懂AI
tpotce

tpotce

多功能蜜罐平台强化网络安全监控

T-Pot是一个多架构蜜罐平台,集成20多种蜜罐和多种可视化选项。该平台利用Elastic Stack进行数据分析,通过实时攻击地图展示攻击情况。T-Pot支持在虚拟机、物理硬件和云环境中部署,集成多种安全工具,可用于网络安全监控和威胁情报收集。

蜜罐平台T-PotDocker网络安全开源Github开源项目
访问官网GitHub论文文档

T-Pot - The All In One Multi Honeypot Platform

T-Pot

T-Pot is the all in one, optionally distributed, multiarch (amd64, arm64) honeypot plattform, supporting 20+ honeypots and countless visualization options using the Elastic Stack, animated live attack maps and lots of security tools to further improve the deception experience. <br><br>

TL;DR

  1. Meet the system requirements. The T-Pot installation needs at least 8-16 GB RAM, 128 GB free disk space as well as a working (outgoing non-filtered) internet connection.
  2. Download or use a running, supported distribution.
  3. Install the ISO with as minimal packages / services as possible (ssh required)
  4. Install curl: $ sudo [apt, dnf, zypper] install curl if not installed already
  5. Run installer as non-root from $HOME:
env bash -c "$(curl -sL https://github.com/telekom-security/tpotce/raw/master/install.sh)"
  • Follow instructions, read messages, check for possible port conflicts and reboot
<!-- TOC --> <!-- TOC -->

<br><br>

Disclaimer

  • You install and run T-Pot within your responsibility. Choose your deployment wisely as a system compromise can never be ruled out.
  • For fast help research the Issues and Discussions.
  • The software is designed and offered with best effort in mind. As a community and open source project it uses lots of other open source software and may contain bugs and issues. Report responsibly.
  • Honeypots - by design - should not host any sensitive data. Make sure you don't add any.
  • By default, your data is submitted to Sicherheitstacho. You can disable this in the config (~/tpotce/docker-compose.yml) by removing the ewsposter section. But in this case sharing really is caring! <br><br>

Technical Concept

T-Pot's main components have been moved into the tpotinit Docker image allowing T-Pot to now support multiple Linux distributions, even macOS and Windows (although both limited to the feature set of Docker Desktop). T-Pot uses docker and docker compose to reach its goal of running as many honeypots and tools as possible simultaneously and thus utilizing the host's hardware to its maximum. <br><br>

T-Pot offers docker images for the following honeypots ...

... alongside the following tools ...

  • Autoheal a tool to automatically restart containers with failed healthchecks.
  • Cyberchef a web app for encryption, encoding, compression and data analysis.
  • Elastic Stack to beautifully visualize all the events captured by T-Pot.
  • Elasticvue a web front end for browsing and interacting with an Elasticsearch cluster.
  • Fatt a pyshark based script for extracting network metadata and fingerprints from pcap files and live network traffic.
  • T-Pot-Attack-Map a beautifully animated attack map for T-Pot.
  • P0f is a tool for purely passive traffic fingerprinting.
  • Spiderfoot an open source intelligence automation tool.
  • Suricata a Network Security Monitoring engine.

... to give you the best out-of-the-box experience possible and an easy-to-use multi-honeypot system. <br><br>

Technical Architecture

Architecture

The source code and configuration files are fully stored in the T-Pot GitHub repository. The docker images are built and preconfigured for the T-Pot environment.

The individual Dockerfiles and configurations are located in the docker folder. <br><br>

Services

T-Pot offers a number of services which are basically divided into five groups:

  1. System services provided by the OS
    • SSH for secure remote access.
  2. Elastic Stack
    • Elasticsearch for storing events.
    • Logstash for ingesting, receiving and sending events to Elasticsearch.
    • Kibana for displaying events on beautifully rendered dashboards.
  3. Tools
    • NGINX provides secure remote access (reverse proxy) to Kibana, CyberChef, Elasticvue, GeoIP AttackMap, Spiderfoot and allows for T-Pot sensors to securely transmit event data to the T-Pot hive.
    • CyberChef a web app for encryption, encoding, compression and data analysis.
    • Elasticvue a web front end for browsing and interacting with an Elasticsearch cluster.
    • T-Pot Attack Map a beautifully animated attack map for T-Pot.
    • Spiderfoot an open source intelligence automation tool.
  4. Honeypots
    • A selection of the 23 available honeypots based on the selected docker-compose.yml.
  5. Network Security Monitoring (NSM)
    • Fatt a pyshark based script for extracting network metadata and fingerprints from pcap files and live network traffic.
    • P0f is a tool for purely passive traffic fingerprinting.
    • Suricata a Network Security Monitoring engine. <br><br>

User Types

During the installation and during the usage of T-Pot there are two different types of accounts you will be working with. Make sure you know the differences of the different account types, since it is by far the most common reason for authentication errors.

