Skip to content
inc0x0
  • Home
  • Networks
    • TCP/IP packets
      • Introduction
      • 1 Recap on network layers and protocols
      • 2 Analysis of a raw TCP/IP packet
      • 3 Manually create and send raw TCP/IP packets
      • 4 Creating a SYN port scanner
    • ICMP/IP packets
      • Ping – Manually create and send ICMP/IP packets
  • Pentesting
    • Budget “USB Rubber Ducky” – Digispark Attiny85
    • Attacking AES CBC non-existent integrity protection
    • How often are my Pastebin pastes read by someone else?
    • Changing your MAC address in Windows
      • Changing your MAC address in Windows (cont.) Python Script
  • Forensics
    • Windows 10 Notification Database
    • Changing your MAC address in Windows
  • Honeypot
    • Multipot – web application honeypot with built-in analysis tools
    • WordPress Brute-Force – by over 100 distinct IP addresses
    • Multipot – Drupal 8 Update
  • Random Tip
  • Blog
  • About

Multipot – web application honeypot with built-in analysis tools

2019-06-242019-05-27 by inc0x0

Earlier this year I developed a toy web application honeypot for personal use. Recently I added some more features to it, especially in the analysis section. So here it is: Multipot, a basic web application honeypot with some built-in analysis tools.

Multipot

Multipot is a small web application honeypot written in Python 3, simulating a web server with a (very basic) Drupal page and a WordPress ‘blog’ (at least the login and a xmlrpc feature). It makes it easy to set up further fake web applications and record the requests given to them in an easily readable SQLite database. The built-in web analysis tool allows some basic analysis of the gathered requests in a web GUI.

Built-in analysis tools

Multipot has some built-in analysis capabilities integrated in a basic web GUI:

  • Diagrams on the number of requests
  • Popular paths
  • Top 10 of all source IP addresses
  • Top 10 WordPress username/password tries
  • Whois and GeoIP information on gathered IP addresses
  • … and much more

The two screenshots below demonstrate some of the features of the web GUI:

Multipot dashboard overview

Displaying details on a gathered IP address:

Multipot dashboard ip address details

Setup

Multipot is easy to setup and deploy right out of the box. However, I’d recommend to put it behind a proxy like Apache or nginx. Have look at the Multipot GitHub project for more details and the source code.

Observations

Currently I’m collecting some data for research with this honeypot. Recently I had an interesting observation with the honeypot’s WordPress login and xmlrpc getting probed by (in the end) close to 300 distinct IP addresses in just one day. Although the source IP address kept changing during the attack, several patterns indicated that the attack was actually coming from the same source.

Categories Honeypot Tags brute-force, honeypot, login, multipot, password guessing, python, WordPress
Post navigation
WordPress Brute-Force – by over 100 distinct IP addresses
Multipot – Drupal 8 Update

Contact

Twitter: @inc0x0

Archives

  • October 2019
  • June 2019
  • May 2019
  • February 2019
  • January 2019
  • October 2018
© 2023 inc 0x0
  • Home
  • Networks
    • TCP/IP packets
      • Introduction
      • 1 Recap on network layers and protocols
      • 2 Analysis of a raw TCP/IP packet
      • 3 Manually create and send raw TCP/IP packets
      • 4 Creating a SYN port scanner
    • ICMP/IP packets
      • Ping – Manually create and send ICMP/IP packets
  • Pentesting
    • Budget “USB Rubber Ducky” – Digispark Attiny85
    • Attacking AES CBC non-existent integrity protection
    • How often are my Pastebin pastes read by someone else?
    • Changing your MAC address in Windows
      • Changing your MAC address in Windows (cont.) Python Script
  • Forensics
    • Windows 10 Notification Database
    • Changing your MAC address in Windows
  • Honeypot
    • Multipot – web application honeypot with built-in analysis tools
    • WordPress Brute-Force – by over 100 distinct IP addresses
    • Multipot – Drupal 8 Update
  • Random Tip
  • Blog
  • About