=61.2",
-]
-build-backend = "setuptools.build_meta"
-
-[project]
-name = "honeypots"
-version = "0.65"
-authors = [
- { name = "QeeqBox", email = "gigaqeeq@gmail.com" },
-]
-description = "30 different honeypots in one package! (dhcp, dns, elastic, ftp, http proxy, https proxy, http, https, imap, ipp, irc, ldap, memcache, mssql, mysql, ntp, oracle, pjl, pop3, postgres, rdp, redis, sip, smb, smtp, snmp, socks5, ssh, telnet, vnc)"
-readme = "README.rst"
-requires-python = ">=3.8"
-dependencies = [
- "twisted",
- "psutil",
- "psycopg2-binary",
- "pycryptodome",
- "requests",
- "requests[socks]",
- "impacket",
- "paramiko",
- "scapy",
- "service_identity",
- "netifaces",
-]
-license = {text = "AGPL-3.0"}
-
-[project.urls]
-Homepage = "https://github.com/qeeqbox/honeypots"
-
-[project.optional-dependencies]
-dev = [
- "dnspython==2.4.2",
- "elasticsearch",
- "ldap3",
- "mysql-connector",
- "pre-commit",
- "pymssql",
- "pysnmplib",
- "pytest",
- "redis",
- "redis",
- "vncdotool",
-]
-
-[project.scripts]
-honeypots = "honeypots.__main__:main_logic"
-
-[tool.setuptools]
-packages = [
- "honeypots",
- "honeypots.data",
-]
-include-package-data = true
-
-[tool.setuptools.package-data]
-"honeypots.data" = [
- "*.html",
-]
-
-[tool.ruff]
-select = [
- "F",
- "E",
- "W",
- "C90",
- "N",
- "UP",
- "B",
- "A",
- "C4",
- "EXE",
- "FA",
- "ISC",
- "PIE",
- "T20",
- "PT",
- "Q",
- "RET",
- "SIM",
- "TCH",
- "ARG",
- "PTH",
- "ERA",
- "PL",
- "PLR",
- "PLW",
- "PERF",
- "RUF",
-]
-ignore = [
- "A003",
- "PERF203",
- "PERF401",
- "RUF001",
- "RUF002",
- "RUF003",
- "RUF015",
- # pydantic only supports these from python>=3.9
- "UP006",
- "UP007",
- # rules may cause conflicts when used with the formatter
- "ISC001",
- "Q001",
-]
-fixable = [
- "F",
- "E",
- "W",
- "C90",
- "N",
- "UP",
- "B",
- "A",
- "C4",
- "EXE",
- "FA",
- "ISC",
- "PIE",
- "T20",
- "PT",
- "Q",
- "RET",
- "SIM",
- "TCH",
- "ARG",
- "PTH",
- "ERA",
- "PL",
- "PLR",
- "PLW",
- "PERF",
- "RUF",
-]
-exclude = [
- ".git",
- ".ruff_cache",
- ".venv",
- "venv",
- "data",
-]
-line-length = 99
-target-version = "py38"
-
-[tool.ruff.lint.per-file-ignores]
-# don't check for "magic value" in tests
-"tests/*" = ["PLR2004"]
diff --git a/docker/honeypots/dist/setup.py b/docker/honeypots/dist/setup.py
deleted file mode 100644
index d63ab76b2..000000000
--- a/docker/honeypots/dist/setup.py
+++ /dev/null
@@ -1,39 +0,0 @@
-from setuptools import setup
-
-with open("README.rst", "r") as f:
- long_description = f.read()
-
-setup(
- name='honeypots',
- author='QeeqBox',
- author_email='gigaqeeq@gmail.com',
- description=r"23 different honeypots in a single pypi package! (dns, ftp, httpproxy, http, https, imap, mysql, pop3, postgres, redis, smb, smtp, socks5, ssh, telnet, vnc, mssql, elastic, ldap, ntp, memcache, snmp, oracle, sip and irc) ",
- long_description=long_description,
- version='0.51',
- license="AGPL-3.0",
- license_files=('LICENSE'),
- url="https://github.com/qeeqbox/honeypots",
- packages=['honeypots'],
- entry_points={
- "console_scripts": [
- 'honeypots=honeypots.__main__:main_logic'
- ]
- },
- include_package_data=True,
- install_requires=[
- 'pycrypto',
- 'scapy',
- 'twisted',
- 'psutil',
- 'psycopg2-binary',
- 'requests',
- 'impacket',
- 'paramiko',
- 'service_identity',
- 'netifaces'
- ],
- extras_require={
- 'test': ['redis', 'mysql-connector', 'elasticsearch', 'pymssql', 'ldap3', 'pysnmp']
- },
- python_requires='>=3.5'
-)
diff --git a/docker/honeypots/docker-compose.yml b/docker/honeypots/docker-compose.yml
index 4ddba4eed..f860f4555 100644
--- a/docker/honeypots/docker-compose.yml
+++ b/docker/honeypots/docker-compose.yml
@@ -22,6 +22,7 @@ services:
- "23:23"
- "25:25"
- "53:53/udp"
+ - "67:67/udp"
- "80:80"
- "110:110"
- "123:123"
diff --git a/docker/honeytrap/Dockerfile b/docker/honeytrap/Dockerfile
index 05f962188..94e007ebc 100644
--- a/docker/honeytrap/Dockerfile
+++ b/docker/honeytrap/Dockerfile
@@ -1,12 +1,12 @@
-FROM ubuntu:22.04
+FROM ubuntu:24.10
ENV DEBIAN_FRONTEND noninteractive
#
# Include dist
COPY dist/ /root/dist/
#
-# Setup apt
+# Install packages
RUN apt-get update && \
- apt-get update -y && \
+ apt-get -y upgrade && \
#
# Install packages
apt-get install -y autoconf \
@@ -26,10 +26,9 @@ RUN apt-get update && \
wget && \
#
# Install honeytrap from source
-# git clone https://github.com/armedpot/honeytrap /root/honeytrap && \
git clone https://github.com/t3chn0m4g3/honeytrap /root/honeytrap && \
cd /root/honeytrap/ && \
-# git checkout 9aa4f734f2ea2f0da790b02d79afe18204a23982 && \
+ git checkout 9b63a5452ed3d5004ca714a7965218c25226a504 && \
autoreconf -vfi && \
./configure \
--with-stream-mon=nfq \
@@ -55,7 +54,12 @@ RUN apt-get update && \
libnetfilter-queue-dev \
libpq-dev && \
apt-get autoremove -y --purge && \
- apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /root/.cache /root/* /opt/honeytrap/.git
+ apt-get clean && \
+ rm -rf /var/lib/apt/lists/* \
+ /tmp/* /var/tmp/* \
+ /root/.cache \
+ /root/* \
+ /opt/honeytrap/.git
#
# Start honeytrap
USER honeytrap:honeytrap
diff --git a/docker/honeytrap/docker-compose.yml b/docker/honeytrap/docker-compose.yml
index cc2cc6191..5f1958d91 100644
--- a/docker/honeytrap/docker-compose.yml
+++ b/docker/honeytrap/docker-compose.yml
@@ -15,6 +15,6 @@ services:
image: "dtagdevsec/honeytrap:24.04"
read_only: true
volumes:
- - /data/honeytrap/attacks:/opt/honeytrap/var/attacks
- - /data/honeytrap/downloads:/opt/honeytrap/var/downloads
- - /data/honeytrap/log:/opt/honeytrap/var/log
+ - $HOME/tpotce/data/honeytrap/attacks:/opt/honeytrap/var/attacks
+ - $HOME/tpotce/data/honeytrap/downloads:/opt/honeytrap/var/downloads
+ - $HOME/tpotce/data/honeytrap/log:/opt/honeytrap/var/log
diff --git a/docker/ipphoney/Dockerfile b/docker/ipphoney/Dockerfile
index fe315a476..8d88ab402 100644
--- a/docker/ipphoney/Dockerfile
+++ b/docker/ipphoney/Dockerfile
@@ -1,10 +1,11 @@
-FROM alpine:3.19
+FROM alpine:3.20 AS builder
#
# Include dist
COPY dist/ /root/dist/
#
# Install packages
-RUN apk -U --no-cache add \
+RUN apk --no-cache -U upgrade && \
+ apk --no-cache -U add \
build-base \
ca-certificates \
git \
@@ -27,6 +28,7 @@ RUN apk -U --no-cache add \
py3-service_identity \
py3-setuptools \
py3-twisted \
+ py3-tz \
py3-wheel \
python3 \
python3-dev && \
@@ -34,27 +36,23 @@ RUN apk -U --no-cache add \
cd /opt/ && \
git clone https://gitlab.com/bontchev/ipphoney.git/ && \
cd ipphoney && \
- git checkout 7ab1cac437baba17cb2cd25d5bb1400327e1bb79 && \
- cp /root/dist/requirements.txt . && \
- pip3 install --break-system-packages -r requirements.txt && \
- setcap cap_net_bind_service=+ep $(readlink -f $(type -P python3)) && \
+ git checkout 9da0a9e7f9d839e4522f56b3bb2b790d87d65457 && \
+ cp /root/dist/requirements.txt .
+WORKDIR /opt/ipphoney
+RUN pip3 install --break-system-packages pyinstaller
+RUN pip3 install --break-system-packages -r requirements.txt
+RUN pyinstaller ipphoney.py \
+ --hidden-import output_plugins \
+ --hidden-import output_plugins.jsonlog
#
-# Setup user, groups and configs
- addgroup -g 2000 ipphoney && \
- adduser -S -H -s /bin/ash -u 2000 -D -g 2000 ipphoney && \
- mv /root/dist/honeypot.cfg /opt/ipphoney/etc/ && \
-#
-# Clean up
- apk del --purge build-base \
- git \
- libffi-dev \
- openssl-dev \
- postgresql-dev \
- python3-dev && \
- rm -rf /root/* /var/cache/apk/* /opt/ipphoney/.git
+FROM alpine:3.20
+RUN apk --no-cache -U upgrade
+COPY --from=builder /opt/ipphoney/dist/ /opt/
+COPY --from=builder /opt/ipphoney/responses/ /opt/ipphoney/responses/
+COPY dist/honeypot.cfg /opt/ipphoney/etc/
#
# Start ipphoney
STOPSIGNAL SIGINT
-USER ipphoney:ipphoney
+USER 2000:2000
WORKDIR /opt/ipphoney/
-CMD ["/usr/bin/python3","ipphoney.py"]
+CMD ["./ipphoney"]
diff --git a/docker/log4pot/Dockerfile b/docker/log4pot/Dockerfile
index 0e8880fad..56a9c6c2e 100644
--- a/docker/log4pot/Dockerfile
+++ b/docker/log4pot/Dockerfile
@@ -1,8 +1,9 @@
-FROM ubuntu:22.04
+FROM ubuntu:24.04
ENV DEBIAN_FRONTEND noninteractive
#
# Install packages
RUN apt-get update -y && \
+ apt-get upgrade -y && \
apt-get install -y \
build-essential \
cargo \
@@ -10,27 +11,27 @@ RUN apt-get update -y && \
git \
libcap2 \
libcap2-bin \
- libcurl4 \
- libcurl4-nss-dev \
- libffi7 \
+ libcurl4t64 \
+ libcurl4-gnutls-dev \
+ libffi8 \
libffi-dev \
libssl-dev \
python3-pip \
python3 \
python3-dev \
rust-all && \
- pip3 install --upgrade pip && \
- pip3 install poetry pycurl && \
+ pip3 install --no-cache-dir --break-system-packages \
+ poetry \
+ pycurl && \
#
# Install log4pot from GitHub and setup
mkdir -p /opt /var/log/log4pot && \
cd /opt/ && \
git clone https://github.com/thomaspatzke/Log4Pot && \
cd Log4Pot && \
- # git checkout fac539f470217347e51127c635f16749a887c0ac && \
- git checkout e224c0f786efb68b4aab892e69857e379b75b0c6 && \
+ git checkout 5002b1fe0f82359ef32dbc3a899e8a701dc3256e && \
sed -i 's#"type": logtype,#"reason": logtype,#g' log4pot-server.py && \
- poetry install && \
+ poetry --no-cache install && \
setcap cap_net_bind_service=+ep $(readlink -f $(which python3)) && \
#
# Setup user, groups and configs
@@ -42,12 +43,19 @@ RUN apt-get update -y && \
apt-get purge -y build-essential \
cargo \
git \
+ libcurl4-gnutls-dev \
libffi-dev \
libssl-dev \
python3-dev \
+ python3-pip \
rust-all && \
- apt-get autoremove -y --purge && \
- apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /root/.cache /opt/Log4Pot/.git
+ apt-get autoremove -y --purge && \
+ apt-get clean && \
+ rm -rf /var/lib/apt/lists/* \
+ /tmp/* \
+ /var/tmp/* \
+ /root/.cache \
+ /opt/Log4Pot/.git
#
# Start log4pot
STOPSIGNAL SIGINT
diff --git a/docker/mailoney/Dockerfile b/docker/mailoney/Dockerfile
index 2f31ba8e1..d6e5fd6d3 100644
--- a/docker/mailoney/Dockerfile
+++ b/docker/mailoney/Dockerfile
@@ -1,16 +1,17 @@
+# For Mailoney to work we need to keep Alpine 3.19 for now
FROM alpine:3.19
#
# Install packages
-RUN apk -U --no-cache add \
+RUN apk --no-cache -U upgrade && \
+ apk --no-cache -U add \
git \
libcap \
- py3-pip \
python3 && \
#
# Install mailoney from git
git clone https://github.com/t3chn0m4g3/mailoney /opt/mailoney && \
cd /opt/mailoney && \
- pip3 install --break-system-packages -r requirements.txt && \
+ git checkout 06e54bd410e0044d26d8462321f1b2811318db0b && \
#
# Setup user, groups and configs
addgroup -g 2000 mailoney && \
@@ -26,4 +27,4 @@ RUN apk -U --no-cache add \
STOPSIGNAL SIGINT
USER mailoney:mailoney
WORKDIR /opt/mailoney/
-CMD ["/usr/bin/python","mailoney.py","-i","0.0.0.0","-p","25","-s","mailrelay.local","-t","schizo_open_relay"]
+CMD ["/usr/bin/python","mailoney.py","-i","0.0.0.0","-p","25","-t","schizo_open_relay"]
\ No newline at end of file
diff --git a/docker/mailoney/docker-compose.yml b/docker/mailoney/docker-compose.yml
index 450ba5e73..51b0462db 100644
--- a/docker/mailoney/docker-compose.yml
+++ b/docker/mailoney/docker-compose.yml
@@ -7,13 +7,9 @@ services:
mailoney:
build: .
container_name: mailoney
+ stdin_open: true
+ tty: true
restart: always
- environment:
- - HPFEEDS_SERVER=
- - HPFEEDS_IDENT=user
- - HPFEEDS_SECRET=pass
- - HPFEEDS_PORT=20000
- - HPFEEDS_CHANNELPREFIX=prefix
# cpu_count: 1
# cpus: 0.25
networks:
diff --git a/docker/medpot/Dockerfile b/docker/medpot/Dockerfile
index 8c7086f7d..5e9dfe9c8 100644
--- a/docker/medpot/Dockerfile
+++ b/docker/medpot/Dockerfile
@@ -1,44 +1,36 @@
-FROM golang:1.21-alpine as builder
+FROM golang:1.23-alpine AS builder
#
-# Setup apk
-RUN apk -U --no-cache add \
- build-base \
- git \
- go \
- g++ && \
+ENV GO111MODULE=on \
+ CGO_ENABLED=0 \
+ GOOS=linux
+#
+# Install packages
+RUN apk --no-cache -U upgrade && \
+ apk --no-cache -U add \
+ build-base \
+ git \
+ g++
#
# Setup go, build medpot
- export GOPATH=/opt/go/ && \
- export GO111MODULE=off && \
- mkdir -p /opt/go/src && \
- cd /opt/go/src && \
- git clone https://github.com/schmalle/medpot && \
- cd medpot && \
+RUN mkdir -p /usr/local/go/src/medpot && \
+ git clone https://github.com/schmalle/medpot /usr/local/go/src/medpot && \
+ cd /usr/local/go/src/medpot && \
git checkout 75a2e6134cf926c35b6017d62542274434c87388 && \
- cd .. && \
- go get -d -v github.com/davecgh/go-spew/spew && \
- go get -d -v github.com/go-ini/ini && \
- go get -d -v github.com/mozillazg/request && \
- go get -d -v go.uber.org/zap && \
- cd medpot && \
+ go mod init github.com/schmalle/medpot && \
+ go mod tidy && \
+ go mod download && \
cp dist/etc/ews.cfg /etc/ && \
go build medpot
#
-FROM alpine:3.19
+FROM scratch
#
# Setup medpot
#
-COPY --from=builder /opt/go/src/medpot/medpot /opt/medpot/medpot
-COPY --from=builder /opt/go/src/medpot/template/*.xml /opt/medpot/
-COPY --from=builder /opt/go/src/medpot/dist/etc/ews.cfg /etc/ews.cfg
-RUN mkdir -p /var/log/medpot && \
-#
-# Setup user, groups and configs
- addgroup -g 2000 medpot && \
- adduser -S -s /bin/ash -u 2000 -D -g 2000 medpot && \
- chown -R medpot:medpot /var/log/medpot
+COPY --from=builder /usr/local/go/src/medpot/medpot /opt/medpot/medpot
+COPY --from=builder /usr/local/go/src/medpot/template/*.xml /opt/medpot/
+COPY --from=builder /usr/local/go/src/medpot/dist/etc/ews.cfg /etc/ews.cfg
#
# Start medpot
WORKDIR /opt/medpot
-USER medpot:medpot
+USER 2000:2000
CMD ["./medpot"]
diff --git a/docker/miniprint/Dockerfile b/docker/miniprint/Dockerfile
new file mode 100644
index 000000000..5e0ed7023
--- /dev/null
+++ b/docker/miniprint/Dockerfile
@@ -0,0 +1,31 @@
+FROM alpine:3.20 AS builder
+#
+# Install packages
+RUN apk --no-cache -U upgrade && \
+ apk --no-cache -U add \
+ build-base \
+ git \
+ python3 \
+ py3-pip
+#
+RUN mkdir -p /opt && \
+ cd /opt/ && \
+ git clone https://github.com/t3chn0m4g3/miniprint
+WORKDIR /opt/miniprint
+RUN pip3 install --break-system-packages pyinstaller
+RUN pip3 install --break-system-packages -r requirements.txt
+RUN pyinstaller server.py \
+ --add-data "./fake-files:./fake-files" \
+ --add-data "./uploads:./uploads"
+#
+FROM alpine:3.20
+RUN apk --no-cache -U upgrade
+COPY --from=builder /opt/miniprint/dist/* /opt/miniprint/
+COPY --from=builder /opt/miniprint/fake-files/ /opt/miniprint/fake-files/
+COPY --from=builder /opt/miniprint/uploads/ /opt/miniprint/uploads/
+#
+# Start miniprint
+STOPSIGNAL SIGINT
+USER 2000:2000
+WORKDIR /opt/miniprint/
+CMD ["./server", "--bind", "0.0.0.0", "--log-file", "/opt/miniprint/log/miniprint.json"]
diff --git a/docker/miniprint/docker-compose.yml b/docker/miniprint/docker-compose.yml
new file mode 100644
index 000000000..0a762c359
--- /dev/null
+++ b/docker/miniprint/docker-compose.yml
@@ -0,0 +1,21 @@
+networks:
+ miniprint_local:
+
+services:
+
+# Miniprint service
+ miniprint:
+ build: .
