PHP-ShockPot is a small honeypot aimed at showing you the interesting attempts made trying to exploit your host using the now famous "Shellshock" (also known as bashbug) bug.
The 'honeypot' itself is simply a Laravel 4 application, listening on any url, checking the request headers for the presence of () {
. Once this is present, its logged to a sqlite database. You can easily change this to a different database instance, provided that you configure app/config/database.php
accordingly.
Installation should be relatively fast. Most of the steps are very well documented elsewhere on the interwebz, but this should serve as small guideline:
- Clone the repository with
git clone https://github.com/leonjza/PHP-ShockPot.git
. - Setup a web server (Apache/Nginx doesn't matter) to serve the contents of the
public/
folder to the world. - Ensure the web server can write to the
storage/
directory. - Run the database migrations with
php artisan migrate
. - Get composer installed and run
composer install
to install all of the required dependencies. - Test by browsing to your instance!