-
-
Notifications
You must be signed in to change notification settings - Fork 1
/
config.yaml
75 lines (71 loc) · 2.15 KB
/
config.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
honeypots:
- id: 1
name: "ExampleHoneypot1"
cve: "CVE-2021-XXXX"
application: "FakeWebApp1"
port: 8081
enabled: true
template_html_file: "index1.html"
detection_endpoint: "/fakeapp"
request_regex: ".*attack.*"
redirect_url: "https://jamesbrine.com.au/"
date_created: "2022-01-01"
date_updated: "2022-01-02"
responders:
- engine: "/usr/bin/bash"
script: "email.sh"
parameters: ["honeypots.id", "honeypots.application", "honeypot_logs.datetime", "honeypot_logs.ip_source", "honeypot_logs.log_event"]
- engine: "/usr/bin/python3"
script: "sms.py"
parameters: ["honeypots.id", "honeypots.application", "honeypot_logs.datetime", "honeypot_logs.ip_source", "honeypot_logs.log_event"]
- engine: "/usr/bin/bash"
script: "iptables_block.sh"
parameters: ["honeypot_logs.ip_source"]
- id: 2
name: "ExampleHoneypot2"
cve: "CVE-2022-YYYY"
application: "FakeWebApp2"
port: 8082
enabled: true
template_html_file: "index2.html"
detection_endpoint: "/anotherapp"
request_regex: "^/admin"
redirect_url: "test.html"
date_created: "2022-02-01"
date_updated: "2022-02-02"
- id: 3
name: "SMRS Portal"
cve: ""
application: "SMRS Portal"
port: 8003
template_html_file: "smrs.html"
detection_endpoint: "Login"
request_regex: "^.*1=1.*$"
date_created: "2024-02-17"
date_updated: "2024-02-17"
redirect_url: "https://jamesbrine.com.au"
enabled: true
- id: 4
name: "phpMyAdmin Login"
cve: ""
application: "phpMyAdmin"
port: 8444
template_html_file: "phpMyAdmin.html"
detection_endpoint: "/phpMyAdmin/login"
request_regex: "^username=.*&password=.*&$"
date_created: "2024-03-12"
date_updated: "2024-03-12"
redirect_url: "302.php"
enabled: true
- id: 5
name: "Outlook Web Application"
cve: ""
application: "OWA"
port: 8445
template_html_file: "owa.html"
detection_endpoint: "logon.aspx"
request_regex: "^username=.*&password=.*&$"
date_created: "2024-03-12"
date_updated: "2024-03-12"
redirect_url: "302.php"
enabled: true