Honeypots 104: T-Pot — Your All-in-One Honeypot Platform Guide (2024)

A Step-by-Step Tutorial on Installing, Configuring, and Operating T-Pot Honeypot for Comprehensive Threat Intelligence

Honeypots 104: T-Pot — Your All-in-One Honeypot Platform Guide (1)

·

Follow

Published in

InfoSec Write-ups

·

18 min read

·

Jul 8, 2024

--

Honeypots 104: T-Pot — Your All-in-One Honeypot Platform Guide (3)

· Introduction
· What is a T-Pot Honeypot?
· Why T-Pot?
· Setting Up a Linode Server
· My Linode Setup
· T-Pot Setup
· Exploring T-Pot
· Taking T-Pot For a Spin
· Challenges
· Maintenance
· Conclusion
· Further Reading

Greetings, Cyber Mavericks!

Welcome back, and thanks for joining me for the fourth instalment of the Honeypots series, where we explore cyber deception and honeypots for fun and learning.

In this article, I’ll walk you through one of the most interesting honeypots I’ve experimented with, T-Pot.

We’ll cover what T-Pot is, its benefits, drawbacks, use cases, and installation.

We’ll also look at the features that set it apart from other standalone honeypots, like its integration of numerous honeypots into one platform, and its impressive dashboards, analytics, and visualizations.

I’ve selected this cybersecurity project to gain insight into daily cyber attacks and their origins, as well as to understand attacker techniques.

The chosen honeypot should facilitate IP address analysis, identification of known attackers, correlation with CVEs, and spotting of broader attack campaigns that are trending.

Note: If you haven’t read the previous articles in the series, I recommend checking them out after finishing this one. If you’re new to honeypots, start with the first article, “Honeypots 101” which covers the basics and provides a good foundation for the rest of the series.

T-Pot, which stands for “Threat Intelligence Pot”, is an all-in-one open-source honeypot platform that supports over 20+ honeypots.

T-Pot honeypot simulates vulnerable services to make them attractive for attackers to target them. The aim is to lay a honeytrap for malicious acroes, capture their interactions and offer insights for threat analysis and defence strategies.

It also provides extensive visualization options with the Elastic Stack, animated live attack maps, and various security tools.

At its core, T-Pot automates honeypot deployment and management, tailored for network security monitoring and threat intelligence. It simplifies the setup of various honeypot types while gathering valuable threat data.

Use-cases

  • Identifying the source of attacks (IP, Country, ISP)
  • Discovering common username/password combinations used in brute-force attempts
  • Analyzing the commands executed once intruders gain access
  • Tracking where attackers attempt to download their backdoors from
  • Identifying malware dropped by intruders

Note: T-Pot can run on Windows and macOS using Docker Desktop, but some features might be limited. Additionally, the macOS/Windows firewall will block incoming connections by default unless it’s turned off.

Honeypot Types

A) Hive (Standard)
This is the standard installation of T-Pot and must be installed first. All services, tools, and honeypots will be installed on a single host, which doubles as a Hive endpoint.

Note: Make sure to meet the system requirements. For your first node, you have to install a Hive node.

B) Sensor
If you want a distributed architecture for your T-Pot honeypot, you need at least two hosts, a Hive and a Sensor.

A Sensor will host only the honeypots, and some tools and transmit log data to the Hive. You can add multiple Sensors later for larger honeypot deployments.

Honeypots & Services

T-Pot includes various honeypot types like the high-interaction honeypot Cowrie for SSH and Telnet, the web application honeypot Glastopf, and the malware analysis tool Dionaea.

Each honeypot type is designed to capture specific attack methods and provide detailed insights.

Here are some of the popular honeypots included in T-Pot:

