View Issue Details

IDProjectCategoryView StatusLast Update
0008773Kali LinuxQueued Tool Additionpublic2024-08-02 14:44
Reporternecrose99 Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
Status acknowledgedResolutionreopened 
Summary0008773: go-pot - HTTP tarpit designed to maximize bot misery through very slowly feeding them an infinite stream of fake secrets
Description

A HTTP tarpit written in Go designed to maximize bot misery through very slowly feeding them an infinite stream of fake secrets.

#postinstall.sh
if [ ! -f /etc/go-pot/config.yaml ]; then
cp /etc/go-pot/config.yaml.example /etc/go-pot/config.yaml
fi

Debian/Ubuntu

if [ -x "$(command -v adduser)" ]; then
adduser --system --group --no-create-home go-pot

Red Hat/CentOS/Fedora, Arch

elif [ -x "$(command -v useradd)" ]; then
useradd --system --no-create-home -U go-pot
fi

Attached Files
nfpm.yaml (1,455 bytes)   
name: go-pot
# We'll use a template for arch
arch: ${ARCH}
platform: linux
version: v0.1.0
section: net
priority: optional
maintainer: Ryan O'Lee <[email protected]>
description: |
  go-pot 🍯 is a Go-based HTTP tarpit designed to frustrate and slow down malicious bots.
  It works by feeding bots an infinite stream of fake secrets at an excruciatingly slow rate,
  wasting their time and resources. This tool can help protect your web services from
  aggressive crawling, brute-force attacks, and other bot-based threats.
vendor: Ryan O'Lee
homepage: https://github.com/ryanolee/go-pot
license: MIT

# Target-specific overrides
overrides:
  deb:
    depends:
      - libc6
  rpm:
    depends:
      - glibc
  apk:
    depends:
      - libc6-compat
  archlinux:
    depends:
      - glibc
    replaces:
      - go-pot-git
    provides:
      - go-pot

# Arch-specific dependencies
overrides:
  archlinux:aarch64:
    depends:
      - glibc
  archlinux:armv7h:
    depends:
      - glibc-armhf

contents:
  - src: ./build/go-pot-${ARCH}
    dst: /usr/bin/go-pot
  - src: ./configs/go-pot.yaml
    dst: /etc/go-pot/config.yaml
  - src: ./scripts/go-pot.service
    dst: /usr/lib/systemd/system/go-pot.service
  - src: ./LICENSE
    dst: /usr/share/licenses/go-pot/LICENSE
  - src: ./README.md
    dst: /usr/share/doc/go-pot/README.md

scripts:
  postinstall: ./scripts/postinstall.sh
  preremove: ./scripts/preremove.sh

empty_folders:
  - /var/log/go-pot
nfpm.yaml (1,455 bytes)   

Activities

daniruiz

daniruiz

2024-06-13 06:50

manager   ~0019359

Thank you for your interest in Kali but this bug report is not actionable. Please read https://www.kali.org/docs/community/submitting-issues-kali-bug-tracker/ first. We are a small team and we expect you to provide a much more detailed bug report.
Once you have done the necessary research (possibly with the help of the community on https://forums.kali.org/, or on the Discord chat at https://discord.kali.org/, or on IRC #kali-linux on irc.oftc.net), feel free to re-open this bug with more information or to open a new report.

necrose99

necrose99

2024-06-13 07:37

reporter   ~0019361

i added nfpm.yaml as for building

https://github.com/ryanolee/go-pot is base product my fault .. i forgot to add the repo..

Go Pot: A HTTP honeypot that feeds connecting bots and infinite stream of fake secrets as slooooooowly as possible

daniruiz

daniruiz

2024-06-14 06:51

manager   ~0019367

To help speed up the process of evaluating the tool, please make sure to include the following information (the more information you include, the more beneficial it will be for us):

[Name] - The name of the tool
[Already packaged] - Is the tool already packaged following Debian standard? A binary .deb is not sufficient.
[Willingness to package] - Is the tool creator willing to package the tool?
[Version] - What version of the tool should be added?
--- If it uses source control (such as git), please make sure there is a release to match (e.g. git tag).
[Activity] - When did the project start? Is it still actively being developed? When was the most recent tagged release? How often are commits tagged?
[Homepage] - Where can the tool be found online? Where to go to get more information?
[Download] - Where to go to get the tool? Either a download page or a link to the latest version.
[Author(s)] - Who made the tool? What is their contact information (email, git, etc)?
[License] - How is the software distributed? What conditions does it come with?
--- Note, sometimes tools will bundle third-party code under a different license. Does the tool include multiple licenses? Which license(s) apply to which parts of the code?
[Description] - What is the tool about? What does it do?
[Features] - What features does the tool have?

[Update and/or dependency checking] - Does the tool have an auto update feature? Can it be disabled? Does it check for dependencies? Can it be disabled?

[Programming language] - What is the code written in? What utilities are used?
--- Think something like a setup.py file or minified javascript files.
[Hardcoding] - Does the tool contain hardcoded directories and paths?
--- Something like /home/user/tool/file would cause issues with typical Debian packaging standards, please include mention of these cases.
[Dependencies] - What is needed for the tool to work?

[Missing] - Are there any dependencies that are missing?
[Old] - Does this tool require an old version of a dependency? Which version?

[Kaboxer] - Is this tool a candidate for Kaboxer?
[Similar tools] - What other tools are out there that can be used for the same purpose?
[How to install] - How do you compile it?
--- Note, using source code to acquire (e.g. git clone or svn checkout) can't be used - Also downloading from the head. Please use a "tag" or "release" version.

[System-wide installation] - Does the tool support system-wide installation?

