Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/nsmfoo/dicompot

DICOM Honeypot
https://github.com/nsmfoo/dicompot

deception dicom docker go honeypot medical medical-imaging

Last synced: 6 days ago
JSON representation

DICOM Honeypot

Host: GitHub
URL: https://github.com/nsmfoo/dicompot
Owner: nsmfoo
License: apache-2.0
Created: 2020-06-07T18:27:17.000Z (over 4 years ago)
Default Branch: master
Last Pushed: 2023-09-22T20:44:10.000Z (about 1 year ago)
Last Synced: 2024-08-02T07:12:31.213Z (3 months ago)
Topics: deception, dicom, docker, go, honeypot, medical, medical-imaging
Language: Go
Homepage:
Size: 121 KB
Stars: 22
Watchers: 5
Forks: 8
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-honeypots - dicompot - DICOM Honeypot. (Honeypots)
fucking-awesome-honeypots - dicompot - DICOM Honeypot. (Honeypots)

README

# Dicompot - A Digital Imaging and Communications in Medicine (DICOM) Honeypot

# Credit where credit is due

This project is built up on the great work done by GRAIL (https://github.com/grailbio/go-netdicom)

# About

- Dicompot is a fully functional DICOM server with a twist.
- Please note: C-STORE attempts are blocked for your "protection", but logged.

# Install
(Ubuntu 22.04 LTS)

- sudo apt install golang
- git clone https://github.com/nsmfoo/dicompot.git
- cd dicompot
- go install server/dicompot.go

(macos 13.5+)
- brew install golang
- git clone https://github.com/nsmfoo/dicompot.git
- cd dicompot
- go install server/dicompot.go

# Run

- cd $HOME/go/bin
- ./dicompot
- ./dicompot -help, for the different options that is available
- The server will log to the console and also to a file called dicompot.log (JSON)
- Works well with screen, if you like to run it in the background

# Test

- findscu -P -k PatientName="*" IP PORT
- getscu -P -k PatientName="*" IP PORT

Both commands are part of the DICOM Toolkit - DCMTK

- Also tested with Horos (https://horosproject.org/)

# Docker
## Build a Dicompot Docker Image from this repository
1. `git clone https://github.com/nsmfoo/dicompot.git`

2. `cd dicompot`

3. `docker build -t dicompot:latest .`

## Run the container
`docker run --rm --read-only --net="host" --name="dicompot" --detach --tty --interactive --publish=11112:11112 dicompot:latest`
### Docker Engine command-line arguments explained
* `--rm`: remove container after it stops
* `--read-only`: mount container as read-only
* `--net="host"`: set container network as `host`
* `--name="dicompot"`: set container name as `dicompot`
* `--detach`: run in the background *hint: use `docker attach dicompot` to re-attach STDIN/STDOUT back to the container*
* `--tty`: allocate a pseudo-tty for the container
* `--interactive`: make the container interactive

## View logs
* `docker logs dicompot`

# Known Issues

If the server instance, terminates with the message: "signal: killed", try increasing the amount of avalible memory and try again.
(dmesg, should give you more information)

# ToDo

- ~~Enforce AET (So people can brute force away)~~
- Auto generate meta data in DICOM files (for use in dicompot)
- Block certain IP's (Geo based, amount of connections etc)
- Code cleanup

# Note

I'm in no way a DICOM expert. If you find something strange... it probably is. This is also the first GO code I ever touched, so in the same way, if something looks strange it probably is. That being said any help and/or suggestions are more than welcome.