Data

Tools

Indexes

Applications

Experiments

Open Source Science

Recent Releases of tpotce

tpotce - T-Pot 24.04.1

Release Notes / Changelog

T-Pot 24.04.1 brings significant updates and exciting new honeypot additions, especially the LLM-based honeypots Beelzebub and Galah!

New Features

  • Beelzebub (SSH) and Galah (HTTP) are the first LLM-based honeypots included in T-Pot (requires Ollama installation or a ChatGPT subscription).
  • Go-Pot a HTTP tarpit designed to maximize bot misery by slowly feeding them an infinite stream of fake secrets.
  • Honeyaml a configurable API server honeypot even supporting JWT-based HTTP bearer/token authentication.
  • H0neytr4p a HTTP/S honeypot capable of emulating vulnerabilities using configurable traps.
  • Miniprint a medium-interaction printer honeypot.

Updates

  • Honeypots were updated to their latest pushed code and / or releases.
  • Editions have been re-introduced. You can now additionally choose to install T-Pot as Mini, LLM and Tarpit edition.
  • Attack Map has been updated to 2.2.6 including support for all new honeypots.
  • Elastic Stack has been upgrade to 8.16.1.
  • Cyberchef has been updated to the latest release.
  • Elasticvue has been updated to 1.1.0.
  • Suricata has been updated to 7.0.7, now supporting JA4 hashes.
  • Most honeypots now use PyInstaller (for Python) and Scratch (for Go) to minimize Docker image sizes.
  • All new honeypots have been integrated with Kibana, featuring dedicated dashboards and visualizations.
  • Github Container Registry is now the default container registry for the T-Pot configuration file .env.
  • Compatibility tested with Alma 9.5, Fedora 41, Rocky 9.5, and Ubuntu 24.04.1, with updated supported ISO links.
  • Docker images now use Alpine 3.20 or Scratch wherever possible.
  • Updates for 24.04.1 images will be provided continuously through Docker image updates.
  • Ddospot has been moved from the Hive / Sensor installation to the Tarpit installation.

Breaking Changes

NGINX

  • The container no longer runs in host mode, requiring changes to the docker-compose.yml and related services.
  • To avoid confusion and downtime, the 24.04.1 tag for Docker images has been introduced.
  • Important: Actively update T-Pot as described in the README.
  • Deprecation Notice: The 24.04 tagged images will no longer be maintained and will be removed by 2025-01-31.

Suricata

  • Capture filters have been updated to exclude broadcast, multicast, NetBIOS, IGMP, and MDNS traffic.

Thanks & Credits

A heartfelt thank you to the contributors who made this release possible: * @elivlo, @mancasa, @koalafiedTroll, @trixam, for their backend and ews support! * @mariocandela for his work and updates on Beelzebub based on our discussions! * @ryanolee for approaching us and adding valuable features to go-pot based on our discussions! * @neon-ninja for the work on #1661! * @sarkoziadam for the work on #1643! * @glaslos for the work on #1538!

… and to the entire T-Pot community for opening issues, sharing ideas, and helping improve T-Pot!

What's Changed

  • Typos in customizer.py by @ZePotente in https://github.com/telekom-security/tpotce/pull/1533
  • Adjust T-Pot for Docker Desktop for Windows with WSL2 by @t3chn0m4g3 in https://github.com/telekom-security/tpotce/pull/1536
  • Update Glutton Dockerfile by @glaslos in https://github.com/telekom-security/tpotce/pull/1538
  • Remove Podman-Docker compatibility layer when installing by @mattroot in https://github.com/telekom-security/tpotce/pull/1601
  • Update links, fix #1654 by @t3chn0m4g3 in https://github.com/telekom-security/tpotce/pull/1655
  • Correct SSH version in cowrie.cfg by @neon-ninja in https://github.com/telekom-security/tpotce/pull/1661
  • Sync with master by @t3chn0m4g3 in https://github.com/telekom-security/tpotce/pull/1662
  • Fix conpot docker image errors by @sarkoziadam in https://github.com/telekom-security/tpotce/pull/1643
  • Merge with master by @t3chn0m4g3 in https://github.com/telekom-security/tpotce/pull/1680
  • Sync with master by @t3chn0m4g3 in https://github.com/telekom-security/tpotce/pull/1688
  • fix typos in README.md by @tmyksj in https://github.com/telekom-security/tpotce/pull/1695
  • Sync by @t3chn0m4g3 in https://github.com/telekom-security/tpotce/pull/1698
  • Fix Debian Download link by @t3chn0m4g3 in https://github.com/telekom-security/tpotce/pull/1702
  • Release T-Pot 24.04.1 by @t3chn0m4g3 in https://github.com/telekom-security/tpotce/pull/1712

