User Experience on mobile might not be great yet, but I'm working on it.

Your first time on this page? Allow me to give some explanations.

Awesome Honeypots

an awesome list of honeypot resources

Here you can see meta information about this topic like the time we last updated this page, the original creator of the awesome list and a link to the original GitHub repository.

Last Update: None

Thank you paralax & contributors
View Topic on GitHub:
paralax/awesome-honeypots

Search for resources by name or description.
Simply type in what you are looking for and the results will be filtered on the fly.

Further filter the resources on this page by type (repository/other resource), number of stars on GitHub and time of last commit in months.

Related Lists

A collection of tools developed by other researchers in the Computer Science area to process network traces. All the right reserved for the original authors.

2.13K
375
11m
n/a

Defund the Police.

7.01K
1.94K
8m
n/a

Honeypots

6
4
5y 11m
n/a

ESPot - ElasticSearch Honeypot

20
3
6y 8m
n/a

A Simple Elasticsearch Honeypot

160
51
5y 10m
MIT

A honeypot proxy for mongodb. When run, this will proxy and log all traffic to a dummy mongodb server.

71
22
1y 33d
GPL-3.0

The NoSQL Honeypot Framework

100
20
4y 110d
GPL-2.0

Low interaction MySQL honeypot written in C

11
6
10m
MIT

A mysql honeypot, still very very early stage

21
1
8y 6m
n/a

Low-interaction Postgres Honeypot

8
4
3y 72d
n/a

medium interaction postgresql honeypot

6
3
1y 6m
n/a

Honeypot type for Symfony forms

31
12
1y 7m
n/a

Web Application Honeypot

444
169
1y 7m
n/a

Simple spam prevention package for Laravel applications

409
41
6m
MIT

A nodejs web application honeypot

34
9
5y 8m
n/a

Webapplication Honeypot

12
4
7y 12m
n/a

Struts Apache 2 based honeypot as well as a detection module for Apache 2 servers

67
17
4y 46d
MIT

This project is designed to create deceptive webpages to deceive and redirect attackers away from real websites.

38
9
3y 42d
BSD-3-Clause

bap - http Basic Authentication honeyPot

26
1
6y 115d
n/a

高対話型ハニーポット

22
1
2y 60d
GPL-3.0

A fake Django admin login screen page.

758
95
12m
MIT

Drupal Honeypot

53
10
1y 9m
MIT

HoneyHTTPD is a Python-based web server honeypot/service imitation builder. Great for honeypots or faking HTTP services.

12
9
114d
MPL-2.0

A simple and effective phpmyadmin honeypot

57
30
5y 10m
GPL-3.0

WebApp Honeypot for detecting Shell Shock exploit attempts

52
20
1y 7m
LGPL-2.1

PHP Script demonstrating a smart honey pot.

15
1
7y 21d
MIT

Super Next generation Advanced Reactive honEypot

306
102
94d
GPL-3.0

He who flays the hide

137
60
118d
GPL-3.0

Inserts a trap for spam bots into responses.

23
3
7y 100d
MIT

Honeypot that mimics Tomcat manager endpoints. Logs requests and saves attacker's WAR file for later study

5
1
3y 8m
MIT

WordPress Honeypot

23
8
5y 4m
GPL-2.0

python based WordPress honeypot in a docker container

0
8
4y 11m
n/a

Wordpress plugin to reduce comment spam with a smarter honeypot.

25
3
3y 6m
MIT

A Wordpress Honeypot

155
52
2y 6m
n/a

Low interaction honeypot designed for Android Debug Bridge over TCP/IP

123
25
1y 6m
GPL-3.0

Honeypot for Intel's AMT Firmware Vulnerability CVE-2017-5689

13
4
2y 43d
n/a

A low to medium interaction honeypot.

408
85
1y 119d
GPL-2.0

A multi-purpose, modular medium-interaction honeypot based on Twisted.

17
6
11m
MIT

Bash and Python Honeyport scripts

31
7
4y 76d
GPL-3.0

Printer honeypot

15
7
5y 102d
n/a

MICROS Honeypot is a low interaction honeypot to detect CVE-2018-2636 in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (MICROS). This is a directory traversal vulnerability.

