Skip to content

mycert/ESPot

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits

downloads

downloads

 
 

logger

logger

 
 

logs

logs

 
 

routes

routes

 
 

views/es-response

views/es-response

 
 

.gitignore

.gitignore

 
 

README.md

README.md

 
 

app.js

app.js

 
 

config.js-sample

config.js-sample

 
 

package.json

package.json

 
 

Repository files navigation

ESPot - ElasticSearch Honeypot

An Elasticsearch honeypot written in NodeJS, to capture every attempts to exploit CVE-2014-3120.

Prerequisite

  • NodeJS - v0.10.x
  • NodeJS Package Manager - npm v1.4.x

Install

Download and extract to /opt/espot, then run followwing command:

$ cd /opt/espot
$ npm install
$ mv config.js-sample config.js

Configure config.js

module.exports = {
    default_response: 'default', // default = 1.1.1, available = 0.90.0, 0.90.5, 1.1.1, 1.2.1, 1.2.2, 1.3.1
    logging: {
        sqlite: {
            enable: true,
            dbpath: __dirname + "/logs/attack.db"
        },
        http_push: {
            enable: false,
            url: "http://localhost/path/path?query=string"
        }
    },
    tz: 'GMT+8' // Timezone
};

Misc

HTTP Push

ESPot will send post request with following json data to provided url in config.js

{
    payload: <payload>,
    payload_key: <payload key>,
    ip: <ip address>,
    timestamp: <unix timestamp>,
    raw_request: <raw url request>
}

Run as deamon

If you would like to run ESPot as deamon, you will need forever

$ npm install -g forever
$ forever start app.js

License

Source code of ESPot is released under the General Public License version 3.

About

ESPot - ElasticSearch Honeypot

Resources

Readme
Activity
Custom properties

Stars

25 stars

Watchers

9 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages