User Experience on mobile might not be great yet, but I'm working on it.

Your first time on this page? Allow me to give some explanations.

Awesome Honeypots

an awesome list of honeypot resources

Here you can see meta information about this topic like the time we last updated this page, the original creator of the awesome list and a link to the original GitHub repository.

Last Update: Oct. 20, 2021, 12:04 p.m.

Thank you paralax & contributors
View Topic on GitHub:
paralax/awesome-honeypots

Search for resources by name or description.
Simply type in what you are looking for and the results will be filtered on the fly.

Further filter the resources on this page by type (repository/other resource), number of stars on GitHub and time of last commit in months.

Related Lists

A collection of tools developed by other researchers in the Computer Science area to process network traces. All the right reserved for the original authors.

2.13K
375
1y 5m
n/a

Defund the Police.

7.01K
1.94K
1y 57d
n/a

Honeypots

6
4
6y 4m
n/a

ESPot - ElasticSearch Honeypot

20
3
7y 58d
n/a

A Simple Elasticsearch Honeypot

160
51
6y 108d
MIT

A honeypot proxy for mongodb. When run, this will proxy and log all traffic to a dummy mongodb server.

71
22
1y 6m
GPL-3.0

The NoSQL Honeypot Framework

100
20
4y 9m
GPL-2.0

Low interaction MySQL honeypot written in C

11
6
1y 116d
MIT

A mysql honeypot, still very very early stage

21
1
9y 8d
n/a

Low-interaction Postgres Honeypot

8
4
3y 7m
n/a

medium interaction postgresql honeypot

6
3
2y 8d
n/a

Honeypot type for Symfony forms

31
12
2y 32d
n/a

Web Application Honeypot

444
169
2y 36d
n/a

HellPot is an endless honeypot that sends bots to hell. Based on Heffalump.

72
8
29d
MIT

Simple spam prevention package for Laravel applications

409
41
12m
MIT

A nodejs web application honeypot

34
9
6y 60d
n/a

Webapplication Honeypot

12
4
8y 5m
n/a

Struts Apache 2 based honeypot as well as a detection module for Apache 2 servers

67
17
4y 7m
MIT

This project is designed to create deceptive webpages to deceive and redirect attackers away from real websites.

38
9
3y 6m
BSD-3-Clause

bap - http Basic Authentication honeyPot

26
1
6y 9m
n/a

้ซ˜ๅฏพ่ฉฑๅž‹ใƒใƒ‹ใƒผใƒใƒƒใƒˆ

22
1
2y 7m
GPL-3.0

A fake Django admin login screen page.

758
95
1y 5m
MIT

Drupal Honeypot

53
10
2y 99d
MIT

HoneyHTTPD is a Python-based web server honeypot/service imitation builder. Great for honeypots or faking HTTP services.

12
9
9m
MPL-2.0

A simple and effective phpmyadmin honeypot

57
30
6y 111d
GPL-3.0

WebApp Honeypot for detecting Shell Shock exploit attempts

52
20
2y 21d
LGPL-2.1

PHP Script demonstrating a smart honey pot.

15
1
7y 6m
MIT

Super Next generation Advanced Reactive honEypot

306
102
8m
GPL-3.0

He who flays the hide

137
60
9m
GPL-3.0

Inserts a trap for spam bots into responses.

23
3
7y 8m
MIT

Honeypot that mimics Tomcat manager endpoints. Logs requests and saves attacker's WAR file for later study

5
1
4y 55d
MIT

WordPress Honeypot

23
8
5y 10m
GPL-2.0

python based WordPress honeypot in a docker container

0
8
5y 4m
n/a

Wordpress plugin to reduce comment spam with a smarter honeypot.

25
3
4y 8d
MIT

A Wordpress Honeypot

155
52
3y 5d
n/a

Low interaction honeypot designed for Android Debug Bridge over TCP/IP

123
25
1y 11m
GPL-3.0

Honeypot for Intel's AMT Firmware Vulnerability CVE-2017-5689

13
4
2y 6m
n/a

A low to medium interaction honeypot.

408
85
1y 9m
GPL-2.0

A multi-purpose, modular medium-interaction honeypot based on Twisted.

