Conpot – An Open Industrial Control Honeypot

0
8
Conpot - An Open Industrial Control Honeypot

Conpot is an ICS honeypot with the objective to gather intelligence in regards to the motives and strategies of adversaries focusing on industrial management programs

Documentation
The construct of the documentations source will be discovered here. There additionally, you will discover the directions on the way to install conpot and the FAQ.

Easy set up utilizing Docker

Via a pre-constructed picture

  1. Install Docker
  2. Run docker pull honeynet/conpot
  3. Run docker run -it -p 80:80 -p 102:102 -p 502:502 -p 161:161/udp --network=bridge honeynet/conpot:newest /bin/sh
  4. Finally run conpot -f --template default

Navigate to http://MY_IP_ADDRESS to verify the setup.

Build docker picture from supply

  1. Install Docker
  2. Clone this repo with git clone https://github.com/mushorg/conpot.git and cd conpot/docker
  3. Run docker construct -t conpot .
  4. Run docker run -it -p 80:8800 -p 102:10201 -p 502:5020 -p 161:16100/udp -p 47808:47808/udp -p 623:6230/udp -p 21:2121 -p 69:6969/udp -p 44818:44818 --network=bridge conpot

Navigate to http://MY_IP_ADDRESS to verify the setup.

Build from supply and run with docker-compose

  1. Install docker-compose
  2. Clone this repo with git clone https://github.com/mushorg/conpot.git and cd conpot/docker
  3. Build the picture with docker-compose construct
  4. Test if all the pieces is working appropriately with docker-compose up
  5. Permanently run as a daemon with docker-compose up -d

Sample output
::

# conpot --template default  
                     _                                                                                                    
 ___ ___ ___ ___ ___| |_                                                                                                
|  _| . |   | . | . |  _|                                                                                               
|___|___|_|_|  _|___|_|                                                                                                 
            |_|                                                                                                         
                                                                                                                      
Version 0.6.0                                                                                                           
MushMush Foundation                                                                                                     

2018-08-09 19:13:15,085 Initializing Virtual File System at ConpotTempFS/__conpot__ootc_k3j. Source specified : tar://conpot-0.6.0-py3.6/conpot/information.tar
2018-08-09 19:13:15,100 Please wait whereas the system copies all specified recordsdata
2018-08-09 19:13:15,172 Fetched x.x.x.x as exterior ip.
2018-08-09 19:13:15,175 Found and enabled ('modbus', <conpot.protocols.modbus.modbus_server.ModbusServer object at 0x7f1af52231d0>) protocol.
2018-08-09 19:13:15,177 Found and enabled ('s7comm', <conpot.protocols.s7comm.s7_server.S7Server object at 0x7f1af5ad1f60>) protocol.
2018-08-09 19:13:15,178 Found and enabled ('http', <conpot.protocols.http.web_server.HTTPServer object at 0x7f1af4fc2630>) protocol.
2018-08-09 19:13:15,179 Found and enabled ('snmp', <conpot.protocols.snmp.snmp_server.SNMPServer object at 0x7f1af4fc2710>) protocol.
2018-08-09 19:13:15,181 Found and enabled ('bacnet', <conpot.protocols.bacnet.bacnet_server.BacnetServer object at 0x7f1af4fc22e8>) protocol.
2018-08-09 19:13:15,182 Found and enabled ('ipmi', <conpot.protocols.ipmi.ipmi_server.IpmiServer object at 0x7f1af5aaa1d0>) protocol.
2018-08-09 19:13:15,185 Found and enabled ('enip', <conpot.protocols.enip.enip_server.EnipServer object at 0x7f1af5aaa0f0>) protocol.
2018-08-09 19:13:15,199 Found and enabled ('ftp', <conpot.protocols.ftp.ftp_server.FTPServer object at 0x7f1af4fcec18>) protocol.
2018-08-09 19:13:15,206 Found and enabled ('tftp', <conpot.protocols.tftp.tftp_server.TftpServer object at 0x7f1af4fcef28$) protocol.
2018-08-09 19:13:15,206 No proxy template discovered. Service will stay unconfigured/stopped.                                
2018-08-09 19:13:15,206 Modbus server began on: ('0.0.0.0', 5020)                                                       
2018-08-09 19:13:15,206 S7Comm server began on: ('0.0.0.0', 10201)                                                      
2018-08-09 19:13:15,207 HTTP server began on: ('0.0.0.0', 8800)                                                         
2018-08-09 19:13:15,402 SNMP server began on: ('0.0.0.0', 16100)                                                        
2018-08-09 19:13:15,403 Bacnet server began on: ('0.0.0.0', 47808)                                                      
2018-08-09 19:13:15,403 IPMI server began on: ('0.0.0.0', 6230)                                                         
2018-08-09 19:13:15,403 deal with server PID [23183] working on ('0.0.0.0', 44818)                                           
2018-08-09 19:13:15,404 deal with server PID [23183] responding to exterior completed/disable sign in object 139753672309064
2018-08-09 19:13:15,404 FTP server began on: ('0.0.0.0', 2121)                                                          
2018-08-09 19:13:15,404 Starting TFTP server at ('0.0.0.0', 6969)

Intro video

MoreTip.com

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.