  • Cowrie: An SSH and Telnet honeypot capturing attacker activity and shell interactions.
  • Dionaea: A high-interaction honeypot emulating various network services to capture malware and exploits targeting vulnerable services.
  • Mailoney: Simulates SMTP servers to monitor malicious activities targeting email infrastructure.
  • Log4Pot: Tailored honeypot for detecting and analyzing Log4Shell vulnerability exploits.
  • CiscoASA: Emulates Cisco ASA devices to attract and analyze attacks targeting network security solutions.
  • Conpot: An ICS/SCADA honeypot emulating industrial control systems to detect and analyze attacks.
  • IPPHoney: Simulates a printer supporting the Internet Printing Protocol, which is exposed to the Internet.
  • Heralding: Captures credentials for various protocols like FTP, Telnet, SSH, HTTP, and others, aiding in threat analysis and detection.
  • WordPot: Emulates a vulnerable WordPress installation to attract and log attacks targeting WordPress sites.
  • DDosPot: Monitors and logs DDoS attack traffic.
  • ElasticPot: Simulates Elasticsearch instances to capture and analyze attacks targeting this data store.
  • EndlesSSH: Implements a slow, endless SSH connection to waste the time of automated attack scripts.
  • Glutton: Acts as a network honeypot that opens all TCP ports and logs all connections.
  • HellPot: Aggressive honeypot that not only logs attacks but also tries to crash the attacker’s software.

Note: For the full list of the 23+ honeypots included, see the GitHub page or Telekom Security’s website.

Let’s look at some of the advantages T-Pot offers compared to other open-source honeypots.

Advantages

  • Easy to download and install
  • Integrates multiple honeypots into one cohesive solution
  • Provides pretty dashboards, visualizations, and analytics
  • Supports various deployment options (VM, Cloud, Physical hardware)
  • Compatible with multiple operating systems (Linux, Mac, Windows)
  • Best of all, free and open-source Community Edition!

Although not many, T-Pot does come with a few minor drawbacks.

Drawbacks

  • Limited support for macOS and Windows
  • Demands significant system resources and robust hardware specifications

We have multiple options when deploying a T-Pot honeypot. While a Raspberry Pi 8GB or a virtual machine at home are viable, they come with risks.

A word of caution! Hosting the honeypot on your home network can attract malicious traffic, posing a security threat if compromised.

Instead, I chose a Linode Virtual Private Server (VPS) running AlmaLinux 9, which is based on Red Hat. This setup offers better security and performance without exposing my home network.

Here are the specs I selected for my Akamai Linode cloud instance.

Specifications

  • 4x CPU Cores
  • 8GB RAM
  • 160 GB Disk
  • AlmaLinux 9 OS
  • Linode 8 GB Plan ($48/mo or $0.072/h)

To set up the Linode server for the honeypot, I won’t dive into the detailed instructions here. You can refer to my article below for an in-depth guide.

📃 Here’s a quick summary of the steps I followed:

  • Create an account on Linode
  • Create a Linode by choosing the 8 GB Plan (4x CPU and 160 GB disk)
  • Set up a strong password for the root user
  • Set up a user with sudo permissions
  • Update the server and install all OS and security patches
  • Install additional tools and packages as required (optional)
  • Change the hostname (optional)
  • Secure the SSH server, create an SSH keypair for the new user and switch to SSH Key Authentication (optional)

The first few steps should be straightforward and they are also covered in depth in the article I have shared above “Why & How I Use Linode VPS For My Personal and Cybersecurity Projects”.

🔸 Setup a strong password for the root user

# passwd
Changing password for user root.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.

🔸 Setup a non-root user with sudo permissions

Set up a non-root user and avoid using root for your day-to-day tasks.

useradd -m -d /home/cybersecmav -s /bin/bash cybersecmavgroups cybersecmav
passwd cybersecmav

In AlmaLinux, the non-root users can be granted sudo permissions by adding them to the “wheel” group in /etc/group.

usermod -aG wheel cybersecmav
groups cybersecmav

Note: In other Debian-based systems this group is most likely called “sudo” .

🔸 Update the server and install all OS and security patches

sudo dnf update -y
sudo dnf upgrade -y
sudo dnf install nmap lynx screen grc

🔸 Install additional useful tools (optional)

  • nmap: A powerful network scanner for discovering hosts and services. We’ll use Nmap to check for any open ports on our honeypot, preventing conflicts with honeypot services.
  • screen: A tool to run multiple terminal sessions within a single window. Screen ensures we can re-attach to existing sessions if we get disconnected.
  • lynx: A lightweight, text-only web browser for the command line. It allows us to verify the honeypot web portal locally before connecting remotely.
  • grc: Generic Colouriser is a tool that adds color to the output of various commands to make it easier to read. We’ll use it to beautify our netstat output.

