-
Notifications
You must be signed in to change notification settings - Fork 631
Shockpot Sensor
Brady Sullivan edited this page Jan 10, 2019
·
4 revisions
Shockpot is a "web app honeypot designed to find attackers attempting to exploit the Bash remote code vulnerability, CVE-2014-6271."
This sensor can be deployed using the Ubuntu - Shockpot deploy script, found in MHN's Deploy page. The script provided supports installation on Ubuntu 18.04 and 16.04 systems. To avoid installation errors, it is highly recommended you make sure the host system is fully up-to-date before running the deploy script.
You should be able to see attacks show up on your dashboard by testing your Shockpot with the following command,
curl -H "User-Agent: () { :; }; /bin/eject" http://example.com/
Just replace example.com with the IP of your honeypot.