Skip to content

pouriyajamshidi/oxipot

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

205 Commits

.github

.github

 
 

artwork

artwork

 
 

src

src

 
 

.gitignore

.gitignore

 
 

Cargo.lock

Cargo.lock

 
 

Cargo.toml

Cargo.toml

 
 

Dockerfile

Dockerfile

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

build.rs

build.rs

 
 

docker-compose.yml

docker-compose.yml

 
 

Repository files navigation

Oxipot

oxipot_logo

A network telnet HoneyPot written in Rust.

Features

  • Detect IT, OT and IoT bots 🤖
  • Capture IP and location information of bots, attackers and intruders trying to gain access to your network
  • In-memory (volatile) and database (non-volatile) IP and location information caching
  • Handles a lot of concurrent network connections
  • Rate-limits persistent intruders
  • Build a big username and password database for IT, OT and IoT (thanks to malicious actors)
  • Extremely resource friendly and efficient to run
  • Containerized for portability and better security
  • SSH support (TBD)

Run

Using Docker Compose

This is the recommended way since it will always makes sure the container remains up.

  1. Make the database directory:

    mkdir /var/log/oxipot

  2. Start the container:

    docker compose up

Please note this example is using the new compose plugin and not docker-compose. Nonetheless, there should be no difference.

Using Docker

  1. Make the database directory:

    mkdir /var/log/oxipot

  2. Map port 23 to oxipot's default port, 2223 and specify the directory you want the database to be stored in.

    docker run --name oxipot --rm -t -p 23:2223 -v /var/log/oxipot:/oxipot/db:rw oxipot:latest

Using The Executable

Directly using the executable is not recommended. This method should be used only if you know your craft.

  1. Download the executable.

  2. Extract the file:

    tar -zxvf oxipot.tar.gz

  3. Make it executable:

    chmod +x oxipot

  4. Make the database directory:

    mkdir db

  5. Run it:

    ./oxipot

A folder named db will be created in the same directory that will host oxipot.db containing the intruder reports.

View The Report

After a connection is made to the machine running oxipot, a sqlite3 database is created that you can refer to in order to see who has connected to the machine and what credentials they have used.

Depending on how you run oxipot, the location of the database will differ.

  • Using docker compose, the database will be located at /var/log/oxipot/oxipot.db.
  • Using docker run, the database will be located at the directory the image was started at /var/log/oxipot/oxipot.db or a custom directory you have specified.
  • Using the executable, the database will be located at the same directory as oxipot.

Utilizing sqlite3, you can view the reports.

  1. Open the database:

    sqlite3 /var/log/oxipot/oxipot.db

  2. Run your query:

    SELECT * FROM intruders;

The result will be similar to:

oxipot_report

Disclaimer

This is a hobby project and work in progress prone to many changes. Run at your own risk.

About

Network Honeypot written in Rust

Topics

network honeypot telnet

Resources

Readme

License

BSL-1.0 license
Activity

Stars

8 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases 1

0.2.0 - July 2023 Latest
Jul 8, 2023

Sponsor this project

 
Learn more about GitHub Sponsors

Packages

No packages published

Contributors 2

  •  
  •  

Languages