+ container_name: miniprint
+ restart: always
+# cpu_count: 1
+# cpus: 0.25
+ networks:
+ - miniprint_local
+ ports:
+ - "9100:9100"
+ image: dtagdevsec/miniprint:24.04
+ read_only: true
+ volumes:
+ - $HOME/tpotce/data/miniprint/log/:/opt/miniprint/log/
+ - $HOME/tpotce/data/miniprint/uploads/:/opt/miniprint/uploads/
diff --git a/docker/nginx/Dockerfile b/docker/nginx/Dockerfile
index 6b8b6ce1c..4fcfd1f56 100644
--- a/docker/nginx/Dockerfile
+++ b/docker/nginx/Dockerfile
@@ -1,10 +1,11 @@
-FROM alpine:3.19
+FROM alpine:3.20
#
# Include dist
COPY dist/ /root/dist/
#
-# Get and install dependencies & packages
-RUN apk -U --no-cache add \
+# Install packages
+RUN apk --no-cache -U upgrade && \
+ apk --no-cache -U add \
nginx \
nginx-mod-http-brotli \
nginx-mod-http-headers-more \
@@ -32,8 +33,8 @@ RUN apk -U --no-cache add \
cp /root/dist/conf/lsweb.conf /etc/nginx/conf.d/ && \
#
# Clean up
- rm -rf /root/* && \
- rm -rf /var/cache/apk/*
+ rm -rf /root/* \
+ /var/cache/apk/*
#
# Start nginx
-CMD nginx -g 'daemon off;'
+CMD ["nginx", "-g", "daemon off;"]
diff --git a/docker/nginx/builder/cyberchef/Dockerfile b/docker/nginx/builder/cyberchef/Dockerfile
index bcf49d8e6..142dbd9b1 100644
--- a/docker/nginx/builder/cyberchef/Dockerfile
+++ b/docker/nginx/builder/cyberchef/Dockerfile
@@ -2,7 +2,7 @@
FROM node:18-alpine as builder
#
# Prep and build Cyberchef
-ENV CY_VER=v10.8.2
+ENV CY_VER=v10.19.4
RUN apk -U --no-cache add build-base git python3 && \
chown -R node:node /srv && \
npm install -g grunt-cli
diff --git a/docker/nginx/builder/esvue/Dockerfile b/docker/nginx/builder/esvue/Dockerfile
index 589a7d1ea..c62dfdc08 100644
--- a/docker/nginx/builder/esvue/Dockerfile
+++ b/docker/nginx/builder/esvue/Dockerfile
@@ -4,8 +4,7 @@ FROM node:20-alpine AS builder
#
# Prep and build Elasticvue
RUN apk -U --no-cache add git && \
- # git clone https://github.com/cars10/elasticvue -b v1.0.4 /opt/src && \
- git clone https://github.com/t3chn0m4g3/elasticvue /opt/src && \
+ git clone https://github.com/cars10/elasticvue -b v1.1.0 /opt/src && \
# We need to adjust consts.ts so the user has connection suggestion for reverse proxied ES
sed -i "s#export const DEFAULT_CLUSTER_URI = 'http://localhost:9200'#export const DEFAULT_CLUSTER_URI = window.location.origin + '/es'#g" /opt/src/src/consts.ts && \
sed -i 's#href="/images/logo/favicon.ico"#href="images/logo/favicon.ico"#g' /opt/src/index.html && \
diff --git a/docker/nginx/dist/conf/lsweb.conf b/docker/nginx/dist/conf/lsweb.conf
index 872774b85..8ae24bed5 100644
--- a/docker/nginx/dist/conf/lsweb.conf
+++ b/docker/nginx/dist/conf/lsweb.conf
@@ -7,7 +7,8 @@ server {
#########################
### Basic server settings
#########################
- listen 64294 ssl http2;
+ listen 64294 ssl;
+ http2 on;
index index.html;
ssl_protocols TLSv1.3;
server_name example.com;
@@ -100,7 +101,7 @@ server {
if tpot_ostype == "mac" or tpot_ostype == "win" then
return "http://logstash:64305";
else
- return "http://127.0.0.1:64305";
+ return "http://logstash:64305";
end
}
access_log off;
diff --git a/docker/nginx/dist/conf/tpotweb.conf b/docker/nginx/dist/conf/tpotweb.conf
index 7c8900bd3..a1e85fdc6 100644
--- a/docker/nginx/dist/conf/tpotweb.conf
+++ b/docker/nginx/dist/conf/tpotweb.conf
@@ -7,7 +7,8 @@ server {
#########################
### Basic server settings
#########################
- listen 64297 ssl http2;
+ listen 64297 ssl;
+ http2 on;
index index.html;
ssl_protocols TLSv1.3;
server_name example.com;
@@ -127,7 +128,7 @@ server {
if tpot_ostype == "mac" or tpot_ostype == "win" then
return "http://kibana:5601";
else
- return "http://127.0.0.1:64296";
+ return "http://kibana:5601";
end
}
proxy_pass $kibana;
@@ -141,7 +142,7 @@ server {
if tpot_ostype == "mac" or tpot_ostype == "win" then
return "http://elasticsearch:9200";
else
- return "http://127.0.0.1:64298";
+ return "http://elasticsearch:9200";
end
}
@@ -156,7 +157,7 @@ server {
if tpot_ostype == "mac" or tpot_ostype == "win" then
return "http://map_web:64299";
else
- return "http://127.0.0.1:64299";
+ return "http://map_web:64299";
end
}
proxy_pass $map_web;
@@ -174,7 +175,7 @@ server {
if tpot_ostype == "mac" or tpot_ostype == "win" then
return "http://map_web:64299";
else
- return "http://127.0.0.1:64299";
+ return "http://map_web:64299";
end
}
proxy_pass $map_web;
@@ -192,7 +193,7 @@ server {
if tpot_ostype == "mac" or tpot_ostype == "win" then
return "http://spiderfoot:8080";
else
- return "http://127.0.0.1:64303";
+ return "http://spiderfoot:8080";
end
}
location /spiderfoot/ {
diff --git a/docker/nginx/dist/html/cyberchef/cyberchef.tgz b/docker/nginx/dist/html/cyberchef/cyberchef.tgz
index 9e16a539f..5b6980e0f 100644
Binary files a/docker/nginx/dist/html/cyberchef/cyberchef.tgz and b/docker/nginx/dist/html/cyberchef/cyberchef.tgz differ
diff --git a/docker/nginx/dist/html/esvue/esvue.tgz b/docker/nginx/dist/html/esvue/esvue.tgz
index fd831e2aa..726d50d44 100644
Binary files a/docker/nginx/dist/html/esvue/esvue.tgz and b/docker/nginx/dist/html/esvue/esvue.tgz differ
diff --git a/docker/nginx/dist/html/index.html b/docker/nginx/dist/html/index.html
index 97fc5c1e5..ec4e6f592 100644
--- a/docker/nginx/dist/html/index.html
+++ b/docker/nginx/dist/html/index.html
@@ -138,7 +138,7 @@
diff --git a/docker/p0f/Dockerfile b/docker/p0f/Dockerfile
index 0fc649889..bb4d8bdb8 100644
--- a/docker/p0f/Dockerfile
+++ b/docker/p0f/Dockerfile
@@ -1,12 +1,11 @@
-# In case of problems Alpine 3.13 needs to be used:
-# https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.14.0#faccessat2
-FROM alpine:3.19
+FROM alpine:3.20
#
# Add source
COPY . /opt/p0f
#
# Install packages
-RUN apk -U --no-cache add \
+RUN apk --no-cache -U upgrade && \
+ apk --no-cache -U add \
bash \
build-base \
jansson \
@@ -28,8 +27,8 @@ RUN apk -U --no-cache add \
apk del --purge build-base \
jansson-dev \
libpcap-dev && \
- rm -rf /root/* && \
- rm -rf /var/cache/apk/*
+ rm -rf /root/* \
+ /var/cache/apk/*
#
# Start p0f
WORKDIR /opt/p0f
diff --git a/docker/redishoneypot/Dockerfile b/docker/redishoneypot/Dockerfile
index d04f6aa1c..0e10e0f6d 100644
--- a/docker/redishoneypot/Dockerfile
+++ b/docker/redishoneypot/Dockerfile
@@ -1,16 +1,17 @@
-FROM golang:1.21-alpine as builder
+FROM golang:1.23-alpine as builder
#
# Include dist
COPY dist/ /root/dist/
#
-# Setup apk
-RUN apk -U --no-cache add \
+# Install packages
+RUN apk --no-cache -U upgrade && \
+ apk --no-cache -U add \
build-base \
git \
go \
g++ && \
#
-# Setup go, hellpot
+# Setup go, redishoneypot
cd /root && \
export GOPATH=/opt/go/ && \
mkdir -p /opt/go && \
@@ -20,19 +21,14 @@ RUN apk -U --no-cache add \
go mod download && \
go install
#
-FROM alpine:3.19
+FROM alpine:3.20
#
# Setup redishoneypot
#
COPY --from=builder /opt/go/bin/RedisHoneyPot /opt/redishoneypot/
COPY --from=builder /root/dist/redis.conf /opt/redishoneypot/
#
-# Setup user, groups and configs
-RUN addgroup -g 2000 redishoneypot && \
- adduser -S -s /bin/ash -u 2000 -D -g 2000 redishoneypot && \
- mkdir -p /var/log/redishoneypot
-#
# Start redishoneypot
WORKDIR /opt/redishoneypot
-USER redishoneypot:redishoneypot
+USER 2000:2000
CMD ./RedisHoneyPot > /var/log/redishoneypot/redishoneypot.log 2>&1
diff --git a/docker/sentrypeer/Dockerfile b/docker/sentrypeer/Dockerfile
index 641ee7192..9356d2046 100644
--- a/docker/sentrypeer/Dockerfile
+++ b/docker/sentrypeer/Dockerfile
@@ -1,7 +1,8 @@
FROM alpine:edge
#
# Install packages
-RUN apk -U add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing \
+RUN apk -U upgrade --no-cache && \
+ apk -U add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing \
sentrypeer && \
#
# Setup user, groups and configs
@@ -11,8 +12,8 @@ RUN apk -U add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing \
chown -R sentrypeer:sentrypeer /usr/bin/sentrypeer && \
#
# Clean up
- rm -rf /root/* && \
- rm -rf /var/cache/apk/*
+ rm -rf /root/* \
+ /var/cache/apk/*
#
# Set workdir and start sentrypeer
STOPSIGNAL SIGKILL
diff --git a/docker/spiderfoot/Dockerfile b/docker/spiderfoot/Dockerfile
index c18b4ca91..2a948c39b 100644
--- a/docker/spiderfoot/Dockerfile
+++ b/docker/spiderfoot/Dockerfile
@@ -1,10 +1,11 @@
-FROM alpine:3.19
+FROM alpine:3.20
#
# Include dist
COPY dist/ /root/dist/
#
-# Get and install dependencies & packages
-RUN apk -U --no-cache add \
+# Install packages
+RUN apk --no-cache -U upgrade && \
+ apk --no-cache -U add \
build-base \
curl \
git \
@@ -62,9 +63,9 @@ RUN apk -U --no-cache add \
git clone https://github.com/smicallef/spiderfoot /home/spiderfoot && \
cd /home/spiderfoot && \
git checkout 0f815a203afebf05c98b605dba5cf0475a0ee5fd && \
- pip3 install --break-system-packages --upgrade pip && \
+ pip3 install --no-cache-dir --break-system-packages --upgrade pip && \
cp /root/dist/requirements.txt . && \
- pip3 install --break-system-packages --no-cache-dir -r requirements.txt && \
+ pip3 install --no-cache-dir --break-system-packages --no-cache-dir -r requirements.txt && \
mkdir -p /home/spiderfoot/.spiderfoot/logs && \
chown -R spiderfoot:spiderfoot /home/spiderfoot && \
sed -i "s#'root': '\/'#'root': '\/spiderfoot'#" /home/spiderfoot/sf.py && \
@@ -82,7 +83,7 @@ RUN apk -U --no-cache add \
python3-dev \
swig \
tinyxml-dev && \
- rm -rf /var/cache/apk/* /home/spiderfoot/.git
+ rm -rf /var/cache/apk/* /home/spiderfoot/.git
#
# Healthcheck
HEALTHCHECK --retries=10 CMD curl -s -XGET 'http://127.0.0.1:8080/spiderfoot/'
diff --git a/docker/suricata/Dockerfile b/docker/suricata/Dockerfile
index cd5454fec..cfed4cd53 100644
--- a/docker/suricata/Dockerfile
+++ b/docker/suricata/Dockerfile
@@ -4,7 +4,8 @@ FROM alpine:edge
COPY dist/ /root/dist/
#
# Install packages
-RUN apk -U --no-cache add \
+RUN apk --no-cache -U upgrade && \
+ apk --no-cache -U add \
ca-certificates \
curl \
file \
@@ -30,9 +31,9 @@ RUN apk -U --no-cache add \
suricata-update --no-test --no-reload && \
#
# Clean up
- rm -rf /root/* && \
- rm -rf /tmp/* && \
- rm -rf /var/cache/apk/*
+ rm -rf /root/* \
+ /tmp/* \
+ /var/cache/apk/*
#
# Start suricata
STOPSIGNAL SIGINT
diff --git a/docker/suricata/dist/capture-filter.bpf b/docker/suricata/dist/capture-filter.bpf
index c53c0bb73..1b90d2a32 100644
--- a/docker/suricata/dist/capture-filter.bpf
+++ b/docker/suricata/dist/capture-filter.bpf
@@ -1,3 +1,5 @@
not (host sicherheitstacho.eu or community.sicherheitstacho.eu or listbot.sicherheitstacho.eu) and
-not (tcp port 64294) and
-not (tcp port 64305)
+not (tcp port 64294 or tcp port 64305) and
+not (udp port 138 or udp port 5353) and
+not (ip broadcast or ip multicast or ip6 multicast) and
+not ip proto 2
diff --git a/docker/suricata/dist/suricata.yaml b/docker/suricata/dist/suricata.yaml
index beda07797..3b7c9f048 100644
--- a/docker/suricata/dist/suricata.yaml
+++ b/docker/suricata/dist/suricata.yaml
@@ -5,7 +5,7 @@
# options in this file, full documentation can be found at:
# https://docs.suricata.io/en/latest/configuration/suricata-yaml.html
-# This configuration file generated by Suricata 7.0.2.
+# This configuration file generated by Suricata 7.0.7.
suricata-version: "7.0"
##
@@ -176,6 +176,7 @@ outputs:
- frame:
# disabled by default as this is very verbose.
enabled: no
+ # payload-buffer-size: 4kb # max size of frame payload buffer to output in eve-log
- anomaly:
# Anomaly log records describe unexpected conditions such
# as truncated packets, packets with invalid IP/UDP/TCP
@@ -214,7 +215,7 @@ outputs:
extended: yes # enable this for extended logging information
# custom allows additional HTTP fields to be included in eve-log.
# the example below adds three additional fields when uncommented
- custom: [Accept-Encoding, Accept-Language, Authorization, Forwarded, From, Referer, Via]
+ #custom: [Accept-Encoding, Accept-Language, Authorization]
# set this value to one and only one from {both, request, response}
# to dump all HTTP headers for every HTTP request and/or response
# dump-all-headers: none
@@ -251,8 +252,11 @@ outputs:
# output TLS transaction where the session is resumed using a
# session id
#session-resumption: no
+ # ja4 hashes in tls records will never be logged unless
+ # the following is set to on. (Default off)
+ ja4: on
# custom controls which TLS fields that are included in eve-log
- custom: [subject, issuer, session_resumed, serial, fingerprint, sni, version, not_before, not_after, certificate, ja3, ja3s]
+ custom: [subject, issuer, session_resumed, serial, fingerprint, sni, version, not_before, not_after, certificate, ja3, ja3s, ja4]
- files:
force-magic: yes # force logging magic on all logged files
# force logging of checksums, available hash functions are md5,
@@ -291,7 +295,10 @@ outputs:
- snmp
- rfb
- sip
- - quic
+ - quic:
+ # ja4 hashes in quic records will never be logged unless
+ # the following is set to on. (Default off)
+ ja4: on
- dhcp:
enabled: no
# When extended mode is on, all DHCP messages are logged
@@ -753,6 +760,7 @@ dpdk:
# - auto takes all cores
# in IPS mode it is required to specify the number of cores and the numbers on both interfaces must match
threads: auto
+ # interrupt-mode: false # true to switch to interrupt mode
promisc: true # promiscuous mode - capture all packets
multicast: true # enables also detection on multicast packets
checksum-checks: true # if Suricata should validate checksums
@@ -892,9 +900,10 @@ app-layer:
detection-ports:
dp: 443
- # Generate JA3 fingerprint from client hello. If not specified it
+ # Generate JA3/JA4 fingerprints from client hello. If not specified it
# will be disabled by default, but enabled if rules require it.
ja3-fingerprints: yes
+ ja4-fingerprints: yes
# What to do when the encrypted communications start:
# - default: keep tracking TLS session, check for protocol anomalies,
@@ -934,9 +943,13 @@ app-layer:
#max-streams: 4096
# Maximum headers table size
#max-table-size: 65536
+ # Maximum reassembly size for header + continuation frames
+ #max-reassembly-size: 102400
smtp:
enabled: yes
raw-extraction: no
+ # Maximum number of live SMTP transactions per flow
+ # max-tx: 256
# Configure SMTP-MIME Decoder
mime:
# Decode MIME messages from SMTP transactions
@@ -1084,6 +1097,10 @@ app-layer:
#compression-bomb-limit: 1mb
# Maximum time spent decompressing a single transaction in usec
#decompression-time-limit: 100000
+ # Maximum number of live transactions per flow
+ #max-tx: 512
+ # Maximum used number of HTTP1 headers in one request or response
+ #headers-limit: 1024
server-config:
@@ -1290,7 +1307,6 @@ unix-command:
# Magic file. The extension .mgc is added to the value here.
magic-file: /usr/share/misc/magic.mgc
-#magic-file:
# GeoIP2 database file. Specify path and filename of GeoIP2 database
# if using rules with "geoip" rule option.
@@ -1798,6 +1814,10 @@ profiling:
enabled: no
filename: rule_perf.log
append: yes
+ # Set active to yes to enable rules profiling at start
+ # if set to no (default), the rules profiling will have to be started
+ # via unix socket commands.
