T-Pot 24.04.1

Release Notes / Changelog

T-Pot 24.04.1 brings significant updates and exciting new honeypot additions, especially the LLM-based honeypots Beelzebub and Galah!

New Features

• Beelzebub (SSH) and Galah (HTTP) are the first LLM-based honeypots included in T-Pot (requires Ollama installation or a ChatGPT subscription).
• Go-Pot a HTTP tarpit designed to maximize bot misery by slowly feeding them an infinite stream of fake secrets.
• Honeyaml a configurable API server honeypot even supporting JWT-based HTTP bearer/token authentication.
• H0neytr4p a HTTP/S honeypot capable of emulating vulnerabilities using configurable traps.
• Miniprint a medium-interaction printer honeypot.

Updates

• Honeypots were updated to their latest pushed code and / or releases.
• Editions have been re-introduced. You can now additionally choose to install T-Pot as Mini, LLM and Tarpit edition.
• Attack Map has been updated to 2.2.6 including support for all new honeypots.
• Elastic Stack has been upgrade to 8.16.1.
• Cyberchef has been updated to the latest release.
• Elasticvue has been updated to 1.1.0.
• Suricata has been updated to 7.0.7, now supporting JA4 hashes.
• Most honeypots now use PyInstaller (for Python) and Scratch (for Go) to minimize Docker image sizes.
• All new honeypots have been integrated with Kibana, featuring dedicated dashboards and visualizations.
• Github Container Registry is now the default container registry for the T-Pot configuration file .env.
• Compatibility tested with Alma 9.5, Fedora 41, Rocky 9.5, and Ubuntu 24.04.1, with updated supported ISO links.
• Docker images now use Alpine 3.20 or Scratch wherever possible.
• Updates for 24.04.1 images will be provided continuously through Docker image updates.
• Ddospot has been moved from the Hive / Sensor installation to the Tarpit installation.

Breaking Changes

NGINX

• The container no longer runs in host mode, requiring changes to the docker-compose.yml and related services.
• To avoid confusion and downtime, the 24.04.1 tag for Docker images has been introduced.
• Important: Actively update T-Pot as described in the README.
• Deprecation Notice: The 24.04 tagged images will no longer be maintained and will be removed by 2025-01-31.

Suricata

• Capture filters have been updated to exclude broadcast, multicast, NetBIOS, IGMP, and MDNS traffic.

Thanks & Credits

A heartfelt thank you to the contributors who made this release possible:

• @elivlo, @mancasa, @koalafiedTroll, @trixam, for their backend and ews support!
• @mariocandela for his work and updates on Beelzebub based on our discussions!
• @ryanolee for approaching us and adding valuable features to go-pot based on our discussions!
• @neon-ninja for the work on #1661!
• @sarkoziadam for the work on #1643!
• @glaslos for the work on #1538!

… and to the entire T-Pot community for opening issues, sharing ideas, and helping improve T-Pot!

What's Changed

• Typos in customizer.py by @ZePotente in #1533
• Adjust T-Pot for Docker Desktop for Windows with WSL2 by @t3chn0m4g3 in #1536
• Update Glutton Dockerfile by @glaslos in #1538
• Remove Podman-Docker compatibility layer when installing by @mattroot in #1601
• Update links, fix #1654 by @t3chn0m4g3 in #1655
• Correct SSH version in cowrie.cfg by @neon-ninja in #1661
• Sync with master by @t3chn0m4g3 in #1662
• Fix conpot docker image errors by @sarkoziadam in #1643
• Merge with master by @t3chn0m4g3 in #1680
• Sync with master by @t3chn0m4g3 in #1688
• fix typos in README.md by @tmyksj in #1695
• Sync by @t3chn0m4g3 in #1698
• Fix Debian Download link by @t3chn0m4g3 in #1702
• Release T-Pot 24.04.1 by @t3chn0m4g3 in #1712

New Contributors

• @ZePotente made their first contribution in #1533
• @glaslos made their first contribution in #1538
• @mattroot made their first contribution in #1601
• @neon-ninja made their first contribution in #1661
• @sarkoziadam made their first contribution in #1643
• @tmyksj made their first contribution in #1695

Full Changelog: 24.04.0...24.04.1