ServiceAccount TypeUsername / GroupDescription
SSHOS<OS_USERNAME>The user you chose during the installation of the OS.
NginxBasicAuth<WEB_USER><web_user> you chose during the installation of T-Pot.
CyberChefBasicAuth<WEB_USER><web_user> you chose during the installation of T-Pot.
ElasticvueBasicAuth<WEB_USER><web_user> you chose during the installation of T-Pot.
Geoip Attack MapBasicAuth<WEB_USER><web_user> you chose during the installation of T-Pot.
SpiderfootBasicAuth<WEB_USER><web_user> you chose during the installation of T-Pot.
T-PotOStpottpot this user / group is always reserved by the T-Pot services.
T-Pot LogsBasicAuth<LS_WEB_USER>LS_WEB_USER are automatically managed.

<br><br>

System Requirements

Depending on the supported Linux distro images, hive / sensor, installing on real hardware, in a virtual machine or other environments there are different kind of requirements to be met regarding OS, RAM, storage and network for a successful installation of T-Pot (you can always adjust ~/tpotce/docker-compose.yml and ~/tpotce/.envto your needs to overcome these requirements). <br><br>

T-Pot TypeRAMStorageDescription
Hive16GB256GB SSDAs a rule of thumb, the more sensors & data, the more RAM and storage is needed.
Sensor8GB128GB SSDSince honeypot logs are persisted (~/tpotce/data) for 30 days, storage depends on attack volume.

T-Pot does require ...

  • an IPv4 address via DHCP or statically assigned
  • a working, non-proxied, internet connection ... for a successful installation and operation. <br><br> If you need proxy support or otherwise non-standard features, you should check the docs of the supported Linux distro images and / or the Docker documentation. <br><br>

Running in a VM

All of the supported Linux distro images will run in a VM which means T-Pot will just run fine. The following were tested / reported to work:

Some configuration / setup hints:

  • While Intel versions run stable, Apple Silicon (arm64) support has known issues which in UTM may require switching Display to Console Only during initial installation of the OS and afterwards back to Full Graphics.
  • During configuration you may need to enable promiscuous mode for the network interface in order for fatt, suricata and p0f to work properly.
  • If you want to use a wifi card as a primary NIC for T-Pot, please be aware that not all network interface drivers support all wireless cards. In VirtualBox e.g. you have to choose the "MT SERVER" model of the NIC. <br><br>

Running on Hardware

T-Pot is only limited by the hardware support of the supported Linux distro images. It is recommended to check the HCL (hardware compatibility list) and test the supported distros with T-Pot before investing in dedicated hardware. <br><br>

Running in a Cloud

T-Pot is tested on and known to run on ...

  • Telekom OTC using the post install method ... others may work, but remain untested.

Some users report working installations on other clouds and hosters, i.e. Azure and GCP. Hardware requirements may be different. If you are unsure you should research issues and discussions and run some functional tests. With T-Pot 24.04.0 and forward we made sure to remove settings that were known to interfere with cloud based installations. <br><br>

Required Ports

Besides the ports generally needed by the OS, i.e. obtaining a DHCP lease, DNS, etc. T-Pot will require the following ports for incoming / outgoing connections. Review the T-Pot Architecture for a visual representation. Also some ports will show up as duplicates, which is fine since used in different editions.

PortProtocolDirectionDescription
80, 443tcpoutgoingT-Pot Management: Install, Updates, Logs (i.e. OS, GitHub, DockerHub, Sicherheitstacho, etc.
64294tcpincomingT-Pot Management: Sensor data transmission to hive (through NGINX reverse proxy) to 127.0.0.1:64305
64295tcpincomingT-Pot Management: Access to SSH
64297tcpincomingT-Pot Management Access to NGINX reverse proxy
5555tcpincomingHoneypot: ADBHoney
5000udpincomingHoneypot: CiscoASA
8443tcpincoming

