Skip to content
/ HoneyPress Public

python based WordPress honeypot in a docker container

License

View license
5 stars 11 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

kungfuguapo/HoneyPress

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

26 Commits
conf
conf
 
 
src
src
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

HoneyPress - WordPress honeypot

WordPress honeypot in a docker container

Update:

I have began a complete re-write / re-implementation of this idea. Decided it would be best to go with good ol' Flask and python for creating a "WordPress" install. Because of Flask's flexibility and Python's modularity there are all kinds of fun to be had.

Clone and build Docker image

$ git clone https://github.com/dustyfresh/HoneyPress.git
$ cd HoneyPress && docker build --rm -t honeypress .

Start HoneyPress

$ docker run -d --name HoneyPress -p 80:80

Logs

You can view access logs easily:

$ docker exec honeypress bash -c 'tail /opt/honeypress/logs/access.log'

192.168.99.1 - - [06/Jun/2016 03:21:41] "GET /wp-login.php?__debugger__=yes&cmd=resource&f=style.css HTTP/1.1" 200 -
192.168.99.1 - - [06/Jun/2016 03:21:41] "GET /wp-login.php?__debugger__=yes&cmd=resource&f=jquery.js HTTP/1.1" 200 -
192.168.99.1 - - [06/Jun/2016 03:21:41] "GET /wp-login.php?__debugger__=yes&cmd=resource&f=debugger.js HTTP/1.1" 200 -
192.168.99.1 - - [06/Jun/2016 03:21:41] "GET /wp-login.php?__debugger__=yes&cmd=resource&f=console.png HTTP/1.1" 200 -
192.168.99.1 - - [06/Jun/2016 03:21:41] "GET /wp-login.php?__debugger__=yes&cmd=resource&f=ubuntu.ttf HTTP/1.1" 200 -
192.168.99.1 - - [06/Jun/2016 03:21:41] "GET /wp-login.php?__debugger__=yes&cmd=resource&f=console.png HTTP/1.1" 200 -
192.168.99.1 - - [06/Jun/2016 03:21:44] "GET /wp-login.php HTTP/1.1" 200 -
192.168.99.1 - - [06/Jun/2016 03:21:46] "POST /wp-login.php HTTP/1.1" 200 -

Password logging

If you wanted to extract a list of passwords used in testing:

$ docker exec honeypress bash -c 'tail /opt/honeypress/logs/auth.log'

[2016-06-06 03:21:41.061363] - 192.168.99.1 - user: admin pass: admin - Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:46.0) Gecko/20100101 Firefox/
46.0

ToDo

  • Log shipping (prolly will just use rsyslog / S3)
  • Bake in notifications (SMS & email)
  • Capture all POST/GET payload data into a log to be looked at later by an analyst.
  • Figure out a way to introduce fake MySQL for SQLi analysis and payload capture
  • TCP dump analysis
  • Access log monitoring (look for things like sql injections, LFI/RFI, XSS, etc)
  • Modular vulnerabilities. Need to make it easier to fake a new vulnerability so scanners think they're exploiting a live target
  • Tor detection
  • Database of some sort.. haven't decided if I should go with MongoDB or just use sqlite. Not sure about performance yet.
  • Do some benchmarking.. is nginx needed?
  • Some gangster-ish browser fingerprinting (that supports Tor browsers too)
  • SLAP SOME GRAPHS ON THIS SHIT

About

python based WordPress honeypot in a docker container

Resources

Readme

License

View license
Activity

Stars

5 stars

Watchers

2 watching

Forks

11 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages