Conpot - An Opened Upwards Industrial Command Honeypot


Conpot is an ICS honeypot alongside the destination to collect intelligence almost the motives as well as methods of adversaries targeting industrial command systems

Documentation
The construct of the documentations source tin flaming survive flora here. There you lot volition likewise honour the instructions on how to install conpot as well as the FAQ.

Easy install using Docker

Via a pre-built image
  1. Install Docker
  2. Run docker push clit honeynet/conpot
  3. Run docker run -it -p 80:80 -p 102:102 -p 502:502 -p 161:161/udp --network=bridge honeynet/conpot:latest /bin/sh
  4. Finally run conpot -f --template default
Navigate to http://MY_IP_ADDRESS to confirm the setup.

Build docker paradigm from source
  1. Install Docker
  2. Clone this repo alongside git clone https://github.com/mushorg/conpot.git as well as cd conpot/docker
  3. Run docker construct -t conpot .
  4. Run docker run -it -p 80:8800 -p 102:10201 -p 502:5020 -p 161:16100/udp -p 47808:47808/udp -p 623:6230/udp -p 21:2121 -p 69:6969/udp -p 44818:44818 --network=bridge conpot
Navigate to http://MY_IP_ADDRESS to confirm the setup.

Build from source as well as run alongside docker-compose
  1. Install docker-compose
  2. Clone this repo alongside git clone https://github.com/mushorg/conpot.git as well as cd conpot/docker
  3. Build the paradigm alongside docker-compose build
  4. Test if everything is running correctly alongside docker-compose up
  5. Permanently run every bit a daemon alongside docker-compose upwards -d

Sample output
::
# conpot --template default                        _                                                                                                      ___ ___ ___ ___ ___| |_                                                                                                 |  _| . |   | . | . |  _|                                                                                                |___|___|_|_|  _|___|_|                                                                                                              |_|                                                                                                                                                                                                                                 Version 0.6.0                                                                                                            MushMush Foundation                                                                                                       2018-08-09 19:13:15,085 Initializing Virtual File System at ConpotTempFS/__conpot__ootc_k3j. Source specified : tar://conpot-0.6.0-py3.6/conpot/data.tar 2018-08-09 19:13:15,100 Please await spell the organization copies all specified files 2018-08-09 19:13:15,172 Fetched x.x.x.x every bit external ip. 2018-08-09 19:13:15,175 Found as well as enabled ('modbus', <conpot.protocols.modbus.modbus_server.ModbusServer object at 0x7f1af52231d0>) protocol. 2018-08-09 19:13:15,177 Found as well as enabled ('s7comm', <conpot.protocols.s7comm.s7_server.S7Server object at 0x7f1af5ad1f60>) protocol. 2018-08-09 19:13:15,178 Found as well as enabled ('http', <conpot.protocols.http.web_server.HTTPServer object at 0x7f1af4fc2630>) protocol. 2018-08-09 19:13:15,179 Found as well as enabled ('snmp', <conpot.protocols.snmp.snmp_server.SNMPServer object at 0x7f1af4fc2710>) protocol. 2018-08-09 19:13:15,181 Found as well as enabled ('bacnet', <conpot.protocols.bacnet.bacnet_server.BacnetServer object at 0x7f1af4fc22e8>) protocol. 2018-08-09 19:13:15,182 Found as well as enabled ('ipmi', <conpot.protocols.ipmi.ipmi_server.IpmiServer object at 0x7f1af5aaa1d0>) protocol. 2018-08-09 19:13:15,185 Found as well as enabled ('enip', <conpot.protocols.enip.enip_server.EnipServer object at 0x7f1af5aaa0f0>) protocol. 2018-08-09 19:13:15,199 Found as well as enabled ('ftp', <conpot.protocols.ftp.ftp_server.FTPServer object at 0x7f1af4fcec18>) protocol. 2018-08-09 19:13:15,206 Found as well as enabled ('tftp', <conpot.protocols.tftp.tftp_server.TftpServer object at 0x7f1af4fcef28$) protocol. 2018-08-09 19:13:15,206 No proxy template found. Service volition rest unconfigured/stopped.                                 2018-08-09 19:13:15,206 Modbus server started on: ('0.0.0.0', 5020)                                                        2018-08-09 19:13:15,206 S7Comm server started on: ('0.0.0.0', 10201)                                                       2018-08-09 19:13:15,207 HTTP server started on: ('0.0.0.0', 8800)                                                          2018-08-09 19:13:15,402 SNMP server started on: ('0.0.0.0', 16100)                                                         2018-08-09 19:13:15,403 Bacnet server started on: ('0.0.0.0', 47808)                                                       2018-08-09 19:13:15,403 IPMI server started on: ('0.0.0.0', 6230)                                                          2018-08-09 19:13:15,403 grip server PID [23183] running on ('0.0.0.0', 44818)                                            2018-08-09 19:13:15,404 grip server PID [23183] responding to external done/disable betoken inward object 139753672309064 2018-08-09 19:13:15,404 FTP server started on: ('0.0.0.0', 2121)                                                           2018-08-09 19:13:15,404 Starting TFTP server at ('0.0.0.0', 6969)

