Skip to content

pouriyajamshidi/oxipot

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Oxipot

oxipot_logo

Downloads Docker Pulls

A network telnet HoneyPot written in Rust.

Features

  • Detect IT, OT and IoT bots 🤖
  • Capture IP and location information of bots, attackers and intruders trying to gain access to your network
  • In-memory (volatile) and database (non-volatile) IP and location information caching
  • Handles a lot of concurrent network connections
  • Rate-limits persistent intruders
  • Build a big username and password database for IT, OT and IoT (thanks to malicious actors)
  • Extremely resource friendly and efficient to run
  • Containerized for portability and better security
  • SSH support (TBD)

Run

Using Docker Compose

This is the recommended way since it will always makes sure the container remains up.

  1. Make the database directory:

    mkdir /var/log/oxipot
  2. Start the container:

    docker compose up

Please note this example is using the new compose plugin and not docker-compose. Nonetheless, there should be no difference.

Using Docker

  1. Make the database directory:

    mkdir /var/log/oxipot
  2. Map port 23 to oxipot's default port, 2223 and specify the directory you want the database to be stored in.

    docker run --name oxipot --rm -t -p 23:2223 -v /var/log/oxipot:/oxipot/db:rw oxipot:latest

Using The Executable

Directly using the executable is not recommended. This method should be used only if you know your craft.

  1. Download the executable.

  2. Extract the file:

    tar -zxvf oxipot.tar.gz
  3. Make it executable:

    chmod +x oxipot
  4. Make the database directory:

    mkdir db
  5. Run it:

    ./oxipot

A folder named db will be created in the same directory that will host oxipot.db containing the intruder reports.

View The Report

After a connection is made to the machine running oxipot, a sqlite3 database is created that you can refer to in order to see who has connected to the machine and what credentials they have used.

Depending on how you run oxipot, the location of the database will differ.

  • Using docker compose, the database will be located at /var/log/oxipot/oxipot.db.
  • Using docker run, the database will be located at the directory the image was started at /var/log/oxipot/oxipot.db or a custom directory you have specified.
  • Using the executable, the database will be located at the same directory as oxipot.

Utilizing sqlite3, you can view the reports.

  1. Open the database:

    sqlite3 /var/log/oxipot/oxipot.db
  2. Run your query:

    SELECT * FROM intruders;

The result will be similar to:

oxipot_report

Disclaimer

This is a hobby project and work in progress prone to many changes. Run at your own risk.