🔸 Secure the SSH server and move to SSH Key-based Authentication (optional)

Without diving into the step-by-step details on editing your SSH server’s configuration, I’ll keep this short and show you what your /etc/ssh/sshd_config file should look like in the snippet below.

Port 12222
PermitRootLogin no
PasswordAuthentication yes
PermitEmptyPasswords no
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

⚠️ Note: Before you enable PubkeyAuthentication and disable PasswordAuthentication, make sure SSH key-based authentication is working correctly. If you're unsure, check out the full guide on using SSH keys I shared earlier.

Restart the SSH server to apply the changes.

sudo systemctl reload sshd
sudo systemctl restart sshd

For a detailed step-by-step guide, refer to my previous article below:

A Guide To Securing Your Remote Access Using SSH KeysA Step-by-Step Guide To Securing Your SSH Connections Using SSH Key-Based Authenticationinfosecwriteups.com

🔸 Change the hostname of your server if you prefer (Optional)

sudo hostnamectl set-hostname your_new_hostname
sudo hostnamectl set-hostname
sudo reboot

Let’s move on to setting up our T-Pot honeypot. You can follow my installation instructions below.

If you need the full documentation or additional guidance, check out the main GitHub page below.

Supported Linux Distributions

  • Alma Linux
  • Debian
  • Fedora
  • OpenSuse Tumbleweed
  • Rocky Linux
  • Ubuntu Live Server

Running T-Pot on an existing Linux system is possible but a clean install using the minimum or netiso installers is recommended to avoid port conflicts.

System Requirements

  • Hive: 16 GB RAM, 256 GB Disk (SSD preferred)
  • Sensor: 8 GB RAM, 128 GB Disk

Note: As a rule of thumb, the more sensors & data, the more RAM and storage is needed. For a Hive, you can get away with 8 GB RAM and 60–120 GB disk.

Connectivity Requirements

  • Direct access to the internet as described here
  • If a firewall exists before the honeypot, forward all ports to T-Pot.
  • SSH is mandatory for remote connection

Supported Deployments

  • Virtual Machines (UTM, VirtualBox, Vmware, KVM)
  • Cloud (Azure, AWS, GCP, Akamai Linode, Digital Ocean, etc.)
  • Hardware (amd64, arm64, Raspberry Pi 4 8GB)

Pre-Install Checks

We need to ensure no default applications or services are running that might conflict with T-Pot’s honeypot services and ports.

Let’s check no other ports are open other than SSH which we need for remote management.

nmap -p- localhost

List all currently running services on your AlmaLinux system.

sudo grc systemctl list-units --type=service --state=running

Run netstat to check all listening ports on your system installing T-Pot.

sudo grc netstat -tulpen

T-Pot Installation

Install the prerequisite packages.

sudo yum update
sudo yum install python3 git

Clone the GitHub repository as a user.

 git clone https://github.com/telekom-security/tpotce

Browse to the tpotcefolder.

cd tpotce

Run the installer as the non-root user we created earlier.

 ./install.sh
_____ ____ _ ___ _ _ _
|_ _| | _ \ ___ | |_ |_ _|_ __ ___| |_ __ _| | | ___ _ __
| |_____| |_) / _ \| __| | || '_ \/ __| __/ _` | | |/ _ \ '__|
| |_____| __/ (_) | |_ | || | | \__ \ || (_| | | | __/ |
|_| |_| \___/ \__| |___|_| |_|___/\__\__,_|_|_|\___|_|

### This script will now install T-Pot and all of its dependencies.
### Install? (y/n) y
### Now installing required packages ...

Choose h as installation type for T-Pot Standard / HIVE.

### Choose your T-Pot type:
### (H)ive - T-Pot Standard / HIVE installation.
### Includes also everything you need for a distributed setup with sensors.
### (S)ensor - T-Pot Sensor installation.
### Optimized for a distributed installation, without WebUI, Elasticsearch and Kibana.
### (M)obile - T-Pot Mobile installation.
### Includes everything to run T-Pot Mobile (available separately).
### Install Type? (h/s/m) h

Create a web username and password for your T-Pot web portal.

### Enter your web user name: tpotuser
### Your username is: tpotuser
### Is this correct? (y/n) y

### Enter password for your web user:
### Repeat password you your web user:
### Creating base64 encoded htpasswd username and password for T-Pot config file: /home/cybersecmav/tpotce/.env

The installer will ask you to review no other potentially conflicting services running on the systems before proceeding.