9
4
3y 90d
MIT

Remote Desktop Protocol in Twisted Python

1.35K
340
1y 28d
GPL-3.0

Simple High Interaction Honeypot Solution for SMB protocol

28
13
3y 10d
n/a

Tom's Honey Pot as seen in Applied Network Security Monitoring.

17
8
6y 13d
n/a

WebLogic Honeypot is a low interaction honeypot to detect CVE-2017-10271 in the Oracle WebLogic Server component of Oracle Fusion Middleware. This is a Remote Code Execution vulnerability.

21
6
3y 90d
MIT

Twisted based HoneyPot for WhiteFace

3
2
6y 16d
LGPL-3.0

Simple Docker Honeypot server emulating small snippets of the Docker HTTP API

5
2
7m
Apache-2.0

The plugin repository for Honeycomb, the honeypot framework by Cymmetria

21
10
2y 83d
MIT

NTP logger/honeypot

50
9
7y 44d
n/a

observation camera honeypot

46
18
5y 10m
BSD-2-Clause

FTP Honeypot

13
10
6y 8m
BSD-2-Clause

Advanced Honeypot framework.

925
151
4m
n/a

RDP man-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact

561
124
85d
GPL-3.0

Troje is a honeypot built around lxc containers. It will run each connection with the service within a seperate lxc container.

42
9
6y 9m
MIT

Distributed Honeypot

37
5
3y 10d
MIT

Quick proof of concept to detect a Kippo SSH honeypot instance externally

46
15
6y 5m
n/a

ICS/SCADA honeypot

847
334
96d
GPL-2.0

GasPot Released at Blackhat 2015

95
29
4y 9m
CC0-1.0

Open source tools for realistic-behaving electric grid honeynets

39
9
6y 48d
n/a

damn simple honey pot

11
3
4y 11m
Apache-2.0

Repo for the Open Source version of NOVA

66
20
6y 90d
GPL-3.0

OpenFlow Honeypot

14
1
8y 4m
n/a

Modular and decentralised honeypot

1.09K
211
78d
BSD-3-Clause

A low interaction honeypot for the Cisco ASA component capable of detecting CVE-2018-0101, a DoS and remote code execution vulnerability.

36
16
2y 8m
MIT

A medium interaction printer honeypot 🍯

176
15
4m
GPL-3.0

Botnet command & control monitor

146
61
3y 6m
n/a

Google Summer of Code 2012 project, supported by The Honeynet Project organization.

31
13
9m
n/a

Modern Honey Network

2.06K
592
9m
n/a

Honeypot for router backdoor (TCP 32764)

12
3
7y 93d
n/a

A honeypot that can be used to observe traffic directed at home routers.

7
0
2y 5m
n/a

A modern tool for the Windows kernel exploration and tracing

1.1K
128
78d
n/a

A honeypot for malware that propagates via USB storage devices

67
19
6y 47d
GPL-3.0

Passive Network Audit Framework

27
9
2y 11m
n/a

Script to create templates to use with VirtualBox to make vm detection harder

522
101
108d
MIT

Automated Virtual Machine Generation and Cloaking for Cuckoo Sandbox.

349
103
1y 6m
n/a

A debugger backend and LUA wrapper for PIN

29
7
7y 6m
n/a

A debugger frontend

143
15
5y 6m
n/a

Reverse engineering, Malware and goodware analysis of Android applications ... and more (ninja !)

3.41K
854
5m
Apache-2.0

APKinspector is a powerful GUI tool for analysts to analyze the Android applications.

708
244
8y 74d
n/a

🍯 T-Pot - The All In One Honeypot Platform 🐝

2.41K
510
78d
GPL-3.0

The Artillery Project is an open-source blue team tool designed to protect Linux and Windows operating systems through multiple methods.

307
269
1y 93d
n/a

Automatic deploy bifrozt with ansible. ALPHA

4
4
5y 53d
n/a

Credentials catching honeypot

295
73
4m
GPL-3.0
5
5
6y 57d
n/a

Telnet Honeypot

143
44
2y 65d
MIT

Open Source Telnet Honeypot

98
28
4y 50d
MIT

Semi-Intelligent HoneyPot Network - Semi-Intelligent Reactive Environment Network

9
1
3y 53d
n/a

A simple telnet honeypot

0
0
5y 110d
n/a

Simple UDP honeypot script

33
7
8m
GPL-3.0

Yet Another Fake Honeypot written in Go

5
0
3y 5m
GPL-3.0

a low interaction honeypot.

