rdppot is a honeypot system that simulates RDP (Remote Desktop Protocol) services by listening on port 3389. When a connection is established, the system creates a session and assigns a virtual machine from a pre-configured pool to that session. The tool automatically manages session lifecycles with configurable timeouts - sessions terminate after 300 seconds by default or after 30 seconds of inactivity. During active sessions, rdppot captures comprehensive forensic data including full packet captures (pcap) and disk image copies. The system integrates with Suricata for network traffic analysis, running intrusion detection against captured packets. All collected data including disk images, packet captures, and Suricata analysis results are stored together for later examination. rdppot requires several dependencies including qemu for virtualization, libvirt for virtual machine management, Python 3.7 for core functionality, Suricata for network analysis, and tcpdump for packet capture. The tool includes installation instructions for Suricata configuration.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A low interaction honeypot to detect CVE-2018-2636 in Oracle Hospitality Applications.
A Docker-based honeypot network implementation featuring cowrie and dionaea honeypots with centralized event collection, geolocation enrichment, and real-time attack visualization.
A combination of honeypot, monitoring tool, and alerting system for detecting insecure configurations.
A honeypot tool to detect and log CVE-2019-19781 scan and exploitation attempts.