underworld is a multi honeypot platform using docker.
It shows log of honeypots using ELK Stack(https://www.elastic.co/jp/elk-stack) and analyze it.
- Install Docker and Docker Compose
Docker needs at least 4GB memory
-
Start Docker
-
Clone this repository
$ git clone https://github.com/kobadlve/underworld.git
$ cd underworld
- Build
$ docker-compose build
$ docker-compose up
Kibana running on http://localhost:5601
Please set index pattern to logstash-* and Time filter field name to @timestame
- ELK
- Elasticsearch
- Logstash
- Kibana - http://localhost:5601
- Dionaea
ELK Stack composed by Elasticksearch, Logstash and Kibana.
Dionaea is a low-interaction honeypot that captures attack payloads and malware. Dionaea is meant to be a nepenthes successor, embedding python as scripting language, using libemu to detect shellcodes, supporting ipv6 and tls. (https://www.honeynet.org/project/Diona 4E66 ea)
Repository - https://github.com/DinoTools/dionaea