Skip to content

referefref/modpot

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

47 Commits

.github

.github

 
 

responders

responders

 
 

templates

templates

 
 

web

web

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

config.go

config.go

 
 

config.yaml

config.yaml

 
 

database.go

database.go

 
 

go.mod

go.mod

 
 

go.sum

go.sum

 
 

log.go

log.go

 
 

main.go

main.go

 
 

server.go

server.go

 
 

validate.go

validate.go

 
 

Repository files navigation

Active Development contributions welcome

modpot v0.3.11 (Not for workgroups)

GoHTML5JavaScript

modpot-wide image

modpot is a modular web application honeypot framework written in Golang and making use of gin framework. It is the antithesis to honeydet in many ways and allows the user to deploy simple html/js honeypots that mimic web applications in order to detect requests and form entries that are related to attacks. Responders offer a modular capacity for automation and logging pipelines and are not limited by programming language. modpot is best utilised alongside honeypage a tool that creates flattened single html file versions of web applications, which makes them portable and easy to use with modpot.

Responders

image

Responders allow for simple triggering of automation, logging, or connection to SOC platforms. The parameters that can be passed to responders are ID, Application, Datetime, IP Source, Log Event.

Included are the following examples:

  • Email
  • iptables - time window blocking
  • SMS (Using twilio)
  • Slack - webhook
  • Syslog
  • Splunk - HEC endpoint
  • Webhook-generic

Example config

honeypots:
  - id: 1
    name: "ExampleHoneypot1"
    cve: "CVE-2021-XXXX"
    application: "FakeWebApp1"
    port: 8081
    enabled: true
    template_html_file: "index1.html"
    detection_endpoint: "/fakeapp"
    request_regex: ".*attack.*"
    redirect_url: "https://jamesbrine.com.au/"
    date_created: "2022-01-01"
    date_updated: "2022-01-02"
    responders:
      - engine: "/usr/bin/bash"
        script: "email.sh"
        parameters: ["honeypots.id", "honeypots.application", "honeypot_logs.datetime", "honeypot_logs.ip_source", "honeypot_logs.log_event"]
      - engine: python3
        script: sms.py
        parameters: ["honeypots.id", "honeypots.application", "honeypot_logs.datetime", "honeypot_logs.ip_source", "honeypot_logs.log_event"]
      - engine: "/usr/bin/bash"
        script: "iptables_block.sh"
        parameters: ["honeypot_logs.ip_source"]

  - id: 2
    name: "ExampleHoneypot2"
    cve: "CVE-2022-YYYY"
    application: "FakeWebApp2"
    port: 8082
    enabled: true
    template_html_file: "index2.html"
    detection_endpoint: "/anotherapp"
    request_regex: "^/admin"
    redirect_url: "test.html"
    date_created: "2022-02-01"
    date_updated: "2022-02-02"

Note

I am not responsible for your use/mis-use of this application. It was created for research purposes and is not intended nor do I or it's existence give implicit authority to use it as a phishing tool or for any other malicious purposes. Now, with the boring stuff out of the way.

Todo

  • Tidy up web frontend and features (search, filter, paginate etc.)
  • Allow for multi-step configs for more complex honeypages
  • Set up reporting/alerting on match and allow configuration through web frontend
  • Build honeypage into modpot, allowing the page download process to take place through the "Add honeypot" button in the main interface

About

Modular web-application honeypot platform built using go and gin

jamesbrine.com.au

Topics

golang honeypot cti cyber-threat-intelligence

Resources

Readme

License

Apache-2.0 license
Activity

Stars

47 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Sponsor this project

Packages

No packages published

Languages