This project features an HTTP server script that emulates a fake WordPress login page. It logs login attempts, retrieves geolocation data, timestamp, User-agent and more for each IP address, and reports the suspicious IPs to AbuseIPDB.
I've used this script to generate AbuseIPDB reports, and it continues to function. However, it's worth noting that attacks on WordPress sites have become less common, and when they do occur, they often target basic default credentials or vulnerabilities related to remote code execution (RCE) exploits.
- Simulates a WordPress login page at various endpoints.
- Logs login attempts including IP address, username, password, user agent, and headers.
- Fetches and includes geolocation data for each IP address.
- Reports suspicious IP addresses to AbuseIPDB.
- Python 3.x
- Requests library
- Curl
-
Clone the repository:
git clone https://github.com/Birdo1221/HTTP-HoneyPot.git cd HTTP-HoneyPot
-
Install the required Python packages:
pip install requests
-
Replace the placeholder in the script with your AbuseIPDB API key:
ABUSE_IPDB_API_KEY = 'Replace with your AbuseIPDB API key'
-
Create an
index.html
file with your desired login page content. This file should be in the same directory as the script. I have Provided aindex.html
which is a design to look like a fake wordpress page.The fake page is not a 1-to-1 design to an actual wordpress page.
Run the server using the following command:
python server.py