A HTTP tarpit written in Go designed to maximize bot misery through very slowly feeding them an infinite stream of fake secrets.
- Realistic output: Go pot will respond to requests with an infinite stream of realistic looking, parseable structured data full of fake secrets.
xml
,json
,yaml
,hcl
,toml
,csv
,ini
, andsql
are all supported. - Multiple protocols: Both
http
andftp
are supported out of the box. Each with a tailored implementation. More protocols are planned. - Intelligent stalling: Go pot will attempt to work out how long a bot is willing to wait for a response and stall for exactly that long. This is done gradually making requests slower and slower until a timeout is reached. (Or the bot hangs forever!)
- Small Profile: Go pot can run on extremely low resource machines and is designed to be as lightweight as possible.
- Clustering Support: Go pot can be run in a clustered mode where multiple instances can share information about how long bots are willing to wait for a response. Also in cluster mode nodes can be configured to restart / reallocate IP addresses to avoid being blacklisted by connecting clients.
- Customizable: Go pot can be customized to respond with different different response times.
Go pot is distributed as a standalone go binary or docker image. You can download the latest release from the releases page. Docker images are available on the ghcr.io registry.
In order to run an example instance of go-pot using docker, you can use the following command:
docker run -p 8080:8080 --rm ghcr.io/ryanolee/go-pot:latest start --host=0.0.0.0 --port=8080
See the examples
directory for more examples of how to run go-pot in various configurations.
In order to run go-pot as a standalone binary, you can download the latest release from the releases page and run it with the following command:
./go-pot start
Then visit http://localhost:8080
in your browser to see the go-pot in action. ( Visiting http://localhost:8080/somthing.xml
, http://localhost:8080/someething.sql
ect.. will start generating data in the respective format)
Caution
Scripts should never be ran from unknown sources. The following script is provided as a convenience and is safe to run. However please review the contents of the script before running it.
To install go pot you can run the following script
curl -o /tmp/install-go-pot.sh https://raw.githubusercontent.com/ryanolee/go-pot/main/docs/scripts/install.sh && bash /tmp/install-go-pot.sh && rm /tmp/install-go-pot.sh
Please refer to the examples folder for examples of how go pot can be used.
Configuration for go-pot follows the following order of precedence (From lowest to highest):
- Defaults: Default values can be found in the config/default.go file.
- Config file: A configuration file path can be specified using the
--config-file
flag or using theGOPOT__CONFIG_FILE
environment variable. An example reference configuration file can be found in the examples/config/reference.yml file. - Command line flags: Command line flags can be used to override configuration values. Run
go-pot --help
to see a list of available flags. - Environment variables: Environment variables can be used to override configuration values. Environment variables are prefixed with
GOPOT__
and deliminated with "__"'s for further keys. For instanceserver.host
can be overridden withGOPOT__SERVER__HOST
.
Go pot can be deployed in a variety of ways. See the cdk directory for an example of how to deploy go-pot using the AWS CDK on ECS Fargate for which it has native clustering support.
Contributions are welcome! Please see the CONTRIBUTING.md file for more information on how to contribute.
See the internal INTERNALS.md file for more information on how go-pot works.
Go pot was originally inspired by the Reverse slow loris project by Nick Huber
The go pot logo created by @_iroshi
and is licensed under the CC0 license.
- More protocols: Support for more protocols is planned. Including
ssh
,sql
,smtp
and more. Anything that can be stalled will be stalled and must be stalled! - Tests: There are no unit tests. The was originally built as a proof of concept for a talk and has been refactored several times since. It is still in need of firmer testing.
(Originally the subject of a talk for Birmingham go)