Check out the SNARE web application Honey-pot (successor to Glastopf)

Hello Everyone

If you have followed my YouTube channel for a while you may have seen my video on the GLASTOPF webapplication honeypot by https://github.com/mushorg/snare

https://avatars3.githubusercontent.com/u/2742625?s=200&v=4

Web application honeypots allow you to host a page that is functioning while being able to see all the traffic and activies that occour on that page.

This information is useful when you want to see the behaviours of web attack traffic or scans that occour agains sites.

The installation is pretty simple here is the steps

{

 

  • Get SNARE: git clone https://github.com/mushorg/snare.git
  • Install requirements: pip3 install -r requirements.txt
  • Clone a page: sudo python3 clone.py --target http://example.com
  • Run SNARE: sudo python3 snare.py --port 8080 --page-dir example.com
  • Test: Visit http://localhost:8080/index.html
  • Make sure  to have your OS up to date !

}

 

The Instructions above are copied from the projects github site

 

After you have installed the Honeypot you can clone a  active webpage/web app and host that in the honeypot  you use the clone.py script in the snare directoy  see below

The below will clone my project page and the SNARE honeypot will encode the content to be used for hosting

{

sudo python3 clone.py –target https://trulyrandom.tk/
name: /index.html
name: / http:/www.seanmancini.com
name: /gtag/js?id=UA-111740696-1
name: /pagead/js/adsbygoogle.js

name: /entro.php
name: /updates.html
name: /index.html

}

After the cloning is done the page will be located in /opt/snare/pages

 

You may need to make a couple of modifications as I show in my video if you are running this in a virtual machine and accessing the page from a differnt computer.

Here is how I modified mine in the video

sudo python3 snare.py –host-ip 192.168.2.53 –port 80 –page-dir trulyrandom.tk

After I got the page up and running I did a quick scan using NIKTO and here is a sample output that I got

_____ _ _____ ____ ______
/ ___// | / / | / __ \/ ____/
\__ \/ |/ / /| | / /_/ / __/
___/ / /| / ___ |/ _, _/ /___
/____/_/ |_/_/ |_/_/ |_/_____/

privileges dropped, running as “nobody:nogroup”
serving on (‘192.168.2.53’, 80) with uuid 00c718aa-6bfd-44b1-aa2d-3bc4fa05bfdc
you are running the latest version
Request path: /
Request path: /gtag/js?id=UA-111740696-1
Request path: /pagead/js/adsbygoogle.js
Request path: /entro.php
Request path: /gtag/js?id=UA-111740696-1
Request path: /pagead/js/adsbygoogle.js
Request path: /
Request path: /
Request path: /
Request path: /Oz4hFCi9.render_warning_screen
Request path: /Oz4hFCi9.cmd
Request path: /.Oz4hFCi9
Request path: /Oz4hFCi9.conf
Request path: /Oz4hFCi9.backup

 

 

See my video below for more details and a quick demo

 

 

If you have any questions please reachout to me !

 

Leave a Reply

Your email address will not be published. Required fields are marked *