T-Pot 19.03 T-Pot 19.03 runs on Debian (Sid), is based heavily on docker, docker-compose and includes dockerized versions of the following honeypots adbhoney, ciscoasa, conpot, cowrie, dionaea, elasticpot, glastopf, glutton, heralding, honeypy, honeytrap, mailoney, medpot, rdpy, snare, tanner Furthermore we use the following tools Cockpit for a lightweight, webui for...
<!--more-->
DTAG 社区蜜罐项目:http://dtag-dev-sec.github.io
官方简介:https://dtag-dev-sec.github.io/mediator/feature/2019/04/01/tpot-1903.html
项目地址:https://github.com/dtag-dev-sec/tpotce
T-pot MuMulti-Honeypot-Platform-Revolution 的系统架构图
实时统计各项攻击行为,清晰的各种报表统计,准确定位攻击源IP与真实地理位置.
T-Pot基于linux的网络安装程序。蜜罐守护程序以及正在使用的其他支持组件已使用Docker进行集装箱化。这允许我们在同一网络接口上运行多个蜜罐守护进程,同时保持较小的占用空间并限制每个蜜罐在其自己的环境中。
在T-pot中含有以下各种dockerized honeypots
rdpy
Rdpy 是一个用 Python 实现的 RDP 和 VNC 协议,可以用作服务端以及客户端,同时也提供 RDP 的蜜罐,用于记录 RDP 的过程
在主机上同时安装了以下几种工具
git clone https://github.com/dtag-dev-sec/tpotce
cd tpotce/iso/installer/ su root
./install.sh --type=user
cp tpot.conf.dist tpot.conf ./install.sh --type=auto --conf=tpot.conf # 配置文件里面含有64297端口进行Web管理的用户名和密码 # 即用户名webuser,密码w3b$ecret
因需下载文件多来自国外的源,安装过程需要很久的等待,安装完成过后,系统将自动重启。
3.首次运行
SSH and Web Access
Browser and access the Admin UI: https://<your.ip>:64294
SSH to access the command line: ssh -l username -p 64295 <your.ip>
user: [tsec or user] you chose during one of the post Debian install methods
pass: [password] you chose during the Debian installation
Kibana Dashboard
Browser and access the Web UI: https://<your.ip>:64297
user: [user] you chose during the installation,according to tpot.conf
pass: [password] you chose during the installation,according to tpot.conf
即用户名webuser,密码w3b$ecret
Cockpit Overview
Cockpit Containers
需要将登录用户添加到docker用户组中。
# 将当前用户加入docker组: $ sudo usermod -aG docker $USER
Cockpit Terminal
涉及较多的Kibana可视化配置,
For the ones of you who want to live on the bleeding edge of T-Pot development we introduced an update feature which will allow you to update all T-Pot relevant files to be up to date with the T-Pot master branch. If you made any relevant changes to the T-Pot relevant config files make sure to create a backup first.
cd /opt/tpot/ ./update.sh -y
[公告]LV6级以上的看雪会员可以免费获得《2019安全开发者峰会》门票一张!!
最后于 2019-7-6 19:46 被北岸冷若冰霜编辑 ,原因: