Sunday, 17 April 2022

T-Pot 22.04.0


T-Pot 22.04.0

2022 Version of T-Pot has dropped.  

Lots of new visualisations.

Looks like I will be updating my systems!





Posted by at No comments:

Monday, 13 July 2020

T-Pot 20 has new visualisations.


Attacks collected Heat Map.






Posted by at No comments:

Friday, 19 June 2020

MHN Live Attack Map




Collecting from

  • Dionaea
  • Corrie
Everyone likes a Pew Pew map to show the attacks.

Posted by at No comments:

Sunday, 7 January 2018

Looking for deception

The deception port is identified as   --- Port 365

Does anyone use it ?



nmap -iR 0   -p 365


nmap -iR 10000   --dns-servers 9.9.9.9 -p 365   --reason -vv  | find "open port"




----
https://nmap.org/book/man-target-specification.html


Posted by at No comments:

Saturday, 4 November 2017

Docker - Install MHN 


docker run -p 10000:10000 -p 80:80 -p 3000:3000 -p 8089:8089 --name mhn -t -i ubuntu:14.04.2 /bin/bash

Plus more ports later ?

Next, create and run the following script:
#!/bin/bash

set -x

apt-get update 
apt-get upgrade -y 
apt-get install git wget gcc supervisor -y 
cd /opt/ 
git clone https://github.com/threatstream/mhn.git 
cd mhn

cat > /etc/supervisor/conf.d/mhntodocker.conf <<EOF
[program:mongod]
command=/usr/bin/mongod
stdout_logfile=/var/log/supervisor/%(program_name)s.log
stderr_logfile=/var/log/supervisor/%(program_name)s.log
autorestart=true
autostart=true

[program:nginx]
command=/usr/sbin/nginx
stdout_events_enabled=true
stderr_events_enabled=true
autostart=true
autorestart=true

EOF

mkdir -p /data/db /var/log/mhn /var/log/supervisor

supervisord &

#Starts the mongod service after installation
echo supervisorctl start mongod >> /opt/mhn/scripts/install_mongo.sh

./install.sh

supervisorctl restart all


Run the container with a range of ports, 


docker stop image 
docker commit image newimage


docker run -p 1-10000:1-100000 - --name mhn -t -i newimage /bin/bash

docker run -p 7000-8000:7000-8000

---
Thanks


https://github.com/threatstream/mhn/wiki/Running-MHN-in-Docker
https://stackoverflow.com/questions/28717464/docker-expose-all-ports-or-range-of-ports-from-7000-to-8000


Posted by at No comments:

Docker - Rename Container

To add port forwardings, I always follow these steps,
  1. stop running container
    docker stop test01
  2. commit the container
    docker commit test01 test02
    NOTE: The above, test02 is a new image that I'm constructing from the test01 container.
  3. re-run from the commited image
    docker run -p 8080:8080 -td test02
Where the first 8080 is the local port and the second 8080 is the container port.



---
Thanks

https://stackoverflow.com/questions/19335444/how-do-i-assign-a-port-mapping-to-an-existing-docker-container


Posted by at No comments:

Saturday, 28 October 2017

Docker Honeypots - Conpot

Via a pre-built image

  1. Install Docker
  2. Run docker pull honeynet/conpot
  3. Run docker run -it -p 80:80 -p 102:102 -p 502:502 -p 161:161/udp --network=bridge honeynet/conpot:latest /bin/sh
  4. Finally run conpot --template default
Navigate to http://MY_IP_ADDRESS to confirm the setup.





Conpot is an ICS honeypot with the goal to collect intelligence about the motives and methods of adversaries targeting industrial control systems





---
Thanks

https://hub.docker.com/r/honeynet/conpot/


Posted by at No comments:
Subscribe to: Posts (Atom)