• Diniz Martins

BAP – Basic Auth Pot | HoneyPot

What is a honeypot?

A honeypot is a computer or computer system intended to mimic likely targets of cyberattacks. It can be used to detect attacks or deflect them from a legitimate target. It can also be used to gain information about how cybercriminals operate.


How honeypots work?

The honeypot looks like a real computer system, with applications and data, fooling cybercriminals into thinking it's a legitimate target. Honeypots are made attractive to attackers by building in deliberate security vulnerabilities. For instance, a honeypot might have ports that respond to a port scan or weak passwords. Vulnerable ports might be left open to entice attackers into the honeypot environment, rather than the more secure live network.


About BAP:

BAP is a webservice honeypot that logs HTTP basic authentication credentials in a "parser friendly format"™.

The webservice handles HEAD and GET requests, to which it always responds with 401 WWW-Authenticate: Basic realm="ADMIN". HTTP request methods other than HEAD or GET will result in an error response generated by BaseHTTPServer.

There is no valid username / password for the service. Credentials are only decoded and logged.


Install:


Running:

Web Browser Check:


Logging:

Logfiles are written to the same directory as bap.py - stdout and stderr ends up here.


26 views0 comments

Recent Posts

See All

BF | Brainfuck

Brainfuck is an esoteric programming language created in 1993 by Urban Müller. Notable for its extreme minimalism, the language consists of only eight simple commands and an instruction pointer. While

Admin-Scanner

This tool is design to find Admin Panel of any website by using custom wordlist or default wordlist easily. Grab the result and paste to your web browser: How to install: Usages: -site <url of website

Python | Subnet Ping

This script will ping and display status of all hosts in a subnet we provide. import subprocess import ipaddress from subprocess import Popen, PIPE subnet = input("Please enter the network: ") network