python based WordPress honeypot in a docker container
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.


WordPress honeypot

HoneyPress, a WordPress honeypot in a docker container.



I have began a complete re-write / re-implementation of this idea. Decided it would be best to go with good ol' Flask and python for creating a "WordPress" install. Because of Flask's flexibility and Python's modularity there are all kinds of fun to be had.

Clone and build Docker image

$ git clone
$ cd HoneyPress && docker-compose up -d

Nginx Logs

You can view access logs easily:

$ docker exec honeypress bash -c 'tail /var/log/nginx/access.log' - - [06/Jun/2016 03:21:41] "GET /wp-login.php?__debugger__=yes&cmd=resource&f=style.css HTTP/1.1" 200 - - - [06/Jun/2016 03:21:41] "GET /wp-login.php?__debugger__=yes&cmd=resource&f=jquery.js HTTP/1.1" 200 - - - [06/Jun/2016 03:21:41] "GET /wp-login.php?__debugger__=yes&cmd=resource&f=debugger.js HTTP/1.1" 200 - - - [06/Jun/2016 03:21:41] "GET /wp-login.php?__debugger__=yes&cmd=resource&f=console.png HTTP/1.1" 200 - - - [06/Jun/2016 03:21:41] "GET /wp-login.php?__debugger__=yes&cmd=resource&f=ubuntu.ttf HTTP/1.1" 200 - - - [06/Jun/2016 03:21:41] "GET /wp-login.php?__debugger__=yes&cmd=resource&f=console.png HTTP/1.1" 200 - - - [06/Jun/2016 03:21:44] "GET /wp-login.php HTTP/1.1" 200 - - - [06/Jun/2016 03:21:46] "POST /wp-login.php HTTP/1.1" 200 -

Database queries

More documentation coming soon!

Custom MongoDB database with authentication

$ docker run -d --name honeypress -p 80:80 -e 'MONGO_HOST=' -e 'MONGO_PORT=27017' -e 'MONGO_USER=honeypress' -e 'MONGO_PASS=somethingsecure' honeypress

Accessing the data

$ docker exec -it honeyDB mongo
> use honey
> db.payloads.count()

Finding payloads that are not equal to the hashes in this list (deprecated, more docs coming soon):

Finding payloads by codename:

db.payloads.find({'codename': 'proud-water'}, {'_id': 0}).pretty()

Finding payloads by IP address:

db.payloads.find({'ip': ''}, {'': 1}).pretty()

Finding payloads by user-agent:

db.payloads.find({'user-agent': 'Wget(linux)'}, {'': 1}).pretty()

Finding payloads by user-agent with regex:

db.payloads.find({'user-agent': {$regex: /.*mozilla.*/, $options: 'si'}}, {'': 1}).pretty()

Finding payload commands with regex:

db.payloads.find({'': {$regex: /.*ping.*/, $options: 'si'}}, {'': 1}).pretty()