Conpot is an ICS honeypot with the goal to collect intelligence about the motives and methods of adversaries targeting industrial control systems. let’s first install Conpot then I explain about this tool:
1- install Docker
if you are running ubuntu17.10, this is a good document for installation, otherwise follow the instruction of Conpot.
2- Run docker pull honeynet/conpot
Run docker run -it -p 80:80 -p 102:102 -p 502:502 -p 161:161/udp –network=bridge honeynet/conpot:latest /bin/sh
Finally run conpot -f –template default
Navigate to http://MY_IP_ADDRESS to confirm the setup.
the result with default template should be like this:
Conpot is shipped with a default profile(default.xml) which provides basic emulation of a Siemens S7-200 CPU with a few expansion modules installed. The attack surface of the default emulation includes the protocols MODBUS, HTTP, SNMP and s7comm.