Conpot是一个ICS蜜罐,旨在收集对手针对工业控制系统的动机和方法的情报
Conpot的Python项目详细描述
conpot
关于
Conpot是一个ICS蜜罐,目的是收集有关动机和 对手瞄准工业控制系统的方法
文档
文档的构建source可以在here中找到。在这里您还可以找到关于如何installconpot和FAQ的说明。
使用Docker轻松安装
通过预构建的图像
- 安装Docker
- 运行
docker pull honeynet/conpot - 运行
docker run -it -p 80:80 -p 102:102 -p 502:502 -p 161:161/udp --network=bridge honeynet/conpot:latest /bin/sh - 最后运行
conpot -f --template default
docker pull honeynet/conpotdocker run -it -p 80:80 -p 102:102 -p 502:502 -p 161:161/udp --network=bridge honeynet/conpot:latest /bin/shconpot -f --template default导航到http://MY_IP_ADDRESS以确认设置。
从源代码构建Docker映像
- 安装Docker
- 使用
git clone https://github.com/mushorg/conpot.git和cd conpot 克隆此回购协议
- 运行
docker build -t conpot . - 运行
docker run -it -p 80:80 -p 102:102 -p 502:502 -p 161:161/udp --network=bridge conpot
git clone https://github.com/mushorg/conpot.git和cd conpotdocker build -t conpot .docker run -it -p 80:80 -p 102:102 -p 502:502 -p 161:161/udp --network=bridge conpot导航到http://MY_IP_ADDRESS以确认设置。
从源代码生成并与docker compose一起运行
- 安装docker-compose
- 使用
git clone https://github.com/mushorg/conpot.git和cd conpot克隆此回购协议
- 用
docker-compose build构建图像
- 使用
docker-compose up测试是否一切正常运行
- 使用
docker-compose up -d作为守护进程永久运行
样本输出
::
# conpot --template default
_
___ ___ ___ ___ ___| |_
| _| . | | . | . | _|
|___|___|_|_| _|___|_|
|_|
Version 0.6.0
MushMush Foundation
2018-08-09 19:13:15,085 Initializing Virtual File System at ConpotTempFS/__conpot__ootc_k3j. Source specified : tar://conpot-0.6.0-py3.6/conpot/data.tar
2018-08-09 19:13:15,100 Please wait while the system copies all specified files
2018-08-09 19:13:15,172 Fetched x.x.x.x as external ip.
2018-08-09 19:13:15,175 Found and enabled ('modbus', <conpot.protocols.modbus.modbus_server.ModbusServer object at 0x7f1af52231d0>) protocol.
2018-08-09 19:13:15,177 Found and enabled ('s7comm', <conpot.protocols.s7comm.s7_server.S7Server object at 0x7f1af5ad1f60>) protocol.
2018-08-09 19:13:15,178 Found and enabled ('http', <conpot.protocols.http.web_server.HTTPServer object at 0x7f1af4fc2630>) protocol.
2018-08-09 19:13:15,179 Found and enabled ('snmp', <conpot.protocols.snmp.snmp_server.SNMPServer object at 0x7f1af4fc2710>) protocol.
2018-08-09 19:13:15,181 Found and enabled ('bacnet', <conpot.protocols.bacnet.bacnet_server.BacnetServer object at 0x7f1af4fc22e8>) protocol.
2018-08-09 19:13:15,182 Found and enabled ('ipmi', <conpot.protocols.ipmi.ipmi_server.IpmiServer object at 0x7f1af5aaa1d0>) protocol.
2018-08-09 19:13:15,185 Found and enabled ('enip', <conpot.protocols.enip.enip_server.EnipServer object at 0x7f1af5aaa0f0>) protocol.
2018-08-09 19:13:15,199 Found and enabled ('ftp', <conpot.protocols.ftp.ftp_server.FTPServer object at 0x7f1af4fcec18>) protocol.
2018-08-09 19:13:15,206 Found and enabled ('tftp', <conpot.protocols.tftp.tftp_server.TftpServer object at 0x7f1af4fcef28$) protocol.
2018-08-09 19:13:15,206 No proxy template found. Service will remain unconfigured/stopped.
2018-08-09 19:13:15,206 Modbus server started on: ('0.0.0.0', 5020)
2018-08-09 19:13:15,206 S7Comm server started on: ('0.0.0.0', 10201)
2018-08-09 19:13:15,207 HTTP server started on: ('0.0.0.0', 8800)
2018-08-09 19:13:15,402 SNMP server started on: ('0.0.0.0', 16100)
2018-08-09 19:13:15,403 Bacnet server started on: ('0.0.0.0', 47808)
2018-08-09 19:13:15,403 IPMI server started on: ('0.0.0.0', 6230)
2018-08-09 19:13:15,403 handle server PID [23183] running on ('0.0.0.0', 44818)
2018-08-09 19:13:15,404 handle server PID [23183] responding to external done/disable signal in object 139753672309064
2018-08-09 19:13:15,404 FTP server started on: ('0.0.0.0', 2121)
2018-08-09 19:13:15,404 Starting TFTP server at ('0.0.0.0', 6969)
欢迎加入QQ群-->: 979659372