### Please review for possible honeypot port conflicts.
### While SSH is taken care of, other services such as
### SMTP, HTTP, etc. might prevent T-Pot from starting.

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
tcp 0 0 0.0.0.0:64295 0.0.0.0:* LISTEN 0 38150 6744/sshd: /usr/sbi
tcp6 0 0 :::64295 :::* LISTEN 0 38152 6744/sshd: /usr/sbi
udp 0 0 127.0.0.1:323 0.0.0.0:* 0 15857 625/chronyd
udp6 0 0 ::1:323 :::* 0 15858 625/chronyd

### Done. Please reboot and re-connect via SSH on tcp/64295.

Once the installer has completed the setup successfully, it’s now time to reboot the server.

sudo reboot

Post-Install Checks

Check you have enough disk space left before you proceed. We’ve used only 7% of our main partition’s 157 GB for both the AlmaLinux OS and T-Pot install, leaving us with 140 GB free

This should be enough to store logs for several weeks or months, depending on honeypot activity and logging services enabled.

$ df -h
Filesystem Size Used Avail Use% Mounted on
devtmpfs 4.0M 0 4.0M 0% /dev
tmpfs 3.8G 0 3.8G 0% /dev/shm
tmpfs 1.6G 39M 1.5G 3% /run
/dev/sda 157G 9.7G 140G 7% /
tmpfs 769M 0 769M 0% /run/user/1000

The below command provides a detailed, colorized list of all listening TCP and UDP sockets, along with the processes that are using them, in a way that is easier to read and interpret.

sudo grc netstat -tulpen

Display a colorized list of all the running services on your system to confirm your honeypot is running its various services.

grc systemctl list-units --type=service --state=running
Honeypots 104: T-Pot — Your All-in-One Honeypot Platform Guide (4)

Use the dps and dpswd commands to verify the honeypot's successful installation and ensure all its services are running as Docker containers.

These commands provide an overview and detailed status of the containers, helping you check their state and resource usage.

Honeypots 104: T-Pot — Your All-in-One Honeypot Platform Guide (5)

You made it! The hard part is done and now the fun part begins, exploring the multitude of dashboards available to us by T-Pot.

T-Pot Landing Page

The T-Pot web portal runs on port 64297, head over to https://<server_ip>:64297/ and login with your newly created T-Pot web username and password.

The T-Pot landing page is your main hub for accessing various tools and dashboards like AttackMap, CyberChef, ElasticVue, Kibana, Spiderfoot, and SecurityMeter, making it easy to navigate and monitor honeypot activities.

Honeypots 104: T-Pot — Your All-in-One Honeypot Platform Guide (6)

AttackMap

AttackMap visualizes live attack data on a world map, showing the origins and targets of malicious activity.

AttackMap is the ultimate bragging tool for cybersecurity pros. Nothing beats showing off a real-time attack map on your dashboard to highlight your threat-hunting prowess!

It gives you a quick view of the services under attack, top IP sources, and the most aggressive attacking countries, all in one neat dashboard.

Honeypots 104: T-Pot — Your All-in-One Honeypot Platform Guide (7)

SecurityMeter

SecurityMeter provides a real-time snapshot of your honeypot’s health, tracking resource usage and alerting you to potential issues. It also shows average alerts, alert distributions, and other key security metrics

Honeypots 104: T-Pot — Your All-in-One Honeypot Platform Guide (8)

CyberChef

CyberChef’s tool, integrated into T-Pot, comes in handy as an offline resource, ideal for quickly decoding and analyzing threats.

Honeypots 104: T-Pot — Your All-in-One Honeypot Platform Guide (9)

Elasticvue

Elasticvue is a user-friendly GUI for Elasticsearch, which not be necessary for a single honeypot deployment where you keep the operations simple and focus on testing or learning about honeypots.

T-Pot’s Elasticvue support is ideal for handling multiple honeypots (clusters) or conducting a detailed analysis of Elasticsearch data, providing a straightforward interface for easily exploring and managing data.

