T-Pot - The All In One Multi Honeypot Platform Logo

T-Pot - The All In One Multi Honeypot Platform

0
Free
Visit Website

T-Pot is the all in one, optionally distributed, multiarch (amd64, arm64) honeypot plattform, supporting 20+ honeypots and countless visualization options using the Elastic Stack, animated live attack maps and lots of security tools to further improve the deception experience. TL;DR Meet the system requirements. The T-Pot installation needs at least 8-16 GB RAM, 128 GB free disk space as well as a working (outgoing non-filtered) internet connection. Download or use a running, supported distribution. Install the ISO with as minimal packages / services as possible (ssh required) Install curl: $ sudo [apt, dnf, zypper] install curl if not installed already Run installer as non-root from $HOME: env bash -c "$(curl -sL https://github.com/telekom-security/tpotce/raw/master/install.sh)" Follow instructions, read messages, check for possible port conflicts and reboot Table of Contents T-Pot - The All In One Multi Honeypot Platform TL;DR Table of Contents Disclaimer Technical Concept Technical Architecture Services User Types System Requirements Running in a VM Running on Hardware Running in a Cloud Required Ports System Placement Installation

FEATURES

ALTERNATIVES

A low-interaction honeypot to detect and analyze attempts to exploit the CVE-2017-10271 vulnerability in Oracle WebLogic Server

Low-interaction VNC honeypot for logging responses to a static VNC Auth challenge.

SMTP Honeypot with custom modules for different modes of operation.

A simple SSH honeypot written in Golang with a Persian-inspired name.

A local file inclusion exploitation tool

Medium interaction SSH Honeypot with multiple virtual hosts and sandboxed filesystems.

A medium-interaction PostgreSQL honeypot with configurable settings

A Python-based honeypot service for SSH, FTP, and Telnet connections