author — cryptoKnight Satyam Pathania

Introduction

In this documentation, I will guide you through the process of setting up a T-POT Honeypot on a VPS (Virtual Private Server) using the VULTR VPS service provider. T-POT is an open-source honeypot framework designed to capture and analyze malicious traffic in a network environment.

Prerequisites

• VULTR VPS account (signup here to get free $100 credits)
• Basic knowledge of Linux and server administration

Step 1: Deploy a New Server

1. Log in to your VULTR account and navigate to the "Deploy" section.

Click on "Deploy a new server" and select the "Cloud Compute" option because this one is cheap lol .

and now here Choose a location that is closest to you for better performance.

Step 2: Upload T-POT ISO

1. After deploying the server, go to the "Custom ISO" section in the server settings.
2. Upload the T-POT ISO file from the official GitHub repository:

https://github.com/telekom-security/tpotce/releases/download/22.04.0/tpot_amd64.iso

after uploading the iso link it will download and configure the file

after this go to deploy again , agian deploy a new server and now you should see that this iso is uploaded successfully

Step 3: Choose a Plan

1. Select a plan for your server, preferably a regular cloud compute plan for cost-effectiveness.
2. Disable auto backups and IPv6 to streamline your setup.

it would cost around $48 but not to worry if you have registered using my link

and now for additional features just disable the auto backups feature and ipv6 as well

and then you can add a server host name and label what ever you want

and finally deploy now

after couple of minutes you will see the status as running

and now click the machine and here you will see a view console icon on the top

this is what we will be using to interact with your honeypot

and click view console and you will get your screen

the time it is loading up we will setup a new firewall for limiting the ip sourcing as we dont want the entire internet to know about our honeypot

Step 4: Configure Firewall

1. Go to the server settings and select the "Firewall" option.
2. Click on "Manage" and then "+ Add firewall group."

then

and click on add

after that here you will see SSH option change it to TCP

Add here in the SSH option scroll up or down and create new protocols as TCP and UDP protocols with port range 1:65535, and set the source IP to your own = my ip for security.

boom now you have created the tcp protocal and you have to repeat the same step for creating another protocol as UDP same port range from 1:65535 and my ip as source and then click + button

now we will get back to our honeypot for that click compute and you will see your honeypot there

now click on the honeypot go to settings , firewall and then in the drop down select the firewall you created earlier

now click on the view console again and select the location accordingly

Access Your Honeypot

1. Click on the server and go to the "View Console" option to access your honeypot.
2. Remove the ISO file from the server settings once the installation is complete.

Remove the ISO file from the server settings once the installation is complete.

remember remove the iso when the iso file is completely installed and it comes back to the main screen and then click view concole again and boom it will get install all by itself

for now we are going to work with the standard version of t-pot

and then it will ask you to create a password and please remember the console user name is written here which is (tsec )

now it will ask you to choose a username it can be anything

and after entering the password again it will take a final installation process

after getting installed this is the login page

Here, you'll find your web access IP address and port for logging into your honeypot. Your IP and port numbers will be different from mine, so use your credentials (username and password) created earlier to access it.

and after using your creds you will get the access of your honeypot

this has a whole collection of osint tools that we can use

lets click at attack map

now go back to firewall settings and there create a new tcp protocol with port range from 64294:64297 and delete the rest of two ports we created that is TCP and UDP

after deleting the previous rules now create two new rules respectively for TCP and UDP as

and now we will go back to our attack map and we will see new information there

Congratulations! You have successfully set up a T-POT Honeypot on your VULTR VPS. You can now access your honeypot using the provided credentials and IP address. Feel free to explore the various features and tools available in T-POT for analyzing and capturing malicious traffic and you can now play with the other options available this is how you install and setup T-POT Honeypot properly

for reference i also have watched few tutorials about this project and i want to mention those two videos links below you can check that out for better understanding

this video is relatively new and a bit easier to get work with https://www.youtube.com/watch?v=FtR9sFJlkSA&t=241s

this video is bit old but man the guy explained it very well

For more cybersecurity insights and projects, connect with me on LinkedIn:https://www.linkedin.com/in/satyam-pathania/ . Let's continue learning and growing together in the world of cybersecurity.