Skip to content
No description, website, or topics provided.
Shell Python Dockerfile HTML PHP
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
honeytraps Add Youtube Link for Video Demo Jul 31, 2019
mds_elk Resolve wget error and add dashboard doc. Jun 30, 2019
misp-doc Add PyMISP and MISP Doc. Jul 16, 2019
mlogc_elk update the modsec Dockerfile Jun 27, 2019
README.md Update repo README.md Jul 25, 2019

README.md

OWASP Honeypot-Project

The goal of the OWASP Honeypot Project is to identify emerging attacks against web applications and report them to the community, in order to facilitate protection against such targeted attacks.

Based around the earlier OWASP/WASC Distributed Web Honeypots Project (https://github.com/SpiderLabs/owasp-distributed-web-honeypots)

The primary aims of the project are

  • Real-time, detailed Web Application Threat Attack Data
  • Threat Reports to the community

Organization of the repository

This repository is organized into various directories. Below table shows the purpose of each one.

Directory Purpose
honeytraps Focuses on building honeytraps and reporting threat intelligence
mds_elk Shows a PoC for sending the ModSecurity Audit Logs to ELK using Filebeat
misp-doc Assists in setting the MISP Server and creating threat events using PyMISP
mlogc_elk Shows a PoC for sending the ModSecurity Audit Logs to ELK using ModSecurity Audit Log Collector (mlogc)

Please go to respective directories for complete documentation.

Project Roadmap

As of August, 2018, the priorities for the next 6 months are:

  • Setup Proof of Concept to understand how ModSecurity baed Honeypot/Probe interacts with a receiving console (develop a VM and/or Docker based test solution to store logs from multiple probes).
  • Evaluate console options to visualise threat data received from ModSecurity Honeypots/probes in MosSecurity Audit Console, WAF-FLE, Fluent and bespoke scripts for single and multiple probes.
  • Develop a mechanism to convert from stored MySQL to JSON format.
  • Provide a mechanism to convert ModSecurity mlogc audit log output into JSON format.
  • Provide a mechanism to convert mlogc audit log output directly into ELK (ElasticSearch/Logstash/Kibana) to visualise the data.
  • Provide a mechanism to forward honest output into threat intelligence format such as STIX using something like the MISP project(https://www.misp-project.org) to share Threat data coming from the Honeypots making it easy to export/import data from formats such as STIX and TAXII., may require use of concurrent logs in a format that MISP can deal with.
  • Consider new alternatives for log transfer including the use of MLOGC-NG or other possible approaches.
  • Develop a new VM based honeypot/probe based on CRS v3.1.
  • Develop new alternative small footprint honeypot/probe formats utilising Docker & Raspberry Pi.
  • Develop machine learning approach to automatically be able to update the rule set being used by the probe based on cyber threat intelligence received.
You can’t perform that action at this time.