ConfluencePot is a simple honeypot for the Atlassian Confluence unauthenticated and remote OGNL injection vulnerability (CVE-2022-26134).
You can find the official advisory by Atlassian to this vulerability here. For details about the inner workings and exploits in the wild you should refer to the reports by Rapid7 and Cloudflare. Affected but not yet patched systems should be deemed compromised until further investigation.
ConfluencePot is written in Golang and implements its own HTTPS server to minimize the overall attack surface. To make it appear like a legit Confluence instance it returns a bare-bones version of a Confluence landing page. Log output is written to stdout and a log file on disk. ConfluencePot DOES NOT allow attackers to execute commands/code on your machine, it only logs requests and returns a bogus response.
You need a recent version of Golang to run/build confluencePot and the appropriate privileges to bind to port 443. We recommend to execute it in a tmux session for easier handling. To run ConfluencePot you either need to create a self-signed TLS certificate with openssl or request one from e.g. Let’s Encrypt.
go build confluencePot.go
./confluencePot
Starship is a powerful, minimal, and highly customizable cross-shell prompt designed to enhance the terminal…
Lemmy is an innovative, open-source platform designed for link aggregation and discussion, providing a decentralized…
The latest release of ImHex v1.37.0 introduces a host of exciting features and improvements, enhancing…
Ghauri is a cutting-edge, cross-platform tool designed to automate the detection and exploitation of SQL…
Writing tools have become indispensable for individuals looking to enhance their writing efficiency, accuracy, and…
PatchWerk is a proof-of-concept (PoC) tool designed to clean NTDLL syscall stubs by patching syscall…