{"id":13481810,"url":"https://github.com/Cymmetria/StrutsHoneypot","last_synced_at":"2025-03-27T12:31:33.654Z","repository":{"id":75812095,"uuid":"85624595","full_name":"Cymmetria/StrutsHoneypot","owner":"Cymmetria","description":"Struts Apache 2 based honeypot as well as a detection module for Apache 2 servers","archived":false,"fork":false,"pushed_at":"2017-03-24T10:32:17.000Z","size":36,"stargazers_count":72,"open_issues_count":0,"forks_count":17,"subscribers_count":8,"default_branch":"master","last_synced_at":"2024-11-18T09:32:45.054Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Cymmetria.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2017-03-20T20:38:51.000Z","updated_at":"2024-11-17T09:54:44.000Z","dependencies_parsed_at":"2023-02-27T01:01:04.481Z","dependency_job_id":null,"html_url":"https://github.com/Cymmetria/StrutsHoneypot","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Cymmetria%2FStrutsHoneypot","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Cymmetria%2FStrutsHoneypot/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Cymmetria%2FStrutsHoneypot/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Cymmetria%2FStrutsHoneypot/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Cymmetria","download_url":"https://codeload.github.com/Cymmetria/StrutsHoneypot/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245844998,"owners_count":20681814,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-07-31T17:00:56.078Z","updated_at":"2025-03-27T12:31:33.349Z","avatar_url":"https://github.com/Cymmetria.png","language":"PHP","funding_links":[],"categories":["Honeypots"],"sub_categories":[],"readme":"# StrutsHoneypot\r\nCymmetria Research, 2017.\r\n\r\nhttps://www.cymmetria.com/\r\n\r\nWritten by: Nir Krakowski (@nirkrakowksi), Imri Goldberg (@lorgandon)\r\n\r\nContact: research@cymmetria.com Contact: research@cymmetria.com\r\n\r\nStrutsHoneypot is an Apache 2 based honeypot that includes a seperate detection module (apache mod) for Apache 2 servers that detects and/or blocks the sturts CVE 2017-5638 \r\nexploit. It is released under the MIT license for the use of the community.  \r\n\r\n\r\nPlease consider trying out the MazeRunner Community Edition, the free version of our cyber deception platform.  \r\nhttps://community.cymmetria.com/\r\n\r\n# Honeypot Installation, Running and Monitoring\r\n- Now with added support (Honeypot only) for content disposition filename parsing vulnerability.\r\n\r\nInstallation (Ubuntu)\r\n----------------\r\n- apt-get update\r\n- apt-get install docker.io\r\n- docker build -t struts_honeypot strutspot_docker/\r\n\r\nRunning the Honeypot\r\n--------------------\r\ndocker run -p 80:80 --name \"mystrutspot_docker\" -d struts_honeypot\r\n\r\n\r\nAccessing the logs\r\n------------------\r\nRun 'docker ps' to validate the docker name: \"mystrutspot_docker\"\r\n\r\nThen run 'docker exec -t -i mystrutspot_docker cat /var/log/apache2/error.log'\r\n\r\n# Testing\r\nPrerequisites\r\n-------------\r\n- apt-get install python2.7 python-pip\r\n- pip install requests\r\n\r\nRebuilding the Honeypot\r\n-----------------------\r\ndocker kill mystrutspot_docker\r\ndocker rm mystrutspot_docker\r\ndocker build -t struts_honeypot strutspot_docker/\r\n\r\nThen use test-struts2.py like below:\r\n\r\nUsage: \r\n\r\n./test-struts2.py \u003curl\u003e\r\n\r\ne.g: ./test-struts2.py http://localhost/\r\n\r\n- This will test for both vulnerabilities. You should be able to see \r\n\r\nDetailed Info\r\n------------\r\nThe Honeypot uses mod_rewrite (see strutspot_docker/src/.htaccess) RewriteRule directive to redirect all requests to the same url.\r\nTo avoid redirection for cover.css, apache.png, and struts.svg it has seperate rule for it.\r\nThe Honeypot uses error_log() to send a JSON comment containing the connection info and other data to the apache default error log file.\r\nmod_headers is used to avoid default parsing by php for multipart/form-data. so it is modified to mmultipart/form-data before reaching the php parser.\r\n\r\nEditing the Honeypot Website\r\n----------------------------\r\nEdit strutspot_docker/src/index.php and related ehtml files to add your own flavor to the honeypot itself.\r\nInside the index.php as \u003c?php code. This code must remain intact, anything else is completely independent and can be modified.\r\n\r\n\r\n\r\n# mod_contentrap Installation, and Running\r\n\r\n### This is a very simple Apache module implementation filter intended for a linux server with a running Apache2 server.\r\n\r\n\r\nInstalling\r\n---------\r\n- apt-get install apache2-dev\r\n- cd mod_contentrap/\r\n- make\r\n- make install\r\n\r\nRunning\r\n-------\r\n- server apache2 restart\r\n\r\nTesting\r\n-------\r\nOne can use the same python test script as before.\r\n\r\nImportant note\r\n--------------\r\nThis has currently only been tested on Amazon's Ubuntu 16.04 LTS image, but should work on many other platforms (including previous versions of linux/ubuntu).\r\n\r\n\r\nSee also\r\n--------\r\nCheck out our Mirai honeypot (MTPot):\r\n- https://github.com/Cymmetria/MTPot/\r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FCymmetria%2FStrutsHoneypot","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FCymmetria%2FStrutsHoneypot","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FCymmetria%2FStrutsHoneypot/lists"}