modpot: Modular web-application honeypot platform

modpot

modpot is a modular web application honeypot framework written in Golang and making use of the gin framework. It is the antithesis to honeydet in many ways and allows the user to deploy simple html/js honeypots that mimic web applications to detect requests and form entries that are related to attacks. Responders offer a modular capacity for automation and logging pipelines and are not limited by programming language. modpot is best utilised alongside honeypage a tool that creates flattened single html file versions of web applications, which makes them portable and easy to use with modpot.

 

honeypot framework

Responders

Responders allow for simple triggering of automation, logging, or connection to SOC platforms. The parameters that can be passed to responders are ID, Application, Datetime, IP Source, and Log Event.

Included are the following examples:

  • Email
  • iptables – time window blocking
  • SMS (Using twilio)
  • Slack – webhook
  • Syslog
  • Splunk – HEC endpoint
  • Webhook-generic

Download

Copyright 2024 James Brine