rotation, and saving packet capture files for detailed analysis, operable on low-spec servers. Architecture/Specification: Refer to the architecture diagram and detailed specifications. Installation: Hardware Requirements: 2GB RAM, 10GB SSD, Internet Connection. Software Requirements: Docker, Docker-Compose, logrotate. Service Account Requirements: Google Cloud Platform Account. Usage: Analyze logs forwarded to BigQuery using SQL execution in BigQuery's WebUI, create dashboards specifying BigQuery tables as data sources in the data portal. Licenses: Apache License v2 for Docker, Fluentd, Apache Tomcat; GPL v2 for Wireshark (tshark), WordPress, phpMyAdmin; BSD License for WOWHoneypot. Author: graneed. ToDo: Add Drupal to web applications, store network capture files in /data/tshark/dump/ for download and inspection with WireShark, etc., for log preservation, consider Amazon S3.

FEATURES

ALTERNATIVES

A security platform that automates the deployment and management of security canaries across cloud infrastructure to detect potential intrusions and unauthorized access.

Commercial

A honeypot installation for Drupal that supports Go modules and mimics different versions of Drupal.

A configurable DNS honeypot with SQLite logging and Docker support.

A honeypot agent for running honeypots with service and data at threatwar.com.

A low-interaction SSH authentication logging honeypot that logs all authentication attempts in JSON format.

A low-interaction honeypot to detect and analyze attempts to exploit the CVE-2017-10271 vulnerability in Oracle WebLogic Server

A Python-based honeypot service for SSH, FTP, and Telnet connections

A modern directory scanner that can be used to find hidden directories and files on a web server.