elastichoney
elastichoney copied to clipboard
jordan-wright
A Simple Elasticsearch Honeypot
Any chances of adding the ability to save the collected data to a MySQL database? Currently all our honeypots (Telnet, SSH, SMB, ADB, RDP) save information in such a database...
Basically it looks very simple to run, but I get an error "permission denied" `./elastichoney -h` And what does mean "URL example.com" in config.json? Did you provide any documentation?
public_ip_url points to a broken URL. http://ifconfig.co/ip is a good alternative.
Auto restart the docker container if docker service/server crashes
Many of the exploit attempts cause ES to attempt to wget a URL. This URL should be fetched, md5'ed, and ideally included in the payload for analysis. Maybe this should...
Elasticsearch recently announced a directory traversal vulnerability in numerous ES versions. I'd like to RE the patch and add a check in elastichoney.
