User Experience on mobile might not be great yet, but I'm working on it.

Your first time on this page? Allow me to give some explanations.

Awesome Honeypots

an awesome list of honeypot resources

Here you can see meta information about this topic like the time we last updated this page, the original creator of the awesome list and a link to the original GitHub repository.

Last Update: Nov. 26, 2020, 9:05 a.m.

Thank you paralax & contributors
View Topic on GitHub:
paralax/awesome-honeypots

Search for resources by name or description.
Simply type in what you are looking for and the results will be filtered on the fly.

Further filter the resources on this page by type (repository/other resource), number of stars on GitHub and time of last commit in months.

Related Lists

A collection of tools developed by other researchers in the Computer Science area to process network traces. All the right reserved for the original authors.

2.06K
367
6m
n/a

Defund the Police.

6.74K
1.89K
94d
n/a

Honeypots

6
4
5y 5m
n/a

ESPot - ElasticSearch Honeypot

20
3
6y 95d
n/a

A Simple Elasticsearch Honeypot

156
49
5y 4m
MIT

A honeypot proxy for mongodb. When run, this will proxy and log all traffic to a dummy mongodb server.

72
21
7m
GPL-3.0

The NoSQL Honeypot Framework

100
20
3y 10m
GPL-2.0

Low interaction MySQL honeypot written in C

10
6
5m
MIT

A mysql honeypot, still very very early stage

21
1
8y 45d
n/a

Low-interaction Postgres Honeypot

8
4
2y 9m
n/a

medium interaction postgresql honeypot

6
3
1y 45d
n/a

Honeypot type for Symfony forms

30
12
1y 69d
n/a

Web Application Honeypot

436
166
1y 73d
n/a

Simple spam prevention package for Laravel applications

407
40
35d
MIT

A nodejs web application honeypot

34
7
5y 97d
n/a

Webapplication Honeypot

12
4
7y 6m
n/a

Struts Apache 2 based honeypot as well as a detection module for Apache 2 servers

67
17
3y 8m
MIT

This project is designed to create deceptive webpages to deceive and redirect attackers away from real websites.

35
8
2y 8m
BSD-3-Clause

bap - http Basic Authentication honeyPot

25
1
5y 10m
n/a

高対話型ハニーポット

21
1
1y 8m
GPL-3.0

A fake Django admin login screen page.

739
92
6m
MIT

Drupal Honeypot

53
9
1y 4m
MIT

HoneyHTTPD is a Python-based web server honeypot builder.

10
10
8m
GPL-3.0

A simple and effective phpmyadmin honeypot

56
30
5y 4m
GPL-3.0

WebApp Honeypot for detecting Shell Shock exploit attempts

51
19
1y 58d
LGPL-2.1

PHP Script demonstrating a smart honey pot.

15
2
6y 7m
MIT

Super Next generation Advanced Reactive honEypot

289
95
96d
GPL-3.0

He who flays the hide

130
59
5m
GPL-3.0

Inserts a trap for spam bots into responses.

23
3
6y 10m
MIT

Honeypot that mimics Tomcat manager endpoints. Logs requests and saves attacker's WAR file for later study

4
1
3y 92d
MIT

WordPress Honeypot

23
8
4y 11m
GPL-2.0

python based WordPress honeypot in a docker container

0
8
4y 5m
n/a

Wordpress plugin to reduce comment spam with a smarter honeypot.

25
3
3y 45d
MIT

A Wordpress Honeypot

151
50
2y 42d
n/a

Low interaction honeypot designed for Android Debug Bridge over TCP/IP

120
24
1y 18d
GPL-3.0

Honeypot for Intel's AMT Firmware Vulnerability CVE-2017-5689

12
5
1y 8m
n/a

A low to medium interaction honeypot.

399
83
10m
GPL-2.0

A multi-purpose, modular medium-interaction honeypot based on Twisted.

18
6
6m
MIT

Bash and Python Honeyport scripts

30
7
3y 9m
GPL-3.0

Printer honeypot

15
7
4y 10m
n/a

MICROS Honeypot is a low interaction honeypot to detect CVE-2018-2636 in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (MICROS). This is a directory traversal vulnerability.

9
4
2y 9m
MIT

Remote Desktop Protocol in Twisted Python

1.32K
330
7m
GPL-3.0

Simple High Interaction Honeypot Solution for SMB protocol

24
11
2y 7m
n/a

Tom's Honey Pot as seen in Applied Network Security Monitoring.

16
8
5y 7m
n/a

WebLogic Honeypot is a low interaction honeypot to detect CVE-2017-10271 in the Oracle WebLogic Server component of Oracle Fusion Middleware. This is a Remote Code Execution vulnerability.

17
6
2y 9m
MIT

Twisted based HoneyPot for WhiteFace

3
2
5y 7m
LGPL-3.0

Simple Docker Honeypot server emulating small snippets of the Docker HTTP API

5
2
63d
Apache-2.0

The plugin repository for Honeycomb, the honeypot framework by Cymmetria

21
10
1y 9m
MIT

NTP logger/honeypot

49
9
6y 8m
n/a

observation camera honeypot

45
17
5y 5m
BSD-2-Clause

FTP Honeypot

12
10
6y 98d
BSD-2-Clause

Advanced Honeypot framework.

785
139
5m
n/a

RDP man-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact

514
110
9d
GPL-3.0

Troje is a honeypot built around lxc containers. It will run each connection with the service within a seperate lxc container.

42
9
6y 108d
MIT

Distributed Honeypot

38
6
2y 7m
MIT

Quick proof of concept to detect a Kippo SSH honeypot instance externally

46
14
5y 11m
n/a

ICS/SCADA honeypot

826
325
13d
GPL-2.0

GasPot Released at Blackhat 2015

94
29
4y 108d
CC0-1.0

Open source tools for realistic-behaving electric grid honeynets

39
9
5y 8m
n/a

damn simple honey pot

11
3
4y 6m
Apache-2.0

Repo for the Open Source version of NOVA

63
20
5y 9m
GPL-3.0

OpenFlow Honeypot

14
1
7y 10m
n/a

Modular and decentralised honeypot

891
188
45d
BSD-3-Clause

A low interaction honeypot for the Cisco ASA component capable of detecting CVE-2018-0101, a DoS and remote code execution vulnerability.

36
16
2y 103d
MIT

A medium interaction printer honeypot 🍯

172
14
1y 7m
GPL-3.0

Botnet command & control monitor

145
60
3y 39d
n/a

Google Summer of Code 2012 project, supported by The Honeynet Project organization.

31
13
119d
n/a

Modern Honey Network

2.03K
588
4m
n/a

Honeypot for router backdoor (TCP 32764)

12
3
6y 9m
n/a

A honeypot that can be used to observe traffic directed at home routers.

6
0
2y 13d
n/a

Tool for exploration and tracing of the Windows kernel

535
96
6m
n/a

A honeypot for malware that propagates via USB storage devices

65
19
5y 8m
GPL-3.0

Passive Network Audit Framework

27
9
2y 6m
n/a

Script to create templates to use with VirtualBox to make vm detection harder

489
97
6d
MIT

Automated Virtual Machine Generation and Cloaking for Cuckoo Sandbox.

345
104
1y 36d
n/a

A debugger backend and LUA wrapper for PIN

29
7
7y 22d
n/a

A debugger frontend

143
15
5y 17d
n/a

Reverse engineering, Malware and goodware analysis of Android applications ... and more (ninja !)

3.29K
825
2d
Apache-2.0

APKinspector is a powerful GUI tool for analysts to analyze the Android applications.

708
244
7y 9m
n/a

🍯 T-Pot - The All In One Honeypot Platform 🐝

2.17K
472
29d
GPL-3.0

The Artillery Project is an open-source blue team tool designed to protect Linux and Windows operating systems through multiple methods.

307
269
9m
n/a

Automatic deploy bifrozt with ansible. ALPHA

4
4
4y 8m
n/a

Credentials catching honeypot

283
70
69d
GPL-3.0
15
4
5y 95d
n/a
5
5
5y 8m
n/a

Telnet Honeypot

140
45
1y 8m
MIT

Open Source Telnet Honeypot

97
28
3y 8m
MIT

Semi-Intelligent HoneyPot Network - Semi-Intelligent Reactive Environment Network

9
1
2y 8m
n/a

A simple telnet honeypot

0
0
4y 10m
n/a

Simple UDP honeypot script

33
8
97d
GPL-3.0

Yet Another Fake Honeypot written in Go

5
0
2y 11m
GPL-3.0

a low interaction honeypot.

