Skip to content
Drupal Honeypot
Branch: master
Clone or download
Latest commit b7b4e40 Mar 14, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
changelogs
public
templates Add emulation of 8.6 Mar 12, 2019
.gitignore Initial honeypot code. Feb 22, 2019
LICENSE
README.md Update README.md Feb 25, 2019
config.go Add emulation of 8.6 Mar 12, 2019
config.toml.example Add emulation of 8.6 Mar 12, 2019
go.mod
go.sum Refactor configuration loading, and implement hpfeeds publishing. Feb 24, 2019
main.go
routes.go Add emulation of 8.6 Mar 12, 2019

README.md

Drupot

Drupal Honeypot

Installation

Drupot supports go modules.

go get github.com/d1str0/Drupot

go build

Running Drupot

./drupot -c config.toml

Configuration

config.toml.example contains an example of all currently available configuration options.

Drupal

[drupal]
port = 80
changelog_filepath = "changelogs/CHANGELOG-7.63.txt"

port allows you to set the http port to listen on. Currently, this is only ever served over http. Future versions will support https.

changelog_filepath allows you to set what exactly is returned in the /CHANGELOG.txt file. This allows you to save multiple versions of the CHANGELOG and serve them at different times. This allows you to mimic different versions of Drupal.

hpfeeds

[hpfeeds]
enabled = true
host = "hpfeeds.threatstream.com"
port = 10000
ident = "drupot"
auth = "somesecret"
channel = "drupot.events"
meta = "Drupal scan event detected"

hpfeeds can be enabled for logging if wanted. Supply host, port, ident, auth, and channel information relevant to an hpfeeds broker you want to report to.

meta provides a static string to send in every hpfeeds request. Could be use to differentiate Drupal versions hosted by honeypot or used to differentiate Drupot data in busy hpfeeds channels.

Fetch Public IP

[fetch_public_ip]
enabled = true
urls = ["http://icanhazip.com/", "http://ifconfig.me/ip"]

If enabled, Drupot will attempt to fetch the public IP of itself from the listed URLs. If enabled and no public IP can be fetched, Drupot will quit.

You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.