New Contributors

  • @ZePotente made their first contribution in https://github.com/telekom-security/tpotce/pull/1533
  • @glaslos made their first contribution in https://github.com/telekom-security/tpotce/pull/1538
  • @mattroot made their first contribution in https://github.com/telekom-security/tpotce/pull/1601
  • @neon-ninja made their first contribution in https://github.com/telekom-security/tpotce/pull/1661
  • @sarkoziadam made their first contribution in https://github.com/telekom-security/tpotce/pull/1643
  • @tmyksj made their first contribution in https://github.com/telekom-security/tpotce/pull/1695

Full Changelog: https://github.com/telekom-security/tpotce/compare/24.04.0...24.04.1

- C
Published by t3chn0m4g3 about 1 year ago

tpotce - T-Pot 24.04.0

Release Notes / Changelog

T-Pot 24.04.0 marks probably the largest change in the history of the project. While most of the changes have been made to the underlying platform some changes will be standing out in particular - a T-Pot ISO image will no longer be provided with the benefit that T-Pot will now run on multiple Linux distributions (Alma Linux, Debian, Fedora, OpenSuse, Raspbian, Rocky Linux, Ubuntu), Raspberry Pi (optimized) and macOS / Windows (limited).

New Features

  • Distributed Installation is now using NGINX reverse proxy instead of SSH to transmit HIVE_SENSOR logs to HIVE
  • deploy.sh, will make the deployment of sensor much easier and will automatically take care of the configuration. You only have to install the T-Pot sensor.
  • T-Pot Init is the foundation for running T-Pot on multiple Linux distributions and will also ensure to restart containers with failed healthchecks using autoheal
  • T-Pot Installer is now mostly Ansible based providing a universal playbook for the most common Linux distributions
  • T-Pot Uninstaller allows to uninstall T-Pot, while not recommended for general usage, this comes in handy for testing purposes
  • T-Pot Customizer (compose/customizer.py) is here to assist you in the creation of a customized docker-compose.yml
  • T-Pot Landing Page has been redesigned and simplified
  • Kibana Dashboards, Objects fully refreshed in favor of Lens based objects
  • Wordpot is added as new addition to the available honeypots within T-Pot and will run on tcp/8080 by default.
  • Raspberry Pi is now supported using a dedicated mobile.yml (why this is called mobile will be revealed soon!)
  • GeoIP Attack Map is now aware of connects / disconnects and thus eliminating required reloads
  • Docker, where possible, will now be installed directly from the Docker repositories to avoid any incompatibilities
  • .env now provides a single configuration file for the T-Pot related settings
  • genuser.sh can now be used to add new users to the T-Pot Landing Page as part of the T-Pot configuration file (.env)

Updates

  • Honeypots and tools were updated to their latest pushed code and / or releases
  • Where possible Docker Images will now use Alpine 3.19
  • Updates will be provided continuously through Docker Images updates

Breaking Changes

  • There is no option to migrate a previous installation to T-Pot 24.04.0, you can try to transfer the old data folder to the new T-Pot installation, but a working environment depends on too many other factors outside of our control and a new installation is simply faster.
  • Most of the support scripts were moved into the T-Pot Init image and are no longer available directly on the host.
  • Cockpit is no longer available as part of T-Pot itself. However, where supported, you can simply install the cockpit package.