1
0
3y 28d
n/a

Generic Low Interaction Honeypot

145
44
10m
MIT

A honeypot server written in Go.

38
3
2y 11m
n/a

honeypot go lang emulators

8
4
4y 9m
n/a

SMTP honeypot written in Golang

11
5
4y 110d
n/a

a low-interaction honeypot

79
17
3y 6m
GPL-2.0

IMAP honeypot written in Golang

14
2
2y 7m
MIT

A high scalable low to medium interactive SSH/TCP honeypot using Linux Namespaces, capabilities, seccomp, cgroups designed for OpenWrt and IoT devices.

22
6
4m
BSD-3-Clause

Port listener / honeypot in Rust with protocol guessing and safe string display

10
1
6m
MIT

A simple low-interaction port monitoring honeypot.

12
5
7y 5m
n/a

Python telnet honeypot for catching botnet binaries

241
77
4m
n/a

Simulates enough of a Telnet connection in order to log failed login attempts.

211
61
3y 8m
n/a

Low-interaction VNC honeypot with a static challenge.

19
7
1y 109d
Zlib

Honeynet Project generic authenticated datafeed protocol

189
100
101d
GPL-3.0

HoneySpider Network version of Capture-HPC

12
10
8y 11m
n/a

Automatically exported from code.google.com/p/jsunpack-n

140
58
5y 8m
GPL-2.0
26
9
5y 6m
GPL-2.0

PwnyPot, High Interaction Client Honeypot

43
19
7y 9d
n/a

YALIH (Yet Another Low Interaction Honeyclient) is a low Interaction Client honeypot designed to detect malicious websites through signature, anomaly and pattern matching techniques

57
9
1y 5m
Apache-2.0

Instant messenger honeypot

11
6
4y 8m
GPL-3.0

Powerful Python tool to analyze PDF documents

616
164
4y 10d
GPL-3.0

Multi-head SSH honeypot system.

5
2
11m
MIT

Cowrie SSH/Telnet Honeypot http://cowrie.readthedocs.io

3.36K
628
1d
n/a

Docker container running cowrie with DShield output enabled.

6
2
4y 8m
n/a

HonSSH is designed to log all SSH communications between a client and server.

343
71
2y 7m
BSD-3-Clause

Hudinx is a tiny interaction SSH honeypot engineered in Python to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker.

1
1
1y 7m
GPL-3.0

Kippo - SSH Honeypot

1.33K
253
4y 58d
n/a

Kippo configured to be a backdoored netscreen

9
2
4y 11m
n/a

Kojoney2 is a low interaction SSH honeypot written in Python. Based on Kojoney by Jose Antonio Coret

33
3
5y 10m
GPL-2.0

Simple TCP/UDP honeypot implemented in Perl

2
0
3y 36d
n/a

Mock an SSH server and define all commands it supports (Python, Twisted)

103
18
3y 10m
n/a

Parse cowrie honeypot logs into a neo4j database

3
3
3y 42d
GPL-3.0

SSH Honeypot

21
3
3y 6m
MIT

A simple ssh honeypot in golang

32
4
5y 7m
n/a

A SSH honeypot written in Go

9
2
6y 11m
Apache-2.0

hived is a honeypot

2
0
3y 92d
MIT

A SSH Server in Go that logs username/password combos

36
11
10m
MIT

SSH Honeypot written in Go

20
8
6y 11m
n/a

A credential dumping SSH honeypot with statistics

10
1
3y 10m
n/a

SSH Multipot

21
2
2y 7m
GPL-3.0

A low/zero interaction ssh authentication logging honeypot

11
9
2y 11m
n/a

Fake sshd that logs ip addresses, usernames, and passwords.

347
202
19d
MIT
18
0
1y 11m
BSD-3-Clause

A low-interaction SSH honeypot written in C

7
1
57d
MIT

framework for a high interaction SSH honeypot

38
6
7m
MIT

A fake SSH server that lets everyone in and logs their activity

1.04K
55
4y 11d
Apache-2.0

High-interaction MitM SSH honeypot

155
49
2y 6m
Zlib

Yet another no-frills low-interaction ssh honeypot in Go.