17
6
1y 4m
MIT

Bash and Python Honeyport scripts

31
7
4y 8m
GPL-3.0

Printer honeypot

15
7
5y 8m
n/a

MICROS Honeypot is a low interaction honeypot to detect CVE-2018-2636 in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (MICROS). This is a directory traversal vulnerability.

9
4
3y 8m
MIT

Remote Desktop Protocol in Twisted Python

1.35K
340
1y 6m
GPL-3.0

Simple High Interaction Honeypot Solution for SMB protocol

28
13
3y 5m
n/a

Tom's Honey Pot as seen in Applied Network Security Monitoring.

17
8
6y 5m
n/a

WebLogic Honeypot is a low interaction honeypot to detect CVE-2017-10271 in the Oracle WebLogic Server component of Oracle Fusion Middleware. This is a Remote Code Execution vulnerability.

21
6
3y 8m
MIT

Twisted based HoneyPot for WhiteFace

3
2
6y 6m
LGPL-3.0

Simple Docker Honeypot server emulating small snippets of the Docker HTTP API

5
2
1y 26d
Apache-2.0

The plugin repository for Honeycomb, the honeypot framework by Cymmetria

21
10
2y 8m
MIT

NTP logger/honeypot

50
9
7y 6m
n/a

observation camera honeypot

46
18
6y 4m
BSD-2-Clause

FTP Honeypot

13
10
7y 61d
BSD-2-Clause

Advanced Honeypot framework.

925
151
10m
n/a

RDP man-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact

561
124
8m
GPL-3.0

Troje is a honeypot built around lxc containers. It will run each connection with the service within a seperate lxc container.

42
9
7y 71d
MIT

Distributed Honeypot

37
5
3y 5m
MIT

Quick proof of concept to detect a Kippo SSH honeypot instance externally

46
15
6y 10m
n/a

ICS/SCADA honeypot

847
334
8m
GPL-2.0

GasPot Released at Blackhat 2015

95
29
5y 71d
CC0-1.0

Open source tools for realistic-behaving electric grid honeynets

39
9
6y 7m
n/a

damn simple honey pot

11
3
5y 4m
Apache-2.0

Repo for the Open Source version of NOVA

66
20
6y 8m
GPL-3.0

OpenFlow Honeypot

14
1
8y 9m
n/a

Modular and decentralised honeypot

1.09K
211
8m
BSD-3-Clause

A low interaction honeypot for the Cisco ASA component capable of detecting CVE-2018-0101, a DoS and remote code execution vulnerability.

36
16
3y 66d
MIT

A medium interaction printer honeypot ๐Ÿฏ

176
15
9m
GPL-3.0

Botnet command & control monitor

146
61
4y 2d
n/a

Google Summer of Code 2012 project, supported by The Honeynet Project organization.

31
13
1y 82d
n/a

Modern Honey Network

2.06K
592
1y 88d
n/a

Honeypot for router backdoor (TCP 32764)

12
3
7y 8m
n/a

A honeypot that can be used to observe traffic directed at home routers.

7
0
2y 11m
n/a

A modern tool for the Windows kernel exploration and tracing

1.1K
128
8m
n/a

A honeypot for malware that propagates via USB storage devices

67
19
6y 7m
GPL-3.0

Passive Network Audit Framework

27
9
3y 5m
n/a

Script to create templates to use with VirtualBox to make vm detection harder

522
101
9m
MIT

Automated Virtual Machine Generation and Cloaking for Cuckoo Sandbox.

349
103
1y 12m
n/a

A debugger backend and LUA wrapper for PIN

29
7
7y 11m
n/a

A debugger frontend

143
15
5y 11m
n/a

Reverse engineering, Malware and goodware analysis of Android applications ... and more (ninja !)

3.41K
854
11m
Apache-2.0

APKinspector is a powerful GUI tool for analysts to analyze the Android applications.

708
244
8y 7m
n/a

๐Ÿฏ T-Pot - The All In One Honeypot Platform ๐Ÿ

2.41K
510
8m
GPL-3.0

The Artillery Project is an open-source blue team tool designed to protect Linux and Windows operating systems through multiple methods.

