{"id":28480456,"url":"https://github.com/alikallel/ramapot","last_synced_at":"2026-05-06T08:36:37.012Z","repository":{"id":297533195,"uuid":"997089281","full_name":"alikallel/RAMAPOT","owner":"alikallel","description":"Multi-honeypot deployment platform with centralized logging - Deploy Cowrie SSH, Elasticpot, and Redis honeypots on Kubernetes with Elastic Stack monitoring","archived":false,"fork":false,"pushed_at":"2025-06-06T00:52:47.000Z","size":1084,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-06-06T01:24:07.583Z","etag":null,"topics":["cowrie","cybersecurity","docker","elasticpot","elasticsearch","elasticstack","honeypot","k3s","kibana","kubernetes","monitoring","redishoneypot","threat-detection"],"latest_commit_sha":null,"homepage":"","language":"Dockerfile","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/alikallel.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-06-06T00:06:46.000Z","updated_at":"2025-06-06T00:52:49.000Z","dependencies_parsed_at":"2025-06-06T19:47:21.946Z","dependency_job_id":null,"html_url":"https://github.com/alikallel/RAMAPOT","commit_stats":null,"previous_names":["alikallel/ramapot"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/alikallel/RAMAPOT","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alikallel%2FRAMAPOT","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alikallel%2FRAMAPOT/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alikallel%2FRAMAPOT/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alikallel%2FRAMAPOT/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/alikallel","download_url":"https://codeload.github.com/alikallel/RAMAPOT/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alikallel%2FRAMAPOT/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":263388667,"owners_count":23459247,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cowrie","cybersecurity","docker","elasticpot","elasticsearch","elasticstack","honeypot","k3s","kibana","kubernetes","monitoring","redishoneypot","threat-detection"],"created_at":"2025-06-07T19:06:31.260Z","updated_at":"2026-05-06T08:36:37.007Z","avatar_url":"https://github.com/alikallel.png","language":"Dockerfile","funding_links":[],"categories":[],"sub_categories":[],"readme":"# RAMAPOT \n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"images/logo.png\" alt=\"Project Logo\" width=\"300\" style=\"border-radius: 10%;\"\u003e\n\u003c/p\u003e\n\n**Multi-Honeypot Deployment with Centralized Logging on Kubernetes**\n\nRAMAPOT is a honeypot deployment solution that orchestrates multiple honeypots (Cowrie SSH, Elasticpot, and Redis) with centralized logging using the Elastic Stack on a k3d Kubernetes cluster.\n\n## Features\n\n- **Multi-Honeypot Architecture**: Deploy SSH, Elasticsearch, and Redis honeypots simultaneously\n- **Centralized Logging**: Unified log collection and analysis with Elasticsearch and Kibana\n- **Kubernetes**: Containerized deployment with k3d\n- **Real-time Monitoring**: Live dashboards and alerting capabilities\n- **Scalable Design**: Easy to extend with additional honeypots\n\n## Prerequisites\n\nBefore starting, ensure you have the following tools installed:\n\n- Docker\n- k3d\n- kubectl\n- Helm\n- curl (for testing Elasticpot)\n- redis-cli or any Redis client (for testing Redis honeypot)\n\n## Installation\n\n### Step 1: Build Docker Images\n\n#### Build Elasticpot Image\n```bash\ncd elasticpot\ndocker build -t elasticpot .\n```\n\n#### Build Redis Honeypot Image\n```bash\ncd redis-honeypot\ndocker build -t redishoneypot .\n```\n\n### Step 2: Create k3d Cluster\n\nCreate a k3d cluster with proper port forwarding:\n\n```bash\nk3d cluster create mycluster \\\n  -p \"30022:30022@server:0\" \\\n  -p \"6379:6379@server:0\" \\\n  -p \"9200:9200@server:0\" \\\n  -p \"5601:5601@server:0\" \\\n  --agents 2\n```\n\n**Port Mapping:**\n- `30022` → Cowrie SSH service\n- `9200` → Elasticpot HTTP service  \n- `6379` → Redis honeypot\n- `5601` → Kibana dashboard\n\n### Step 3: Import Docker Images\n\n```bash\nk3d image import elasticpot -c mycluster\nk3d image import redishoneypot -c mycluster\n```\n\n### Step 4: Create Namespace\n\n```bash\nkubectl create namespace honeypot\n```\n\n## Deployment\n\n### Deploy Cowrie Components\n\n```bash\nkubectl apply -f cowrie-pvc.yaml -n honeypot\nkubectl apply -f cowrie-configmap.yaml -n honeypot\nkubectl apply -f cowrie-deployment.yaml -n honeypot\nkubectl apply -f cowrie-service.yaml -n honeypot\n```\n\n### Deploy Elasticpot Components\n\n```bash\nkubectl apply -f elasticpot-pvc.yaml -n honeypot\nkubectl apply -f elasticpot-configmap.yaml -n honeypot\nkubectl apply -f elasticpot-deployment.yaml -n honeypot\nkubectl apply -f elasticpot-service.yaml -n honeypot\n```\n\n### Deploy Redis Honeypot Components\n\n```bash\nkubectl