10
2
9m
Zlib

A low-to-medium interaction SSH Honeypot with features to capture terminal activity and upload to asciinema.org

81
4
1y 9m
GPL-3.0

SSH, FTP and Telnet honeypots based on Twisted

64
19
11m
GPL-2.0

An SMTP Honeypot

189
59
2y 6m
n/a

Fetch all Honeypot

14
7
2y 5m
Apache-2.0

Spam Honeypot with Intelligent Virtual Analyzer

120
34
4y 5m
n/a

Spam Honeypot Tool

21
2
5y 5m
GPL-2.0

The Project Honey Pot un-official PHP SDK

1
0
4y 10m
MIT

Bluetooth Honeypot

118
22
4y 11m
n/a

Docker configs and build scripts.

18
6
5y 11m
n/a

A docker based honeypot.

139
12
5y 6m
BSD-2-Clause

Docker based honeypot (Dionaea & Kippo)

19
3
5y 8m
MIT

Very simple but effective honeypot to detect port scanning on your network

1
0
1y 32d
n/a

Core elements of the Modern Honey Network implemented in Docker

28
3
2y 8m
n/a

TR-069 Honeypot

93
38
4y 8m
GPL-3.0

Kako "IoT" honeypot framework.

16
6
92d
MIT

Canarytokens helps track activity and actions on your network.

582
106
16d
n/a

A PoC tool designed to enhance the effectiveness of your traps by spreading breadcrumbs & honeytokens across your systems to lure the attacker toward your honeypots

215
35
1y 8m
GPL-3.0

honeyλ - a simple, serverless application designed to create and monitor fake HTTP endpoints (i.e. URL honeytokens) automatically, on top of AWS Lambda and Amazon API Gateway

447
51
2y 38d
GPL-3.0

A tool for deploying and detecting use of Active Directory honeytokens

456
99
4y 66d
GPL-3.0

A Heroku-based web honeypot that can be used to create and monitor fake HTTP endpoints (i.e. honeytokens).

47
8
1y 7m
GPL-3.0

Designed to provide reconnaissance against attackers that use search engines as a hacking tool against your resources.

Modular Web Application Firewall / High-Interaction Honeypot for PHP, Perl, and Python apps.

Modern high-interaction honeypot framework.

Building Honeypots for Industrial Networks.

Mimics many of the services from a popular PLC and better helps SCADA researchers understand potential risks of exposed control system devices.

Analyses DNS traffic and potentionaly detect botnet command and control server activity, along with infected hosts.

Inject JavaScript to explore native apps on Windows, Mac, Linux, iOS and Android.

Transform arbitrary PHP applications into web-based high-interaction Honeypots.

Python script that will download all malicious files stored as URLs in a Kippo SSH honeypot database.

CHN aims to make deployments honeypots and honeypot management tools easy and flexible. The default deployment method uses Docker Compose and Docker to deploy with a few simple commands.

Log anonymization library that helps having anonymous logs consistent between logs and network captures.

Deploy multiple sensors that redirect traffic to a centralized collection of honeypots.

Interactive intercepting HTTP proxy for penetration testers and software developers. ![Open-Source Software][OSS Icon] ![Freeware][Freeware Icon]

Open source, system-level exploration allows one to capture system state and activity from a running GNU/Linux instance, then save, filter, and analyze the results.

Extracts some very basic stats from Kippo’s text-based log files and inserts them in a MySQL database.

Python script to transfer data from a Kippo SSH honeypot MySQL database to an ElasticSearch instance (server or cluster).

C library with Python bindings that makes it easy to monitor the low-level details of a running virtual machine.

Honeypot software based in Perl with plugins developed for many functions like : wingates, telnet, squid, smtp, etc.

Data coalesing tool for honeynet/network analysis.

Vulnerability emulation honeypot.

Redirects all hostile traffic to a honeypot that is partially mirroring your production system.

ICS/SCADA Honeypot. Conpot is a low interactive server side Industrial Control Systems honeypot designed to be easy to deploy, modify and extend. By providing a range of common industrial control protocols we created the basics to build your own system, capable to emulate complex infrastructures to convince an adversary that he just found a huge industrial complex. To improve the deceptive capabilities, we also provided the possibility to server a custom human machine interface to increase the honeypots attack surface. The response times of the services can be artificially delayed to mimic the behaviour of a system under constant load. Because we are providing complete stacks of the protocols, Conpot can be accessed with productive HMI's or extended with real hardware. Conpot is developed under the umbrella of the Honeynet Project and on the shoulders of a couple of very big giants.