+ #active:no
# Sort options: ticks, avgticks, checks, matches, maxticks
# If commented out all the sort options will be used.
diff --git a/docker/tanner/phpox/Dockerfile b/docker/tanner/phpox/Dockerfile
index dd214f139..72ab79a2f 100644
--- a/docker/tanner/phpox/Dockerfile
+++ b/docker/tanner/phpox/Dockerfile
@@ -1,7 +1,8 @@
-FROM alpine:3.19
+FROM alpine:3.20
#
# Install packages
-RUN apk -U --no-cache add \
+RUN apk --no-cache -U upgrade && \
+ apk --no-cache -U add \
build-base \
file \
git \
@@ -16,7 +17,6 @@ RUN apk -U --no-cache add \
# Install bfr sandbox from git
git clone https://github.com/mushorg/BFR -b v1.0.0 /opt/BFR && \
cd /opt/BFR && \
-# git checkout 91a8a4e155875c50b69d5c6af454e304994815a7 && \
phpize83 && \
./configure \
--with-php-config=/usr/bin/php-config83 \
@@ -30,7 +30,7 @@ RUN apk -U --no-cache add \
# Install PHP Sandbox
git clone https://github.com/mushorg/phpox /opt/phpox && \
cd /opt/phpox && \
- #git checkout a62c8136ec7b3ebab0c989f4235e2960175121f8 && \
+ git checkout 55a6cbdc2c62f08eb45acffaf84f23f06a1d4703 && \
make && \
#
# Clean up
diff --git a/docker/tanner/redis/Dockerfile b/docker/tanner/redis/Dockerfile
index 5c85d4cd7..2bd89f6de 100644
--- a/docker/tanner/redis/Dockerfile
+++ b/docker/tanner/redis/Dockerfile
@@ -1,10 +1,11 @@
-FROM alpine:3.19
+FROM alpine:3.20
#
# Include dist
COPY dist/ /root/dist/
#
-# Setup apk and redis
-RUN apk -U --no-cache add redis shadow && \
+# Install packages
+RUN apk --no-cache -U upgrade && \
+ apk --no-cache -U add redis shadow && \
cp /root/dist/redis.conf /etc && \
#
# Setup user and group
@@ -14,11 +15,12 @@ RUN apk -U --no-cache add redis shadow && \
# Clean up
apk del --purge \
shadow && \
- rm -rf /root/* && \
- rm -rf /tmp/* /var/tmp/* && \
- rm -rf /var/cache/apk/*
+ rm -rf /root/* \
+ /tmp/* \
+ /var/tmp/* \
+ /var/cache/apk/*
#
# Start redis
STOPSIGNAL SIGKILL
USER redis:redis
-CMD redis-server /etc/redis.conf
+CMD ["redis-server", "/etc/redis.conf"]
diff --git a/docker/tanner/snare/Dockerfile b/docker/tanner/snare/Dockerfile
index fade6ede5..5c3c201bd 100644
--- a/docker/tanner/snare/Dockerfile
+++ b/docker/tanner/snare/Dockerfile
@@ -3,8 +3,9 @@ FROM alpine:3.19
# Include dist
COPY dist/ /root/dist/
#
-# Setup apt
-RUN apk -U --no-cache add \
+# Install packages
+RUN apk --no-cache -U upgrade && \
+ apk --no-cache -U add \
build-base \
git \
linux-headers \
@@ -23,7 +24,6 @@ RUN apk -U --no-cache add \
# Setup Snare
git clone https://github.com/mushorg/snare /opt/snare && \
cd /opt/snare/ && \
- # git checkout 0919a80838eb0823a3b7029b0264628ee0a36211 && \
git checkout 08c69b7165354ea2040b6170c37d92ff3c304f96 && \
cp /root/dist/requirements.txt . && \
pip3 install --break-system-packages --no-cache-dir -r requirements.txt && \
@@ -31,7 +31,6 @@ RUN apk -U --no-cache add \
cd / && \
rm -rf /opt/snare && \
mkdir -p /opt/snare/pages && \
-# clone --target http://example.com && \
mv /root/dist/pages/* /opt/snare/pages/ && \
#
# Setup configs, user, groups
@@ -45,12 +44,11 @@ RUN apk -U --no-cache add \
build-base \
linux-headers \
python3-dev && \
- rm -rf /root/* && \
- rm -rf /tmp/* /var/tmp/* && \
- rm -rf /var/cache/apk/*
+ rm -rf /root/* \
+ /tmp/* /var/tmp/* \
+ /var/cache/apk/*
#
# Start snare
STOPSIGNAL SIGKILL
USER snare:snare
-#CMD snare --tanner tanner --debug true --no-dorks true --auto-update false --host-ip 0.0.0.0 --port 80 --page-dir $(shuf -i 1-10 -n 1)
CMD snare --tanner tanner --debug true --auto-update false --host-ip 0.0.0.0 --port 80 --page-dir $(shuf -i 1-10 -n 1)
diff --git a/docker/tanner/tanner/Dockerfile b/docker/tanner/tanner/Dockerfile
index 4deaa0f6e..bddf8dc1b 100644
--- a/docker/tanner/tanner/Dockerfile
+++ b/docker/tanner/tanner/Dockerfile
@@ -3,8 +3,9 @@ FROM alpine:3.17
# Include dist
COPY dist/ /root/dist/
#
-# Setup apt
-RUN apk -U --no-cache add \
+# Install packages
+RUN apk --no-cache -U upgrade && \
+ apk --no-cache -U add \
build-base \
git \
libcap \
@@ -31,7 +32,6 @@ RUN apk -U --no-cache add \
python3-dev && \
#
# Setup Tanner
-# git clone https://github.com/t3chn0m4g3/tanner /opt/tanner && \
git clone https://github.com/mushorg/tanner /opt/tanner && \
cd /opt/tanner/ && \
git checkout 245d628f4023e5462c7035e760a6b5eed0a33fbe && \
@@ -64,11 +64,14 @@ RUN apk -U --no-cache add \
git \
libcap \
libffi-dev \
-# libressl-dev \
+ openssl-dev \
linux-headers \
python3-dev && \
- rm -rf /root/* && \
- rm -rf /tmp/* /var/tmp/* /var/cache/apk/* /opt/tanner/.git
+ rm -rf /root/* \
+ /tmp/* \
+ /var/tmp/* \
+ /var/cache/apk/* \
+ /opt/tanner/.git
#
# Start tanner
STOPSIGNAL SIGKILL
diff --git a/docker/tpotinit/Dockerfile b/docker/tpotinit/Dockerfile
index f78354f8e..4b89efba4 100644
--- a/docker/tpotinit/Dockerfile
+++ b/docker/tpotinit/Dockerfile
@@ -3,8 +3,9 @@ FROM alpine:edge
# Include dist
COPY dist/ /opt/tpot/
#
-# Get and install dependencies & packages
-RUN apk --no-cache -U add \
+# Install packages
+RUN apk --no-cache -U upgrade && \
+ apk --no-cache -U add \
aria2 \
apache2-utils \
bash \
@@ -18,7 +19,6 @@ RUN apk --no-cache -U add \
grep \
iproute2 \
iptables \
-# iptables-legacy \
jq \
logrotate \
lsblk \
@@ -36,9 +36,10 @@ RUN apk --no-cache -U add \
#
# Clean up
apk del --purge git && \
- rm -rf /root/* /tmp/* && \
- rm -rf /root/.cache /opt/tpot/.git && \
- rm -rf /var/cache/apk/*
+ rm -rf /root/* /tmp/* \
+ /root/.cache \
+ /opt/tpot/.git \
+ /var/cache/apk/*
#
# Run tpotinit
WORKDIR /opt/tpot
diff --git a/docker/tpotinit/dist/bin/clean.sh b/docker/tpotinit/dist/bin/clean.sh
index 897d08a0c..d731912c0 100755
--- a/docker/tpotinit/dist/bin/clean.sh
+++ b/docker/tpotinit/dist/bin/clean.sh
@@ -32,10 +32,14 @@ fuLOGROTATE () {
local myDIONAEABITGZ="/data/dionaea/bistreams.tgz"
local myDIONAEABIN="/data/dionaea/binaries/"
local myDIONAEABINTGZ="/data/dionaea/binaries.tgz"
+ local myH0NEYTR4PP="/data/h0neytr4p/payloads/"
+ local myH0NEYTR4PTGZ="/data/h0neytr4p/payloads.tgz"
local myHONEYTRAPATTACKS="/data/honeytrap/attacks/"
local myHONEYTRAPATTACKSTGZ="/data/honeytrap/attacks.tgz"
local myHONEYTRAPDL="/data/honeytrap/downloads/"
local myHONEYTRAPDLTGZ="/data/honeytrap/downloads.tgz"
+ local myMINIPRINTU="/data/miniprint/uploads/"
+ local myMINIPRINTTGZ="/data/miniprint/uploads.tgz"
local myTANNERF="/data/tanner/files/"
local myTANNERFTGZ="/data/tanner/files.tgz"
@@ -54,21 +58,23 @@ if [ "$(fuEMPTY $myCOWRIETTYLOGS)" != "0" ]; then tar -I $myPIGZ -cvf $myCOWRIET
if [ "$(fuEMPTY $myCOWRIEDL)" != "0" ]; then tar -I $myPIGZ -cvf $myCOWRIEDLTGZ $myCOWRIEDL; fi
if [ "$(fuEMPTY $myDIONAEABI)" != "0" ]; then tar -I $myPIGZ -cvf $myDIONAEABITGZ $myDIONAEABI; fi
if [ "$(fuEMPTY $myDIONAEABIN)" != "0" ]; then tar -I $myPIGZ -cvf $myDIONAEABINTGZ $myDIONAEABIN; fi
+if [ "$(fuEMPTY $myH0NEYTR4PP)" != "0" ]; then tar -I $myPIGZ -cvf $myH0NEYTR4PTGZ $myH0NEYTR4PP; fi
if [ "$(fuEMPTY $myHONEYTRAPATTACKS)" != "0" ]; then tar -I $myPIGZ -cvf $myHONEYTRAPATTACKSTGZ $myHONEYTRAPATTACKS; fi
if [ "$(fuEMPTY $myHONEYTRAPDL)" != "0" ]; then tar -I $myPIGZ -cvf $myHONEYTRAPDLTGZ $myHONEYTRAPDL; fi
+if [ "$(fuEMPTY $myMINIPRINTU)" != "0" ]; then tar -I $myPIGZ -cvf $myMINIPRINTTGZ $myMINIPRINTU; fi
if [ "$(fuEMPTY $myTANNERF)" != "0" ]; then tar -I $myPIGZ -cvf $myTANNERFTGZ $myTANNERF; fi
# Ensure correct permissions and ownership for previously created archives
-chmod 770 $myADBHONEYTGZ $myCOWRIETTYTGZ $myCOWRIEDLTGZ $myDIONAEABITGZ $myDIONAEABINTGZ $myHONEYTRAPATTACKSTGZ $myHONEYTRAPDLTGZ $myTANNERFTGZ
-chown tpot:tpot $myADBHONEYTGZ $myCOWRIETTYTGZ $myCOWRIEDLTGZ $myDIONAEABITGZ $myDIONAEABINTGZ $myHONEYTRAPATTACKSTGZ $myHONEYTRAPDLTGZ $myTANNERFTGZ
+chmod 770 $myADBHONEYTGZ $myCOWRIETTYTGZ $myCOWRIEDLTGZ $myDIONAEABITGZ $myDIONAEABINTGZ $myH0NEYTR4PTGZ $myHONEYTRAPATTACKSTGZ $myHONEYTRAPDLTGZ $myMINIPRINTTGZ $myTANNERFTGZ
+chown tpot:tpot $myADBHONEYTGZ $myCOWRIETTYTGZ $myCOWRIEDLTGZ $myDIONAEABITGZ $myDIONAEABINTGZ $myH0NEYTR4PTGZ $myHONEYTRAPATTACKSTGZ $myHONEYTRAPDLTGZ $myMINIPRINTTGZ $myTANNERFTGZ
# Need to remove subfolders since too many files cause rm to exit with errors
-rm -rf $myADBHONEYDL $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL $myTANNERF
+rm -rf $myADBHONEYDL $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myH0NEYTR4PP $myHONEYTRAPATTACKS $myHONEYTRAPDL $myMINIPRINTU $myTANNERF
# Recreate subfolders with correct permissions and ownership
-mkdir -p $myADBHONEYDL $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL $myTANNERF
-chmod 770 $myADBHONEYDL $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL $myTANNERF
-chown tpot:tpot $myADBHONEYDL $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL $myTANNERF
+mkdir -p $myADBHONEYDL $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myH0NEYTR4PP $myHONEYTRAPATTACKS $myHONEYTRAPDL $myMINIPRINTU $myTANNERF
+chmod 770 $myADBHONEYDL $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myH0NEYTR4PP $myHONEYTRAPATTACKS $myHONEYTRAPDL $myMINIPRINTU $myTANNERF
+chown tpot:tpot $myADBHONEYDL $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myH0NEYTR4PP $myHONEYTRAPATTACKS $myHONEYTRAPDL $myMINIPRINTU $myTANNERF
# Run logrotate again to account for previously created archives - DO NOT FORCE HERE!
logrotate -s $mySTATUS $myCONF
@@ -87,7 +93,7 @@ fuTPOTINIT () {
chown tpot:tpot /tmp/etc/ -R
}
-# Let's create a function to clean up and prepare honeytrap data
+# Let's create a function to clean up and prepare adbhoney data
fuADBHONEY () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/adbhoney/*; fi
mkdir -vp /data/adbhoney/{downloads,log}
@@ -95,6 +101,14 @@ fuADBHONEY () {
chown tpot:tpot /data/adbhoney/ -R
}
+# Let's create a function to clean up and prepare beelzebub data
+fuBEELZEBUB () {
+ if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/beelzebub/*; fi
+ mkdir -vp /data/beelzebub/{key,log}
+ chmod 770 /data/beelzebub/ -R
+ chown tpot:tpot /data/beelzebub/ -R
+}
+
# Let's create a function to clean up and prepare ciscoasa data
fuCISCOASA () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/ciscoasa/*; fi
@@ -190,7 +204,15 @@ fuFATT () {
chown tpot:tpot -R /data/fatt
}
-# Let's create a function to clean up and prepare glastopf data
+# Let's create a function to clean up and prepare galah data
+fuGALAH () {
+ if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/galah/*; fi
+ mkdir -vp /data/galah/{cache,cert,log}
+ chmod 770 /data/galah/ -R
+ chown tpot:tpot /data/galah/ -R
+}
+
+# Let's create a function to clean up and prepare glutton data
fuGLUTTON () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/glutton/*; fi
mkdir -vp /data/glutton/{log,payloads}
@@ -198,6 +220,22 @@ fuGLUTTON () {
chown tpot:tpot /data/glutton -R
}
+# Let's create a function to clean up and prepare go-pot data
+fuGOPOT () {
+ if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/go-pot/*; fi
+ mkdir -vp /data/go-pot/log
+ chmod 770 /data/go-pot -R
+ chown tpot:tpot /data/go-pot -R
+}
+
+# Let's create a function to clean up and prepare h0neytr4p data
+fuH0NEYTR4P () {
+ if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/h0neytr4p/*; fi
+ mkdir -vp /data/h0neytr4p/{log,payloads}
+ chmod 770 /data/h0neytr4p/ -R
+ chown tpot:tpot /data/h0neytr4p/ -R
+}
+
# Let's create a function to clean up and prepare hellpot data
fuHELLPOT () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/hellpot/log; fi
@@ -214,6 +252,14 @@ fuHERALDING () {
chown tpot:tpot /data/heralding -R
}
+# Let's create a function to clean up and prepare honeyaml data
+fuHONEYAML () {
+ if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/honeyaml/*; fi
+ mkdir -vp /data/honeyaml/log
+ chmod 770 -R /data/honeyaml
+ chown tpot:tpot -R /data/honeyaml
+}
+
# Let's create a function to clean up and prepare honeypots data
fuHONEYPOTS () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/honeypots/*; fi
@@ -270,6 +316,14 @@ fuMEDPOT () {
chown tpot:tpot /data/medpot/ -R
}
+# Let's create a function to clean up and prepare miniprint data
+fuMINIPRINT () {
+ if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/miniprint/*; fi
+ mkdir -vp /data/miniprint/{log,uploads}
+ chmod 770 /data/miniprint/ -R
+ chown tpot:tpot /data/miniprint/ -R
+}
+
# Let's create a function to clean up nginx logs
fuNGINX () {
if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/nginx/log/*; fi
@@ -362,6 +416,7 @@ echo
echo "Checking and preparing data folders."
fuTPOTINIT
fuADBHONEY
+fuBEELZEBUB
fuCISCOASA
fuCITRIXHONEYPOT
fuCONPOT
@@ -373,9 +428,13 @@ fuELASTICPOT
fuELK
fuENDLESSH
fuFATT
+fuGALAH
fuGLUTTON
+fuGOPOT
+fuH0NEYTR4P
fuHERALDING
fuHELLPOT
+fuHONEYAML
fuHONEYSAP
fuHONEYPOTS
fuHONEYTRAP
@@ -383,6 +442,7 @@ fuIPPHONEY
fuLOG4POT
fuMAILONEY
fuMEDPOT
+fuMINIPRINT
fuNGINX
fuREDISHONEYPOT
fuSENTRYPEER
diff --git a/docker/tpotinit/dist/bin/rules.sh b/docker/tpotinit/dist/bin/rules.sh
index 1ffb21450..367c8b082 100755
--- a/docker/tpotinit/dist/bin/rules.sh
+++ b/docker/tpotinit/dist/bin/rules.sh
@@ -1,7 +1,7 @@
#!/bin/bash
### Vars, Ports for Standard services
-myHOSTPORTS="7634 64294 64295"
+myHOSTPORTS="7634 64294 64295 64296 64297 64298 64299 64303 64305"
myDOCKERCOMPOSEYML="$1"
myRULESFUNCTION="$2"
diff --git a/docker/tpotinit/dist/etc/logrotate/logrotate.conf b/docker/tpotinit/dist/etc/logrotate/logrotate.conf
index 90178dbeb..f45286161 100644
--- a/docker/tpotinit/dist/etc/logrotate/logrotate.conf
+++ b/docker/tpotinit/dist/etc/logrotate/logrotate.conf
@@ -1,5 +1,6 @@
/data/adbhoney/log/*.json
/data/adbhoney/log/*.log
+/data/beelzebub/log/*.json
/data/ciscoasa/log/ciscoasa.log
/data/citrixhoneypot/logs/server.log
/data/conpot/log/conpot*.json
@@ -17,12 +18,16 @@
/data/elk/log/*.log
/data/endlessh/log/*.log
/data/fatt/log/fatt.log
+/data/galah/log/*.json
/data/glutton/log/*.log
/data/glutton/log/*.err
+/data/go-pot/log/*.json
+/data/h0neytr4p/log/*.json
/data/hellpot/log/*.log
/data/heralding/log/*.log
/data/heralding/log/*.csv
/data/heralding/log/*.json
+/data/honeyaml/log/*.log
/data/honeypots/log/*.log
/data/honeysap/log/*.log
/data/honeytrap/log/*.log
@@ -31,6 +36,7 @@
/data/log4pot/log/*.log
/data/mailoney/log/*.log
/data/medpot/log/*.log
+/data/miniprint/log/*.json
/data/nginx/log/*.log
/data/p0f/log/p0f.json
/data/redishoneypot/log/*.log
@@ -56,8 +62,11 @@
/data/cowrie/downloads.tgz
/data/dionaea/bistreams.tgz
/data/dionaea/binaries.tgz
+/data/h0neytr4p/payloads.tgz
/data/honeytrap/attacks.tgz
/data/honeytrap/downloads.tgz
+/data/miniprint/uploads.tgz
+/data/tanner/files.tgz
{
su tpot tpot
copytruncate
diff --git a/docker/tpotinit/dist/etc/objects/elkbase.tgz b/docker/tpotinit/dist/etc/objects/elkbase.tgz
index 002c28b52..c21b9453a 100644
Binary files a/docker/tpotinit/dist/etc/objects/elkbase.tgz and b/docker/tpotinit/dist/etc/objects/elkbase.tgz differ
diff --git a/docker/tpotinit/dist/etc/objects/kibana_export.ndjson.zip b/docker/tpotinit/dist/etc/objects/kibana_export.ndjson.zip
index b939639bb..e0e3cc62f 100644
Binary files a/docker/tpotinit/dist/etc/objects/kibana_export.ndjson.zip and b/docker/tpotinit/dist/etc/objects/kibana_export.ndjson.zip differ
diff --git a/docker/wordpot/Dockerfile b/docker/wordpot/Dockerfile
index 9b862f672..17234bb90 100644
--- a/docker/wordpot/Dockerfile
+++ b/docker/wordpot/Dockerfile
@@ -1,10 +1,11 @@
-FROM alpine:3.19
+FROM alpine:3.20 AS builder
#
# Include dist
COPY dist/ /root/dist/
#
# Install packages
-RUN apk -U --no-cache add \
+RUN apk --no-cache -U upgrade && \
+ apk --no-cache -U add \
build-base \
git \
libcap \
@@ -18,31 +19,32 @@ RUN apk -U --no-cache add \
py3-werkzeug \
py3-yaml \
python3 \
- python3-dev && \
+ python3-dev
#
# Install wordpot from GitHub and setup
- mkdir -p /opt && \
+RUN mkdir -p /opt && \
cd /opt/ && \
git clone https://github.com/t3chn0m4g3/wordpot && \
cd wordpot && \
- git checkout 8fedeb1b74e1d225da2a7273656bf0afa84a20aa && \
- cp /root/dist/requirements.txt . && \
- pip3 install --break-system-packages -r requirements.txt && \
- setcap cap_net_bind_service=+ep $(readlink -f $(type -P python3)) && \
-#
-# Setup user, groups and configs
- addgroup -g 2000 wordpot && \
- adduser -S -H -s /bin/ash -u 2000 -D -g 2000 wordpot && \
- chown wordpot:wordpot -R /opt/wordpot && \
+ git checkout b2701cb6c7057ed2843187c0c425bb8c13845719 && \
+ cp /root/dist/requirements.txt .
+WORKDIR /opt/wordpot
+RUN pip3 install --no-cache-dir --break-system-packages pyinstaller
+RUN pip3 install --no-cache-dir --break-system-packages -r requirements.txt
+RUN pyinstaller wordpot.py \
+ --hidden-import hpfeeds \
+ --add-data "./wordpot/static:./wordpot/static" \
+ --add-data "./wordpot/templates:./wordpot/templates" \
+ --add-data "./wordpot/plugins:./wordpot/plugins" \
+ --add-data "./wordpot.conf:./"
+RUN ls -alR
#
-# Clean up
- apk del --purge build-base \
- git \
- python3-dev && \
- rm -rf /root/* /var/cache/apk/* /opt/wordpot/.git
+FROM alpine:3.20
+RUN apk --no-cache -U upgrade
+COPY --from=builder /opt/wordpot/dist /opt/
#
# Start wordpot
STOPSIGNAL SIGINT
-USER wordpot:wordpot
-WORKDIR /opt/wordpot
-CMD ["/usr/bin/python3","wordpot.py", "--host", "0.0.0.0", "--port", "80", "--title", "Wordpress"]
+USER 2000:2000
+WORKDIR /opt/wordpot/
+CMD ["./wordpot", "--host", "0.0.0.0", "--port", "80", "--title", "Wordpress"]
diff --git a/env.example b/env.example
index fc630c7c8..e7bed5101 100644
--- a/env.example
+++ b/env.example
@@ -100,6 +100,34 @@ TPOT_ATTACKMAP_TEXT_TIMEZONE=UTC
# OINKCODE: Replace OPEN with your Oinkcode to use the ET Pro ruleset
OINKCODE=OPEN
+# Beelzebub Honeypot supports LLMs such as ChatGPT and the Ollama backend.
+# Beelzebub is not part of the standard edition, please follow the README regarding setup.
+# It is recommended to use the Ollama backend to keep costs at bay.
+# Remember to rate limit API usage / set budget alerts when using ChatGPT API.
+# BEELZEBUB_LLM_MODEL: Set to "ollama" or "gpt4-o".
+# BEELZEBUB_LLM_HOST: When using "ollama" set it to the URL of your Ollama backend.
+# BEELZEBUB_OLLAMA_MODEL: Set to the model you are serving on your Ollama backend, i.e. "openchat".
+# BEELZEBUB_LLM_MODEL: "gpt4-o"
+# BEELZEBUB_OPENAISECRETKEY: "sk-proj-123456"
+BEELZEBUB_LLM_MODEL: "ollama"
+BEELZEBUB_LLM_HOST: "http://ollama.local:11434/api/chat"
+BEELZEBUB_OLLAMA_MODEL: "openchat"
+
+# Galah is a LLM-powered web honeypot supporting various LLM backends.
+# Galah is not part of the standard edition, please follow the README regarding setup.
+# It is recommended to use the Ollama backend to keep costs at bay.
+# Remember to rate limit API usage / set budget alerts when using ChatGPT API.
+# GALAH_LLM_PROVIDER: Set to "ollama" or "gpt4-o".
+# GALAH_LLM_SERVER_URL: When using "ollama" set it to the URL of your Ollama backend.
+# GALAH_LLM_MODEL: Set to the model you are serving on your Ollama backend, i.e. "llama3".