[How to use] - What are some basic commands/functions to demonstrate it?
[Pentest use case] - In what way is this tool used in a Pentest?

necrose99

necrose99

2024-06-14 10:24

reporter   ~0019369

https://github.com/ryanolee/go-pot?tab=readme-ov-file#standalone

its a golang based tool ... dh-go-deb or 5 other packager deb-ic toys for golang will let yo build bins for release

In order to run go-pot as a standalone binary, you can download the latest release from the releases page and run it with the following command:

./go-pot start

https://github.com/ryanolee/go-pot/issues/7

https://github.com/ryanolee/go-pot/issues/7 openrc , systemd

necrose99

necrose99

2024-06-14 10:25

reporter   ~0019370

preinstall.sh

if [ ! -f /etc/go-pot/config.yaml ]; then
cp /etc/go-pot/config.yaml.example /etc/go-pot/config.yaml
fi
User/Group: In preinstall.sh

Debian/Ubuntu

if [ -x "$(command -v adduser)" ]; then
adduser --system --group --no-create-home go-pot

Red Hat/CentOS/Fedora, Arch

elif [ -x "$(command -v useradd)" ]; then
useradd --system --no-create-home -U go-pot
fi

necrose99

necrose99

2024-06-14 10:25

reporter   ~0019371

##build.sh

Build binaries

GOOS=linux GOARCH=amd64 go build -o build/go-pot-x86_64 cmd/go-pot/main.go
GOOS=linux GOARCH=arm64 go build -o build/go-pot-arm64 cmd/go-pot/main.go
GOOS=linux GOARCH=arm GOARM=7 go build -o build/go-pot-armv7 cmd/go-pot/main.go

Build packages

Debian/Ubuntu

nfpm pkg --target deb --arch amd64
nfpm pkg --target deb --arch arm64
nfpm pkg --target deb --arch armhf # Note: 'armhf' for .deb

Red Hat/CentOS/Fedora

nfpm pkg --target rpm --arch x86_64
nfpm pkg --target rpm --arch aarch64
nfpm pkg --target rpm --arch armhfp # Note: 'armhfp' for .rpm

Arch Linux

nfpm pkg --target archlinux --arch x86_64
nfpm pkg --target archlinux --arch aarch64
nfpm pkg --target archlinux --arch armv7h

necrose99

necrose99

2024-06-14 10:26

reporter   ~0019372

quick template units..
Can provide basic units for users..
Long as they get installed.. users can enable or leave disabled default... as they choose..
As a cortosy...

#!/sbin/openrc-run

command=/usr/bin/go-pot
command_args="-c /etc/go-pot/config.yaml"
#pidfile=
name="Go-Pot"
description="Go-pot HTTP/S honeypot Dameon"
command_background="yes"
pidfile="/run/$RC_SVCNAME/$RC_SVCNAME.pid"

start_pre () {
checkpath --directory --owner $command_user:$command_user --mode 0755 \
/run/$RC_SVCNAME
}
[Unit]
Description=Go-pot HTTP/S honeypot Dameon
After=syslog.target go-pot.service

[Service]
Type=simple
ExecStart=/usr/bin/go-pot -c /etc/go-pot/go-pot.yaml

[Install]
WantedBy=multi-user.target

necrose99

necrose99

2024-06-14 10:35

reporter   ~0019373

[https://gitlab.com/kalilinux/kali-purple/documentation/-/wikis/home]
this would be the use case , Honey Networks , farms, deception nets , threat hunting
is inspired by SLOWLORIS / other honeypot tools

https://github.com/OWASP/Python-Honeypot yes is simulare lots of python pkgs in depends

but this required nothing but dh-go-deb or debber or nfpm to (6-8 other golang to deb baking tools) bake templates so for embedded devices running purple , easy to run honey network ..

https://www.reddit.com/r/golang/comments/1d7slwf/happy_to_release_go_pot_a_http_honeypot_that/ [related]

g0tmi1k

g0tmi1k

2024-08-02 14:44

administrator   ~0019590

@kali-team, please could this be packaged up.
@author, If you want to help the packaging process, you can check the documentation here:

Issue History

Date Modified Username Field Change
2024-06-09 15:29 necrose99 New Issue
2024-06-09 15:29 necrose99 File Added: nfpm.yaml
2024-06-13 06:50 daniruiz Note Added: 0019359
2024-06-13 06:51 daniruiz Assigned To => daniruiz
2024-06-13 06:51 daniruiz Status new => closed
2024-06-13 06:51 daniruiz Resolution open => no change required
2024-06-13 07:37 necrose99 Status closed => feedback
2024-06-13 07:37 necrose99 Resolution no change required => reopened
2024-06-13 07:37 necrose99 Note Added: 0019361
2024-06-14 06:51 daniruiz Note Added: 0019367
2024-06-14 06:51 daniruiz Summary go-pot => go-pot - HTTP tarpit designed to maximize bot misery through very slowly feeding them an infinite stream of fake secrets
2024-06-14 06:52 daniruiz Category Kali Package Improvement => New Tool Requests
2024-06-14 06:52 daniruiz Assigned To daniruiz =>
2024-06-14 10:24 necrose99 Note Added: 0019369
2024-06-14 10:24 necrose99 Status feedback => new
2024-06-14 10:25 necrose99 Note Added: 0019370
2024-06-14 10:25 necrose99 Note Added: 0019371
2024-06-14 10:26 necrose99 Note Added: 0019372
2024-06-14 10:35 necrose99 Note Added: 0019373
2024-08-02 14:44 g0tmi1k Note Added: 0019590
2024-08-02 14:44 g0tmi1k Status new => acknowledged
2024-08-02 14:44 g0tmi1k Category New Tool Requests => Queued Tool Addition