1
0
3y 6m
n/a

Generic Low Interaction Honeypot

149
45
118d
MIT

A honeypot server written in Go.

39
3
3y 4m
n/a

honeypot go lang emulators

8
4
5y 71d
n/a

SMTP honeypot written in Golang

12
5
4y 9m
n/a

a low-interaction honeypot

79
17
3y 11m
GPL-2.0

IMAP honeypot written in Golang

15
2
3y 21d
MIT

A high scalable low to medium interactive SSH/TCP honeypot using Linux Namespaces, capabilities, seccomp, cgroups designed for OpenWrt and IoT devices.

24
6
10m
BSD-3-Clause

Port listener / honeypot in Rust with protocol guessing and safe string display

11
1
11m
MIT

A simple low-interaction port monitoring honeypot.

13
5
7y 10m
n/a

Python telnet honeypot for catching botnet binaries

249
80
9m
n/a

Simulates enough of a Telnet connection in order to log failed login attempts.

211
61
4y 65d
n/a

Low-interaction VNC honeypot with a static challenge.

19
7
1y 9m
Zlib

Honeynet Project generic authenticated datafeed protocol

193
102
78d
GPL-3.0

HoneySpider Network version of Capture-HPC

12
10
9y 4m
n/a

Automatically exported from code.google.com/p/jsunpack-n

141
58
6y 38d
GPL-2.0
26
9
5y 11m
GPL-2.0

PwnyPot, High Interaction Client Honeypot

43
19
7y 5m
n/a

YALIH (Yet Another Low Interaction Honeyclient) is a low Interaction Client honeypot designed to detect malicious websites through signature, anomaly and pattern matching techniques

58
9
1y 10m
Apache-2.0

Instant messenger honeypot

11
6
5y 48d
GPL-3.0

Powerful Python tool to analyze PDF documents

641
171
4y 5m
GPL-3.0

Multi-head SSH honeypot system.

5
3
1y 4m
MIT

Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io

3.5K
646
79d
n/a

Docker container running cowrie with DShield output enabled.

7
2
5y 56d
n/a

HonSSH is designed to log all SSH communications between a client and server.

345
72
3y 35d
BSD-3-Clause

Hudinx is a tiny interaction SSH honeypot engineered in Python to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker.

1
0
2y 9d
GPL-3.0

Kippo - SSH Honeypot

1.34K
255
4y 7m
n/a

Kippo configured to be a backdoored netscreen

9
2
5y 4m
n/a

Kojoney2 is a low interaction SSH honeypot written in Python. Based on Kojoney by Jose Antonio Coret

33
4
6y 4m
GPL-2.0

Simple TCP/UDP honeypot implemented in Perl

2
0
3y 6m
n/a

Mock an SSH server and define all commands it supports (Python, Twisted)

106
18
4y 114d
n/a

Parse cowrie honeypot logs into a neo4j database

3
3
3y 6m
GPL-3.0

SSH Honeypot

23
3
3y 11m
MIT

A simple ssh honeypot in golang

33
4
6y 33d
n/a

A SSH honeypot written in Go

9
2
7y 4m
Apache-2.0

hived is a honeypot

2
0
3y 8m
MIT

A SSH Server in Go that logs username/password combos

36
11
1y 4m
MIT

SSH Honeypot written in Go

20
8
7y 4m
n/a

A credential dumping SSH honeypot with statistics

9
1
4y 118d
n/a

SSH Multipot

21
2
3y 9d
GPL-3.0

A low/zero interaction ssh authentication logging honeypot

12
10
3y 4m
n/a

Fake sshd that logs ip addresses, usernames, and passwords.

368
207
6m
MIT
18
0
2y 4m
BSD-3-Clause

A low-interaction SSH honeypot written in C

7
1
89d
MIT

framework for a high interaction SSH honeypot

38
6
1y 30d
MIT

A fake SSH server that lets everyone in and logs their activity

1.06K
56
4y 5m
Apache-2.0

High-interaction MitM SSH honeypot

158
50
2y 12m
Zlib

Yet another no-frills low-interaction ssh honeypot in Go.