Honeypots 104: T-Pot — Your All-in-One Honeypot Platform Guide (10)

Spiderfoot

Spiderfoot is a versatile open-source tool designed for reconnaissance and intelligence gathering, extracting information from diverse online sources to assist in performing threat intelligence. It supports your OSINT to investigate alerts and potential threat actors effectively.

Honeypots 104: T-Pot — Your All-in-One Honeypot Platform Guide (11)

Kibana

Kibana in T-Pot is a powerful visualization tool for exploring and analyzing Elasticsearch data, offering a variety of dashboards and visualizations tailored to T-Pot-supported honeypots.

Honeypots 104: T-Pot — Your All-in-One Honeypot Platform Guide (12)

One of the most interesting is the “T-Pot” dashboard, which provides a comprehensive, real-time view by combining data from multiple honeypots for efficient monitoring and analysis.

This is where the magic happens! The heart and soul of the T-Pot honeypot.

Honeypots 104: T-Pot — Your All-in-One Honeypot Platform Guide (13)
Honeypots 104: T-Pot — Your All-in-One Honeypot Platform Guide (14)

On the top right side of the search box, you can set the range to your desired timeframe

Honeypots 104: T-Pot — Your All-in-One Honeypot Platform Guide (15)

While honeypot analysis and threat intel are key objectives, learning query languages like KQL in Kibana is an added bonus.

One of the cool things about a cybersecurity project like this is the opportunity to learn multiple skills from one project.

KQL (Kibana Query Language) allows you to perform detailed and precise searches within Kibana, making data filtering and analysis easier.

If you’re already familiar with it, you can have fun practising; if not, it’s a great chance to learn it while using T-Pot’s Kibana.

This skill will be handy later when dealing with SIEMs using Elasticsearch or other KQL-compatible systems.

In this section, we’ll dive into the T-Pot dashboard with a straightforward example by picking the top attacker source IP from the “Attacker Source IP — Top 10” widget.

Honeypots 104: T-Pot — Your All-in-One Honeypot Platform Guide (16)

Let’s click on one of the IP addresses, such as 83.110.159.92. This will automatically launch the Cisco Talos Reputation Center website, an external site that provides detailed threat intelligence and reputation details on our chosen attacker IP.

Honeypots 104: T-Pot — Your All-in-One Honeypot Platform Guide (17)

We can now explore the Spiderfoot tool provided by T-Pot to dig deeper. Spiderfoot is a handy open-source tool for gathering intelligence from various online sources.

Honeypots 104: T-Pot — Your All-in-One Honeypot Platform Guide (18)

Start a new scan with our IP of interest.

Honeypots 104: T-Pot — Your All-in-One Honeypot Platform Guide (19)

The scan status should be “RUNNING” and will take a while.

Honeypots 104: T-Pot — Your All-in-One Honeypot Platform Guide (20)

Below you can see an example of data being returned for our attacker

Honeypots 104: T-Pot — Your All-in-One Honeypot Platform Guide (21)

As we wrap up our quick tour, remember, we’ve barely scratched the surface. Why overload you with more information when this project is all about tinkering, discovering, and learning?

Even though I managed with the specs, the system occasionally experienced CPU spikes, making it slow or unusable.

Sometimes the server would run fine for hours, and then CPU usage would rapidly jump to 200–400%.

[cybersecmav@zeus tpotce]$ w
23:35:41 up 19:39, 1 user, load average: 176.96, 138.85, 110.05
USER TTY LOGIN@ IDLE JCPU PCPU WHAT
cybersec pts/0 23:32 1.00s 2:44m 0.09s w
Honeypots 104: T-Pot — Your All-in-One Honeypot Platform Guide (22)

I initially thought this might be due to a surge in attacks, causing the system to work hard to process everything in real time.

I had to reboot the system once or twice. Despite this, I was able to collect data and have analytics on my dashboard, which was the goal of this temporary project.

Honeypots 104: T-Pot — Your All-in-One Honeypot Platform Guide (23)

However, after checking system utilization and Linode’s analytics, I concluded that the spikes weren’t due to network communication surges.

Honeypots 104: T-Pot — Your All-in-One Honeypot Platform Guide (24)

The main issue was the default T-Pot installation running all 23+ honeypots via Docker containers.

It’s overkill to emulate services like a Citrix server or an Android ADB server unless you really need them. It’s better to focus on key services like HTTP, SSH, Telnet, and firewall devices.

