├── .coveragerc ├── .gitignore ├── .travis.yml ├── LICENSE ├── MANIFEST.in ├── README.rst ├── admin_honeypot ├── __init__.py ├── admin.py ├── apps.py ├── forms.py ├── listeners.py ├── locale │ ├── es_ES │ │ └── LC_MESSAGES │ │ │ ├── django.mo │ │ │ └── django.po │ ├── ru │ │ └── LC_MESSAGES │ │ │ ├── django.mo │ │ │ └── django.po │ ├── zh_CN │ │ └── LC_MESSAGES │ │ │ ├── django.mo │ │ │ └── django.po │ └── zh_Hans │ │ └── LC_MESSAGES │ │ ├── django.mo │ │ └── django.po ├── migrations │ ├── 0001_initial.py │ ├── 0002_auto_20160208_0854.py │ └── __init__.py ├── models.py ├── signals.py ├── templates │ └── admin_honeypot │ │ ├── email_message.txt │ │ ├── email_subject.txt │ │ └── login.html ├── urls.py └── views.py ├── conftest.py ├── docs ├── Makefile ├── build.sh ├── conf.py ├── index.rst └── manual │ ├── faq.rst │ ├── install.rst │ ├── reference.rst │ ├── testing.rst │ └── usage.rst ├── release-process.txt ├── requirements.txt ├── setup.cfg ├── setup.py ├── tests ├── __init__.py ├── settings.py ├── test_suite.py └── urls.py └── tox.ini /.coveragerc: -------------------------------------------------------------------------------- 1 | [run] 2 | omit = 3 | admin_honeypot/migrations/* 4 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.egg 2 | *.py[co] 3 | *.komodoproject 4 | .cache/ 5 | .coverage 6 | .coveralls 7 | .DS_Store 8 | .tox 9 | __pycache__ 10 | build/ 11 | coverage.xml 12 | dist/ 13 | django_admin_honeypot.egg-info/ 14 | docs/_build/ 15 | pep8.txt 16 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | language: python 2 | python: 3 | - "3.10" 4 | 5 | matrix: 6 | include: 7 | - env: TOXENV=django-2.2 8 | - env: TOXENV=django-3.2 9 | - env: TOXENV=django-4.0 10 | - env: TOXENV=coverage 11 | 12 | install: 13 | - pip install tox 14 | 15 | script: tox 16 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) Derek Payton 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining a copy 4 | of this software and associated documentation files (the "Software"), to deal 5 | in the Software without restriction, including without limitation the rights 6 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 7 | copies of the Software, and to permit persons to whom the Software is 8 | furnished to do so, subject to the following conditions: 9 | 10 | The above copyright notice and this permission notice shall be included in 11 | all copies or substantial portions of the Software. 12 | 13 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 14 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 16 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 18 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 19 | THE SOFTWARE. 20 | -------------------------------------------------------------------------------- /MANIFEST.in: -------------------------------------------------------------------------------- 1 | include LICENSE 2 | include README.rst 3 | recursive-include admin_honeypot/locale * 4 | recursive-include admin_honeypot/templates * 5 | -------------------------------------------------------------------------------- /README.rst: -------------------------------------------------------------------------------- 1 | ===================== 2 | django-admin-honeypot 3 | ===================== 4 | 5 | .. image:: https://travis-ci.org/dmpayton/django-admin-honeypot.svg?branch=develop 6 | :target: https://travis-ci.org/dmpayton/django-admin-honeypot 7 | :alt: Travis-CI 8 | 9 | .. image:: https://coveralls.io/repos/dmpayton/django-admin-honeypot/badge.svg?branch=develop 10 | :target: https://coveralls.io/r/dmpayton/django-admin-honeypot 11 | :alt: Coverage 12 | 13 | .. image:: https://codeclimate.com/github/dmpayton/django-admin-honeypot/badges/gpa.svg?branch=develop 14 | :target: https://codeclimate.com/github/dmpayton/django-admin-honeypot 15 | :alt: Code Climate 16 | 17 | 18 | **django-admin-honeypot** is a fake Django admin login screen to log and notify 19 | admins of attempted unauthorized access. This app was inspired by discussion 20 | in and around Paul McMillan's security talk at DjangoCon 2011. 21 | 22 | * **Author**: `Derek Payton `_ 23 | * **Version**: 1.1.0 24 | * **License**: MIT 25 | 26 | Documentation 27 | ============= 28 | 29 | http://django-admin-honeypot.readthedocs.io 30 | 31 | tl;dr 32 | ----- 33 | 34 | * Install django-admin-honeypot from PyPI:: 35 | 36 | pip install django-admin-honeypot 37 | 38 | * Add ``admin_honeypot`` to ``INSTALLED_APPS`` 39 | * Update your urls.py: 40 | 41 | :: 42 | 43 | urlpatterns = [ 44 | ... 45 | path('admin/', include('admin_honeypot.urls', namespace='admin_honeypot')), 46 | path('secret/', admin.site.urls), 47 | ] 48 | 49 | * Run ``python manage.py migrate`` 50 | 51 | NOTE: replace ``secret`` in the url above with your own secret url prefix 52 | -------------------------------------------------------------------------------- /admin_honeypot/__init__.py: -------------------------------------------------------------------------------- 1 | __author__ = 'Derek Payton ' 2 | __copyright__ = 'Copyright (c) Derek Payton' 3 | __description__ = 'A fake Django admin login screen to notify admins of attempted unauthorized access.' 4 | __version__ = '1.1.0' 5 | __license__ = 'MIT License' 6 | -------------------------------------------------------------------------------- /admin_honeypot/admin.py: -------------------------------------------------------------------------------- 1 | from django.contrib import admin 2 | from django.utils.html import format_html 3 | from django.utils.translation import gettext_lazy as _ 4 | 5 | from admin_honeypot.models import LoginAttempt 6 | 7 | 8 | class LoginAttemptAdmin(admin.ModelAdmin): 9 | list_display = ('username', 'get_ip_address', 'get_session_key', 'timestamp', 'get_path') 10 | list_filter = ('timestamp',) 11 | readonly_fields = ('path', 'username', 'ip_address', 'session_key', 'user_agent') 12 | search_fields = ('username', 'ip_address', 'user_agent', 'path') 13 | 14 | def get_actions(self, request): 15 | actions = super(LoginAttemptAdmin, self).get_actions(request) 16 | if 'delete_selected' in actions: 17 | del actions['delete_selected'] 18 | return actions 19 | 20 | def get_session_key(self, instance): 21 | return format_html('{sk}', sk=instance.session_key) 22 | get_session_key.short_description = _('Session') 23 | 24 | def get_ip_address(self, instance): 25 | return format_html('{ip}', ip=instance.ip_address) 26 | get_ip_address.short_description = _('IP Address') 27 | 28 | def get_path(self, instance): 29 | return format_html('{path}', path=instance.path) 30 | get_path.short_description = _('URL') 31 | 32 | def has_add_permission(self, request, obj=None): 33 | return False 34 | 35 | def has_delete_permission(self, request, obj=None): 36 | return False 37 | 38 | admin.site.register(LoginAttempt, LoginAttemptAdmin) 39 | -------------------------------------------------------------------------------- /admin_honeypot/apps.py: -------------------------------------------------------------------------------- 1 | from django.apps import AppConfig 2 | from django.utils.translation import gettext_lazy as _ 3 | 4 | __all__ = ['AdminHoneypotConfig'] 5 | 6 | 7 | class AdminHoneypotConfig(AppConfig): 8 | name = 'admin_honeypot' 9 | label = 'admin_honeypot' 10 | verbose_name = _('Admin Honeypot') 11 | default_auto_field = 'django.db.models.AutoField' 12 | -------------------------------------------------------------------------------- /admin_honeypot/forms.py: -------------------------------------------------------------------------------- 1 | import django 2 | from django import forms 3 | from django.contrib.admin.forms import AdminAuthenticationForm 4 | 5 | 6 | class HoneypotLoginForm(AdminAuthenticationForm): 7 | def clean(self): 8 | """ 9 | Always raise the default error message, because we don't 10 | care what they entered here. 11 | """ 12 | raise forms.ValidationError( 13 | self.error_messages['invalid_login'], 14 | code='invalid_login', 15 | params={'username': self.username_field.verbose_name} 16 | ) 17 | -------------------------------------------------------------------------------- /admin_honeypot/listeners.py: -------------------------------------------------------------------------------- 1 | from admin_honeypot.signals import honeypot 2 | from django.conf import settings 3 | from django.core.mail import mail_admins 4 | from django.template.loader import render_to_string 5 | from django.urls import reverse 6 | 7 | 8 | def notify_admins(instance, request, **kwargs): 9 | path = reverse('admin:admin_honeypot_loginattempt_change', args=(instance.pk,)) 10 | admin_detail_url = 'http://{0}{1}'.format(request.get_host(), path) 11 | context = { 12 | 'request': request, 13 | 'instance': instance, 14 | 'admin_detail_url': admin_detail_url, 15 | } 16 | subject = render_to_string('admin_honeypot/email_subject.txt', context).strip() 17 | message = render_to_string('admin_honeypot/email_message.txt', context).strip() 18 | mail_admins(subject=subject, message=message) 19 | 20 | if getattr(settings, 'ADMIN_HONEYPOT_EMAIL_ADMINS', True): 21 | honeypot.connect(notify_admins) 22 | -------------------------------------------------------------------------------- /admin_honeypot/locale/es_ES/LC_MESSAGES/django.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dmpayton/django-admin-honeypot/a840496d183df89965eeb33c9a5dd9ea3919dfff/admin_honeypot/locale/es_ES/LC_MESSAGES/django.mo -------------------------------------------------------------------------------- /admin_honeypot/locale/es_ES/LC_MESSAGES/django.po: -------------------------------------------------------------------------------- 1 | # SOME DESCRIPTIVE TITLE. 2 | # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER 3 | # This file is distributed under the same license as the PACKAGE package. 4 | # FIRST AUTHOR , YEAR. 5 | # 6 | msgid "" 7 | msgstr "" 8 | "Project-Id-Version: admin-honeypot\n" 9 | "Report-Msgid-Bugs-To: \n" 10 | "POT-Creation-Date: 2014-02-04 03:18-0430\n" 11 | "PO-Revision-Date: 2014-02-04 03:38-0400\n" 12 | "Last-Translator: Eduardo Echeverria \n" 13 | "Language-Team: \n" 14 | "Language: Spanish\n" 15 | "MIME-Version: 1.0\n" 16 | "Content-Type: text/plain; charset=UTF-8\n" 17 | "Content-Transfer-Encoding: 8bit\n" 18 | "X-Generator: Poedit 1.5.4\n" 19 | 20 | #: admin.py:21 21 | msgid "Session" 22 | msgstr "Sesión" 23 | 24 | #: admin.py:26 templates/admin_honeypot/email_message.txt:4 25 | msgid "IP Address" 26 | msgstr "Dirección IP" 27 | 28 | #: admin.py:31 29 | msgid "URL" 30 | msgstr "URL" 31 | 32 | #: models.py:7 33 | msgid "username" 34 | msgstr "nombre de usuario" 35 | 36 | #: models.py:8 37 | msgid "password" 38 | msgstr "contraseña" 39 | 40 | #: models.py:9 41 | msgid "ip address" 42 | msgstr "dirección ip" 43 | 44 | #: models.py:10 45 | msgid "session key" 46 | msgstr "clave de sesión" 47 | 48 | #: models.py:11 49 | msgid "user-agent" 50 | msgstr "Agente de usuario" 51 | 52 | #: models.py:12 53 | msgid "timestamp" 54 | msgstr "marca de tiempo" 55 | 56 | #: models.py:13 57 | msgid "path" 58 | msgstr "ruta" 59 | 60 | #: models.py:16 61 | msgid "login attempt" 62 | msgstr "intento de inicio de sesión" 63 | 64 | #: models.py:17 65 | msgid "login attempts" 66 | msgstr "intentos de conexión" 67 | 68 | #: views.py:19 69 | msgid "Log in" 70 | msgstr "Iniciar la sesión" 71 | 72 | #: templates/admin_honeypot/email_message.txt:1 73 | #, python-format 74 | msgid "" 75 | "This is an automatic email to notify you that someone tried to login to the " 76 | "admin honeypot on %(host)s" 77 | msgstr "" 78 | "Este es un correo electrónico automático para notificarle que alguien trató " 79 | "de ingresar al administrador honeypot en %(host)s" 80 | 81 | #: templates/admin_honeypot/email_message.txt:3 82 | msgid "Username" 83 | msgstr "Nombre de usuario" 84 | 85 | #: templates/admin_honeypot/email_message.txt:5 86 | msgid "Timestamp" 87 | msgstr "Marca de tiempo" 88 | 89 | #: templates/admin_honeypot/email_subject.txt:1 90 | #, python-format 91 | msgid "[admin-honeypot] attempted login from %(ip)s at %(host)s" 92 | msgstr "[admin-honeypot] intento de inicio de sesión desde %(ip)s en %(host)s" 93 | -------------------------------------------------------------------------------- /admin_honeypot/locale/ru/LC_MESSAGES/django.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dmpayton/django-admin-honeypot/a840496d183df89965eeb33c9a5dd9ea3919dfff/admin_honeypot/locale/ru/LC_MESSAGES/django.mo -------------------------------------------------------------------------------- /admin_honeypot/locale/ru/LC_MESSAGES/django.po: -------------------------------------------------------------------------------- 1 | # SOME DESCRIPTIVE TITLE. 2 | # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER 3 | # This file is distributed under the same license as the PACKAGE package. 4 | # FIRST AUTHOR , YEAR. 5 | # 6 | msgid "" 7 | msgstr "" 8 | "Project-Id-Version: admin-honeypot\n" 9 | "Report-Msgid-Bugs-To: \n" 10 | "POT-Creation-Date: 2013-11-15 11:14+0700\n" 11 | "PO-Revision-Date: 2013-11-15 11:15+0700\n" 12 | "Last-Translator: Basil Shubin \n" 13 | "Language-Team: \n" 14 | "Language: Russian\n" 15 | "MIME-Version: 1.0\n" 16 | "Content-Type: text/plain; charset=UTF-8\n" 17 | "Content-Transfer-Encoding: 8bit\n" 18 | "Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n" 19 | "%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" 20 | "X-Generator: Poedit 1.5.7\n" 21 | 22 | #: admin.py:21 23 | msgid "Session" 24 | msgstr "Сессия" 25 | 26 | #: admin.py:26 templates/admin_honeypot/email_message.txt:4 27 | msgid "IP Address" 28 | msgstr "IP адрес" 29 | 30 | #: admin.py:31 31 | msgid "URL" 32 | msgstr "" 33 | 34 | #: models.py:7 35 | msgid "username" 36 | msgstr "имя пользователя" 37 | 38 | #: models.py:8 39 | msgid "password" 40 | msgstr "пароль" 41 | 42 | #: models.py:9 43 | msgid "ip address" 44 | msgstr "ip адрес" 45 | 46 | #: models.py:10 47 | msgid "session key" 48 | msgstr "" 49 | 50 | #: models.py:11 51 | msgid "user-agent" 52 | msgstr "имя пользователя" 53 | 54 | #: models.py:12 55 | msgid "timestamp" 56 | msgstr "временная метка" 57 | 58 | #: models.py:13 59 | msgid "path" 60 | msgstr "путь" 61 | 62 | #: models.py:16 63 | msgid "login attempt" 64 | msgstr "попытка входа" 65 | 66 | #: models.py:17 67 | msgid "login attempts" 68 | msgstr "попытки входа" 69 | 70 | #: views.py:19 71 | msgid "Log in" 72 | msgstr "Войти" 73 | 74 | #: templates/admin_honeypot/email_message.txt:1 75 | #, python-format 76 | msgid "" 77 | "This is an automatic email to notify you that someone tried to login to the " 78 | "admin honeypot on %(host)s" 79 | msgstr "" 80 | "Это автоматическое уведомление о том, что кто-то пытался войти в админку на " 81 | "%(host)s" 82 | 83 | #: templates/admin_honeypot/email_message.txt:3 84 | msgid "Username" 85 | msgstr "Имя пользователя" 86 | 87 | #: templates/admin_honeypot/email_message.txt:5 88 | msgid "Timestamp" 89 | msgstr "Временная метка" 90 | 91 | #: templates/admin_honeypot/email_subject.txt:1 92 | #, python-format 93 | msgid "[admin-honeypot] attempted login from %(ip)s at %(host)s" 94 | msgstr "[admin-honeypot] пытались войти с %(ip)s на %(host)s" 95 | -------------------------------------------------------------------------------- /admin_honeypot/locale/zh_CN/LC_MESSAGES/django.