Thanks & Credits

  • @sp3t3rs, @trixam, for their backend and ews support!
  • @cha147 made their first contribution in https://github.com/telekom-security/tpotce/pull/1135
  • @ctulio made their first contribution in https://github.com/telekom-security/tpotce/pull/1187
  • @zambroid made their first contribution in https://github.com/telekom-security/tpotce/pull/1173
  • @kawaiipantsu made their first contribution in https://github.com/telekom-security/tpotce/pull/1259
  • @tadashi-oya made their first contribution in https://github.com/telekom-security/tpotce/pull/1283
  • @kauedg made their first contribution in https://github.com/telekom-security/tpotce/pull/1338
  • @swiftsolves-msft made their first contribution in https://github.com/telekom-security/tpotce/pull/1369
  • @shark4ce for taking the time to test, debug and offer a solution #1472

History of merged changes

  • Fix typos in readme by @cha147 in https://github.com/telekom-security/tpotce/pull/1135
  • Update some url repos by @ctulio in https://github.com/telekom-security/tpotce/pull/1187
  • Corrected small typos by @zambroid in https://github.com/telekom-security/tpotce/pull/1173
  • Update updateip.sh by @kawaiipantsu in https://github.com/telekom-security/tpotce/pull/1259
  • Fixing uri max size by @kawaiipantsu in https://github.com/telekom-security/tpotce/pull/1266
  • fix empty myINSTALLPACKAGES by @tadashi-oya in https://github.com/telekom-security/tpotce/pull/1283
  • call $0 instead of hardcoded script name by @kauedg in https://github.com/telekom-security/tpotce/pull/1338
  • fixes #1346 by @t3chn0m4g3 in https://github.com/telekom-security/tpotce/pull/1351
  • Azure Deployment via ARM template by @swiftsolves-msft in https://github.com/telekom-security/tpotce/pull/1369
  • 24.04 by @t3chn0m4g3 in https://github.com/telekom-security/tpotce/pull/1513

Full Changelog: https://github.com/telekom-security/tpotce/compare/22.04.0...24.04.0

- C
Published by t3chn0m4g3 almost 2 years ago

tpotce - 24.04.0beta

Pre-release for T-Pot 24.04.0

  • This pre-release is intended only for TESTING!
  • This pre-release is NOT production ready!
  • Please provide feedback and issues only in this discussion #1487

The final release is planned for April, 22nd 2024.

Happy easter testing 🐣🐰

Full Changelog: https://github.com/telekom-security/tpotce/compare/22.04.0...24.04.0beta

- C
Published by t3chn0m4g3 almost 2 years ago

tpotce - T-Pot 22.04.0

Release Notes / Changelog

T-Pot 22.04.0 is probably the most feature rich release ever provided with long awaited (wanted!) features readily available after installation.

New Features

  • Distributed Installation with HIVE and HIVE_SENSOR
  • ARM64 support for all provided Docker images
  • GeoIP Attack Map visualizing Live Attacks on a dedicated webpage
  • Kibana Live Attack Map visualizing Live Attacks from different HIVE_SENSORS
  • Blackhole is a script trying to avoid mass scanner detection
  • Elasticvue a web front end for browsing and interacting with an Elastic Search cluster
  • Ddospot a honeypot for tracking and monitoring UDP-based Distributed Denial of Service (DDoS) attacks
  • Endlessh is a SSH tarpit that very slowly sends an endless, random SSH banner
  • HellPot is an endless honeypot based on Heffalump that sends unruly HTTP bots to hell
  • qHoneypots 25 honeypots in a single container for monitoring network traffic, bots activities, and username \ password credentials
  • Redishoneypot is a honeypot mimicking some of the Redis' functions
  • SentryPeer a dedicated SIP honeypot
  • Index Lifecycle Management for Elasticseach indices is now being used

Upgrades

  • Debian 11.x is now being used for the T-Pot ISO images and required for post installs
  • Elastic Stack 8.x is now provided as Docker images