apply -f redishoneypot-pvc.yaml -n honeypot\nkubectl apply -f redishoneypot-deployment.yaml -n honeypot\nkubectl apply -f redishoneypot-service.yaml -n honeypot\n```\n\n## Elastic Stack Setup\n\n### Install Elasticsearch\n\n```bash\nhelm repo add elastic https://helm.elastic.co\nhelm repo update\nhelm install elasticsearch elastic/elasticsearch -n honeypot\n```\n\n**Wait for Elasticsearch to be ready:**\n```bash\nkubectl get pods -n honeypot -w\n```\n\n**Retrieve Elasticsearch Password:**\n```bash\nkubectl get secrets --namespace=honeypot elasticsearch-master-credentials -ojsonpath='{.data.password}' | base64 -d\n```\n\n\u003e ⚠️ **Important**: Update the retrieved password in all Filebeat configuration files.\n\n### Install Kibana\n\n```bash\nhelm install kibana elastic/kibana -n honeypot -f kibana-values.yaml\n```\n\n**Wait for Kibana to be ready:**\n```bash\nkubectl get pods -n honeypot -w\n```\n\n### Deploy Filebeat Instances\n\n#### Filebeat for Cowrie\n```bash\nkubectl apply -f filebeat-cowrie-configmap.yaml -n honeypot\nkubectl apply -f filebeat-cowrie-deployment.yaml -n honeypot\n```\n\n#### Filebeat for Elasticpot\n```bash\nkubectl apply -f filebeat-elasticpot-configmap.yaml -n honeypot\nkubectl apply -f filebeat-elasticpot-deployment.yaml -n honeypot\n```\n\n#### Filebeat for Redis\n```bash\nkubectl apply -f filebeat-redis-configmap.yaml -n honeypot\nkubectl apply -f filebeat-redis-deployment.yaml -n honeypot\n```\n\n## Verification\n\n### Check All Pods Status\n\n```bash\nkubectl get pods -n honeypot\n```\n\nAll pods should be in `Running` state.\n\n## Testing Honeypots\n\n### Test Cowrie (SSH Honeypot)\n\n```bash\nssh -p 30022 root@localhost\n```\n\n### Test Elasticpot (Elasticsearch Honeypot)\n\n```bash\ncurl -XGET http://localhost:9200/\ncurl -XGET http://localhost:9200/_cluster/health\n```\n\n### Test Redis Honeypot\n\n```bash\nredis-cli -h 127.0.0.1 -p 6379\n# Try commands: INFO, GET test, SET test value, FLUSHALL, etc.\n```\n\n## Kibana Configuration\n\n### Access Kibana Dashboard\n\nNavigate to: `http://localhost:5601`\n\n**Login Credentials:**\n- **Username**: `elastic`\n- **Password**: (use the password retrieved in Elastic Stack Setup)\n\n### Configure Data Views\n\n1. Go to **Stack Management** → **Data Views**\n2. Click **Create data view**\n3. Create the following data views:\n\n#### Cowrie Logs\n- **Index pattern**: `honeypot-cowrie-*`\n- **Time field**: `@timestamp`\n\n#### Elasticpot Logs\n- **Index pattern**: `honeypot-elasticpot-*`\n- **Time field**: `@timestamp`\n\n#### Redis Logs\n- **Index pattern**: `honeypot-redis-*`\n- **Time field**: `@timestamp`\n- **Filter**: `event.dataset: \"redis.honeypot\"`\n\n### Create Dashboards\n\nBuild visualizations for comprehensive monitoring:\n\n- **Time-based Charts**: Line charts and bar charts for temporal analysis\n- **Data Tables**: Top IPs, usernames, and executed commands\n- **Pie Charts**: Success/failure ratios and attack distribution\n- **Metrics**: Total events count and connection statistics\n\n![Dashboard](images/cowrie_dashboard.png)\n\n## Security Monitoring\n\n### Create Detection Rules\n\n1. Go to **Security** → **Manage** → **Rules**\n2. Click **Create rule**\n3. Configure detection rules based on security requirements\n\n#### Example Alert Types:\n\n- **Brute Force Detection**: Multiple failed authentication attempts\n- **Successful Honeypot Logins**: Legitimate access to honeypots\n\nView generated alerts in **Security** → **Alerts**\n\n![Alerts](images/cowrie_alerts.png)\n\n## Troubleshooting\n\n### Check Pod Status\n\n```bash\nkubectl get pods -n honeypot\nkubectl describe pod \u003cpod-name\u003e -n honeypot\nkubectl logs \u003cpod-name\u003e -n honeypot\n```\n\n### Check Services\n\n```bash\nkubectl get services -n honeypot\n```\n\n### Common Issues\n\n- **Pod Not Starting**: Check resource limits and image availability\n- **Connection Refused**: Verify port forwarding and service configuration\n- **Log Ingestion Issues**: Ensure Filebeat configuration matches Elasticsearch credentials\n\n## Cleanup\n\nTo remove the entire RAMAPOT deployment:\n\n```bash\nk3d cluster delete mycluster\n```\n\n\n## Contributing\n\nContributions are welcome! Please feel free to submit pull requests or open issues for bugs and feature requests.\nFeel free to fork this repository and adapt it to your specific needs.\n\n## License\n\nThis project is licensed under the MIT License - see the LICENSE file for details.\n\n---\n\n**RAMAPOT** - Comprehensive Honeypot Deployment Solution","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falikallel%2Framapot","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Falikallel%2Framapot","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falikallel%2Framapot/lists"}