rcsheets/go-pot
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions
A service for giving away secrets to bots ...Probably slightly too many!
99 commits 2 branches 0 tags 2.4 MiB
  • Go 99.3%
  • Dockerfile 0.5%
  • Makefile 0.2%
Find a file
Exact
ryanolee 43ce71a022
 Merge pull request #28 from eltociear/patch-1 
chore: update memberlist.go
2025-01-19 14:52:20 +00:00
.github/workflows feat(26): Re add CI for docker 2024-12-28 03:24:45 +00:00
cdk feat(21): Update to latest version of golang and add version command 2024-12-12 21:25:54 +00:00
cmd feat(21): Update to latest version of golang and add version command 2024-12-12 21:25:54 +00:00
config fix lint errors 2024-11-27 13:15:06 +03:00
core chore: update memberlist.go 2025-01-16 15:02:51 +09:00
di feat(24) Improve logging 2024-12-18 18:53:45 +00:00
docs feat(26) add more docs 2024-12-28 03:22:33 +00:00
examples hotfix: Update documentation field val 2024-11-29 10:00:30 +00:00
generator feat(21): Update to latest version of golang and add version command 2024-12-12 21:25:54 +00:00
internal/regen 16 Fix remaining lint errors 2024-12-01 16:45:19 +00:00
protocol feat(21): Update to latest version of golang and add version command 2024-12-12 21:25:54 +00:00
rand feature/6 Further FTP changes 2024-06-19 21:50:57 +01:00
secrets feat(21): Update to latest version of golang and add version command 2024-12-12 21:25:54 +00:00
.dockerignore Add Example and make a few changes to the default code 2024-06-07 17:21:21 +01:00
.gitignore chore: Add release pipeline 2024-05-29 13:42:37 +01:00
CONTRIBUTING.md Chore: More docs 2024-05-31 00:48:30 +01:00
Dockerfile feat(21): Include build metadata 2024-12-14 18:15:46 +00:00
go.mod feat(21): Update to latest version of golang and add version command 2024-12-12 21:25:54 +00:00
go.sum fix 2024-12-05 21:38:25 +01:00
go.work feat(21): Update to latest version of golang and add version command 2024-12-12 21:25:54 +00:00
go.work.sum feat(21): Update to latest version of golang and add version command 2024-12-12 21:25:54 +00:00
goreleaser.yml Chore: 21 Test release version 1 2024-12-14 17:37:06 +00:00
INTERNALS.md docs: Add some more docs 2024-06-03 23:07:28 +01:00
LICENCE Docs: add licence 2024-06-03 23:51:15 +01:00
main.go feat(21): Update to latest version of golang and add version command 2024-12-12 21:25:54 +00:00
makefile Merge pull request #22 from ryanolee/feature/21 2024-12-14 19:11:18 +00:00
README.md feat(26): SPAG 2024-12-28 03:26:15 +00:00

README.md

go-pot 🍯

A HTTP tarpit written in Go designed to maximize bot misery through very slowly feeding them an infinite stream of fake secrets.

Features

  • Realistic output: Go pot will respond to requests with an infinite stream of realistic looking, parseable structured data full of fake secrets. xml, json, yaml, hcl, toml, csv, ini, and sql are all supported.
  • Multiple protocols: Both http and ftp are supported out of the box. Each with a tailored implementation. More protocols are planned.
  • Intelligent stalling: Go pot will attempt to work out how long a bot is willing to wait for a response and stall for exactly that long. This is done gradually making requests slower and slower until a timeout is reached. (Or the bot hangs forever!)
  • Small Profile: Go pot can run on extremely low resource machines and is designed to be as lightweight as possible.
  • Clustering Support: Go pot can be run in a clustered mode where multiple instances can share information about how long bots are willing to wait for a response. Also in cluster mode nodes can be configured to restart / reallocate IP addresses to avoid being blacklisted by connecting clients.
  • Customizable: Go pot can be customized to respond with different different response times.

Installation

Go pot is distributed as a standalone go binary or docker image. You can download the latest release from the releases page. Docker images are available on the ghcr.io registry.

Docker (Recommended 🌟)

In order to run an example instance of go-pot using docker, you can use the following command:

docker run -p 8080:8080 --rm ghcr.io/ryanolee/go-pot:latest start --host=0.0.0.0 --port=8080

See the examples directory for more examples of how to run go-pot in various configurations.

Standalone

In order to run go-pot as a standalone binary, you can download the latest release from the releases page and run it with the following command:

./go-pot start

Then visit http://localhost:8080 in your browser to see the go-pot in action. ( Visiting http://localhost:8080/somthing.xml, http://localhost:8080/someething.sql ect.. will start generating data in the respective format)

Script

Caution

Scripts should never be ran from unknown sources. The following script is provided as a convenience and is safe to run. However please review the contents of the script before running it.

To install go pot you can run the following script

curl -o /tmp/install-go-pot.sh https://raw.githubusercontent.com/ryanolee/go-pot/main/docs/scripts/install.sh && bash /tmp/install-go-pot.sh && rm /tmp/install-go-pot.sh

Usage

Please refer to the examples folder for examples of how go pot can be used.

Configuration

Configuration for go-pot follows the following order of precedence (From lowest to highest):

  • Defaults: Default values can be found in the config/default.go file.
  • Config file: A configuration file path can be specified using the --config-file flag or using the GOPOT__CONFIG_FILE environment variable. An example reference configuration file can be found in the examples/config/reference.yml file.
  • Command line flags: Command line flags can be used to override configuration values. Run go-pot --help to see a list of available flags.
  • Environment variables: Environment variables can be used to override configuration values. Environment variables are prefixed with GOPOT__ and deliminated with "__"'s for further keys. For instance server.host can be overridden with GOPOT__SERVER__HOST.

Deployment

Go pot can be deployed in a variety of ways. See the cdk directory for an example of how to deploy go-pot using the AWS CDK on ECS Fargate for which it has native clustering support.

Contributing

Contributions are welcome! Please see the CONTRIBUTING.md file for more information on how to contribute.

See the internal INTERNALS.md file for more information on how go-pot works.

Credits

Go pot was originally inspired by the Reverse slow loris project by Nick Huber The go pot logo created by @_iroshi and is licensed under the CC0 license.

What the future holds 🔮

  • More protocols: Support for more protocols is planned. Including ssh, sql, smtp and more. Anything that can be stalled will be stalled and must be stalled!
  • Tests: There are no unit tests. The was originally built as a proof of concept for a talk and has been refactored several times since. It is still in need of firmer testing.

(Originally the subject of a talk for Birmingham go)