Glastopf Logo

Glastopf

0
Free
Visit Website

Glastopf is a Python web application honeypot founded by Lukas Rist. General approach: Vulnerability type emulation instead of vulnerability emulation. Once a vulnerability type is emulated, Glastopf can handle unknown attacks of the same type. While implementation may be slower and more complicated, we remain ahead of the attackers until they come up with a new method or discover a new flaw in our implementation. Modular design to add new logging capabilities or attack type handlers. Various database capabilities are already in place. HPFeeds logging is supported for centralized data collection. Popular attack type emulation is already in place: Remote File Inclusion via a build-in PHP sandbox, Local File Inclusion providing files from a virtual file system and HTML injection via POST requests. Adversaries usually use search engines and special crafted search requests to find their victims. In order to attract them, Glastopf provides those keywords (AKA 'dork') and additionally extracts them from requests, extending its attack surface automatically. As a result, the honeypot gets more and more

FEATURES

ALTERNATIVES

A subset of the Modern Honey Network project set up to run in docker, including hpfeeds broker, cowrie honeypot, and dionaea honeypot.

RDP based Honeypot that creates virtual machines for incoming connections and analyzes traffic with Suricata.

A Python web application honeypot that provides simple statistics for the Glastopf.

Honey-Pod for SSH that logs username and password tries during brute-force attacks.

A collection of scripts for debugging SSRF, blind XSS, and XXE vulnerabilities

A tool for embedding XXE/XML exploits into different filetypes

A collection of tools that can be used with Honeyd for data analysis or other purposes

A highly interactive honeypot for observing access from attackers by building easily targeted and compromised web applications, forwarding logs to Google BigQuery for accumulation and visualization.