Hacking Tools

DICOMHawk – A Honeypot For Secure DICOM Server Monitoring

DICOMHawk is a powerful and efficient honeypot for DICOM servers, designed to attract and log unauthorized access attempts and interactions.

Built using Flask and pynetdicom, DICOMHawk offers a streamlined web interface for monitoring and managing DICOM interactions in real-time.

Features

  • DICOM Server Simulation: Supports C-ECHO, C-FIND, and C-STORE operations to simulate a realistic DICOM server environment.
  • Logging: Detailed logging of DICOM associations, DIMSE messages, and event-specific data to track and analyze potential attacks.
  • Web Interface: A user-friendly web interface to view server status, active associations, and logs.
  • Custom Handlers: Easily extendable to support additional DICOM services and custom logging or handling requirements.

Getting Started

Prerequisites

  • Docker and Docker Compose installed on your machine
  • DCMTK tools installed on your local machine for testing

Installation

Clone the repository:

    git clone https://github.com/gtheodoridis/DICOMHawk.git
cd dicomhawk

    Start the services with Docker Compose:

    docker-compose up -d
    1. This command starts the Flask application and a log server in detached mode. The web interface is accessible on port 5000, and the DICOM server listens on port 11112. Alternatively, port 104 is also applicable for DICOM (ACR-NEMA).

    Usage

    Access the Web Interface:

    Open a web browser and go to http://127.0.0.1:5000 to access the DICOMHawk web interface. Here, you can monitor server status, view active associations, and check the logs.

    Test the DICOM Server:

    Use DCMTK tools to interact with the DICOM server.

    • C-ECHO (DICOM Echo Test):
    echoscu 127.0.0.1 11112

    For more information click here.

    Varshini

    Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

    Leave a Comment
    Share
    Published by
    Varshini
    Tags: cybersecurityDICOMHawkinformationsecuritykalilinuxkalilinuxtools
    10 months ago

    Recent Posts

    cp Command: Copy Files and Directories in Linux

    The cp command, short for "copy," is the main Linux utility for duplicating files and directories. Whether…

    6 days ago

    Image OSINT

    Introduction In digital investigations, images often hold more information than meets the eye. With the…

    6 days ago

    cat Command: Read and Combine File Contents in Linux

    The cat command short for concatenate, It is a fast and versatile tool for viewing and merging…

    6 days ago

    Port In Networking

    What is a Port? A port in networking acts like a gateway that directs data…

    6 days ago

    ls Command: List Directory Contents in Linux

    The ls command is fundamental for anyone working with Linux. It’s used to display the files and…

    7 days ago

    pwd Command: Find Your Location in Linux

    The pwd (Print Working Directory) command is essential for navigating the Linux filesystem. It instantly shows your…

    1 week ago