编辑推荐精选

Transly

Transly

实时语音翻译/同声传译工具

Transly是一个多场景的AI大语言模型驱动的同声传译、专业翻译助手,它拥有超精准的音频识别翻译能力,几乎零延迟的使用体验和支持多国语言可以让你带它走遍全球,无论你是留学生、商务人士、韩剧美剧爱好者,还是出国游玩、多国会议、跨国追星等等,都可以满足你所有需要同传的场景需求,线上线下通用,扫除语言障碍,让全世界的语言交流不再有国界。

讯飞智文

讯飞智文

一键生成PPT和Word,让学习生活更轻松

讯飞智文是一个利用 AI 技术的项目,能够帮助用户生成 PPT 以及各类文档。无论是商业领域的市场分析报告、年度目标制定,还是学生群体的职业生涯规划、实习避坑指南,亦或是活动策划、旅游攻略等内容,它都能提供支持,帮助用户精准表达,轻松呈现各种信息。

热门AI工具AI办公办公工具讯飞智文AI在线生成PPTAI撰写助手多语种文档生成AI自动配图
讯飞星火

讯飞星火

深度推理能力全新升级,全面对标OpenAI o1

科大讯飞的星火大模型,支持语言理解、知识问答和文本创作等多功能,适用于多种文件和业务场景,提升办公和日常生活的效率。讯飞星火是一个提供丰富智能服务的平台,涵盖科技资讯、图像创作、写作辅助、编程解答、科研文献解读等功能,能为不同需求的用户提供便捷高效的帮助,助力用户轻松获取信息、解决问题,满足多样化使用场景。

模型训练热门AI工具内容创作智能问答AI开发讯飞星火大模型多语种支持智慧生活
Spark-TTS

Spark-TTS

一种基于大语言模型的高效单流解耦语音令牌文本到语音合成模型

Spark-TTS 是一个基于 PyTorch 的开源文本到语音合成项目,由多个知名机构联合参与。该项目提供了高效的 LLM(大语言模型)驱动的语音合成方案,支持语音克隆和语音创建功能,可通过命令行界面(CLI)和 Web UI 两种方式使用。用户可以根据需求调整语音的性别、音高、速度等参数,生成高质量的语音。该项目适用于多种场景,如有声读物制作、智能语音助手开发等。

Trae

Trae

字节跳动发布的AI编程神器IDE

Trae是一种自适应的集成开发环境(IDE),通过自动化和多元协作改变开发流程。利用Trae,团队能够更快速、精确地编写和部署代码,从而提高编程效率和项目交付速度。Trae具备上下文感知和代码自动完成功能,是提升开发效率的理想工具。

热门AI工具生产力协作转型TraeAI IDE
咔片PPT

咔片PPT

AI助力,做PPT更简单!

咔片是一款轻量化在线演示设计工具,借助 AI 技术,实现从内容生成到智能设计的一站式 PPT 制作服务。支持多种文档格式导入生成 PPT,提供海量模板、智能美化、素材替换等功能,适用于销售、教师、学生等各类人群,能高效制作出高品质 PPT,满足不同场景演示需求。

讯飞绘文

讯飞绘文

选题、配图、成文,一站式创作,让内容运营更高效

讯飞绘文,一个AI集成平台,支持写作、选题、配图、排版和发布。高效生成适用于各类媒体的定制内容,加速品牌传播,提升内容营销效果。

AI助手热门AI工具AI创作AI辅助写作讯飞绘文内容运营个性化文章多平台分发
材料星

材料星

专业的AI公文写作平台,公文写作神器

AI 材料星,专业的 AI 公文写作辅助平台,为体制内工作人员提供高效的公文写作解决方案。拥有海量公文文库、9 大核心 AI 功能,支持 30 + 文稿类型生成,助力快速完成领导讲话、工作总结、述职报告等材料,提升办公效率,是体制打工人的得力写作神器。

openai-agents-python

openai-agents-python

OpenAI Agents SDK,助力开发者便捷使用 OpenAI 相关功能。

openai-agents-python 是 OpenAI 推出的一款强大 Python SDK,它为开发者提供了与 OpenAI 模型交互的高效工具,支持工具调用、结果处理、追踪等功能,涵盖多种应用场景,如研究助手、财务研究等,能显著提升开发效率,让开发者更轻松地利用 OpenAI 的技术优势。

Hunyuan3D-2

Hunyuan3D-2

高分辨率纹理 3D 资产生成

Hunyuan3D-2 是腾讯开发的用于 3D 资产生成的强大工具,支持从文本描述、单张图片或多视角图片生成 3D 模型,具备快速形状生成能力,可生成带纹理的高质量 3D 模型,适用于多个领域,为 3D 创作提供了高效解决方案。

下拉加载更多