+# GALAH_LLM_TEMPERATURE: "1"
+# GALAH_LLM_API_KEY: "sk-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
+# GALAH_LLM_CLOUD_LOCATION: ""
+# GALAH_LLM_CLOUD_PROJECT: ""
+GALAH_LLM_PROVIDER: "ollama"
+GALAH_LLM_SERVER_URL: "http://ollama.local:11434"
+GALAH_LLM_MODEL: "llama3.1"
+
###################################################################################
# NEVER MAKE CHANGES TO THIS SECTION UNLESS YOU REALLY KNOW WHAT YOU ARE DOING!!! #
@@ -118,10 +146,10 @@ TPOT_DOCKER_COMPOSE=./docker-compose.yml
# Depending on where you are located you may choose between DockerHub and GHCR
# dtagdevsec: This will use the DockerHub image registry
# ghcr.io/telekom-security: This will use the GitHub container registry
-TPOT_REPO=dtagdevsec
+TPOT_REPO=ghcr.io/telekom-security
# T-Pot Version Tag
-TPOT_VERSION=24.04
+TPOT_VERSION=24.04.1
# T-Pot Pull Policy
# always: (T-Pot default) Compose implementations SHOULD always pull the image from the registry.
diff --git a/genuser.sh b/genuser.sh
index 7835721f7..4973609b0 100755
--- a/genuser.sh
+++ b/genuser.sh
@@ -1,2 +1,2 @@
#!/usr/bin/env bash
-docker run -v $HOME/tpotce:/data --entrypoint bash -it -u $(id -u):$(id -g) dtagdevsec/tpotinit:24.04 "/opt/tpot/bin/genuser.sh"
+docker run -v $HOME/tpotce:/data --entrypoint bash -it -u $(id -u):$(id -g) dtagdevsec/tpotinit:24.04.1 "/opt/tpot/bin/genuser.sh"
diff --git a/genuserwin.ps1 b/genuserwin.ps1
index 3cc468896..cf4dda6df 100644
--- a/genuserwin.ps1
+++ b/genuserwin.ps1
@@ -9,4 +9,4 @@ if (-Not (Test-Path $nginxpasswdPath)) {
}
# Run the Docker container without specifying UID / GID
-docker run -v "${homePath}:/data" --entrypoint bash -it dtagdevsec/tpotinit:24.04 "/opt/tpot/bin/genuser.sh"
+docker run -v "${homePath}:/data" --entrypoint bash -it dtagdevsec/tpotinit:24.04.1 "/opt/tpot/bin/genuser.sh"
diff --git a/install.sh b/install.sh
index 6604bb1e2..bffde8d4f 100755
--- a/install.sh
+++ b/install.sh
@@ -119,7 +119,7 @@ fi
if [ ! -f installer/install/tpot.yml ] && [ ! -f tpot.yml ];
then
echo "### Now downloading T-Pot Ansible Installation Playbook ... "
- wget -qO tpot.yml https://github.com/telekom-security/tpotce/raw/master/installer/install/tpot.yml
+ wget -qO tpot.yml https://raw.githubusercontent.com/telekom-security/tpotce/master/installer/install/tpot.yml
myANSIBLE_TPOT_PLAYBOOK="tpot.yml"
echo
else
@@ -171,10 +171,19 @@ echo "### (H)ive - T-Pot Standard / HIVE installation."
echo "### Includes also everything you need for a distributed setup with sensors."
echo "### (S)ensor - T-Pot Sensor installation."
echo "### Optimized for a distributed installation, without WebUI, Elasticsearch and Kibana."
+echo "### (L)LM - T-Pot LLM installation."
+echo "### Uses LLM based honeypots Beelzebub & Galah."
+echo "### Requires Ollama (recommended) or ChatGPT subscription."
+echo "### M(i)ni - T-Pot Mini installation."
+echo "### Run 30+ honeypots with just a couple of honeypot daemons."
echo "### (M)obile - T-Pot Mobile installation."
echo "### Includes everything to run T-Pot Mobile (available separately)."
+echo "### (T)arpit - T-Pot Tarpit installation."
+echo "### Feed data endlessly to attackers, bots and scanners."
+echo "### Also runs a Denial of Service Honeypot (ddospot)."
+echo
while true; do
- read -p "### Install Type? (h/s/m) " myTPOT_TYPE
+ read -p "### Install Type? (h/s/l/i/m/t) " myTPOT_TYPE
case "${myTPOT_TYPE}" in
h|H)
echo
@@ -191,6 +200,20 @@ while true; do
myINFO="### Make sure to deploy SSH keys to this SENSOR and disable SSH password authentication.
### On HIVE run the tpotce/deploy.sh script to join this SENSOR to the HIVE."
break ;;
+ l|L)
+ echo
+ echo "### Installing T-Pot LLM."
+ myTPOT_TYPE="HIVE"
+ cp ${HOME}/tpotce/compose/llm.yml ${HOME}/tpotce/docker-compose.yml
+ myINFO="Make sure to adjust the T-Pot config file (.env) for Ollama / ChatGPT settings."
+ break ;;
+ i|I)
+ echo
+ echo "### Installing T-Pot Mini."
+ myTPOT_TYPE="HIVE"
+ cp ${HOME}/tpotce/compose/mini.yml ${HOME}/tpotce/docker-compose.yml
+ myINFO=""
+ break ;;
m|M)
echo
echo "### Installing T-Pot Mobile."
@@ -198,6 +221,13 @@ while true; do
cp ${HOME}/tpotce/compose/mobile.yml ${HOME}/tpotce/docker-compose.yml
myINFO=""
break ;;
+ t|T)
+ echo
+ echo "### Installing T-Pot Tarpit."
+ myTPOT_TYPE="HIVE"
+ cp ${HOME}/tpotce/compose/tarpit.yml ${HOME}/tpotce/docker-compose.yml
+ myINFO=""
+ break ;;
esac
done
diff --git a/installer/install/tpot.yml b/installer/install/tpot.yml
index 786316704..088b6929a 100644
--- a/installer/install/tpot.yml
+++ b/installer/install/tpot.yml
@@ -477,6 +477,22 @@
- "Rocky"
- "Ubuntu"
+ - name: Ensure vm.max_map_count is set (All)
+ lineinfile:
+ path: /etc/sysctl.conf
+ line: "vm.max_map_count=262144"
+ state: present
+ create: yes
+ when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
+ tags:
+ - "AlmaLinux"
+ - "Debian"
+ - "Fedora"
+ - "openSUSE Tumbleweed"
+ - "Raspbian"
+ - "Rocky"
+ - "Ubuntu"
+
- name: Disable ssh.socket unit (Ubuntu)
systemd:
name: ssh.socket
diff --git a/installer/remove/tpot.yml b/installer/remove/tpot.yml
index 887e52fdd..6196f31a4 100644
--- a/installer/remove/tpot.yml
+++ b/installer/remove/tpot.yml
@@ -215,6 +215,21 @@
- "Rocky"
- "Ubuntu"
+ - name: Remove vm.max_map_count setting (All)
+ lineinfile:
+ path: /etc/sysctl.conf
+ line: "vm.max_map_count=262144"
+ state: absent
+ when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
+ tags:
+ - "AlmaLinux"
+ - "Debian"
+ - "Fedora"
+ - "openSUSE Tumbleweed"
+ - "Raspbian"
+ - "Rocky"
+ - "Ubuntu"
+
- name: Remove T-Pot user (All)
user:
name: tpot
diff --git a/tools/setup_builder.sh b/tools/setup_builder.sh
deleted file mode 100755
index 30ffc7375..000000000
--- a/tools/setup_builder.sh
+++ /dev/null
@@ -1,38 +0,0 @@
-#!/usr/bin/env bash
-
-# Got root?
-myWHOAMI=$(whoami)
-if [ "$myWHOAMI" != "root" ]
- then
- echo "Need to run as root ..."
- exit
-fi
-
-# Only run with command switch
-if [ "$1" != "-y" ]; then
- echo "### Setting up docker for Multi Arch Builds."
- echo "### Requires Docker packages from https://get.docker.com/"
- echo "### Use on x64 only!"
- echo "### Run with -y if you fit the requirements!"
- echo
- exit
-fi
-
-# We need to create a new builder as the default one cannot handle multi-arch builds
-# https://docs.docker.com/desktop/multi-arch/
-docker buildx create --name mybuilder
-
-# Set as default
-docker buildx use mybuilder
-
-# We need to install emulators, arm64 should be fine for now
-# https://github.com/tonistiigi/binfmt/
-docker run --privileged --rm tonistiigi/binfmt --install arm64
-
-# Check if everything is setup correctly
-docker buildx inspect --bootstrap
-echo
-echo "### Done."
-echo
-echo "Example: docker buildx build --platform linux/amd64,linux/arm64 -t username/demo:latest --push ."
-echo "Docs: https://docs.docker.com/desktop/multi-arch/"
diff --git a/update.sh b/update.sh
index 46888c4c2..3f54a2071 100755
--- a/update.sh
+++ b/update.sh
@@ -79,7 +79,7 @@ function fuSELFUPDATE () {
function fuCHECK_VERSION () {
local myMINVERSION="24.04.0"
- local myMASTERVERSION="24.04.0"
+ local myMASTERVERSION="24.04.1"
echo
echo "### Checking for version tag ..."
if [ -f "version" ];
@@ -167,6 +167,8 @@ function fuUPDATER () {
fuPULLIMAGES
fuREMOVEOLDIMAGES "dtagdevsec/*:dev"
fuREMOVEOLDIMAGES "ghcr.io/telekom-security/*:dev"
+ fuREMOVEOLDIMAGES "dtagdevsec/*:24.04"
+ fuREMOVEOLDIMAGES "ghcr.io/telekom-security/*:24.04"
echo
echo "### If you made changes to docker-compose.yml please ensure to add them again."
echo "### We stored the previous version as backup in $myARCHIVE."
diff --git a/version b/version
index 51ec2f023..5eca1d6fc 100644
--- a/version
+++ b/version
@@ -1 +1 @@
-24.04.0
+24.04.1