HellPot is an endless honeypot that sends bots to hell. Based on Heffalump.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
kayos 53e4ae7472
Bump fasthttp/router 1.4.10 -> 1.4.11 (fasthttp -> v1.38.0)
2 weeks ago
.github CI: https://github.com/securego/gosec/issues/469 4 months ago
cmd/HellPot CI: Implement gosec 4 months ago
config Bump version 3 months ago
extra CI: Implement gosec 4 months ago
heffalump CI: https://github.com/securego/gosec/issues/469 4 months ago
http Implement useragent blacklisting as per #23 3 months ago
.gitignore Update README.md & .gitignore 5 months ago
LICENSE Update license 4 months ago
README.md Opt to link to gif in README.md to lessen repo size 3 months ago
go.mod Bump github.com/fasthttp/router from 1.4.10 to 1.4.11 2 weeks ago
go.sum Bump github.com/fasthttp/router from 1.4.10 to 1.4.11 2 weeks ago

README.md

HellPot

GoDoc Go Report Card IRC Mentioned in Awesome Honeypots

Summary

HellPot is an endless honeypot based on Heffalump that sends unruly HTTP bots to hell.

Notably it implements a toml configuration file, has JSON logging, and comes with significant performance gains.

Exploding Heffalump

Grave Consequences

Clients (hopefully bots) that disregard robots.txt and connect to your instance of HellPot will suffer eternal consequences.

HellPot will send an infinite stream of data that is just close enough to being a real website that they might just stick around until their soul is ripped apart and they cease to exist.

Under the hood of this eternal suffering is a markov engine that chucks bits and pieces of The Birth of Tragedy (Hellenism and Pessimism) by Friedrich Nietzsche at the client using fasthttp.

Compilation

HellPot should probably be built with Go version 1.17 or higher.

HellPot uses go modules. This should make it dead simple to build with a stock Go installation.

1 ) git clone https://github.com/yunginnanet/HellPot

2 ) cd HellPot

4 ) go build cmd/HellPot/HellPot.go

5 ) Consider the potential grave consequences of your actions.

Usage

YOLO Method:

In the event of a missing configuration file, HellPot will attempt to place it's default config in $HOME/.config/HellPot/config.toml. This allows irresponsible souls to begin raining hellfire with ease, immediately:

1 ) Download a compiled release

2 ) Run binary and immedidately begin sending clients directly to hell.


Reasonable Method:

1 ) Configure webserver as reverse proxy (see below)

2 ) ./HellPot --genconfig

3 ) Edit your newly generated config.toml as desired.

4 ) Ponder your existence server's ability to handle your chosen performance values.

5 ) ./HellPot -c config.toml

666 ) 𝙏͘͝𝙝̓̓͛𝙚͑̈́̀ 𝙨͆͠͝𝙠͑̾͌𝙮̽͌͆ 𝙞̓̔̔𝙨͒͐͝ 𝙛͑̈́̚𝙖͛͒𝙡͑͆̽𝙡̾̚̚𝙞͋̒̒𝙣̾͛͝𝙜͒̒̀.́̔͝

Configuration Reference

[deception]
  # Used as "Server" HTTP header. Note that reverse proxies may hide this.
  server_name = "nginx"

[http]
  # TCP Listener (default)
  bind_addr = "127.0.0.1"
  bind_port = "8080"

  # this contains a list of blacklisted useragent strings. (case sensitive)
  # clients with useragents containing any of these strings will receive "Not found" for any requests.
  uagent_string_blacklist = ["Cloudflare-Traffic-Manager", "curl"]

  # Unix Socket Listener (will override default)
  unix_socket_path = "/var/run/hellpot"
  unix_socket_permissions = "0666"
  use_unix_socket = false

  [http.router]
    # Toggling this to true will cause all GET requests to match. Forces makerobots = false.
    catchall = false
    # Toggling this to false will prevent creation of robots.txt handler.
    makerobots = true
    # Handlers will be created for these paths, as well as robots.txt entries. Only valid if catchall = false.
    paths = ["wp-login.php", "wp-login"]

[logger]
  # verbose (-v)
  debug = true
  # extra verbose (-vv)
  trace = false
  # JSON log files will be storn in the below directory. 
  directory = "/home/kayos/.config/HellPot/logs/"
  # disable all color in console output. when using Windows this will default to true.
  nocolor = false
  # toggles the use of the current date as the names for new log files.
  use_date_filename = true

[performance]
  # max_workers is only valid if restrict_concurrency is true
  max_workers = 256
  restrict_concurrency = false

Example Web Server Config (nginx)

location '/robots.txt' {
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_pass http://127.0.0.1:8080$request_uri;
}  

location '/wp-login.php' {
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_pass http://127.0.0.1:8080$request_uri;
}