An uploader honeypot designed to look like poor website security.

Related tags

Cryptography honeyup
Overview

HoneyUp

An uploader honeypot designed to look like poor website security.

Requirements

  • Linux server
  • NGiNX
  • Rust toolchain (build only)

Installation

  1. Build using cargo build --release.
  2. Log into your server and create a honeyup user with a home directory.
  3. Upload/copy the contents of this repo to your honeyup user's home /home/honeyup.
  4. Copy the honeyup binary from target/release/ to /home/honeyup.
  5. Edit res/config.env.txt to make it believable (add some canary tokens too).
  6. Upload/copy the systemd service descriptor from conf/honeyup.service to /etc/systemd/system/honeyup.service.
  7. Reload all systemd service descriptors systemctl daemon-reload.
  8. Ensure any currently served sites do not use the /uploads path.
  9. Add the contents of conf/nginx_snippet.conf to your NGiNX config just above your server's location blocks.
  10. Reload the NGiNX config with systemctl reload nginx.
  11. Enable and start the honeyup service systemctl enable honeyup & systemctl start honeyup.
  12. Browse to /uploads on your website and use upload.php to upload some dummy/bait files.

Notes

Be sure to check up on the uploaded_files folder often to be sure you aren't hosting somebody's malware.

You might also like...
Implementation of Sunny's Mesh Security talk (Hackathon / Prototype status)

mesh-security (Hackathon / Prototype status) An implementation of Sunny's Mesh Security talk from Cosmoverse 2022. This should run on any CosmWasm ena

CosmWasm 83 Apr 17, 2023
A CLI application that implements multi-key-turn security via Shamir's Secret Sharing.

agree agree is a CLI tool for easily applying multi-key-turn security via Shamirs Secret Sharing. Project state agree is unstable. Version semantics:

Alexander Weber 19 Aug 29, 2023
A solana program designed to mint Metaplex compliant NFTs.

Solana Minter My program used to mint Amoebits & Amoebit Minis. I wrote it from scratch using the hello-world program as an example & base. Features C

vlawmz 35 Sep 22, 2022
The protocol are designed and made for the future of cross-IP, cross-chain metaverse.

Avatar-protocol 化身协议 This project demonstrates how to use the Solana Javascript API to interact with programs on the Solana blockchain. The project co

Wind-protocol 1 Jan 10, 2022
Flashcards: A spaced repetition app designed around org files.

Flashcards Since it's easy to create notes in org-mode and difficult to create flashcards, this app tries to ease the process of making cards! For you

Shailesh Mishra 5 Jun 10, 2022
Tradechain is an open source blockchain designed for fast trading & interoperability for new, existing assets

Tradechain is an open source blockchain designed for fast trading & interoperability for new, existing assets. Help build the future of trading with other Tradians.

Matt Shaver 5 Jul 5, 2022
A down-to-the-metal ongoing cryptography challenge designed by Radical Semiconductor.

woodpecker 🪶 [NOTE: scoreboard will now be updated weekends, starting the weekend of 12/10/2022--sorry for delays! I'll also be merging in pull reque

Radical Semiconductor 16 Dec 15, 2022
Glommio Messaging Framework (GMF) is a high-performance RPC system designed to work with the Glommio framework.

Glommio Messaging Framework (GMF) The GMF library is a powerful and innovative framework developed for facilitating Remote Procedure Calls (RPCs) in R

Mohsen Zainalpour 29 Jun 13, 2023
🤖CyberAI is designed to bridge the world of Cyberpunk 2077 and the power of OpenAI's AI technology.
🤖CyberAI is designed to bridge the world of Cyberpunk 2077 and the power of OpenAI's AI technology.

CyberAI 🤖 Welcome to the CyberAI project! This plugin for Cyberpunk 2077 enables integration between the videogame and OpenAI API, opening a world of

Kirill Kuzin 19 Jul 28, 2023
Comments
  • Dockerized HoneyUp

    Dockerized HoneyUp

    I dockerized the backend such that users can just docker-compose instead of worrying about building.

    If this pull request is accepted, the Dockerfile.dev will need to be edited to use this repo instead of mine.

    opened by StappsWorld 0
Owner
Chad Baxter
Co-owner: DosLab Electronics, LLC
Chad Baxter
GitHub
A blazingly fast, ShareX uploader coded in Rust (using actix web) which utilizes AES-256-GCM-SIV to securely store uploaded content.

Magnesium Oxide ❔ What is this? Magnesium-Oxide (MGO) is a secure file uploader with support for ShareX. ?? Features ?? Blazingly fast uploads and enc

Nitrogen Development 26 Nov 25, 2022
Bindings to the macOS Security.framework

macOS/iOS Security framework for Rust Documentation Bindings to the Apple's Security.framework. Allows use of TLS and Keychain from Rust. License Lice

Kornel 172 Dec 24, 2022
A Rust implementation of the Message Layer Security group messaging protocol

Molasses An extremely early implementation of the Message Layer Security group messaging protocol. This repo is based on draft 4 of the MLS protocol s

Trail of Bits 109 Dec 13, 2022
A suite of programs for Solana key management and security.

?? goki Goki is a suite of programs for Solana key management and security. It currently features: Goki Smart Wallet: A wallet loosely based on the Se

Goki Protocol 157 Dec 8, 2022
Audit Cargo.lock files for dependencies with security vulnerabilities

RustSec Crates ?? ??️ ?? The RustSec Advisory Database is a repository of security advisories filed against Rust crates published via crates.io. The a

RustSec 1.2k Dec 30, 2022
Ingraind - a security monitoring agent built around RedBPF for complex containerized environments and endpoints.

ingraind is a security monitoring agent built around RedBPF for complex containerized environments and endpoints. The ingraind agent uses eBPF probes to provide safe and performant instrumentation for any Linux-based environment.

KingoOo 5 Apr 6, 2022
security.txt for Solana Contracts

security.txt This library defines a macro, which allows developers to provide easy-to-parse information to security researchers that wish to contact t

Neodyme 79 Dec 28, 2022
Automated security testing for open source libraries and applications.

autovet continuously searches for security breaches in open source libraries and applications. Recently processed packages package version channel las

null 5 Aug 23, 2022
Open-source tool to enforce privacy & security best-practices on Windows and macOS, because privacy is sexy 🍑🍆

privacy-sexy Open-source tool to enforce privacy & security best-practices on Windows and MacOs, because privacy is sexy ?? ?? privacy-sexy is a data-

Subconscious Compute 3 Oct 20, 2022
Koofr Vault is an open-source, client-side encrypted folder for your Koofr cloud storage offering an extra layer of security for your most sensitive files.

Koofr Vault https://vault.koofr.net Koofr Vault is an open-source, client-side encrypted folder for your Koofr cloud storage offering an extra layer o

Koofr 12 Dec 30, 2022