BW-Pot

BW-Pot (Breakable Web applications honeyPot) is a highly interactive honeypot that focuses on HTTP or HTTPS traffic. It monitors access from attackers by creating web applications that are easy to target and compromise.

It forwards logs to Google BigQuery for accumulation and visualization. This includes features such as frequent attack target web application environment usage, daily automatic restoration to a clean environment, real-time log integration with Google BigQuery, automatic log rotation, and saving packet capture files for detailed analysis. It is operable on low-spec servers. Architecture/Specification: Please refer to the architecture diagram and detailed specifications.

Hardware Requirements: 2GB RAM, 10GB SSD, and an Internet Connection. Software Requirements: Docker, Docker-Compose, and logrotate. Service Account Requirements: A Google Cloud Platform Account. Usage: Analyze logs that are sent to BigQuery using SQL execution in BigQuery's WebUI. You can also create dashboards by specifying BigQuery tables as data sources in the data portal. Licenses: Apache License v2 for Docker, Fluentd, and Apache Tomcat; GPL v2 for Wireshark (tshark), WordPress, and phpMyAdmin; BSD License for WOWHoneypot. Author: graneed. ToDo: Add Drupal to the list of web applications, store network capture files in /data/tshark/dump/ for download and inspection with WireShark, and for log preservation, consider using Amazon S3.