From ebcefee2ddf8438385ede8643ca603d796ca117a Mon Sep 17 00:00:00 2001
From: Harish Srinivasan <harishsrinivaas@gmail.com>
Date: Tue, 8 Apr 2025 00:10:26 +0530
Subject: [PATCH 1/2] Add basic DICOM honeypot with alert logging and webhook
 support

---
 canary_logger.py     | 29 +++++++++++++++++++++++++++++
 dicomhawk_alerts.log |  2 ++
 run.py               | 18 ++++++++++++++++++
 3 files changed, 49 insertions(+)
 create mode 100644 canary_logger.py
 create mode 100644 dicomhawk_alerts.log
 create mode 100644 run.py

diff --git a/canary_logger.py b/canary_logger.py
new file mode 100644
index 00000000..f9d3b16e
--- /dev/null
+++ b/canary_logger.py
@@ -0,0 +1,29 @@
+import requests
+import logging
+
+# Set up logging
+logger = logging.getLogger("DICOMHawk-CanaryLogger")
+logger.setLevel(logging.INFO)
+
+# Log to file
+file_handler = logging.FileHandler('dicomhawk_alerts.log')
+formatter = logging.Formatter('%(asctime)s - %(levelname)s - %(message)s')
+file_handler.setFormatter(formatter)
+logger.addHandler(file_handler)
+
+# Dummy CanaryToken webhook URL (replace with actual one later)
+CANARYTOKEN_URL = "https://canarytokens.com/some-fake-token-url"
+
+def alert_admin(event_type, details=""):
+    """
+    Logs suspicious DICOM activity and sends a CanaryToken webhook.
+    """
+    message = f"[ALERT] {event_type} - {details}"
+    logger.warning(message)
+
+    # Send Canary webhook
+    try:
+        requests.get(CANARYTOKEN_URL, timeout=3)
+        logger.info("Webhook sent to CanaryToken.")
+    except Exception as e:
+        logger.error(f"Failed to send webhook: {e}")
diff --git a/dicomhawk_alerts.log b/dicomhawk_alerts.log
new file mode 100644
index 00000000..adce8b15
--- /dev/null
+++ b/dicomhawk_alerts.log
@@ -0,0 +1,2 @@
+2025-04-08 00:04:55,428 - WARNING - [ALERT] Suspicious Upload - Data length: 0 bytes
+2025-04-08 00:04:55,974 - INFO - Webhook sent to CanaryToken.
diff --git a/run.py b/run.py
new file mode 100644
index 00000000..8c9d3259
--- /dev/null
+++ b/run.py
@@ -0,0 +1,18 @@
+from flask import Flask, request
+from canary_logger import alert_admin
+
+app = Flask(__name__)
+
+@app.route("/")
+def home():
+    return "DICOMHawk CanaryLogger is active!"
+
+@app.route("/upload", methods=["POST"])
+def upload():
+    data = request.data
+    # Simulate detecting a suspicious upload
+    alert_admin("Suspicious Upload", f"Data length: {len(data)} bytes")
+    return "Upload received and logged!"
+
+if __name__ == "__main__":
+    app.run(debug=True)

From 76f6481a02a7939d6f30347f1f4c4be13783ea5b Mon Sep 17 00:00:00 2001
From: Harish Srinivasan <harishsrinivaas@gmail.com>
Date: Tue, 8 Apr 2025 00:14:50 +0530
Subject: [PATCH 2/2] Add Harish Srinivasan to contributors list

---
 CONTRIBUTORS.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md
index 9cb881e1..dd025325 100644
--- a/CONTRIBUTORS.md
+++ b/CONTRIBUTORS.md
@@ -26,3 +26,6 @@
 - Special thanks to Dr. Emmanouil Vasilomanolakis for guidance and support.
 - The Honeynet Project for hosting and maintaining the repository.
 
+- **Harish Srinivasan** – Implemented basic DICOM honeypot and alert logger.
+
+