logo
logo
cd ..

T-Pot: All-in-One Honeypot for Cybersecurity

Comments
2 min

T-Pot: All-in-One Honeypot for Cybersecurity

a multi-honeypot platform that helps you detect and analyze cyber attacks

T-Pot: All-in-One Honeypot for Cybersecurity

What is T-Pot?

T-Pot (GitHub Link ) is a multi-honeypot platform that helps you detect and analyze cyber attacks.

  • Honeypot? A fake system that pretends to be a real server (like SSH, web, or IoT devices) to attract hackers.
  • When attackers try to break in, T-Pot logs everything they do, so you can study their methods.

It’s like setting up a "trap" to catch bad guys in action!

Why Use T-Pot?

  1. Learn How Attacks Work – See real hacking attempts (brute force, malware, botnets).
  2. Improve Security Skills – Great for cybersecurity students (like me!).
  3. All-in-One Tool – Combines 20+ different honeypots (Cowrie, Dionaea, ELK, etc.).
  4. Nice Dashboard – Visualizes attacks with Kibana (fancy graphs & logs).

How Does It Work?

  1. You install T-Pot on a spare PC, VM, or Raspberry Pi.
  2. It simulates vulnerable services (FTP, SSH, web servers).
  3. Hackers scan the internet, find your honeypot, and attack it.
  4. T-Pot records everything (IPs, passwords, malware samples).

Cool Things You Can Do With T-Pot

  • See live attack maps (who’s hacking you?).
  • Capture malware (study how viruses work).
  • Practice defense (learn to detect intrusions).

How to Run T-Pot: Step-by-Step


1. Choose Where to Install

T-Pot can run on:

  • A spare PC/Laptop (best for learning).
  • A VM (VirtualBox, VMware).
  • Cloud (AWS, Google Cloud)—safer than your home network.

PS: Don’t run it on your main PC! Isolate it to avoid risks

2. Check Requirements

Minimum: 8GB RAM, 128GB storage, Linux (Debian/Ubuntu recommended) .

Internet: Unfiltered connection (no proxies) .

3. Install T-Pot

(Tested on Ubuntu/Debian):

Open a terminal and run:

bash

sudo apt update && sudo apt install curl -y

Install T-Pot (as a non-root user!):

bash

bash -c "$(curl -sL https://github.com/telekom-security/tpotce/raw/master/install.sh)"

Follow the prompts:

Choose "Standard" installation (best for beginners).

Set a strong password for the web dashboard .

Reboot when done.

4. Access the Dashboard

After reboot, SSH changes to port 64295:

bash

ssh yourusername@your-ip -p 64295

Open the web interface at:

url

http://<your-ip>:64297

Use the username/password you set earlier .

5. Monitor Attacks

Attack Map: See live hacker locations.

Kibana: Analyze logs (e.g., malware samples, IPs).

Suricata: Detect exploits like CVE-2017-0144 .