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dmpayton/django-admin-honeypot/a840496d183df89965eeb33c9a5dd9ea3919dfff/admin_honeypot/locale/zh_CN/LC_MESSAGES/django.mo -------------------------------------------------------------------------------- /admin_honeypot/locale/zh_CN/LC_MESSAGES/django.po: -------------------------------------------------------------------------------- 1 | # SOME DESCRIPTIVE TITLE. 2 | # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER 3 | # This file is distributed under the same license as the PACKAGE package. 4 | # FIRST AUTHOR , YEAR. 5 | # 6 | #, fuzzy 7 | msgid "" 8 | msgstr "" 9 | "Project-Id-Version: PACKAGE VERSION\n" 10 | "Report-Msgid-Bugs-To: \n" 11 | "POT-Creation-Date: 2015-12-06 12:05+0800\n" 12 | "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" 13 | "Last-Translator: FULL NAME \n" 14 | "Language-Team: LANGUAGE \n" 15 | "Language: \n" 16 | "MIME-Version: 1.0\n" 17 | "Content-Type: text/plain; charset=UTF-8\n" 18 | "Content-Transfer-Encoding: 8bit\n" 19 | "Plural-Forms: nplurals=1; plural=0;\n" 20 | 21 | #: admin.py:21 22 | msgid "Session" 23 | msgstr "会话" 24 | 25 | #: admin.py:26 templates/admin_honeypot/email_message.txt:4 26 | msgid "IP Address" 27 | msgstr "IP地址" 28 | 29 | #: admin.py:31 30 | msgid "URL" 31 | msgstr "网址" 32 | 33 | #: models.py:7 34 | msgid "username" 35 | msgstr "用户名" 36 | 37 | #: models.py:8 38 | msgid "ip address" 39 | msgstr "IP地址" 40 | 41 | #: models.py:9 42 | msgid "session key" 43 | msgstr "会话键" 44 | 45 | #: models.py:10 46 | msgid "user-agent" 47 | msgstr "用户代理" 48 | 49 | #: models.py:11 50 | msgid "timestamp" 51 | msgstr "时间戳" 52 | 53 | #: models.py:12 54 | msgid "path" 55 | msgstr "路径" 56 | 57 | #: models.py:15 58 | msgid "login attempt" 59 | msgstr "登录尝试" 60 | 61 | #: models.py:16 62 | msgid "login attempts" 63 | msgstr "登录尝试列表" 64 | 65 | #: templates/admin_honeypot/email_message.txt:1 66 | #, python-format 67 | msgid "" 68 | "This is an automatic email to notify you that someone tried to login to the " 69 | "admin honeypot on %(host)s" 70 | msgstr "这是一个自动邮件,通知你有人尝试登录在%(host)s上的管理蜜罐。" 71 | 72 | #: templates/admin_honeypot/email_message.txt:3 73 | msgid "Username" 74 | msgstr "用户名" 75 | 76 | #: templates/admin_honeypot/email_message.txt:5 77 | msgid "Timestamp" 78 | msgstr "时间戳" 79 | 80 | #: templates/admin_honeypot/email_subject.txt:1 81 | #, python-format 82 | msgid "[admin-honeypot] attempted login from %(ip)s at %(host)s" 83 | msgstr "[管理蜜罐]在%(host)s被来自%(ip)s尝试登录。" 84 | 85 | #: views.py:37 86 | msgid "Log in" 87 | msgstr "登录" 88 | 89 | msgid "Admin_Honeypot" 90 | msgstr "管理蜜罐" 91 | -------------------------------------------------------------------------------- /admin_honeypot/locale/zh_Hans/LC_MESSAGES/django.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dmpayton/django-admin-honeypot/a840496d183df89965eeb33c9a5dd9ea3919dfff/admin_honeypot/locale/zh_Hans/LC_MESSAGES/django.mo -------------------------------------------------------------------------------- /admin_honeypot/locale/zh_Hans/LC_MESSAGES/django.po: -------------------------------------------------------------------------------- 1 | # SOME DESCRIPTIVE TITLE. 2 | # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER 3 | # This file is distributed under the same license as the PACKAGE package. 4 | # FIRST AUTHOR , YEAR. 5 | # 6 | #, fuzzy 7 | msgid "" 8 | msgstr "" 9 | "Project-Id-Version: PACKAGE VERSION\n" 10 | "Report-Msgid-Bugs-To: \n" 11 | "POT-Creation-Date: 2015-12-06 12:05+0800\n" 12 | "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" 13 | "Last-Translator: FULL NAME \n" 14 | "Language-Team: LANGUAGE \n" 15 | "Language: \n" 16 | "MIME-Version: 1.0\n" 17 | "Content-Type: text/plain; charset=UTF-8\n" 18 | "Content-Transfer-Encoding: 8bit\n" 19 | "Plural-Forms: nplurals=1; plural=0;\n" 20 | 21 | #: admin.py:21 22 | msgid "Session" 23 | msgstr "会话" 24 | 25 | #: admin.py:26 templates/admin_honeypot/email_message.txt:4 26 | msgid "IP Address" 27 | msgstr "IP地址" 28 | 29 | #: admin.py:31 30 | msgid "URL" 31 | msgstr "网址" 32 | 33 | #: models.py:7 34 | msgid "username" 35 | msgstr "用户名" 36 | 37 | #: models.py:8 38 | msgid "ip address" 39 | msgstr "IP地址" 40 | 41 | #: models.py:9 42 | msgid "session key" 43 | msgstr "会话键" 44 | 45 | #: models.py:10 46 | msgid "user-agent" 47 | msgstr "用户代理" 48 | 49 | #: models.py:11 50 | msgid "timestamp" 51 | msgstr "时间戳" 52 | 53 | #: models.py:12 54 | msgid "path" 55 | msgstr "路径" 56 | 57 | #: models.py:15 58 | msgid "login attempt" 59 | msgstr "登录尝试" 60 | 61 | #: models.py:16 62 | msgid "login attempts" 63 | msgstr "登录尝试列表" 64 | 65 | #: templates/admin_honeypot/email_message.txt:1 66 | #, python-format 67 | msgid "" 68 | "This is an automatic email to notify you that someone tried to login to the " 69 | "admin honeypot on %(host)s" 70 | msgstr "这是一个自动邮件,通知你有人尝试登录在%(host)s上的管理蜜罐。" 71 | 72 | #: templates/admin_honeypot/email_message.txt:3 73 | msgid "Username" 74 | msgstr "用户名" 75 | 76 | #: templates/admin_honeypot/email_message.txt:5 77 | msgid "Timestamp" 78 | msgstr "时间戳" 79 | 80 | #: templates/admin_honeypot/email_subject.txt:1 81 | #, python-format 82 | msgid "[admin-honeypot] attempted login from %(ip)s at %(host)s" 83 | msgstr "[管理蜜罐]在%(host)s被来自%(ip)s尝试登录。" 84 | 85 | #: views.py:37 86 | msgid "Log in" 87 | msgstr "登录" 88 | 89 | msgid "Admin_Honeypot" 90 | msgstr "管理蜜罐" 91 | -------------------------------------------------------------------------------- /admin_honeypot/migrations/0001_initial.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | from __future__ import unicode_literals 3 | 4 | from django.db import models, migrations 5 | 6 | 7 | class Migration(migrations.Migration): 8 | 9 | dependencies = [ 10 | ] 11 | 12 | operations = [ 13 | migrations.CreateModel( 14 | name='LoginAttempt', 15 | fields=[ 16 | ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)), 17 | ('username', models.CharField(max_length=255, null=True, verbose_name='username', blank=True)), 18 | ('ip_address', models.IPAddressField(null=True, verbose_name='ip address', blank=True)), 19 | ('session_key', models.CharField(max_length=50, null=True, verbose_name='session key', blank=True)), 20 | ('user_agent', models.TextField(null=True, verbose_name='user-agent', blank=True)), 21 | ('timestamp', models.DateTimeField(auto_now_add=True, verbose_name='timestamp')), 22 | ('path', models.TextField(null=True, verbose_name='path', blank=True)), 23 | ], 24 | options={ 25 | 'ordering': ('timestamp',), 26 | 'verbose_name': 'login attempt', 27 | 'verbose_name_plural': 'login attempts', 28 | }, 29 | bases=(models.Model,), 30 | ), 31 | ] 32 | -------------------------------------------------------------------------------- /admin_honeypot/migrations/0002_auto_20160208_0854.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | # Generated by Django 1.9.2 on 2016-02-08 08:54 3 | from __future__ import unicode_literals 4 | 5 | from django.db import migrations, models 6 | 7 | 8 | class Migration(migrations.Migration): 9 | 10 | dependencies = [ 11 | ('admin_honeypot', '0001_initial'), 12 | ] 13 | 14 | operations = [ 15 | migrations.AlterField( 16 | model_name='loginattempt', 17 | name='ip_address', 18 | field=models.GenericIPAddressField(blank=True, null=True, verbose_name='ip address'), 19 | ), 20 | ] 21 | -------------------------------------------------------------------------------- /admin_honeypot/migrations/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dmpayton/django-admin-honeypot/a840496d183df89965eeb33c9a5dd9ea3919dfff/admin_honeypot/migrations/__init__.py -------------------------------------------------------------------------------- /admin_honeypot/models.py: -------------------------------------------------------------------------------- 1 | from django.db import models 2 | from django.utils.translation import gettext_lazy as _ 3 | from admin_honeypot import listeners 4 | 5 | 6 | class LoginAttempt(models.Model): 7 | username = models.CharField(_("username"), max_length=255, blank=True, null=True) 8 | ip_address = models.GenericIPAddressField(_("ip address"), protocol='both', blank=True, null=True) 9 | session_key = models.CharField(_("session key"), max_length=50, blank=True, null=True) 10 | user_agent = models.TextField(_("user-agent"), blank=True, null=True) 11 | timestamp = models.DateTimeField(_("timestamp"), auto_now_add=True) 12 | path = models.TextField(_("path"), blank=True, null=True) 13 | 14 | class Meta: 15 | verbose_name = _("login attempt") 16 | verbose_name_plural = _("login attempts") 17 | ordering = ('timestamp',) 18 | 19 | def __str__(self): 20 | return self.username 21 | -------------------------------------------------------------------------------- /admin_honeypot/signals.py: -------------------------------------------------------------------------------- 1 | from django import dispatch 2 | 3 | honeypot = dispatch.Signal() 4 | -------------------------------------------------------------------------------- /admin_honeypot/templates/admin_honeypot/email_message.txt: -------------------------------------------------------------------------------- 1 | {% load i18n %}{% blocktrans with request.get_host as host %}This is an automatic email to notify you that someone tried to login to the admin honeypot on {{ host }}{% endblocktrans %}: 2 | 3 | {% trans "Username" %}: {{ instance.username }} 4 | {% trans "IP Address" %}: {{ instance.ip_address }} 5 | {% trans "Timestamp" %}: {{ instance.timestamp }} 6 | 7 | {{ admin_detail_url }} 8 | 9 | ---- 10 | django-admin-honeypot 11 | -------------------------------------------------------------------------------- /admin_honeypot/templates/admin_honeypot/email_subject.txt: -------------------------------------------------------------------------------- 1 | {% load i18n %}{% blocktrans with instance.ip_address as ip and request.get_host as host %}[admin-honeypot] attempted login from {{ ip }} at {{ host }}{% endblocktrans %} 2 | -------------------------------------------------------------------------------- /admin_honeypot/templates/admin_honeypot/login.html: -------------------------------------------------------------------------------- 1 | {% extends 'admin/login.html' %} 2 | 3 | {% block branding %} 4 |

{{ site_header|default:_('Django administration') }}

5 | {% endblock %} 6 | -------------------------------------------------------------------------------- /admin_honeypot/urls.py: -------------------------------------------------------------------------------- 1 | from admin_honeypot import views 2 | from django.urls import path, re_path 3 | 4 | app_name = 'admin_honeypot' 5 | 6 | urlpatterns = [ 7 | path('login/', views.AdminHoneypot.as_view(), name='login'), 8 | re_path(r'^.*$', views.AdminHoneypot.as_view(), name='index'), 9 | ] 10 | -------------------------------------------------------------------------------- /admin_honeypot/views.py: -------------------------------------------------------------------------------- 1 | import django 2 | 3 | from ipware import get_client_ip 4 | 5 | from admin_honeypot.forms import HoneypotLoginForm 6 | from admin_honeypot.models import LoginAttempt 7 | from admin_honeypot.signals import honeypot 8 | 9 | from django.contrib.admin.sites import AdminSite 10 | from django.contrib.auth import REDIRECT_FIELD_NAME 11 | from django.contrib.auth.views import redirect_to_login 12 | from django.shortcuts import redirect 13 | from django.urls import reverse 14 | from django.utils.translation import gettext as _ 15 | from django.views import generic 16 | 17 | 18 | class AdminHoneypot(generic.FormView): 19 | template_name = 'admin_honeypot/login.html' 20 | form_class = HoneypotLoginForm 21 | 22 | def dispatch(self, request, *args, **kwargs): 23 | if not request.path.endswith('/'): 24 | return redirect(request.path + '/', permanent=True) 25 | 26 | # Django redirects the user to an explicit login view with 27 | # a next parameter, so emulate that. 28 | login_url = reverse('admin_honeypot:login') 29 | if request.path != login_url: 30 | return redirect_to_login(request.get_full_path(), login_url) 31 | 32 | return super(AdminHoneypot, self).dispatch(request, *args, **kwargs) 33 | 34 | def get_form(self, form_class=form_class): 35 | return form_class(self.request, **self.get_form_kwargs()) 36 | 37 | def get_context_data(self, **kwargs): 38 | context = super(AdminHoneypot, self).get_context_data(**kwargs) 39 | context.update({ 40 | **AdminSite().each_context(self.request), 41 | 'app_path': self.request.get_full_path(), 42 | REDIRECT_FIELD_NAME: reverse('admin_honeypot:index'), 43 | 'title': _('Log in'), 44 | }) 45 | return context 46 | 47 | def form_valid(self, form): 48 | return self.form_invalid(form) 49 | 50 | def form_invalid(self, form): 51 | ip_address, is_routable = get_client_ip(self.request) 52 | instance = LoginAttempt.objects.create( 53 | username=self.request.POST.get('username'), 54 | session_key=self.request.session.session_key, 55 | ip_address=ip_address, 56 | user_agent=self.request.META.get('HTTP_USER_AGENT'), 57 | path=self.request.get_full_path(), 58 | ) 59 | honeypot.send(sender=LoginAttempt, instance=instance, request=self.request) 60 | return super(AdminHoneypot, self).form_invalid(form) 61 | -------------------------------------------------------------------------------- /conftest.py: -------------------------------------------------------------------------------- 1 | import os 2 | from django.conf import settings 3 | 4 | 5 | def pytest_configure(): 6 | if not settings.configured: 7 | os.environ['DJANGO_SETTINGS_MODULE'] = 'tests.settings' 8 | -------------------------------------------------------------------------------- /docs/Makefile: -------------------------------------------------------------------------------- 1 | # Makefile for Sphinx documentation 2 | # 3 | 4 | # You can set these variables from the command line. 5 | SPHINXOPTS = 6 | SPHINXBUILD = sphinx-build 7 | PAPER = 8 | BUILDDIR = _build 9 | 10 | # Internal variables. 11 | PAPEROPT_a4 = -D latex_paper_size=a4 12 | PAPEROPT_letter = -D latex_paper_size=letter 13 | ALLSPHINXOPTS = -d $(BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) . 14 | # the i18n builder cannot share the environment and doctrees with the others 15 | I18NSPHINXOPTS = $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) . 16 | 17 | .PHONY: help clean html dirhtml singlehtml pickle json htmlhelp qthelp devhelp epub latex latexpdf text man changes linkcheck doctest gettext 18 | 19 | help: 20 | @echo "Please use \`make ' where is one of" 21 | @echo " html to make standalone HTML files" 22 | @echo " dirhtml to make HTML files named index.html in directories" 23 | @echo " singlehtml to make a single large HTML file" 24 | @echo " pickle to make pickle files" 25 | @echo " json to make JSON files" 26 | @echo " htmlhelp to make HTML files and a HTML help project" 27 | @echo " qthelp to make HTML files and a qthelp project" 28 | @echo " devhelp to make HTML files and a Devhelp project" 29 | @echo " epub to make an epub" 30 | @echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter" 31 | @echo " latexpdf to make LaTeX files and run them through pdflatex" 32 | @echo " text to make text files" 33 | @echo " man to make manual pages" 34 | @echo " texinfo to make Texinfo files" 35 | @echo " info to make Texinfo files and run them through makeinfo" 36 | @echo " gettext to make PO message catalogs" 37 | @echo " changes to make an overview of all changed/added/deprecated items" 38 | @echo " linkcheck to check all external links for integrity" 39 | @echo " doctest to run all doctests embedded in the documentation (if enabled)" 40 | 41 | clean: 42 | -rm -rf $(BUILDDIR)/* 43 | 44 | html: 45 | $(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html 46 | @echo 47 | @echo "Build finished. The HTML pages are in $(BUILDDIR)/html." 48 | 49 | dirhtml: 50 | $(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml 51 | @echo 52 | @echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml." 53 | 54 | singlehtml: 55 | $(SPHINXBUILD) -b singlehtml $(ALLSPHINXOPTS) $(BUILDDIR)/singlehtml 56 | @echo 57 | @echo "Build finished. The HTML page is in $(BUILDDIR)/singlehtml." 58 | 59 | pickle: 60 | $(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle 61 | @echo 62 | @echo "Build finished; now you can process the pickle files." 63 | 64 | json: 65 | $(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json 66 | @echo 67 | @echo "Build finished; now you can process the JSON files." 68 | 69 | htmlhelp: 70 | $(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp 71 | @echo 72 | @echo "Build finished; now you can run HTML Help Workshop with the" \ 73 | ".hhp project file in $(BUILDDIR)/htmlhelp." 74 | 75 | qthelp: 76 | $(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp 77 | @echo 78 | @echo "Build finished; now you can run "qcollectiongenerator" with the" \ 79 | ".qhcp project file in $(BUILDDIR)/qthelp, like this:" 80 | @echo "# qcollectiongenerator $(BUILDDIR)/qthelp/django-admin-honeypot.qhcp" 81 | @echo "To view the help file:" 82 | @echo "# assistant -collectionFile $(BUILDDIR)/qthelp/django-admin-honeypot.qhc" 83 | 84 | devhelp: 85 | $(SPHINXBUILD) -b devhelp $(ALLSPHINXOPTS) $(BUILDDIR)/devhelp 86 | @echo 87 | @echo "Build finished." 88 | @echo "To view the help file:" 89 | @echo "# mkdir -p $$HOME/.local/share/devhelp/django-admin-honeypot" 90 | @echo "# ln -s $(BUILDDIR)/devhelp $$HOME/.local/share/devhelp/django-admin-honeypot" 91 | @echo "# devhelp" 92 | 93 | epub: 94 | $(SPHINXBUILD) -b epub $(ALLSPHINXOPTS) $(BUILDDIR)/epub 95 | @echo 96 | @echo "Build finished. The epub file is in $(BUILDDIR)/epub." 97 | 98 | latex: 99 | $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex 100 | @echo 101 | @echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex." 102 | @echo "Run \`make' in that directory to run these through (pdf)latex" \ 103 | "(use \`make latexpdf' here to do that automatically)." 104 | 105 | latexpdf: 106 | $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex 107 | @echo "Running LaTeX files through pdflatex..." 108 | $(MAKE) -C $(BUILDDIR)/latex all-pdf 109 | @echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex." 110 | 111 | text: 112 | $(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text 113 | @echo 114 | @echo "Build finished. The text files are in $(BUILDDIR)/text." 115 | 116 | man: 117 | $(SPHINXBUILD) -b man $(ALLSPHINXOPTS) $(BUILDDIR)/man 118 | @echo 119 | @echo "Build finished. The manual pages are in $(BUILDDIR)/man." 120 | 121 | texinfo: 122 | $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo 123 | @echo 124 | @echo "Build finished. The Texinfo files are in $(BUILDDIR)/texinfo." 125 | @echo "Run \`make' in that directory to run these through makeinfo" \ 126 | "(use \`make info' here to do that automatically)." 127 | 128 | info: 129 | $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo 130 | @echo "Running Texinfo files through makeinfo..." 131 | make -C $(BUILDDIR)/texinfo info 132 | @echo "makeinfo finished; the Info files are in $(BUILDDIR)/texinfo." 133 | 134 | gettext: 135 | $(SPHINXBUILD) -b gettext $(I18NSPHINXOPTS) $(BUILDDIR)/locale 136 | @echo 137 | @echo "Build finished. The message catalogs are in $(BUILDDIR)/locale." 138 | 139 | changes: 140 | $(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes 141 | @echo 142 | @echo "The overview file is in $(BUILDDIR)/changes." 143 | 144 | linkcheck: 145 | $(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck 146 | @echo 147 | @echo "Link check complete; look for any errors in the above output " \ 148 | "or in $(BUILDDIR)/linkcheck/output.txt." 149 | 150 | doctest: 151 | $(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest 152 | @echo "Testing of doctests in the sources finished, look at the " \ 153 | "results in $(BUILDDIR)/doctest/output.txt." 154 | -------------------------------------------------------------------------------- /docs/build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | ## Auto-building Sphinx Docs 4 | ## http://jacobian.org/writing/auto-building-sphinx/ 5 | 6 | rm -rf _build/*; 7 | make html; 8 | 9 | watchmedo shell-command \ 10 | --patterns="*.rst;*.py;*.html;*.css;*.conf" \ 11 | --ignore-pattern='_build/*' \ 12 | --recursive \ 13 | --wait \ 14 | --command='make html;' 15 | -------------------------------------------------------------------------------- /docs/conf.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | # 3 | # django-admin-honeypot documentation build configuration file, created by 4 | # sphinx-quickstart on Sat Mar 3 21:17:00 2012. 5 | # 6 | # This file is execfile()d with the current directory set to its containing dir. 7 | # 8 | # Note that not all possible configuration values are present in this 9 | # autogenerated file. 10 | # 11 | # All configuration values have a default; values that are commented out 12 | # serve to show the default. 13 | 14 | import sys, os 15 | 16 | # If extensions (or modules to document with autodoc) are in another directory, 17 | # add these directories to sys.path here. If the directory is relative to the 18 | # documentation root, use os.path.abspath to make it absolute, like shown here. 19 | #sys.path.insert(0, os.path.abspath('.')) 20 | 21 | # -- General configuration ----------------------------------------------------- 22 | 23 | # If your documentation needs a minimal Sphinx version, state it here. 24 | #needs_sphinx = '1.0' 25 | 26 | # Add any Sphinx extension module names here, as strings. They can be extensions 27 | # coming with Sphinx (named 'sphinx.ext.*') or your custom ones. 28 | extensions = [] 29 | 30 | # Add any paths that contain templates here, relative to this directory. 31 | templates_path = ['_templates'] 32 | 33 | # The suffix of source filenames. 34 | source_suffix = '.rst' 35 | 36 | # The encoding of source files. 37 | #source_encoding = 'utf-8-sig' 38 | 39 | # The master toctree document. 40 | master_doc = 'index' 41 | 42 | # General information about the project. 43 | project = u'django-admin-honeypot' 44 | copyright = u'2012, Derek Payton' 45 | 46 | # The version info for the project you're documenting, acts as replacement for 47 | # |version| and |release|, also used in various other places throughout the 48 | # built documents. 49 | # 50 | # The short X.Y version. 51 | version = '1.1' 52 | # The full version, including alpha/beta/rc tags. 53 | release = '1.1.0' 54 | 55 | # The language for content autogenerated by Sphinx. Refer to documentation 56 | # for a list of supported languages. 57 | #language = None 58 | 59 | # There are two options for replacing |today|: either, you set today to some 60 | # non-false value, then it is used: 61 | #today = '' 62 | # Else, today_fmt is used as the format for a strftime call. 63 | #today_fmt = '%B %d, %Y' 64 | 65 | # List of patterns, relative to source directory, that match files and 66 | # directories to ignore when looking for source files. 67 | exclude_patterns = ['_build'] 68 | 69 | # The reST default role (used for this markup: `text`) to use for all documents. 70 | #default_role = None 71 | 72 | # If true, '()' will be appended to :func: etc. cross-reference text. 73 | #add_function_parentheses = True 74 | 75 | # If true, the current module name will be prepended to all description 76 | # unit titles (such as .. function::). 77 | #add_module_names = True 78 | 79 | # If true, sectionauthor and moduleauthor directives will be shown in the 80 | # output. They are ignored by default. 