WebApp Honeypot for detecting Shell Shock exploit attempts
Python
Pull request Compare This branch is 3 commits ahead, 2 commits behind threatstream:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
.gitignore
LICENSE readme and license Sep 25, 2014
README.md edited link to threatstream wiki - about deployment Oct 29, 2015
commands.py
logger.py initial commit of code Sep 25, 2014
requirements.txt
shockpot.conf
shockpot.py
util.py added support for logging to postgresql database Oct 29, 2015

README.md

Shockpot

Shockpot is a web app honeypot designed to find attackers attempting to exploit the Bash remote code vulnerability, CVE-2014-6271.

Shockpot can be run as a standalone honypot or easily deployed by Modern Honey Network (MHN): http://github.com/threatstream/mhn

Installation

virtualenv env
. env/bin/activate
pip install -r requirements.txt 

Configuration

Edit shockpot.conf

[server]
host = 0.0.0.0
port = 8080

[headers]
server = Apache/2.0.55 (Debian) PHP/5.1.2-1+b1 mod_ssl/2.0.55 OpenSSL/0.9.8b

[hpfeeds]
enabled = True
host = your.mhn.server.com
port = 10000
identity = shockpot
secret = secret
channel = shockpot.events

[postgresql]
enabled = True
database = $POSTGRES_NAME
user = $POSTGRES_USER
password = $POSTGRES_PASS
host = $POSTGRES_HOST
port = $POSTGRES_PORT

Running

python shockpot.py

Deployment

See the https://github.com/threatstream/shockpot/wiki.

LICENSE

Shockpot

Copyright (C) 2014 - ThreatStream

This program free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.

You should have received a copy of the GNU Lesser General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA