It would be great to add Oracle WebLogic honeypot

[trust1345]

It would be great to add Oracle WebLogic honeypot
https://github.com/Cymmetria/weblogic_honeypot

ported to python3
https://github.com/rogofsky/weblogic_honeypot

[t3chn0m4g3]

This is a single CVE honeypot and as such IMO only useful as long the CVE is found widespread in the wild. This does not seem the case anymore. However you can change the T-Pot config files and include your own docker based honeypots.

[trust1345]

Thanks for the answer.
Yes CVE-2017-10271 single, but 8000 ports are free. WebLogic is one of the most popular service for attack in corporate networks.
https://www.exploit-db.com/search?q=weblogic&type=remote

I have not verified, but since the implementation of this CVE is very similar to many new CVE's in WebLogic, Suricata is likely to identify explosion attempts and new CVE's.
In this way, it is possible to close a number of CVE's. But this claim needs to be verified.

https://sissden.eu/blog/oracle-weblogic-0day
Attention - as the exploitation of this vulnerability is very similar to CVE-2017-10271 (other RCE vulnerability in Oracle WebLogic Servers) and at the moment of blogpost writing we are still lacking very detailed information about CVE-2019-2725, we are not completely sure that the payload is executed via new vulnerability (however, we are almost certain that it is using CVE-2019-2725).

If my arguments have not changed your opinion, it is probably necessary to close the issue.

[t3chn0m4g3]

@trust1345 Thanks for the discussion, but it does not have sparked more interest to follow up on. Closing this.