307
269
1y 8m
n/a

Automatic deploy bifrozt with ansible. ALPHA

4
4
5y 7m
n/a

Credentials catching honeypot

295
73
9m
GPL-3.0
15
4
6y 58d
n/a
5
5
6y 7m
n/a

Telnet Honeypot

143
44
2y 7m
MIT

Open Source Telnet Honeypot

98
28
4y 7m
MIT

Semi-Intelligent HoneyPot Network - Semi-Intelligent Reactive Environment Network

9
1
3y 7m
n/a

A simple telnet honeypot

0
0
5y 9m
n/a

Simple UDP honeypot script

33
7
1y 60d
GPL-3.0

Yet Another Fake Honeypot written in Go

5
0
3y 10m
GPL-3.0

a low interaction honeypot.

1
0
3y 11m
n/a

Fake Protocol Server

448
48
20d
n/a

Generic Low Interaction Honeypot

149
45
9m
MIT

A honeypot server written in Go.

39
3
3y 9m
n/a

honeypot go lang emulators

8
4
5y 7m
n/a

SMTP honeypot written in Golang

12
5
5y 73d
n/a

a low-interaction honeypot

79
17
4y 5m
GPL-2.0

IMAP honeypot written in Golang

15
2
3y 6m
MIT

A high scalable low to medium interactive SSH/TCP honeypot using Linux Namespaces, capabilities, seccomp, cgroups designed for OpenWrt and IoT devices.

24
6
1y 100d
BSD-3-Clause

Port listener / honeypot in Rust with protocol guessing and safe string display

11
1
1y 4m
MIT

A simple low-interaction port monitoring honeypot.

13
5
8y 117d
n/a

Python telnet honeypot for catching botnet binaries

249
80
1y 90d
n/a

Simulates enough of a Telnet connection in order to log failed login attempts.

211
61
4y 7m
n/a

Low-interaction VNC honeypot with a static challenge.

19
7
2y 72d
Zlib

Honeynet Project generic authenticated datafeed protocol

193
102
8m
GPL-3.0

HoneySpider Network version of Capture-HPC

12
10
9y 10m
n/a

Automatically exported from code.google.com/p/jsunpack-n

141
58
6y 6m
GPL-2.0
26
9
6y 5m
GPL-2.0

PwnyPot, High Interaction Client Honeypot

43
19
7y 11m
n/a

YALIH (Yet Another Low Interaction Honeyclient) is a low Interaction Client honeypot designed to detect malicious websites through signature, anomaly and pattern matching techniques

58
9
2y 4m
Apache-2.0

Instant messenger honeypot

11
6
5y 7m
GPL-3.0

Powerful Python tool to analyze PDF documents

641
171
4y 11m
GPL-3.0

Multi-head SSH honeypot system.

5
3
1y 10m
MIT

Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io

3.5K
646
8m
n/a

Docker container running cowrie with DShield output enabled.

7
2
5y 7m
n/a

HonSSH is designed to log all SSH communications between a client and server.

345
72
3y 6m
BSD-3-Clause

Hudinx is a tiny interaction SSH honeypot engineered in Python to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker.

1
0
2y 5m
GPL-3.0

Kippo - SSH Honeypot

1.34K
255
5y 21d
n/a

Kippo configured to be a backdoored netscreen

9
2
5y 10m
n/a

Kojoney2 is a low interaction SSH honeypot written in Python. Based on Kojoney by Jose Antonio Coret

33
4
6y 9m
GPL-2.0

Simple TCP/UDP honeypot implemented in Perl

2
0
3y 12m
n/a

Mock an SSH server and define all commands it supports (Python, Twisted)

106
18
4y 9m
n/a

Parse cowrie honeypot logs into a neo4j database

3
3
4y 5d
GPL-3.0

SSH Honeypot

23
3
4y 4m
MIT

A simple ssh honeypot in golang

33
4
6y 6m
n/a

A SSH honeypot written in Go

9
2
7y 10m
Apache-2.0

hived is a honeypot

2
0
4y 55d
MIT

A SSH Server in Go that logs username/password combos

36
11
1y 9m
MIT

SSH Honeypot written in Go

20
8
7y 10m
n/a

A credential dumping SSH honeypot with statistics

9
1
4y 9m
n/a

SSH Multipot

21
2
3y 5m
GPL-3.0

A low/zero interaction ssh authentication logging honeypot

12
10
3y 10m
n/a

Fake sshd that logs ip addresses, usernames, and passwords.

368
207
11m
MIT
18
0
2y 10m
BSD-3-Clause

A low-interaction SSH honeypot written in C

7
1
8m
MIT

framework for a high interaction SSH honeypot

38
6
1y 6m
MIT

A fake SSH server that lets everyone in and logs their activity

1.06K
56
4y 11m
Apache-2.0

High-interaction MitM SSH honeypot

158
50
3y 5m
Zlib

Yet another no-frills low-interaction ssh honeypot in Go.

11
2
1y 8m
Zlib

A low-to-medium interaction SSH Honeypot with features to capture terminal activity and upload to asciinema.org

82
5
2y 7m
GPL-3.0

SSH, FTP and Telnet honeypots based on Twisted

67
19
1y 9m
GPL-2.0

An SMTP Honeypot

192
60
3y 4m
n/a

Fetch all Honeypot

14
7
3y 4m
Apache-2.0

Spam Honeypot with Intelligent Virtual Analyzer

119
35
5y 4m
n/a

Spam Honeypot Tool

21
2
6y 4m
GPL-2.0

The Project Honey Pot un-official PHP SDK

1
0
5y 9m
MIT

Bluetooth Honeypot

125
22
9m
n/a

Docker configs and build scripts.

18
6
6y 10m
n/a

A docker based honeypot.

141
13
6y 5m
BSD-2-Clause

Docker based honeypot (Dionaea & Kippo)

20
3
6y 7m
MIT

Very simple but effective honeypot to detect port scanning on your network

1
0
1y 12m
n/a

Core elements of the Modern Honey Network implemented in Docker

28
3
3y 6m
n/a

TR-069 Honeypot

95
38
5y 7m
GPL-3.0

Kako "IoT" honeypot framework.

18
7
1y 55d
MIT

Canarytokens helps track activity and actions on your network.

626
110
8m
n/a

A PoC tool designed to enhance the effectiveness of your traps by spreading breadcrumbs & honeytokens across your systems to lure the attacker toward your honeypots

220
36
2y 7m
GPL-3.0

honeyฮป - a simple, serverless application designed to create and monitor fake HTTP endpoints (i.e. URL honeytokens) automatically, on top of AWS Lambda and Amazon API Gateway

451
51
3y 1d
GPL-3.0

A tool for deploying and detecting use of Active Directory honeytokens

458
99
5y 29d
GPL-3.0

A Heroku-based web honeypot that can be used to create and monitor fake HTTP endpoints (i.e. honeytokens).

47
8
2y 6m
GPL-3.0

Designed to provide reconnaissance against attackers that use search engines as a hacking tool against your resources.

Modular Web Application Firewall / High-Interaction Honeypot for PHP, Perl, and Python apps.

Modern high-interaction honeypot framework.

Building Honeypots for Industrial Networks.

Mimics many of the services from a popular PLC and better helps SCADA researchers understand potential risks of exposed control system devices.

Analyses DNS traffic and potentionaly detect botnet command and control server activity, along with infected hosts.

Inject JavaScript to explore native apps on Windows, Mac, Linux, iOS and Android.

Transform arbitrary PHP applications into web-based high-interaction Honeypots.

Python script that will download all malicious files stored as URLs in a Kippo SSH honeypot database.

CHN aims to make deployments honeypots and honeypot management tools easy and flexible. The default deployment method uses Docker Compose and Docker to deploy with a few simple commands.

Log anonymization library that helps having anonymous logs consistent between logs and network captures.

Deploy multiple sensors that redirect traffic to a centralized collection of honeypots.

Interactive intercepting HTTP proxy for penetration testers and software developers. ![Open-Source Software][OSS Icon] ![Freeware][Freeware Icon]

Open source, system-level exploration allows one to capture system state and activity from a running GNU/Linux instance, then save, filter, and analyze the results.

Extracts some very basic stats from Kippoโ€™s text-based log files and inserts them in a MySQL database.

Python script to transfer data from a Kippo SSH honeypot MySQL database to an ElasticSearch instance (server or cluster).

C library with Python bindings that makes it easy to monitor the low-level details of a running virtual machine.

Honeypot software based in Perl with plugins developed for many functions like : wingates, telnet, squid, smtp, etc.

Data coalesing tool for honeynet/network analysis.

