oxipot's Introduction

Oxipot

A network telnet HoneyPot written in Rust.

Features

Detect IT, OT and IoT bots 🤖
Capture IP and location information of bots, attackers and intruders trying to gain access to your network
In-memory (volatile) and database (non-volatile) IP and location information caching
Handles a lot of concurrent network connections
Rate-limits persistent intruders
Build a big username and password database for IT, OT and IoT (thanks to malicious actors)
Extremely resource friendly and efficient to run
Containerized for portability and better security
SSH support (TBD)

Run

Using Docker Compose

This is the recommended way since it will always makes sure the container remains up.

Make the database directory:
```
mkdir /var/log/oxipot
```
Start the container:
```
docker compose up
```

Please note this example is using the new compose plugin and not docker-compose. Nonetheless, there should be no difference.

Using Docker

Make the database directory:
```
mkdir /var/log/oxipot
```
Map port 23 to oxipot's default port, 2223 and specify the directory you want the database to be stored in.
```
docker run --name oxipot --rm -t -p 23:2223 -v /var/log/oxipot:/oxipot/db:rw oxipot:latest
```

Using The Executable

Directly using the executable is not recommended. This method should be used only if you know your craft.

Download the executable.
Extract the file:
```
tar -zxvf oxipot.tar.gz
```
Make it executable:
```
chmod +x oxipot
```
Make the database directory:
```
mkdir db
```
Run it:
```
./oxipot
```

A folder named db will be created in the same directory that will host oxipot.db containing the intruder reports.

View The Report

After a connection is made to the machine running oxipot, a sqlite3 database is created that you can refer to in order to see who has connected to the machine and what credentials they have used.

Depending on how you run oxipot, the location of the database will differ.

Using docker compose, the database will be located at /var/log/oxipot/oxipot.db.
Using docker run, the database will be located at the directory the image was started at /var/log/oxipot/oxipot.db or a custom directory you have specified.
Using the executable, the database will be located at the same directory as oxipot.

Utilizing sqlite3, you can view the reports.

Open the database:
```
sqlite3 /var/log/oxipot/oxipot.db
```
Run your query:
```
SELECT * FROM intruders;
```

The result will be similar to:

Disclaimer

This is a hobby project and work in progress prone to many changes. Run at your own risk.

oxipot's People

Contributors

Stargazers

Watchers

oxipot's Issues

Reverse attack

Describe the solution you'd like
I would like to use it to attack the client and see if I can own their computer.

Describe alternatives you've considered
Write my own

Additional context
I would do the programming, and I could also help log JSON in mongodb.

Are you planning to include JSON logging?

Currently logging seems to be limited to sqlite3. While logging to the Elastic Stack or Splunk seems to be possible with sqlite3 plugins, having a JSON log would make things a lot easier.
Maybe you have already planned or looked into it.

Recommend Projects