HoneyPress, a WordPress honeypot in a docker container.
$ git clone https://github.com/dustyfresh/HoneyPress.git
$ cd HoneyPress && docker-compose up -d
You can view access logs easily:
$ docker exec honeypress bash -c 'tail /var/log/nginx/access.log'
192.168.99.1 - - [06/Jun/2022 03:21:41] "GET /wp-login.php?__debugger__=yes&cmd=resource&f=style.css HTTP/1.1" 200 -
192.168.99.1 - - [06/Jun/2022 03:21:41] "GET /wp-login.php?__debugger__=yes&cmd=resource&f=jquery.js HTTP/1.1" 200 -
192.168.99.1 - - [06/Jun/2022 03:21:41] "GET /wp-login.php?__debugger__=yes&cmd=resource&f=debugger.js HTTP/1.1" 200 -
192.168.99.1 - - [06/Jun/2022 03:21:41] "GET /wp-login.php?__debugger__=yes&cmd=resource&f=console.png HTTP/1.1" 200 -
192.168.99.1 - - [06/Jun/2022 03:21:41] "GET /wp-login.php?__debugger__=yes&cmd=resource&f=ubuntu.ttf HTTP/1.1" 200 -
192.168.99.1 - - [06/Jun/2022 03:21:41] "GET /wp-login.php?__debugger__=yes&cmd=resource&f=console.png HTTP/1.1" 200 -
192.168.99.1 - - [06/Jun/2022 03:21:44] "GET /wp-login.php HTTP/1.1" 200 -
192.168.99.1 - - [06/Jun/2022 03:21:46] "POST /wp-login.php HTTP/1.1" 200 -
More documentation coming soon!
$ docker run -d --name honeypress -p 80:80 -e 'MONGO_HOST=127.0.0.1' -e 'MONGO_PORT=27017' -e 'MONGO_USER=honeypress' -e 'MONGO_PASS=somethingsecure' honeypress
$ docker exec -it honeyDB mongo
> use honey
> db.payloads.count()
db.payloads.find({'codename': 'proud-water'}, {'_id': 0}).pretty()db.payloads.find({'ip': '187.161.157.180'}, {'payload.data': 1}).pretty()db.payloads.find({'user-agent': 'Wget(linux)'}, {'payload.data': 1}).pretty()db.payloads.find({'user-agent': {$regex: /.*mozilla.*/, $options: 'si'}}, {'payload.data': 1}).pretty()db.payloads.find({'payload.data.cmd': {$regex: /.*ping.*/, $options: 'si'}}, {'payload.data': 1}).pretty()