0008773: go-pot - HTTP tarpit designed to maximize bot misery through very slowly feeding them an infinite stream of fake secrets - Kali Linux Bug Tracker

ID	Project	Category	View Status	Date Submitted	Last Update

0008773	Kali Linux	New Tool Requests	public	2024-06-09 15:29	2024-06-14 10:35

Reporter	necrose99	Assigned To
Priority	normal	Severity	minor	Reproducibility	have not tried
Status	new	Resolution	reopened

Summary	0008773: go-pot - HTTP tarpit designed to maximize bot misery through very slowly feeding them an infinite stream of fake secrets
Description	A HTTP tarpit written in Go designed to maximize bot misery through very slowly feeding them an infinite stream of fake secrets. #postinstall.sh if [ ! -f /etc/go-pot/config.yaml ]; then cp /etc/go-pot/config.yaml.example /etc/go-pot/config.yaml fi Debian/Ubuntu if [ -x "$(command -v adduser)" ]; then adduser --system --group --no-create-home go-pot Red Hat/CentOS/Fedora, Arch elif [ -x "$(command -v useradd)" ]; then useradd --system --no-create-home -U go-pot fi
Attached Files	nfpm.yaml (1,455 bytes) name: go-pot # We'll use a template for arch arch: ${ARCH} platform: linux version: v0.1.0 section: net priority: optional maintainer: Ryan O'Lee <[email protected]> description: \| go-pot 🍯 is a Go-based HTTP tarpit designed to frustrate and slow down malicious bots. It works by feeding bots an infinite stream of fake secrets at an excruciatingly slow rate, wasting their time and resources. This tool can help protect your web services from aggressive crawling, brute-force attacks, and other bot-based threats. vendor: Ryan O'Lee homepage: https://github.com/ryanolee/go-pot license: MIT # Target-specific overrides overrides: deb: depends: - libc6 rpm: depends: - glibc apk: depends: - libc6-compat archlinux: depends: - glibc replaces: - go-pot-git provides: - go-pot # Arch-specific dependencies overrides: archlinux:aarch64: depends: - glibc archlinux:armv7h: depends: - glibc-armhf contents: - src: ./build/go-pot-${ARCH} dst: /usr/bin/go-pot - src: ./configs/go-pot.yaml dst: /etc/go-pot/config.yaml - src: ./scripts/go-pot.service dst: /usr/lib/systemd/system/go-pot.service - src: ./LICENSE dst: /usr/share/licenses/go-pot/LICENSE - src: ./README.md dst: /usr/share/doc/go-pot/README.md scripts: postinstall: ./scripts/postinstall.sh preremove: ./scripts/preremove.sh empty_folders: - /var/log/go-pot nfpm.yaml (1,455 bytes)

daniruiz 2024-06-13 06:50 manager ~0019359	Thank you for your interest in Kali but this bug report is not actionable. Please read https://www.kali.org/docs/community/submitting-issues-kali-bug-tracker/ first. We are a small team and we expect you to provide a much more detailed bug report. Once you have done the necessary research (possibly with the help of the community on https://forums.kali.org/, or on the Discord chat at https://discord.kali.org/, or on IRC #kali-linux on irc.oftc.net), feel free to re-open this bug with more information or to open a new report.

necrose99 2024-06-13 07:37 reporter ~0019361	i added nfpm.yaml as for building https://github.com/ryanolee/go-pot is base product my fault .. i forgot to add the repo.. Go Pot: A HTTP honeypot that feeds connecting bots and infinite stream of fake secrets as slooooooowly as possible

daniruiz 2024-06-14 06:51 manager ~0019367	To help speed up the process of evaluating the tool, please make sure to include the following information (the more information you include, the more beneficial it will be for us): [Name] - The name of the tool [Already packaged] - Is the tool already packaged following Debian standard? A binary .deb is not sufficient. [Willingness to package] - Is the tool creator willing to package the tool? [Version] - What version of the tool should be added? --- If it uses source control (such as git), please make sure there is a release to match (e.g. git tag). [Activity] - When did the project start? Is it still actively being developed? When was the most recent tagged release? How often are commits tagged? [Homepage] - Where can the tool be found online? Where to go to get more information? [Download] - Where to go to get the tool? Either a download page or a link to the latest version. [Author(s)] - Who made the tool? What is their contact information (email, git, etc)? [License] - How is the software distributed? What conditions does it come with? --- Note, sometimes tools will bundle third-party code under a different license. Does the tool include multiple licenses? Which license(s) apply to which parts of the code? [Description] - What is the tool about? What does it do? [Features] - What features does the tool have? [Update and/or dependency checking] - Does the tool have an auto update feature? Can it be disabled? Does it check for dependencies? Can it be disabled? [Programming language] - What is the code written in? What utilities are used? --- Think something like a setup.py file or minified javascript files. [Hardcoding] - Does the tool contain hardcoded directories and paths? --- Something like /home/user/tool/file would cause issues with typical Debian packaging standards, please include mention of these cases. [Dependencies] - What is needed for the tool to work? [Missing] - Are there any dependencies that are missing? [Old] - Does this tool require an old version of a dependency? Which version? [Kaboxer] - Is this tool a candidate for Kaboxer? [Similar tools] - What other tools are out there that can be used for the same purpose? [How to install] - How do you compile it? --- Note, using source code to acquire (e.g. git clone or svn checkout) can't be used - Also downloading from the head. Please use a "tag" or "release" version. [System-wide installation] - Does the tool support system-wide installation? [How to use] - What are some basic commands/functions to demonstrate it? [Pentest use case] - In what way is this tool used in a Pentest?

necrose99 2024-06-14 10:24 reporter ~0019369	https://github.com/ryanolee/go-pot?tab=readme-ov-file#standalone its a golang based tool ... dh-go-deb or 5 other packager deb-ic toys for golang will let yo build bins for release In order to run go-pot as a standalone binary, you can download the latest release from the releases page and run it with the following command: ./go-pot start https://github.com/ryanolee/go-pot/issues/7 https://github.com/ryanolee/go-pot/issues/7 openrc , systemd

necrose99 2024-06-14 10:25 reporter ~0019370	preinstall.sh if [ ! -f /etc/go-pot/config.yaml ]; then cp /etc/go-pot/config.yaml.example /etc/go-pot/config.yaml fi User/Group: In preinstall.sh Debian/Ubuntu if [ -x "$(command -v adduser)" ]; then adduser --system --group --no-create-home go-pot Red Hat/CentOS/Fedora, Arch elif [ -x "$(command -v useradd)" ]; then useradd --system --no-create-home -U go-pot fi

necrose99 2024-06-14 10:25 reporter ~0019371	##build.sh Build binaries GOOS=linux GOARCH=amd64 go build -o build/go-pot-x86_64 cmd/go-pot/main.go GOOS=linux GOARCH=arm64 go build -o build/go-pot-arm64 cmd/go-pot/main.go GOOS=linux GOARCH=arm GOARM=7 go build -o build/go-pot-armv7 cmd/go-pot/main.go Build packages Debian/Ubuntu nfpm pkg --target deb --arch amd64 nfpm pkg --target deb --arch arm64 nfpm pkg --target deb --arch armhf # Note: 'armhf' for .deb Red Hat/CentOS/Fedora nfpm pkg --target rpm --arch x86_64 nfpm pkg --target rpm --arch aarch64 nfpm pkg --target rpm --arch armhfp # Note: 'armhfp' for .rpm Arch Linux nfpm pkg --target archlinux --arch x86_64 nfpm pkg --target archlinux --arch aarch64 nfpm pkg --target archlinux --arch armv7h

necrose99 2024-06-14 10:26 reporter ~0019372	quick template units.. Can provide basic units for users.. Long as they get installed.. users can enable or leave disabled default... as they choose.. As a cortosy... #!/sbin/openrc-run command=/usr/bin/go-pot command_args="-c /etc/go-pot/config.yaml" #pidfile= name="Go-Pot" description="Go-pot HTTP/S honeypot Dameon" command_background="yes" pidfile="/run/$RC_SVCNAME/$RC_SVCNAME.pid" start_pre () { checkpath --directory --owner $command_user:$command_user --mode 0755 \ /run/$RC_SVCNAME } [Unit] Description=Go-pot HTTP/S honeypot Dameon After=syslog.target go-pot.service [Service] Type=simple ExecStart=/usr/bin/go-pot -c /etc/go-pot/go-pot.yaml [Install] WantedBy=multi-user.target

necrose99 2024-06-14 10:35 reporter ~0019373	[https://gitlab.com/kalilinux/kali-purple/documentation/-/wikis/home] this would be the use case , Honey Networks , farms, deception nets , threat hunting is inspired by SLOWLORIS / other honeypot tools https://github.com/OWASP/Python-Honeypot yes is simulare lots of python pkgs in depends but this required nothing but dh-go-deb or debber or nfpm to (6-8 other golang to deb baking tools) bake templates so for embedded devices running purple , easy to run honey network .. https://www.reddit.com/r/golang/comments/1d7slwf/happy_to_release_go_pot_a_http_honeypot_that/ [related]

Date Modified	Username	Field	Change
2024-06-09 15:29	necrose99	New Issue
2024-06-09 15:29	necrose99	File Added: nfpm.yaml
2024-06-13 06:50	daniruiz	Note Added: 0019359
2024-06-13 06:51	daniruiz	Assigned To	=> daniruiz
2024-06-13 06:51	daniruiz	Status	new => closed
2024-06-13 06:51	daniruiz	Resolution	open => no change required
2024-06-13 07:37	necrose99	Status	closed => feedback
2024-06-13 07:37	necrose99	Resolution	no change required => reopened
2024-06-13 07:37	necrose99	Note Added: 0019361
2024-06-14 06:51	daniruiz	Note Added: 0019367
2024-06-14 06:51	daniruiz	Summary	go-pot => go-pot - HTTP tarpit designed to maximize bot misery through very slowly feeding them an infinite stream of fake secrets
2024-06-14 06:52	daniruiz	Category	Kali Package Improvement => New Tool Requests
2024-06-14 06:52	daniruiz	Assigned To	daniruiz =>
2024-06-14 10:24	necrose99	Note Added: 0019369
2024-06-14 10:24	necrose99	Status	feedback => new
2024-06-14 10:25	necrose99	Note Added: 0019370
2024-06-14 10:25	necrose99	Note Added: 0019371
2024-06-14 10:26	necrose99	Note Added: 0019372
2024-06-14 10:35	necrose99	Note Added: 0019373