go-pot 🍯

A HTTP tarpit written in Go designed to maximize bot misery through very slowly feeding them an infinite stream of fake secrets.

Features

Realistic output: Go pot will respond to requests with an infinite stream of realistic looking, parseable structured data full of fake secrets. xml, json, yaml, hcl, toml, csv, ini, and sql are all supported.
Multiple protocols: Both http and ftp are supported out of the box. Each with a tailored implementation. More protocols are planned.
Intelligent stalling: Go pot will attempt to work out how long a bot is willing to wait for a response and stall for exactly that long. This is done gradually making requests slower and slower until a timeout is reached. (Or the bot hangs forever!)
Small Profile: Go pot can run on extremely low resource machines and is designed to be as lightweight as possible.
Clustering Support: Go pot can be run in a clustered mode where multiple instances can share information about how long bots are willing to wait for a response. Also in cluster mode nodes can be configured to restart / reallocate IP addresses to avoid being blacklisted by connecting clients.
Customizable: Go pot can be customized to respond with different different response times.

Installation

Go pot is distributed as a standalone go binary or docker image. You can download the latest release from the releases page. Docker images are available on the ghcr.io registry.

Docker

In order to run an example instance of go-pot using docker, you can use the following command:

docker run -p 8080:8080 --rm ghcr.io/ryanolee/go-pot:latest start --host=0.0.0.0 --port=8080

See the examples directory for more examples of how to run go-pot in various configurations.

Standalone

In order to run go-pot as a standalone binary, you can download the latest release from the releases page and run it with the following command:

./go-pot start

Then visit http://localhost:8080 in your browser to see the go-pot in action. ( Visiting http://localhost:8080/somthing.xml, http://localhost:8080/someething.sql ect.. will start generating data in the respective format)

Usage

Please refer to the examples folder for examples of how go pot can be used.

Configuration

Configuration for go-pot follows the following order of precedence (From lowest to highest):

Defaults: Default values can be found in the config/default.go file.
Config file: A configuration file path can be specified using the --config-file flag or using the GOPOT__CONFIG_FILE environment variable. An example reference configuration file can be found in the examples/config/reference.yml file.
Command line flags: Command line flags can be used to override configuration values. Run go-pot --help to see a list of available flags.
Environment variables: Environment variables can be used to override configuration values. Environment variables are prefixed with GOPOT__ and deliminated with ""'s for further keys. For instance server.host can be overridden with `GOPOTSERVER__HOST`.

Deployment

Go pot can be deployed in a variety of ways. See the cdk directory for an example of how to deploy go-pot using the AWS CDK on ECS Fargate for which it has native clustering support.

Contributing

Contributions are welcome! Please see the CONTRIBUTING.md file for more information on how to contribute.

See the internal INTERNALS.md file for more information on how go-pot works.

Credits

Go pot was originally inspired by the Reverse slow loris project by Nick Huber The go pot logo created by @_iroshi and is licensed under the CC0 license.

What the future holds 🔮

More protocols: Support for more protocols is planned. Including ssh, sql, smtp and more. Anything that can be stalled will be stalled and must be stalled!
Tests: There are no unit tests. The was originally built as a proof of concept for a talk and has been refactored several times since. It is still in need of firmer testing.

(Originally the subject of a talk for Birmingham go)

ryanolee / go-pot

readme