The dpsw command included with T-pot, stands for “Docker PS with Wide options" and shows an extended view of running Docker containers, including CPU and memory usage.

$ dpsw
Honeypots 104: T-Pot — Your All-in-One Honeypot Platform Guide (25)

One recommended way to reduce the load on the system is to decrease the number of running honeypots in the docker-compose.ymlfile.

For an educational project, focusing on common areas like SSH, web, and mail is more practical than capturing and analyzing data from attacks targeting less typical systems like Citrix or Internet Printers.

Disable any honeypot service by commenting it out in the file and saving your changes.

Honeypots 104: T-Pot — Your All-in-One Honeypot Platform Guide (26)

Restart the T-Pot honeypot services to apply the changes.

sudo systemctl restart tpot

Verify the running services or docker containers using the dps command.

Honeypots 104: T-Pot — Your All-in-One Honeypot Platform Guide (27)

Using top or htop commands, check the system resources now specifically the CPU usage. This should have dropped

Honeypots 104: T-Pot — Your All-in-One Honeypot Platform Guide (28)

Recommendations

  • Run only the honeypot services you’re interested in, rather than all 23+ containers.
  • Use your own hardware or a VM with at least 16GB RAM and 4 CPU cores. More is better here.

Updating T-Pot

You can get T-Pot releases from GitHub using ~/tpotce/update.sh.

Note: If you've made any changes to the T-Pot config files, be sure to back them up first!

To update the T-pot honeypot, run the following script in ~/tpotce folder.

$ cd ~/tpotce/
$ ./update -y

This script will update T-Pot to the latest version. A backup of ~/tpotce will be written to /home/<user>. If you are unsure, you should save your work.

⚠️ Warning: This tool might break things and therefore only recommended for experienced users!

Daily Reboot

By default, T-Pot will add a daily reboot including some cleaning up.

View the current daily reboot setting in crontab.

sudo crontab -l
#Ansible: T-Pot Daily Reboot
41 3 * * * bash -c 'systemctl stop tpot.service && docker container prune -f; docker image prune -f; docker volume prune -f; /usr/sbin/shutdown -r +1 "T-Pot Daily Reboot"'

You can adjust this line with sudo crontab -e.

Starting & Stopping T-Pot

Start T-pot

sudo systemctl start tpot

Stop T-Pot

sudo systemctl stop tpot

Running a honeypot is a great way to sharpen your cybersecurity skills and gain practical experience.

T-Pot stands out as a robust, all-in-one open-source platform, bundling multiple honeypots into a single, streamlined package.

It’s user-friendly and comes loaded with impressive dashboards, visualizations, and analytics, making it an excellent choice for anyone interested in threat intelligence and network security monitoring.

While T-Pot demands decent system resources, the ease of use and comprehensive features make it worth it. The visualizations and analytics, powered by Kibana, offer deep insights and can keep you engaged for hours.

Improving your OSINT and threat analysis capabilities is a key benefit of working with T-Pot.

For those looking to experiment without a large investment, consider running T-Pot on a cloud service with a free trial period, like Linode. Check out my referral link below to get started.

I hope this introduction has inspired you to explore honeypots further. They are not only educational but also a lot of fun to work with.

Thank you for your interest and for visiting my blog!
As I continue my honeypot project, I look forward to sharing my experiences and insights with you.

Happy Hacker Hunting!

CyberSecMaverick

Honeypots 104: T-Pot — Your All-in-One Honeypot Platform Guide (29)
Honeypots 104: T-Pot — Your All-in-One Honeypot Platform Guide (2024)
Top Articles
Latest Posts
Recommended Articles
Article information

Author: Chrissy Homenick

Last Updated:

Views: 5667

Rating: 4.3 / 5 (54 voted)

Reviews: 93% of readers found this page helpful

Author information

Name: Chrissy Homenick

Birthday: 2001-10-22

Address: 611 Kuhn Oval, Feltonbury, NY 02783-3818

Phone: +96619177651654

Job: Mining Representative

Hobby: amateur radio, Sculling, Knife making, Gardening, Watching movies, Gunsmithing, Video gaming

Introduction: My name is Chrissy Homenick, I am a tender, funny, determined, tender, glorious, fancy, enthusiastic person who loves writing and wants to share my knowledge and understanding with you.