It’s been a while since I wanted to write on my blog about my homelab, and for this first post on the topic, I want to talk to you about a solution I recently set up: T-pot.
What is a honeypot?
But what exactly is a honeypot? A honeypot is one or more servers that are deliberately exposed to simulate vulnerable services, applications, or resources, with the goal of attracting attackers. The main objective is to detect, study, and understand the techniques used by cybercriminals by luring them into a controlled environment—without putting our real infrastructure at too much risk.
T-Pot: The All-in-One Multi-Honeypot Platform
T-Pot is a comprehensive open-source solution that makes our lives much easier. It allows us to easily deploy, manage, and analyze more than 20 different honeypots (Cowrie, Dionaea, Conpot, Log4pot, etc.). T-Pot provides advanced visualization by integrating the Elastic Stack (Elasticsearch, Logstash, Kibana) for data collection and analysis, real-time dashboards, and animated attack maps.
All of this runs in Docker containers, offering maximum modularity and service isolation.
Deploying T-Pot
In my case, I’m using a little pc as a honeypot (processor: intel N100, RAM: 15G ddr5, storage: 512G m.2). For deploy t-pot securely, I’m going to expose it to the internet inside the dmz.
For the os, I’m using Ubuntu 24.04 Live Server and I’m folow the instruction for install t-pot from the github repository Get and install t-pot.
WARNINGIt’s not a tutorial, so if you want to do it, you can find the documentation on the github repository (link).
T-pot dashboard
When he is running, you can access to the web interface to see the different visualizations.
We can see the different honeypots, the attack maps, the logs, etc.
What’s appenning?
Immediately after the deployment, I started to get some attacks from all the world. It’s really stressful to see all the attempts of the attackers to get in my honeypot.
This is the attack map after 2 days of the deployment. but the most interesting is the logs in kibana.
As you can see it’s really big the amount of attempts of the attackers.
Conclusion
T-pot is a really good solution to deploy a honeypot in a simple way. I have not yet tested all the features, but I’m really impressed by the amount of data it can collect. As you can know I’m a passionate about security and all the logs i can collect could be use to do threat intelligence.
I future post, I will talk about the logs and how to use them to do threat intelligence (with OpenCTI).
If you have any question, you can contact me on my X.