Open source network sinkhole that provides a mechanism for detection and prevention of malicious traffic on a given network.

Windows based honeypot Intrusion Detection System (IDS).

Takes over unused IP addresses, and creates virtual servers that are attractive to worms, hackers, and other denizens of the Internet.

Versatile malware collection daemon, uniting the best features of nepenthes and honeytrap.

Automated signature creation using honeypots.

Simple lookup service for AS-numbers and prefixes belonging to any given country in the world.

Honeypot data-sharing platform.

Manage, report, and analyze your distributed Nepenthes instances.

Network security auditing tool designed to analyze the forensics behind compromised and/or vulnerable daemons.

Streamlines deployment and management of secure honeypots.

Apply Snort IDS rules and signatures against packet capture files using Wireshark.

High interaction client honeypot (also called honeyclient).

Web interface created to manage and remotely share Honeyclients resources.

Client-side honeypot for attack detection.

Python-based low-interaction honeyclient.

Kojoney is a low level interaction honeypot that emulates an SSH server. The daemon is written in Python using the Twisted Conch libraries.

Honeypot sensor on a Raspberry Pi based on a customized Raspbian OS.

Perl module that appears to provide the functionality of a standard SMTP server.

Dockerized Thug to analyze malicious web content.

Honeyd Tools

Network and Artifact Analysis

A Libemu Cython wrapper

107
33
11m
GPL-2.0

A malware/botnet analysis framework written in Ruby.

195
36
5y 10m
GPL-3.0

Integrated MALware Simulator and Emulator

12
4
7y 4m
GPL-3.0

x86 emulation and shellcode detection

77
36
11m
n/a

Emulator for capturing zero-day attacks.

Open source, self hosted

PHP 5.x script sandbox built on top of funcall.

Free malware analysis service powered by Payload Security that detects and analyzes unknown threats using a unique Hybrid Analysis technology.

Analyzes the behavior of malicious files including PEs, PDFs, DOCs, PPTs, XLSs, APKs, URLs and MachOs on Windows, Android and Mac OS X for suspicious activities.

VirusTotal, a subsidiary of Google, is a free online service that analyzes files and URLs enabling the identification of viruses, worms, trojans and other kinds of malicious content detected by antivirus engines and website scanners. At the same time, it may be used as a means to detect false positives, i.e. innocuous resources detected as malicious by one or more scanners.

Free analysis with an online Cuckoo Sandbox

Data Tools

Dionaea Front Web

55
27
3y 112d
n/a

Django App for kippo SSH Honeypot: https://code.google.com/p/kippo/

11
1
8y 4m
n/a

Honeypot Intelligence with Splunk

241
44
2y 40d
GPL-2.0

Simplified UI for showing honeypot alarms

3
1
3y 9m
Apache-2.0

A flask website which displays data I've gathered with my SSH Honeypot

2
0
4y 9m
n/a

Attack Community Graphs through Event Clustering

11
6
5y 54d
n/a

AfterGlow Cloud is a security visualization tool which lets users upload data and visualize the data as graphs on-the-fly (part of Google Summer of Code 2012).

16
7
7y 6m
n/a

easy honeypot statistics

0
0
6y 63d
n/a

Maltego tranforms for mapping Honeypot systems.

15
3
5y 11m
Apache-2.0

Real-time websocket stream of GPS events on a fancy SVG world map

210
86
7y 72d
LGPL-3.0

HpfeedsHoneyGraph is a visualization app to visualize hpfeeds logs

13
3
7y 9m
n/a

Mojolicious app to display statistics for your kippo SSH honeypot

20
2
9y 9m
n/a

The Intelligent Honey Net Project attempts to create actionable information from honeypots

51
9
5y 23d
n/a
46
15
7y 7m
GPL-3.0

Statistical view of the recorded activity on a Honeynet.

Full featured script to visualize statistics from a Kippo SSH honeypot.

Guides

Honeypot (Dionaea and kippo) setup script

74
36
4y 18d
n/a

Script for turning a Raspberry Pi into a Honey Pot Pi

25
4
5y 11m
n/a

Tutorial on setting up Dionaea on an EC2 instance.

The Raspberry Pi based system will allow us to maintain one code base that will make it easier to collect rich logs beyond firewall logs.

Behavioral footprinting for self-propagating worm detection and profiling.