A HTTP tarpit written in Go designed to maximize bot misery through very slowly feeding them an infinite stream of fake secrets.
- Realistic output: Go pot will respond to requests with an infinite stream of realistic looking, parseable structured data full of fake secrets.
xml,json,yaml,hcl,toml,csv,ini, andsqlare all supported. - Multiple protocols: Both
httpandftpare supported out of the box. Each with a tailored implementation. More protocols are planned. - Intelligent stalling: Go pot will attempt to work out how long a bot is willing to wait for a response and stall for exactly that long. This is done gradually making requests slower and slower until a timeout is reached. (Or the bot hangs forever!)
- Small Profile: Go pot can run on extremely low resource machines and is designed to be as lightweight as possible.
- Clustering Support: Go pot can be run in a clustered mode where multiple instances can share information about how long bots are willing to wait for a response. Also in cluster mode nodes can be configured to restart / reallocate IP addresses to avoid being blacklisted by connecting clients.
- Customizable: Go pot can be customized to respond with different different response times.
Go pot is distributed as a standalone go binary or docker image. You can download the latest release from the releases page. Docker images are available on the ghcr.io registry.
In order to run an example instance of go-pot using docker, you can use the following command:
docker run -p 8080:8080 --rm ghcr.io/ryanolee/go-pot:latest start --host=0.0.0.0 --port=8080See the examples directory for more examples of how to run go-pot in various configurations.
In order to run go-pot as a standalone binary, you can download the latest release from the releases page and run it with the following command:
./go-pot startThen visit http://localhost:8080 in your browser to see the go-pot in action. ( Visiting http://localhost:8080/somthing.xml, http://localhost:8080/someething.sql ect.. will start generating data in the respective format)
Please refer to the examples folder for examples of how go pot can be used.
Configuration for go-pot follows the following order of precedence (From lowest to highest):
- Defaults: Default values can be found in the config/default.go file.
- Config file: A configuration file path can be specified using the
--config-fileflag or using theGOPOT__CONFIG_FILEenvironment variable. An example reference configuration file can be found in the examples/config/reference.yml file. - Command line flags: Command line flags can be used to override configuration values. Run
go-pot --helpto see a list of available flags. - Environment variables: Environment variables can be used to override configuration values. Environment variables are prefixed with
GOPOT__and deliminated with "__"'s for further keys. For instanceserver.hostcan be overridden withGOPOT__SERVER__HOST.
Go pot can be deployed in a variety of ways. See the cdk directory for an example of how to deploy go-pot using the AWS CDK on ECS Fargate for which it has native clustering support.
Contributions are welcome! Please see the CONTRIBUTING.md file for more information on how to contribute.
See the internal INTERNALS.md file for more information on how go-pot works.
Go pot was originally inspired by the Reverse slow loris project by Nick Huber
The go pot logo created by @_iroshi and is licensed under the CC0 license.
- More protocols: Support for more protocols is planned. Including
ssh,sql,smtpand more. Anything that can be stalled will be stalled and must be stalled! - Tests: There are no unit tests. The was originally built as a proof of concept for a talk and has been refactored several times since. It is still in need of firmer testing.
(Originally the subject of a talk for Birmingham go)