81 | #show_authors = False 82 | 83 | # The name of the Pygments (syntax highlighting) style to use. 84 | pygments_style = 'sphinx' 85 | 86 | # A list of ignored prefixes for module index sorting. 87 | #modindex_common_prefix = [] 88 | 89 | 90 | # -- Options for HTML output --------------------------------------------------- 91 | 92 | # The theme to use for HTML and HTML Help pages. See the documentation for 93 | # a list of builtin themes. 94 | html_theme = 'default' 95 | 96 | # Theme options are theme-specific and customize the look and feel of a theme 97 | # further. For a list of options available for each theme, see the 98 | # documentation. 99 | #html_theme_options = {} 100 | 101 | # Add any paths that contain custom themes here, relative to this directory. 102 | #html_theme_path = [] 103 | 104 | # The name for this set of Sphinx documents. If None, it defaults to 105 | # " v documentation". 106 | #html_title = None 107 | 108 | # A shorter title for the navigation bar. Default is the same as html_title. 109 | #html_short_title = None 110 | 111 | # The name of an image file (relative to this directory) to place at the top 112 | # of the sidebar. 113 | #html_logo = None 114 | 115 | # The name of an image file (within the static path) to use as favicon of the 116 | # docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32 117 | # pixels large. 118 | #html_favicon = None 119 | 120 | # Add any paths that contain custom static files (such as style sheets) here, 121 | # relative to this directory. They are copied after the builtin static files, 122 | # so a file named "default.css" will overwrite the builtin "default.css". 123 | html_static_path = ['_static'] 124 | 125 | # If not '', a 'Last updated on:' timestamp is inserted at every page bottom, 126 | # using the given strftime format. 127 | #html_last_updated_fmt = '%b %d, %Y' 128 | 129 | # If true, SmartyPants will be used to convert quotes and dashes to 130 | # typographically correct entities. 131 | #html_use_smartypants = True 132 | 133 | # Custom sidebar templates, maps document names to template names. 134 | #html_sidebars = {} 135 | 136 | # Additional templates that should be rendered to pages, maps page names to 137 | # template names. 138 | #html_additional_pages = {} 139 | 140 | # If false, no module index is generated. 141 | #html_domain_indices = True 142 | 143 | # If false, no index is generated. 144 | #html_use_index = True 145 | 146 | # If true, the index is split into individual pages for each letter. 147 | #html_split_index = False 148 | 149 | # If true, links to the reST sources are added to the pages. 150 | #html_show_sourcelink = True 151 | 152 | # If true, "Created using Sphinx" is shown in the HTML footer. Default is True. 153 | #html_show_sphinx = True 154 | 155 | # If true, "(C) Copyright ..." is shown in the HTML footer. Default is True. 156 | #html_show_copyright = True 157 | 158 | # If true, an OpenSearch description file will be output, and all pages will 159 | # contain a tag referring to it. The value of this option must be the 160 | # base URL from which the finished HTML is served. 161 | #html_use_opensearch = '' 162 | 163 | # This is the file name suffix for HTML files (e.g. ".xhtml"). 164 | #html_file_suffix = None 165 | 166 | # Output file base name for HTML help builder. 167 | htmlhelp_basename = 'django-admin-honeypotdoc' 168 | 169 | 170 | # -- Options for LaTeX output -------------------------------------------------- 171 | 172 | latex_elements = { 173 | # The paper size ('letterpaper' or 'a4paper'). 174 | #'papersize': 'letterpaper', 175 | 176 | # The font size ('10pt', '11pt' or '12pt'). 177 | #'pointsize': '10pt', 178 | 179 | # Additional stuff for the LaTeX preamble. 180 | #'preamble': '', 181 | } 182 | 183 | # Grouping the document tree into LaTeX files. List of tuples 184 | # (source start file, target name, title, author, documentclass [howto/manual]). 185 | latex_documents = [ 186 | ('index', 'django-admin-honeypot.tex', u'django-admin-honeypot Documentation', 187 | u'Derek Payton', 'manual'), 188 | ] 189 | 190 | # The name of an image file (relative to this directory) to place at the top of 191 | # the title page. 192 | #latex_logo = None 193 | 194 | # For "manual" documents, if this is true, then toplevel headings are parts, 195 | # not chapters. 196 | #latex_use_parts = False 197 | 198 | # If true, show page references after internal links. 199 | #latex_show_pagerefs = False 200 | 201 | # If true, show URL addresses after external links. 202 | #latex_show_urls = False 203 | 204 | # Documents to append as an appendix to all manuals. 205 | #latex_appendices = [] 206 | 207 | # If false, no module index is generated. 208 | #latex_domain_indices = True 209 | 210 | 211 | # -- Options for manual page output -------------------------------------------- 212 | 213 | # One entry per manual page. List of tuples 214 | # (source start file, name, description, authors, manual section). 215 | man_pages = [ 216 | ('index', 'django-admin-honeypot', u'django-admin-honeypot Documentation', 217 | [u'Derek Payton'], 1) 218 | ] 219 | 220 | # If true, show URL addresses after external links. 221 | #man_show_urls = False 222 | 223 | 224 | # -- Options for Texinfo output ------------------------------------------------ 225 | 226 | # Grouping the document tree into Texinfo files. List of tuples 227 | # (source start file, target name, title, author, 228 | # dir menu entry, description, category) 229 | texinfo_documents = [ 230 | ('index', 'django-admin-honeypot', u'django-admin-honeypot Documentation', 231 | u'Derek Payton', 'django-admin-honeypot', 'One line description of project.', 232 | 'Miscellaneous'), 233 | ] 234 | 235 | # Documents to append as an appendix to all manuals. 236 | #texinfo_appendices = [] 237 | 238 | # If false, no module index is generated. 239 | #texinfo_domain_indices = True 240 | 241 | # How to display URL addresses: 'footnote', 'no', or 'inline'. 242 | #texinfo_show_urls = 'footnote' 243 | -------------------------------------------------------------------------------- /docs/index.rst: -------------------------------------------------------------------------------- 1 | ================================================= 2 | Welcome to django-admin-honeypot's documentation! 3 | ================================================= 4 | 5 | `django-admin-honeypot`_ is a fake Django admin login screen to log and notify 6 | admins of attempted unauthorized access. This app was inspired by discussion in 7 | and around Paul McMillan's security talk at DjangoCon 2011. 8 | 9 | :Author: `Derek Payton`_ 10 | :Version: 1.1.0 11 | :License: `MIT`_ 12 | 13 | |travis-ci|_ 14 | 15 | .. |travis-ci| image:: https://secure.travis-ci.org/dmpayton/django-admin-honeypot.png 16 | .. _travis-ci: http://travis-ci.org/dmpayton/django-admin-honeypot 17 | 18 | **Source** 19 | `github.com/dmpayton/django-admin-honeypot `_ 20 | 21 | **Documentation** 22 | `django-admin-honeypot.readthedocs.org `_ 23 | 24 | **Contents** 25 | 26 | .. toctree:: 27 | :maxdepth: 2 28 | 29 | manual/install 30 | manual/usage 31 | manual/reference 32 | manual/faq 33 | manual/testing 34 | 35 | 36 | 37 | Indices and tables 38 | ================== 39 | 40 | * :ref:`genindex` 41 | * :ref:`modindex` 42 | * :ref:`search` 43 | 44 | .. _django-admin-honeypot: https://github.com/dmpayton/django-admin-honeypot 45 | .. _Derek Payton: http://dmpayton.com 46 | .. _MIT: https://github.com/dmpayton/django-admin-honeypot/blob/master/LICENSE 47 | -------------------------------------------------------------------------------- /docs/manual/faq.rst: -------------------------------------------------------------------------------- 1 | ========================== 2 | Frequently Asked Questions 3 | ========================== 4 | 5 | Why can't I delete login attempts from the Django admin? 6 | ======================================================== 7 | 8 | The delete permission has been set to false for all users -- including 9 | superusers -- as an added security precaution. This is done so that, in the 10 | event that an attacker does make it into your admin, it will be harder to cover 11 | up their tracks if they had previously tried to break in through the honeypot. 12 | 13 | Why is the IP address logged as 127.0.0.1? 14 | ========================================== 15 | 16 | Django-admin-honeypot pulls the users IP address from the ``REMOTE_ADDR`` 17 | request header. If your Django app is behind a load balancer or proxy web 18 | server, this may not be set and instead you will have an ``HTTP_X_FORWARDED_FOR`` 19 | header which contains the IP address in a comma-separated string. 20 | 21 | The simple solution is to use a middleware to automatically set ``REMOTE_ADDR`` 22 | to the value of ``HTTP_X_FORWARDED_FOR``, like so: 23 | 24 | :: 25 | 26 | class RemoteAddrMiddleware(object): 27 | def process_request(self, request): 28 | if 'HTTP_X_FORWARDED_FOR' in request.META: 29 | ip = request.META['HTTP_X_FORWARDED_FOR'].split(',')[0].strip() 30 | request.META['REMOTE_ADDR'] = ip 31 | 32 | See also: http://docs.webfaction.com/software/django/troubleshooting.html#accessing-remote-addr 33 | -------------------------------------------------------------------------------- /docs/manual/install.rst: -------------------------------------------------------------------------------- 1 | ============ 2 | Installation 3 | ============ 4 | 5 | Requirements 6 | ============ 7 | 8 | * Python 3.5+ 9 | * Django 2.2+ 10 | 11 | Install 12 | ======= 13 | 14 | django-admin-honeypot is on `PyPI`_ and can be installed with `pip`_: 15 | 16 | :: 17 | 18 | pip install django-admin-honeypot 19 | 20 | .. _PyPI: http://pypi.python.org/ 21 | .. _pip: http://www.pip-installer.org/ 22 | -------------------------------------------------------------------------------- /docs/manual/reference.rst: -------------------------------------------------------------------------------- 1 | ========= 2 | Reference 3 | ========= 4 | 5 | Settings 6 | ======== 7 | 8 | **ADMIN_HONEYPOT_EMAIL_ADMINS** 9 | 10 | Default: ``True`` 11 | 12 | Used to determine whether or not to email site admins on login attempts. Set 13 | to ``False`` to disable admin emails. 14 | 15 | Signals 16 | ======= 17 | 18 | :func:`admin_honeypot.signals.honeypot` 19 | 20 | Sent on every login attempt with the following arguments: 21 | 22 | :instance: The LoginAttempt object created 23 | :request: The current request object 24 | -------------------------------------------------------------------------------- /docs/manual/testing.rst: -------------------------------------------------------------------------------- 1 | Testing 2 | ======= 3 | 4 | Continuous integration provided by `Travis CI`_. 5 | 6 | **master** (latest stable): 7 | |travis-ci-master|_ 8 | **develop** (bleeding edge): 9 | |travis-ci-develop|_ 10 | 11 | .. _Travis CI: https://travis-ci.org/ 12 | 13 | .. |travis-ci-master| image:: https://secure.travis-ci.org/dmpayton/django-admin-honeypot.png 14 | .. _travis-ci-master: http://travis-ci.org/dmpayton/django-admin-honeypot 15 | 16 | .. |travis-ci-develop| image:: https://secure.travis-ci.org/dmpayton/django-admin-honeypot.png?branch=develop 17 | .. _travis-ci-develop: http://travis-ci.org/dmpayton/django-admin-honeypot 18 | 19 | Test requirements 20 | ----------------- 21 | 22 | See *requirements.txt*: 23 | 24 | .. literalinclude:: ../../requirements.txt 25 | 26 | Running the tests 27 | ----------------- 28 | 29 | Once your requirements are installed, the unit tests can be run with:: 30 | 31 | $ py.test tests/ --cov admin_honeypot --cov-report term-missing --pep8 admin_honeypot 32 | 33 | ... 34 | 35 | =============== 5 passed, 12 skipped in 0.46 seconds =============== 36 | 37 | 38 | For testing against different Python versions, we use `Tox`_. Please be aware 39 | that this only tests against the latest Django release. 40 | 41 | :: 42 | 43 | $ tox 44 | 45 | ... 46 | 47 | _______________ summary _______________ 48 | django-2x: commands succeeded 49 | django-3x: commands succeeded 50 | congratulations :) 51 | 52 | 53 | .. _Tox: http://tox.readthedocs.org/ 54 | -------------------------------------------------------------------------------- /docs/manual/usage.rst: -------------------------------------------------------------------------------- 1 | ===== 2 | Usage 3 | ===== 4 | 5 | Basic setup 6 | =========== 7 | 8 | 1. Add ``admin_honeypot`` to ``INSTALLED_APPS`` in settings.py:: 9 | 10 | INSTALLED_APPS = ( 11 | ... 12 | 'admin_honeypot', 13 | ... 14 | ) 15 | 16 | 2. Update urls.py:: 17 | 18 | urlpatterns = [ 19 | ... 20 | path('admin/', include('admin_honeypot.urls', namespace='admin_honeypot')), 21 | path('secret/', admin.site.urls), 22 | ] 23 | 24 | 3. Run migration:: 25 | 26 | $ python manage.py migrate 27 | 28 | The ``honeypot`` signal 29 | ======================= 30 | 31 | Every time a login attempt occurs, the :func:`admin_honeypot.signals.honeypot` 32 | signal is fired off. You can setup listeners to this in order to send out any 33 | custom notifications or logging. 34 | 35 | A default listener, :func:`admin_honeypot.listeners.notify_admins`, will send 36 | an email to all site administrators (``ADMINS`` in your site settings) with the 37 | details. This can be disabled by setting ``ADMIN_HONEYPOT_EMAIL_ADMINS`` to 38 | false in your site settings. 39 | 40 | Customizing the login template 41 | ============================== 42 | 43 | The template rendered on the honeypot is ``admin_honeypot/login.html``. By 44 | default this template simply extends ``admin/login.html``, but you may want 45 | to change it if, e.g., you've customized the Django admin and want to display 46 | the stock admin login form. 47 | -------------------------------------------------------------------------------- /release-process.txt: -------------------------------------------------------------------------------- 1 | 1. Update version info 2 | * README.rst 3 | * admin_honeypot/__init__.py 4 | * docs/conf.py 5 | * docs/index.rst 6 | 7 | 2. git tag -a vX.Y.Z -m 'Version X.Y.Z' 8 | 9 | 3. Upload to PyPI: 10 | * python setup.py sdist bdist_wheel 11 | * twine upload dist/* 12 | -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | django 2 | django-ipware 3 | 4 | pytest 5 | pytest-cov 6 | pytest-django 7 | pytest-pythonpath 8 | -------------------------------------------------------------------------------- /setup.cfg: -------------------------------------------------------------------------------- 1 | [tool:pytest] 2 | DJANGO_SETTINGS_MODULE = tests.settings 3 | django_find_project = false 4 | python_paths = . 5 | 6 | [wheel] 7 | universal = 1 8 | -------------------------------------------------------------------------------- /setup.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | import sys 3 | from admin_honeypot import __version__, __description__, __license__ 4 | 5 | try: 6 | from setuptools import setup, find_packages 7 | except ImportError: 8 | from distutils.core import setup, find_packages 9 | 10 | setup( 11 | name='django-admin-honeypot', 12 | version=__version__, 13 | description=__description__, 14 | long_description=open('./README.rst', 'r').read(), 15 | classifiers=[ 16 | 'Development Status :: 5 - Production/Stable', 17 | 'Framework :: Django', 18 | 'Framework :: Django :: 2.2', 19 | 'Framework :: Django :: 3.0', 20 | 'Intended Audience :: Developers', 21 | 'License :: OSI Approved :: MIT License', 22 | 'Natural Language :: English', 23 | 'Operating System :: OS Independent', 24 | 'Programming Language :: Python', 25 | 'Programming Language :: Python :: 3', 26 | 'Programming Language :: Python :: 3.5', 27 | 'Programming Language :: Python :: 3.6', 28 | 'Programming Language :: Python :: 3.7', 29 | 'Programming Language :: Python :: 3.8', 30 | 'Topic :: Internet :: WWW/HTTP :: Dynamic Content', 31 | ], 32 | keywords='django admin honeypot trap', 33 | maintainer='Derek Payton', 34 | maintainer_email='derek.payton@gmail.com', 35 | url='https://github.com/dmpayton/django-admin-honeypot', 36 | download_url='https://github.com/dmpayton/django-admin-honeypot/tarball/v%s' % __version__, 37 | license=__license__, 38 | include_package_data=True, 39 | packages=find_packages(), 40 | zip_safe=False, 41 | install_requires=[ 42 | 'django-ipware', 43 | ] 44 | ) 45 | -------------------------------------------------------------------------------- /tests/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dmpayton/django-admin-honeypot/a840496d183df89965eeb33c9a5dd9ea3919dfff/tests/__init__.py -------------------------------------------------------------------------------- /tests/settings.py: -------------------------------------------------------------------------------- 1 | import os 2 | 3 | PROJECT_ROOT = os.path.dirname(os.path.abspath(__file__)) 4 | 5 | DEBUG = True 6 | TEMPLATE_DEBUG = DEBUG 7 | 8 | ADMINS = MANAGERS = [('Admin User', 'admin@example.com')] 9 | 10 | DATABASES = { 11 | 'default': { 12 | 'ENGINE': 'django.db.backends.sqlite3', 13 | 'NAME': ':memory:', 14 | } 15 | } 16 | 17 | LANGUAGE_CODE = 'en-us' 18 | ROOT_URLCONF = 'tests.urls' 19 | SECRET_KEY = 'local' 20 | SITE_ID = 1 21 | TIME_ZONE = 'UTC' 22 | USE_I18N = True 23 | USE_L10N = True 24 | USE_TZ = True 25 | 26 | MEDIA_ROOT = os.path.join(PROJECT_ROOT, 'media') 27 | MEDIA_URL = '/media/' 28 | 29 | STATIC_ROOT = os.path.join(PROJECT_ROOT, 'static') 30 | STATIC_URL = '/static/' 31 | 32 | INSTALLED_APPS = ( 33 | 'django.contrib.admin', 34 | 'django.contrib.auth', 35 | 'django.contrib.contenttypes', 36 | 'django.contrib.sessions', 37 | 'django.contrib.messages', 38 | 'admin_honeypot', 39 | ) 40 | 41 | MIDDLEWARE = ( 42 | 'django.contrib.sessions.middleware.SessionMiddleware', 43 | 'django.middleware.common.CommonMiddleware', 44 | 'django.middleware.csrf.CsrfViewMiddleware', 45 | 'django.contrib.auth.middleware.AuthenticationMiddleware', 46 | ) 47 | 48 | TEMPLATES = [ 49 | { 50 | 'BACKEND': 'django.template.backends.django.DjangoTemplates', 51 | 'APP_DIRS': True, 52 | }, 53 | ] 54 | 55 | ADMIN_HONEYPOT_EMAIL_ADMINS = True 56 | -------------------------------------------------------------------------------- /tests/test_suite.py: -------------------------------------------------------------------------------- 1 | import re 2 | 3 | from urllib.parse import quote_plus 4 | 5 | import django 6 | import pytest 7 | 8 | from django.conf import settings 9 | from django.core import mail 10 | from django.test import TestCase 11 | from django.urls import reverse 12 | 13 | from admin_honeypot.models import LoginAttempt 14 | 15 | 16 | class AdminHoneypotTest(TestCase): 17 | maxDiff = None 18 | 19 | @property 20 | def admin_login_url(self): 21 | return reverse('admin:login') 22 | 23 | @property 24 | def admin_url(self): 25 | return reverse('admin:index') 26 | 27 | @property 28 | def honeypot_login_url(self): 29 | return reverse('admin_honeypot:login') 30 | 31 | @property 32 | def honeypot_url(self): 33 | return reverse('admin_honeypot:index') 34 | 35 | def test_same_content(self): 36 | """ 37 | The honeypot should be an exact replica of the admin login page, 38 | with the exception of where the form submits to and the CSS to 39 | hide the user tools. 40 | """ 41 | 42 | admin_html = self.client.get(self.admin_url, follow=True).content.decode('utf-8') 43 | honeypot_html = (self.client.get(self.honeypot_url, follow=True).content.decode('utf-8') 44 | # /admin/login/ -> /secret/login/ 45 | .replace(self.honeypot_login_url, self.admin_login_url) 46 | 47 | # "/admin/" -> "/secret/" 48 | .replace('"{0}"'.format(self.honeypot_url), '"{0}"'.format(self.admin_url)) 49 | 50 | # %2fadmin%2f -> %2fsecret%2f 51 | .replace(quote_plus(self.honeypot_url), quote_plus(self.admin_url)) 52 | ) 53 | 54 | # Drop CSRF token 55 | csrf_re = re.compile(r"(]+ value=['\"])[a-zA-Z0-9]+") 56 | admin_html = csrf_re.sub(r"\1[']", admin_html) 57 | honeypot_html = csrf_re.sub(r"\1[']", honeypot_html) 58 | 59 | self.assertEqual(honeypot_html, admin_html) 60 | 61 | def test_create_login_attempt(self): 62 | """ 63 | A new LoginAttempt object is created 64 | """ 65 | data = { 66 | 'username': 'admin', 67 | 'password': 'letmein' 68 | } 69 | self.client.post(self.honeypot_login_url, data) 70 | attempt = LoginAttempt.objects.latest('pk') 71 | self.assertEqual(data['username'], attempt.username) 72 | self.assertEqual(data['username'], str(attempt)) 73 | 74 | def test_email_admins(self): 75 | """ 76 | An email is sent to settings.ADMINS 77 | """ 78 | self.client.post(self.honeypot_login_url, { 79 | 'username': 'admin', 80 | 'password': 'letmein' 81 | }) 82 | # CONSIDER: Is there a better way to do this? 83 | self.assertTrue(len(mail.outbox) > 0) # We sent at least one email... 84 | self.assertIn(settings.ADMINS[0][1], mail.outbox[0].to) # ...to an admin 85 | 86 | def test_trailing_slash(self): 87 | """ 88 | /admin redirects to /admin/ permanent redirect. 89 | """ 90 | url = self.honeypot_url + 'foo/' 91 | redirect_url = self.honeypot_login_url + '?next=' + url 92 | 93 | response = self.client.get(url.rstrip('/'), follow=True) 94 | self.assertRedirects(response, redirect_url, status_code=301) 95 | 96 | def test_real_url_leak(self): 97 | """ 98 | A test to make sure the real admin URL isn't leaked in the honeypot 99 | login form page. 100 | """ 101 | 102 | honeypot_html = self.client.get(self.honeypot_url, follow=True).content.decode('utf-8') 103 | self.assertNotIn('{0}'.format(self.admin_url), honeypot_html) 104 | self.assertNotIn('{0}'.format(self.admin_login_url), honeypot_html) 105 | -------------------------------------------------------------------------------- /tests/urls.py: -------------------------------------------------------------------------------- 1 | from django.urls import include, re_path 2 | 3 | # Uncomment the next two lines to enable the admin: 4 | from django.contrib import admin 5 | admin.autodiscover() 6 | 7 | urlpatterns = [ 8 | re_path(r'^admin/', include('admin_honeypot.urls', namespace='admin_honeypot')), 9 | re_path(r'^secret/', admin.site.urls), 10 | ] 11 | -------------------------------------------------------------------------------- /tox.ini: -------------------------------------------------------------------------------- 1 | # Tox (http://tox.testrun.org/) is a tool for running tests 2 | # in multiple virtualenvs. This configuration file will run the 3 | # test suite on all supported python versions. To use it, "pip install tox" 4 | # and then run "tox" from this directory. 5 | 6 | [tox] 7 | envlist = 8 | django-2.2 9 | django-3.2 10 | django-4.0 11 | 12 | [testenvbase] 13 | deps = 14 | pytest 15 | pytest-django 16 | pytest-pythonpath 17 | 18 | [testenv] 19 | basepython = python3.10 20 | commands = py.test tests/ 21 | deps = 22 | django-2.2: Django>=2.2,<3.0 23 | django-3.2: Django>=3.2,<4.0 24 | django-4.0: Django>=4.0,<4.1 25 | {[testenvbase]deps} 26 | 27 | [testenv:coverage] 28 | passenv = TRAVIS TRAVIS_JOB_ID TRAVIS_BRANCH 29 | commands = 30 | py.test tests/ --cov admin_honeypot --cov-config .coveragerc --cov-report term-missing 31 | coveralls 32 | deps = 33 | Django>=3,<4 34 | coveralls 35 | pytest-cov 36 | pytest-pep8 37 | {[testenvbase]deps} 38 | --------------------------------------------------------------------------------