Conpot
Conpot is an ICS honeypot with the goal to collect intelligence about the motives and methods of adversaries targeting industrial control systems
Install using Docker
Via a pre-built image
- Install Docker
- Run
docker pull honeynet/conpot
- Rundocker run -it -p 80:80 -p 102:102 -p 502:502 -p 161:161/udp –network=bridge honeynet/conpot:latest /bin/sh
- Finally, run
conpot -f --template default
Navigate to http://MY_IP_ADDRESS to confirm the setup.
Build docker image from source
- Install Docker
- Clone this repo with
git clone https://github.com/mushorg/conpot.git &&cd conpot
- Run
docker build -t conpot .
- Run
docker run -it -p 80:80 -p 102:102 -p 502:502 -p 161:161/udp --network=bridge conpot
Navigate to http://MY_IP_ADDRESS to confirm the setup.
Build from source and run with docker-compose
- Install docker-compose
- Clone this repo with
git clone https://github.com/mushorg/conpot.git &&cd conpot
- Build the image with docker-compose build
- Test if everything is running correctly with docker-compose up
- Permanently run as a daemon with docker-compose up -d
Sample output
# conpot --template default
_
___ ___ ___ ___ ___| |_
| _| . | | . | . | _|
|___|___|_|_| _|___|_|
|_|
Version 0.6.0
MushMush Foundation
2018-08-09 19:13:15,085 Initializing Virtual File System at ConpotTempFS/__conpot__ootc_k3j. Source specified : tar://conpot-0.6.0-py3.6/conpot/data.tar
2018-08-09 19:13:15,100 Please wait while the system copies all specified files
2018-08-09 19:13:15,172 Fetched x.x.x.x as external ip.
2018-08-09 19:13:15,175 Found and enabled ('modbus', <conpot.protocols.modbus.modbus_server.ModbusServer object at 0x7f1af52231d0>) protocol.
2018-08-09 19:13:15,177 Found and enabled ('s7comm', <conpot.protocols.s7comm.s7_server.S7Server object at 0x7f1af5ad1f60>) protocol.
2018-08-09 19:13:15,178 Found and enabled ('http', <conpot.protocols.http.web_server.HTTPServer object at 0x7f1af4fc2630>) protocol.
2018-08-09 19:13:15,179 Found and enabled ('snmp', <conpot.protocols.snmp.snmp_server.SNMPServer object at 0x7f1af4fc2710>) protocol.
2018-08-09 19:13:15,181 Found and enabled ('bacnet', <conpot.protocols.bacnet.bacnet_server.BacnetServer object at 0x7f1af4fc22e8>) protocol.
2018-08-09 19:13:15,182 Found and enabled ('ipmi', <conpot.protocols.ipmi.ipmi_server.IpmiServer object at 0x7f1af5aaa1d0>) protocol.
2018-08-09 19:13:15,185 Found and enabled ('enip', <conpot.protocols.enip.enip_server.EnipServer object at 0x7f1af5aaa0f0>) protocol.
2018-08-09 19:13:15,199 Found and enabled ('ftp', <conpot.protocols.ftp.ftp_server.FTPServer object at 0x7f1af4fcec18>) protocol.
2018-08-09 19:13:15,206 Found and enabled ('tftp', <conpot.protocols.tftp.tftp_server.TftpServer object at 0x7f1af4fcef28$) protocol.
2018-08-09 19:13:15,206 No proxy template found. Service will remain unconfigured/stopped.
2018-08-09 19:13:15,206 Modbus server started on: ('0.0.0.0', 5020)
2018-08-09 19:13:15,206 S7Comm server started on: ('0.0.0.0', 10201)
2018-08-09 19:13:15,207 HTTP server started on: ('0.0.0.0', 8800)
2018-08-09 19:13:15,402 SNMP server started on: ('0.0.0.0', 16100)
2018-08-09 19:13:15,403 Bacnet server started on: ('0.0.0.0', 47808)
2018-08-09 19:13:15,403 IPMI server started on: ('0.0.0.0', 6230)
2018-08-09 19:13:15,403 handle server PID [23183] running on ('0.0.0.0', 44818)
2018-08-09 19:13:15,404 handle server PID [23183] responding to external done/disable signal in object 139753672309064
2018-08-09 19:13:15,404 FTP server started on: ('0.0.0.0', 2121)
2018-08-09 19:13:15,404 Starting TFTP server at ('0.0.0.0', 6969)
Tutorial
Copyright 2018, MushMush Foundation
