Directory Traversal

Glastopf is vulnerable to directory traversal. The attack is possible because it does not perform enough validation of file path in the handle function of fileserver.py...

Glastopf Cross-Site Request Forgery Vulnerability

Glastopf is a suite of Python-based, dynamic, low-interaction honeypots attack trapping software for web applications. A server-side cross-site request forgery vulnerability exists in Glastopf version 3.1.3-dev. An attacker can exploit this vulnerability to obtain logs from other web servers...

CVE-2018-10220

Glastopf 3.1.3-dev has SSRF, as demonstrated by the abc.php a parameter. NOTE: the vendor indicates that this is intentional behavior because the product is a web application honeypot, and modules/handlers/emulators/rfi.py supports Remote File Inclusion emulation...

CVE-2018-10220

Glastopf 3.1.3-dev has SSRF, as demonstrated by the abc.php a parameter. NOTE: the vendor indicates that this is intentional behavior because the product is a web application honeypot, and modules/handlers/emulators/rfi.py supports Remote File Inclusion emulation...

Remote file inclusion

DISPUTED Glastopf 3.1.3-dev has SSRF, as demonstrated by the abc.php a parameter. NOTE: the vendor indicates that this is intentional behavior because the product is a web application honeypot, and modules/handlers/emulators/rfi.py supports Remote File Inclusion emulation...

CVE-2018-10220

Glastopf 3.1.3-dev has a Server-Side Request Forgery (SSRF) vulnerability demonstrated via the abc.php?a parameter. The vendor states this behavior is intentional because Glastopf is a web application honeypot, and the distribution includes modules/emulators/rfi.py for Remote File Inclusion emula...

CVE-2018-10220

Glastopf 3.1.3-dev has SSRF, as demonstrated by the abc.php a parameter. NOTE: the vendor indicates that this is intentional behavior because the product is a web application honeypot, and modules/handlers/emulators/rfi.py supports Remote File Inclusion emulation...

PT-2018-9762 · Honeynet · Glastopf

Name of the Vulnerable Software and Affected Versions: Glastopf version 3.1.3-dev Description: The issue concerns a Server-Side Request Forgery SSRF in Glastopf, demonstrated through the abc.php a parameter. It is noted that the vendor considers this behavior intentional, as Glastopf is a web...

Onion Decoy Server

A platform to run private unannounced Honeypots as Tor Hidden Services aka Onion Decoys inside the Tor Network. The Onion Decoys are implemented with Docker containers as honeypots. The reason to choose Docker is that it is good at process and filesystem isolation, which ultimately gives the...

Multi-Honeypot Platform: T-Pot

Multi-Honeypot Platform T-Pot is based on Ubuntu Server 16.10 LTS. The honeypot daemons as well as other support components being used have been paravirtualized using docker . This allowed developers to run multiple honeypot daemons on the same network interface without problems and make the enti...

Honeypot Linux Distro: HoneyDrive

HoneyDrive is the premier honeypot Linux distro. It is a virtual appliance OVA with Xubuntu Desktop 12.04.4 LTS edition installed. It contains over 10 pre-installed and pre-configured honeypot software packages such as Kippo SSH honeypot, Dionaea and Amun malware honeypots, Honeyd low-interaction...

Raspberry Pi HoneyPot

Glastopf is a web application honeypot project lead by Lukas Rist a.k.a glaslos of the Honeynet Project. The Glastopf project started in the year 2009. It is a simple and minimalistic web server written in Python that records information of web-based application attacks like Structured Query...

[HoneyDrive Desktop v0.2] Honeypot LiveCD

HoneyDrive is a virtual appliance OVA with Xubuntu Desktop 12.04 32-bit edition installed. It contains various honeypot software packages such as Kippo SSH honeypot, Dionaea malware honeypot, Honeyd low-interaction honeypot, Glastopf web honeypot along with Wordpot, Thug honeyclient and more...

Honeypot Emulates Searched Attacks

A new open-source honeypot project called Glastopf “dynamically emulates vulnerabilities attackers are looking for” and can auto-detect and allow unknown attacks. The project, designed by Lukas Rist, came out of the Google Summer of Code program. ISPs, web hosting companies and researchers can us...