Shockpot is a web app honeypot designed to find attackers attempting to exploit the Bash remote code vulnerability, CVE-2014-6271.
Shockpot can be run as a standalone honypot or easily deployed by Modern Honey Network (MHN): http://github.com/threatstream/mhn
virtualenv env
. env/bin/activate
pip install -r requirements.txt
Edit shockpot.conf
[server]
host = 0.0.0.0
port = 8080
[headers]
server = Apache/2.0.55 (Debian) PHP/5.1.2-1+b1 mod_ssl/2.0.55 OpenSSL/0.9.8b
[hpfeeds]
enabled = True
host = your.mhn.server.com
port = 10000
identity = shockpot
secret = secret
channel = shockpot.events
[postgresql]
enabled = True
database = $POSTGRES_NAME
user = $POSTGRES_USER
password = $POSTGRES_PASS
host = $POSTGRES_HOST
port = $POSTGRES_PORT
python shockpot.py
See the https://github.com/threatstream/shockpot/wiki.
Shockpot
Copyright (C) 2014 - ThreatStream
This program free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA