Skip to content
/ honeypot_exporter Public
forked from Intrinsec/honeypot_exporter

Listen on networks and count each new connections or packets and expose them as metrics

License

Apache-2.0 license
0 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

bibogdanov/honeypot_exporter

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
.circleci
.circleci
 
 
.github
.github
 
 
collector
collector
 
 
https
https
 
 
scripts
scripts
 
 
vendor
vendor
 
 
.dockerignore
.dockerignore
 
 
.gitignore
.gitignore
 
 
.golangci.yml
.golangci.yml
 
 
.promu-cgo.yml
.promu-cgo.yml
 
 
.promu.yml
.promu.yml
 
 
CHANGELOG.md
CHANGELOG.md
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
Dockerfile
Dockerfile
 
 
Dockerfile.test
Dockerfile.test
 
 
LICENSE
LICENSE
 
 
MAINTAINERS.md
MAINTAINERS.md
 
 
Makefile
Makefile
 
 
Makefile.common
Makefile.common
 
 
NOTICE
NOTICE
 
 
README.md
README.md
 
 
VERSION
VERSION
 
 
checkmetrics.sh
checkmetrics.sh
 
 
docker-compose-test.yml
docker-compose-test.yml
 
 
end-to-end-test.sh
end-to-end-test.sh
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
honeypot.yml
honeypot.yml
 
 
honeypot_exporter.go
honeypot_exporter.go
 
 
honeypot_exporter_test.go
honeypot_exporter_test.go
 
 
staticcheck.conf
staticcheck.conf
 
 
test-functional.sh
test-functional.sh
 
 
test_honeypot_exporter.py
test_honeypot_exporter.py
 
 
test_image.sh
test_image.sh
 
 

Repository files navigation

HoneyPot Exporter

Go Report Card

Prometheus honeypot exporter

This minimal honeypot listen on networks and count each new connection or packet(for UDP), for TCP, the connection is closed immediately after the accept.

Building and running

Build

make

Capabilities

honeypot_exporter will need CAP_NET_BIND_SERVICE capability to listen on privileged ports.

Configuration

Define listeners in the yaml config file :

listeners:
  - network: tcp
    address: ":4242"
  - network: udp
    address: ":4242"
  • network must be in tcp, tcp4, tcp6, udp, udp4, udp6
  • address follow the format bind_ip:port, to listen on any ipv4/6 leave bind_ip empty.

Running

./honeypot_exporter <flags>

Using Docker

docker rm -f honeypot-exporter
docker run -d \
  --name="honeypot-exporter" \
  --net="host" \
  --restart="unless-stopped" \
  --log-driver json-file --log-opt max-size=10m \
  -v $(pwd)/honeypot.yml:/honeypot.yml \
  intrinsec/honeypot-exporter-linux-amd64:v0.1.0 \
  --honeypot.config=/honeypot.yml

Metrics

...
# HELP honeypot_connections_total honeypot number of new connections or udp packets
# TYPE honeypot_connections_total counter
honeypot_connections_total{dst="127.0.0.1",port="4242",proto="tcp",src="127.0.0.1"} 2
honeypot_connections_total{dst="[::1]",port="4242",proto="tcp",src="[::1]"} 1
honeypot_connections_total{dst="[::]",port="4242",proto="udp",src="[::1]"} 13
...

About

Listen on networks and count each new connections or packets and expose them as metrics

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

v1.0.0 Latest
Sep 7, 2020

Packages

No packages published

Languages

  • Go 68.5%
  • Makefile 20.6%
  • Shell 5.4%
  • Python 5.0%
  • Dockerfile 0.5%