{"id":32973695,"url":"https://github.com/jekil/UDPot","last_synced_at":"2025-11-13T17:01:01.334Z","repository":{"id":14308294,"uuid":"17017116","full_name":"jekil/UDPot","owner":"jekil","description":"Simple UDP honeypot script","archived":false,"fork":false,"pushed_at":"2023-10-31T10:58:45.000Z","size":42,"stargazers_count":48,"open_issues_count":0,"forks_count":11,"subscribers_count":8,"default_branch":"master","last_synced_at":"2025-04-10T18:49:04.794Z","etag":null,"topics":["dns","dns-honeypot","honeypot","python","sinkhole"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jekil.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2014-02-20T10:44:12.000Z","updated_at":"2024-09-21T11:44:26.000Z","dependencies_parsed_at":"2024-01-03T04:02:44.435Z","dependency_job_id":null,"html_url":"https://github.com/jekil/UDPot","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/jekil/UDPot","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jekil%2FUDPot","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jekil%2FUDPot/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jekil%2FUDPot/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jekil%2FUDPot/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jekil","download_url":"https://codeload.github.com/jekil/UDPot/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jekil%2FUDPot/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":284254164,"owners_count":26973347,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-11-13T02:00:06.582Z","response_time":61,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dns","dns-honeypot","honeypot","python","sinkhole"],"created_at":"2025-11-13T06:00:20.222Z","updated_at":"2025-11-13T17:01:01.327Z","avatar_url":"https://github.com/jekil.png","language":"Python","readme":"[![Build Status](https://travis-ci.org/jekil/UDPot.svg?branch=master)](https://travis-ci.org/jekil/UDPot)\n[![Twitter Follow](https://img.shields.io/twitter/follow/jekil.svg?style=social)](https://twitter.com/jekil)\n\n# dns.py\n\nThe idea behind this script is to provide a DNS honeypot which logs all requests to a SQLite database and with a\nconfigurable interactivity level.\n\nIt can be configured to resolve only a number of DNS requests to seems like an open resolver to an attacker, after that\nit acts as a sinkhole.\n\nFor each request coming from a source IP only a custom number of requests (default 3) are really resolved (sending back a DNS reply)\nbefore working as a sinkhole; after a configurable timeout (default 1 day), it can restart the loop.\n\n## Docker\n\nA docker image is available on [DockerHub](https://hub.docker.com/r/jekil/udpot).\nRun it with:\n\n    docker run --name udpot -p 5053:5053/udp -p 5053:5053/tcp -d jekil/udpot\n    \nIt will run UDPot on port 5053 UDP and TCP, if you want to use it on another port you can bind it with docker or redirect it with iptables (explained below).\n\n### Variables\n\n- *DNS_SERVER*: host for DNS resolution\n\n### Volumes\n\n- *data*: where SQLite database is stored\n\n## Requirements\n\nThe script is developed for Python 3 and the following libraries are required:\n\n * twisted\n * sqlalchemy\n\nYou can install them with (you need python-dev package to compile them):\n\n    pip install -r requirements.txt\n\n## Usage\n\nYou can print the option list using the help **-h** option:\n\n    $ python dns.py -h\n    usage: dns.py [-h] [-p DNS_PORT] [-c REQ_COUNT] [-t REQ_TIMEOUT] [-s] [-v]\n                    server\n\n    positional arguments:\n      server                DNS server IP address\n\n    optional arguments:\n      -h, --help            show this help message and exit\n      -p DNS_PORT, --dns-port DNS_PORT\n                            DNS honeypot port\n      -c REQ_COUNT, --req-count REQ_COUNT\n                            how many request to resolve\n      -t REQ_TIMEOUT, --req-timeout REQ_TIMEOUT\n                            timeout to re-start resolving requests\n      -s, --sql             database connection string\n      -v, --verbose         print each request\n\nYou can run the DNS honeypot with the following command, you have to add the IP of the DNS server you use to resolve\nthe first bunch of queries to seems like an open resolver (in this example we use 8.8.8.8):\n\n    $ python dns.py 8.8.8.8\n\nNow your DNS honeypot is listening on both port 5053 UDP and TCP.\nIf you want to bind it to port 53 you have to:\n\n * run it as root and use option **-p** which is really **not recommended**\n * add an iptables rule to redirect traffic from port 53 to port 5053\n\nExample iptables rules to redirect traffic:\n\n    iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 53 -j REDIRECT --to-ports 5053\n    iptables -t nat -A PREROUTING -i eth0 -p udp --dport 53 -j REDIRECT --to-ports 5053\n\nSome other arguments are optional:\n\n * **-p** is used to bind DNS honeypot service on a given port\n * **-c** how many requests should be resolved (sending a DNS reply) like a real open resolver\n * **-t** timeout to re-start resolving requests (sending a DNS reply) like a real open resolver\n * **-s** choose a SQL database (default SQLite)\n * **-v** verbose logging (prints each request)\n","funding_links":[],"categories":["\u003ca name=\"honeypots\"\u003e\u003c/a\u003e Honeypots","Honeypots"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjekil%2FUDPot","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjekil%2FUDPot","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjekil%2FUDPot/lists"}