Intro video



Popular posts from this blog

Telekiller - A Tool Session Hijacking In Addition To Stealer Local Passcode Telegram Windows

Image
H5N1 Tools Session Hijacking And Stealer Local passcode Telegram Windows. Features : Session Hijacking Stealer Local Passcode Keylogger Shell Bypass ii Step Verification Bypass Av (Coming Soon) Installation Windows git clone https://github.com/ultrasecurity/TeleKiller.git cd TeleKiller pip install -r requirements.txt python TeleKiller.py Dependency : python 2.7 pyHook pywin32 Video Tutorial Operating Systems Tested Windows 10 Windows 8.1 Windows 8 Windows 7 Contact WebSite Ultra Security Team: https://ultrasec.org Channel Telegram: https://t.me/UltraSecurity Thanks to Milad Ranjbar MrQadir Download TeleKiller
Read more

Cameradar V2.1.0 - Hacks Its Mode Into Rtsp Videosurveillance Cameras

Image
   An RTSP flow access tool that comes alongside its library Cameradar allows you lot to Detect opened upward RTSP hosts on whatever accessible target host Detect which device model is streaming Launch automated dictionary attacks to larn their stream route (e.g.: /live.sdp ) Launch automated lexicon attacks to larn the username in addition to password of the cameras Retrieve a consummate in addition to user-friendly study of the results Docker Image for Cameradar Install docker on your machine, in addition to run the next command: docker run -t ullaakut/cameradar -t <target> <other command-line options> See command-line options . e.g.: docker run -t ullaakut/cameradar -t 192.168.100.0/24 -l volition scan the ports 554 in addition to 8554 of hosts on the 192.168.100.0/24 subnetwork in addition to laid on the discovered RTSP streams in addition to volition output debug logs. YOUR_TARGET tin hold out a subnet (e.g.: 172.16.100.0/24 )...
Read more

Efiguard - Disable Patchguard Together With Dse At Kicking Time

Image
EfiGuard is a portable x64 UEFI bootkit that patches the Windows kicking manager, kicking loader too center at kicking fourth dimension inward club to disable PatchGuard too Driver Signature Enforcement (DSE). Features Currently supports all EFI-compatible versions of Windows x64 e'er released, from Vista SP1 to Server 2019. Easy to use: tin live on booted from a USB stick via a loader application that automatically finds too boots Windows. The driver tin also live on loaded too configured manually using either the UEFI rhythm out or the loader. Makes extensive utilization of the Zydis disassembler library for fast runtime pedagogy decoding to back upwardly to a greater extent than robust analysis than what is possible amongst signature matching, which oftentimes requires changes amongst novel OS updates. Works passively: the driver does non charge or start the Windows kicking manager. Instead it acts on a charge of bootmgfw.efi yesteryear the firmware kicking ...
Read more