An Elasticsearch honeypot written in NodeJS, to capture every attempts to exploit CVE-2014-3120.
- NodeJS - v0.10.x
- NodeJS Package Manager - npm v1.4.x
Download and extract to /opt/espot, then run followwing command:
$ cd /opt/espot
$ npm install
$ mv config.js-sample config.js
Configure config.js
module.exports = {
default_response: 'default', // default = 1.1.1, available = 0.90.0, 0.90.5, 1.1.1, 1.2.1, 1.2.2, 1.3.1
logging: {
sqlite: {
enable: true,
dbpath: __dirname + "/logs/attack.db"
},
http_push: {
enable: false,
url: "http://localhost/path/path?query=string"
}
},
tz: 'GMT+8' // Timezone
};
ESPot will send post request with following json data to provided url in config.js
{
payload: <payload>,
payload_key: <payload key>,
ip: <ip address>,
timestamp: <unix timestamp>,
raw_request: <raw url request>
}
If you would like to run ESPot as deamon, you will need forever
$ npm install -g forever
$ forever start app.js
Source code of ESPot is released under the General Public License version 3.