Conpot – ICS/SCADA Honeypot

Conpot is an ICS honeypot with the goal to collect intelligence about the motives and methods of adversaries targeting industrial control systems.

Also Read:BruteX – Automatically Brute Force All Services Running On A Target

Conpot Installation Ubuntu

You need to add multiverse to the source, like;

$ sudo vim /etc/apt/sources.list

Add the following line:

deb http://dk.archive.ubuntu.com/ubuntu precise main multiverse

Install dependencies:

sudo apt-get install libmysqlclient-dev libsmi2ldbl snmp-mibs-downloader python-dev libevent-dev \
libxslt1-dev libxml2-dev python-pip python-mysqldb pkg-config libvirt-dev

The stable version of it can be downloaded from PyPI:

pip install conpot

The development version can be cloned from github:

cd /opt
git clone git@github.com:mushorg/conpot.git
cd conpot
python setup.py install

Easy Install Using Docker

Via a pre-built image

Install Docker
Run docker pull honeynet/conpot
Run docker run -it -p 80:80 -p 102:102 -p 502:502 -p 161:161/udp –network=bridge honeynet/conpot:latest /bin/sh
Finally run conpot -f –template default

Navigate to http://MY_IP_ADDRESS to confirm the setup.

Build docker image from source

Install Docker
Clone this repo with git clone https://github.com/mushorg/conpot.git and cd conpot/docker
Run docker build -t conpot .
Run docker run -it -p 80:8800 -p 102:10201 -p 502:5020 -p 161:16100/udp -p 47808:47808/udp -p 623:6230/udp -p 21:2121 -p 69:6969/udp -p 44818:44818 –network=bridge conpot

Navigate to http://MY_IP_ADDRESS to confirm the setup.

Build from source and run with docker-compose

Install docker-compose
Clone this repo with git clone https://github.com/mushorg/conpot.git and cd conpot/docker
Build the image with docker-compose build
Test if everything is running correctly with docker-compose up
Permanently run as a daemon with docker-compose up -d