Updates

  • Honeypots and tools were updated to their latest masters and releases
  • Updates will be provided continuously through Docker Images updates

Breaking Changes

  • For security reasons all Py2.x honeypots with the need of PyPi packages have been removed: HoneyPy, HoneySAP and RDPY
  • If you are upgrading from a previous version of T-Pot (20.06.x) you need to import the new Kibana objects or some of the functionality will be broken or will be unavailabe
  • Cyberchef is now part of the Nginx Docker image, no longer as individual image
  • ElasticSearch Head is superseded by Elasticvue and part the Nginx Docker image
  • Heimdall is no longer supported and superseded with a new Bento based landing page
  • Elasticsearch Curator is no longer supprted and superseded with Index Lifecycle Policies available through Kibana.

Thanks & Credits

  • @ghenry, for some fun late night debugging and of course SentryPeer!
  • @giga-a, for adding much appreciated features (i.e. JSON logging, X-Forwarded-For, etc.) and of course qHoneypots!
  • @sp3t3rs, @trixam, for their backend and ews support!
  • @tadashi-oya, for spotting some errors and propose fixes!
  • @tmariuss, @shaderecker for their cloud contributions!
  • @vorband, for much appreciated and helpful insights regarding the GeoIP Attack Map!
  • @yunginnanet, on not giving up on squashing a bug and of course Hellpot!

... and many others from the T-Pot community by opening valued issues and discussions, suggesting ideas and thus helping to improve T-Pot!

- C
Published by t3chn0m4g3 almost 4 years ago

tpotce - T-Pot 20.06.2 - Deprecated

This release is deprecated. Installation will leave you with a non-working installation.

- C
Published by t3chn0m4g3 about 5 years ago

tpotce - T-Pot 20.06.1 - Deprecated

This release is deprecated. Installation will leave you with a non-working installation.

- C
Published by t3chn0m4g3 over 5 years ago

tpotce - T-Pot 20.06.0 - Deprecated

This release is deprecated. Installation will leave you with a non-working installation.

- C
Published by t3chn0m4g3 over 5 years ago

tpotce - T-Pot 19.03.3 - Deprecated

This release is deprecated. Installation will leave you with a non-working installation.

- C
Published by t3chn0m4g3 almost 6 years ago

tpotce - T-Pot 19.03.1 - Deprecated

This release is deprecated. Installation will leave you with a non-working installation.

- C
Published by t3chn0m4g3 over 6 years ago

tpotce - T-Pot 19.03 - Deprecated

This release is deprecated. Installation will leave you with a non-working installation.

- C
Published by t3chn0m4g3 almost 7 years ago

tpotce - T-Pot 19.03 Beta - Deprecated

This release is deprecated. Installation will leave you with a non-working installation.

- C
Published by t3chn0m4g3 about 7 years ago

tpotce - 18.11 - Deprecated

This release is deprecated. Installation will leave you with a non-working installation.

- C
Published by t3chn0m4g3 about 7 years ago

tpotce - T-Pot 17.10 - Deprecated

This release is deprecated. Installation will leave you with a non-working installation.

- C
Published by t3chn0m4g3 over 8 years ago

tpotce - 17.10 Beta - Deprecated

T-Pot 17.10 Beta.

This release is deprecated. Installation will leave you with a non-working installation.

- C
Published by t3chn0m4g3 over 8 years ago

tpotce - T-Pot 17.10 - Deprecated

This release is deprecated. Installation will leave you with a non-working installation.

- C
Published by t3chn0m4g3 over 8 years ago

tpotce - T-Pot 16.10.1 - Deprecated

Maintenance release to fix hostname issue #119

SHA256 b048f557e643c86cafcb1fa098d698e73afd8a6e3e347f010bc231d143f05a43 tpot.iso

This release is deprecated. Installation will leave you with a non-working installation.

- C
Published by t3chn0m4g3 over 8 years ago

tpotce - T-Pot 16.10 - Deprecated

This release is deprecated. Installation will leave you with a non-working installation.

- C
Published by t3chn0m4g3 over 9 years ago