Easy honeypot deployment with T-Pot
Fisrt, you need to create a account on DigitalOcean, when you create the account, you will receive 100U$ credits to spend:
Now, you need to create a Doplet, a basic and General Purpose, CPU-Optimized, or Memory-Optimized configurations provide flexibility to build, test, and grow your app from startup to scale.
Select “Debian 10” and Basic CPU option, that is a Basic virtual machines with a mix of memory and compute resources. Best for small projects that can handle variable levels of CPU performance, like blogs, web apps and dev/test environments.
Connect via ssh and run these commands:
git clone https://github.com/telekom-security/tpotce
cd tpotce/iso/installer/
cp tpot.conf.dist tpot.conf
./install.sh --type=auto --conf=tpot.conf
Don’t forget to change the configuration file for the user: pass that you want.
By default, the SSH daemon allows access on tcp/64295 with a user / password combination and prevents credential brute forcing attempts using fail2ban. This also counts for Admin UI (tcp/64294) and Web UI (tcp/64297) access.
Just open a web browser and connect to https://<your.ip>:64297, enter
- user: [user] you chose during the installation
- pass: [password] you chose during the installation
and the Landing Page will automagically load. Now just click on the tool / link you want to start.
If you expand your search on URLScan.io, will identify that this ASN is associated with the dissemination of several Mirai Botnet campaigns:
- More info: https://github.com/telekom-security/tpotce
- Install Options: https://github.com/telekom-security/tpotce#installation