11
2
1y 96d
Zlib

A low-to-medium interaction SSH Honeypot with features to capture terminal activity and upload to asciinema.org

82
5
2y 73d
GPL-3.0

SSH, FTP and Telnet honeypots based on Twisted

67
19
1y 4m
GPL-2.0

An SMTP Honeypot

192
60
2y 11m
n/a

Fetch all Honeypot

14
7
2y 11m
Apache-2.0

Spam Honeypot with Intelligent Virtual Analyzer

119
35
4y 10m
n/a

Spam Honeypot Tool

21
2
5y 10m
GPL-2.0

The Project Honey Pot un-official PHP SDK

1
0
5y 108d
MIT

Bluetooth Honeypot

125
22
4m
n/a

Docker configs and build scripts.

18
6
6y 4m
n/a

A docker based honeypot.

141
13
6y 5d
BSD-2-Clause

Docker based honeypot (Dionaea & Kippo)

20
3
6y 50d
MIT

Very simple but effective honeypot to detect port scanning on your network

1
0
1y 6m
n/a

Core elements of the Modern Honey Network implemented in Docker

28
3
3y 41d
n/a

TR-069 Honeypot

95
38
5y 54d
GPL-3.0

Kako "IoT" honeypot framework.

18
7
8m
MIT

Canarytokens helps track activity and actions on your network.

626
110
92d
n/a

A PoC tool designed to enhance the effectiveness of your traps by spreading breadcrumbs & honeytokens across your systems to lure the attacker toward your honeypots

220
36
2y 50d
GPL-3.0

honeyλ - a simple, serverless application designed to create and monitor fake HTTP endpoints (i.e. URL honeytokens) automatically, on top of AWS Lambda and Amazon API Gateway

451
51
2y 6m
GPL-3.0

A tool for deploying and detecting use of Active Directory honeytokens

458
99
4y 7m
GPL-3.0

A Heroku-based web honeypot that can be used to create and monitor fake HTTP endpoints (i.e. honeytokens).

47
8
2y 15d
GPL-3.0

Designed to provide reconnaissance against attackers that use search engines as a hacking tool against your resources.

Modular Web Application Firewall / High-Interaction Honeypot for PHP, Perl, and Python apps.

Modern high-interaction honeypot framework.

Building Honeypots for Industrial Networks.

Mimics many of the services from a popular PLC and better helps SCADA researchers understand potential risks of exposed control system devices.

Analyses DNS traffic and potentionaly detect botnet command and control server activity, along with infected hosts.

Inject JavaScript to explore native apps on Windows, Mac, Linux, iOS and Android.

Transform arbitrary PHP applications into web-based high-interaction Honeypots.

Python script that will download all malicious files stored as URLs in a Kippo SSH honeypot database.

CHN aims to make deployments honeypots and honeypot management tools easy and flexible. The default deployment method uses Docker Compose and Docker to deploy with a few simple commands.

Log anonymization library that helps having anonymous logs consistent between logs and network captures.

Deploy multiple sensors that redirect traffic to a centralized collection of honeypots.

Interactive intercepting HTTP proxy for penetration testers and software developers. ![Open-Source Software][OSS Icon] ![Freeware][Freeware Icon]

Open source, system-level exploration allows one to capture system state and activity from a running GNU/Linux instance, then save, filter, and analyze the results.

Extracts some very basic stats from Kippo’s text-based log files and inserts them in a MySQL database.

Python script to transfer data from a Kippo SSH honeypot MySQL database to an ElasticSearch instance (server or cluster).

C library with Python bindings that makes it easy to monitor the low-level details of a running virtual machine.

Honeypot software based in Perl with plugins developed for many functions like : wingates, telnet, squid, smtp, etc.

Data coalesing tool for honeynet/network analysis.

Vulnerability emulation honeypot.

Redirects all hostile traffic to a honeypot that is partially mirroring your production system.

ICS/SCADA Honeypot. Conpot is a low interactive server side Industrial Control Systems honeypot designed to be easy to deploy, modify and extend. By providing a range of common industrial control protocols we created the basics to build your own system, capable to emulate complex infrastructures to convince an adversary that he just found a huge industrial complex. To improve the deceptive capabilities, we also provided the possibility to server a custom human machine interface to increase the honeypots attack surface. The response times of the services can be artificially delayed to mimic the behaviour of a system under constant load. Because we are providing complete stacks of the protocols, Conpot can be accessed with productive HMI's or extended with real hardware. Conpot is developed under the umbrella of the Honeynet Project and on the shoulders of a couple of very big giants.

