A network telnet HoneyPot
written in Rust.
- Detect IT, OT and IoT bots 🤖
- Capture IP and location information of bots, attackers and intruders trying to gain access to your network
- In-memory (
volatile
) and database (non-volatile
) IP and location information caching - Handles a lot of concurrent network connections
- Rate-limits persistent intruders
- Build a big username and password database for IT, OT and IoT (thanks to malicious actors)
- Extremely resource friendly and efficient to run
- Containerized for portability and better security
- SSH support (TBD)
This is the recommended way since it will always makes sure the container remains up.
-
Make the database directory:
mkdir /var/log/oxipot
-
Start the container:
docker compose up
Please note this example is using the new
compose
plugin and notdocker-compose
. Nonetheless, there should be no difference.
-
Make the database directory:
mkdir /var/log/oxipot
-
Map port 23 to oxipot's default port, 2223 and specify the directory you want the database to be stored in.
docker run --name oxipot --rm -t -p 23:2223 -v /var/log/oxipot:/oxipot/db:rw oxipot:latest
Directly using the executable is not recommended. This method should be used only if you know your craft.
-
Download the executable.
-
Extract the file:
tar -zxvf oxipot.tar.gz
-
Make it executable:
chmod +x oxipot
-
Make the database directory:
mkdir db
-
Run it:
./oxipot
A folder named
db
will be created in the same directory that will hostoxipot.db
containing the intruder reports.
After a connection is made to the machine running oxipot
, a sqlite3 database is created that you can refer to in order to see who has connected to the machine and what credentials they have used.
Depending on how you run oxipot
, the location of the database will differ.
- Using docker compose, the database will be located at
/var/log/oxipot/oxipot.db
. - Using docker run, the database will be located at the directory the image was started at
/var/log/oxipot/oxipot.db
or a custom directory you have specified. - Using the executable, the database will be located at the same directory as
oxipot
.
Utilizing sqlite3, you can view the reports.
-
Open the database:
sqlite3 /var/log/oxipot/oxipot.db
-
Run your query:
SELECT * FROM intruders;
The result will be similar to:
This is a hobby project and work in progress prone to many changes. Run at your own risk.