Skip to content

lacework-dev/whalehoney_PUBLIC

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

WhaleHoney

A Flask application to emulate the Docker API for honeypot purposes. Released as apart of ATT&CKCon 3.0 presentation, ATT&CKing Containers in The Cloud.

  • Inspired by Cisco SIRT's dhp.
  • Inspired by Whaler

How does it work?

Whalehoney mocks some API endpoints detailed within the official Docker Engine API guide. Incoming requests are logged to whalehoney-YYYY-MM-dd.log. No operation is performed on the incoming request other than logging it to a plaintext file.

How to run

  1. Create a virtual environment.
$> python3 -m venv venv
  1. Use virtual env.
$> source ./venv/bin/activate
  1. Install Python dependencies.
$> pip3 install -r requirements.txt
  1. Start whalehoney.
$> python3 wsgi.py --bind=0.0.0.0:2375

Build & Run from Dockerfile

  1. Build the container
docker build . -t whalehoney:latest
  1. Run the container exposing the Docker port (2375) to the honeypot
docker run -p 2375:2375 --name whalehoney whalehoney:latest -d

Interacting with API Endpoints

Test endpoints to ensure the container is running:

$> curl localhost:2375/version;
$> curl localhost:2375/_ping;

Docker logs available within the conatiner at: ./logs/$DATE/whalehoney-$DATE.log

Reference the dockerapi/dockeroutes.py for more

About

Public release of Whalehoney Honeypot

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published