Open source network sinkhole that provides a mechanism for detection and prevention of malicious traffic on a given network.

Windows based honeypot Intrusion Detection System (IDS).

Takes over unused IP addresses, and creates virtual servers that are attractive to worms, hackers, and other denizens of the Internet.

Versatile malware collection daemon, uniting the best features of nepenthes and honeytrap.

Automated signature creation using honeypots.

Simple lookup service for AS-numbers and prefixes belonging to any given country in the world.

Honeypot data-sharing platform.

Manage, report, and analyze your distributed Nepenthes instances.

Network security auditing tool designed to analyze the forensics behind compromised and/or vulnerable daemons.

Streamlines deployment and management of secure honeypots.

Apply Snort IDS rules and signatures against packet capture files using Wireshark.

High interaction client honeypot (also called honeyclient).

Web interface created to manage and remotely share Honeyclients resources.

Client-side honeypot for attack detection.

Python-based low-interaction honeyclient.

Kojoney is a low level interaction honeypot that emulates an SSH server. The daemon is written in Python using the Twisted Conch libraries.

Honeypot sensor on a Raspberry Pi based on a customized Raspbian OS.

Perl module that appears to provide the functionality of a standard SMTP server.

Dockerized Thug to analyze malicious web content.

Honeyd Tools

Network and Artifact Analysis

A Libemu Cython wrapper

107
33
1y 5m
GPL-2.0

A malware/botnet analysis framework written in Ruby.

196
34
6y 112d
GPL-3.0

Integrated MALware Simulator and Emulator

12
5
7y 10m
GPL-3.0

x86 emulation and shellcode detection

79
37
117d
n/a

Emulator for capturing zero-day attacks.

Open source, self hosted

Free malware analysis service powered by Payload Security that detects and analyzes unknown threats using a unique Hybrid Analysis technology.

Analyzes the behavior of malicious files including PEs, PDFs, DOCs, PPTs, XLSs, APKs, URLs and MachOs on Windows, Android and Mac OS X for suspicious activities.

VirusTotal, a subsidiary of Google, is a free online service that analyzes files and URLs enabling the identification of viruses, worms, trojans and other kinds of malicious content detected by antivirus engines and website scanners. At the same time, it may be used as a means to detect false positives, i.e. innocuous resources detected as malicious by one or more scanners.

Free analysis with an online Cuckoo Sandbox

Data Tools

Dionaea Front Web

57
29
3y 9m
n/a

Django App for kippo SSH Honeypot: https://code.google.com/p/kippo/

11
1
8y 10m
n/a

Honeypot Intelligence with Splunk

241
45
2y 6m
GPL-2.0

Simplified UI for showing honeypot alarms

3
1
4y 87d
Apache-2.0

A flask website which displays data I've gathered with my SSH Honeypot

2
0
5y 94d
n/a

Attack Community Graphs through Event Clustering

11
6
5y 7m
n/a

AfterGlow Cloud is a security visualization tool which lets users upload data and visualize the data as graphs on-the-fly (part of Google Summer of Code 2012).

16
7
8y 6d
n/a

easy honeypot statistics

0
0
6y 7m
n/a

Maltego tranforms for mapping Honeypot systems.

15
3
6y 4m
Apache-2.0

Real-time websocket stream of GPS events on a fancy SVG world map

208
87
7y 7m
LGPL-3.0

HpfeedsHoneyGraph is a visualization app to visualize hpfeeds logs

13
3
8y 87d
n/a

Mojolicious app to display statistics for your kippo SSH honeypot

20
2
10y 82d
n/a

The Intelligent Honey Net Project attempts to create actionable information from honeypots

55
10
5y 6m
n/a
46
15
8y 18d
GPL-3.0

Statistical view of the recorded activity on a Honeynet.

Full featured script to visualize statistics from a Kippo SSH honeypot.

Guides

Honeypot (Dionaea and kippo) setup script

74
36
4y 6m
n/a

Script for turning a Raspberry Pi into a Honey Pot Pi

26
4
6y 4m
n/a

Tutorial on setting up Dionaea on an EC2 instance.

The Raspberry Pi based system will allow us to maintain one code base that will make it easier to collect rich logs beyond firewall logs.

Behavioral footprinting for self-propagating worm detection and profiling.