T-Pot - The All In One Multi Honeypot Platform

T-Pot is an all-in-one, optionally distributed, multi-architecture (amd64, arm64) honeypot platform. It supports over 20 different honeypots and offers numerous visualization options through the Elastic Stack. Additionally, it features animated live attack maps and a variety of security tools designed to enhance the deception experience.

To install T-Pot, you will need a minimum of 8-16 GB of RAM, at least 128 GB of free disk space, and a working internet connection that allows outgoing, non-filtered traffic. You can either download or use a currently running, supported distribution. When installing the ISO, ensure that you include only the minimal necessary packages and services (note that ssh is required). If curl is not already installed, you can install it using the following command: $ sudo [apt, dnf, zypper] install curl. After that, run the installer as a non-root user from your $HOME directory by executing: env bash -c " $(curl -sL https://github.com/telekom-security/tpotce/raw/master/install.sh)". Be sure to follow the provided instructions, read any messages that appear, check for potential port conflicts, and reboot your system as needed. Table of Contents T-Pot - The All In One Multi Honeypot Platform TL;DR Table of Contents Disclaimer Technical Concept Technical Architecture Services User Types System Requirements Running in a VM Running on Hardware Running in a Cloud Required Ports System Placement Installation