Vulnerability emulation honeypot.

Redirects all hostile traffic to a honeypot that is partially mirroring your production system.

ICS/SCADA Honeypot. Conpot is a low interactive server side Industrial Control Systems honeypot designed to be easy to deploy, modify and extend. By providing a range of common industrial control protocols we created the basics to build your own system, capable to emulate complex infrastructures to convince an adversary that he just found a huge industrial complex. To improve the deceptive capabilities, we also provided the possibility to server a custom human machine interface to increase the honeypots attack surface. The response times of the services can be artificially delayed to mimic the behaviour of a system under constant load. Because we are providing complete stacks of the protocols, Conpot can be accessed with productive HMI's or extended with real hardware. Conpot is developed under the umbrella of the Honeynet Project and on the shoulders of a couple of very big giants.

Open source network sinkhole that provides a mechanism for detection and prevention of malicious traffic on a given network.

Windows based honeypot Intrusion Detection System (IDS).

Takes over unused IP addresses, and creates virtual servers that are attractive to worms, hackers, and other denizens of the Internet.

Versatile malware collection daemon, uniting the best features of nepenthes and honeytrap.

Automated signature creation using honeypots.

Simple lookup service for AS-numbers and prefixes belonging to any given country in the world.

Honeypot data-sharing platform.

Manage, report, and analyze your distributed Nepenthes instances.

Network security auditing tool designed to analyze the forensics behind compromised and/or vulnerable daemons.

Streamlines deployment and management of secure honeypots.

Apply Snort IDS rules and signatures against packet capture files using Wireshark.

High interaction client honeypot (also called honeyclient).

Web interface created to manage and remotely share Honeyclients resources.

Client-side honeypot for attack detection.

Python-based low-interaction honeyclient.

Kojoney is a low level interaction honeypot that emulates an SSH server. The daemon is written in Python using the Twisted Conch libraries.

Honeypot sensor on a Raspberry Pi based on a customized Raspbian OS.

Perl module that appears to provide the functionality of a standard SMTP server.

Dockerized Thug to analyze malicious web content.

Honeyd Tools

Network and Artifact Analysis

A Libemu Cython wrapper

107
33
1y 10m
GPL-2.0

A malware/botnet analysis framework written in Ruby.

196
34
6y 9m
GPL-3.0

Integrated MALware Simulator and Emulator

12
5
8y 103d
GPL-3.0

x86 emulation and shellcode detection

79
37
9m
n/a

Emulator for capturing zero-day attacks.

Open source, self hosted

Free malware analysis service powered by Payload Security that detects and analyzes unknown threats using a unique Hybrid Analysis technology.

Analyzes the behavior of malicious files including PEs, PDFs, DOCs, PPTs, XLSs, APKs, URLs and MachOs on Windows, Android and Mac OS X for suspicious activities.

VirusTotal, a subsidiary of Google, is a free online service that analyzes files and URLs enabling the identification of viruses, worms, trojans and other kinds of malicious content detected by antivirus engines and website scanners. At the same time, it may be used as a means to detect false positives, i.e. innocuous resources detected as malicious by one or more scanners.

Free analysis with an online Cuckoo Sandbox

Data Tools

Dionaea Front Web

57
29
4y 75d
n/a

Django App for kippo SSH Honeypot: https://code.google.com/p/kippo/

11
1
9y 105d
n/a

Honeypot Intelligence with Splunk

241
45
3y 3d
GPL-2.0

Simplified UI for showing honeypot alarms

3
1
4y 8m
Apache-2.0

A flask website which displays data I've gathered with my SSH Honeypot

2
0
5y 8m
n/a

Attack Community Graphs through Event Clustering

11
6
6y 17d
n/a

AfterGlow Cloud is a security visualization tool which lets users upload data and visualize the data as graphs on-the-fly (part of Google Summer of Code 2012).

16
7
8y 5m
n/a

easy honeypot statistics

0
0
7y 26d
n/a

Maltego tranforms for mapping Honeypot systems.

15
3
6y 10m
Apache-2.0

Real-time websocket stream of GPS events on a fancy SVG world map

208
87
8y 35d
LGPL-3.0

HpfeedsHoneyGraph is a visualization app to visualize hpfeeds logs

13
3
8y 8m
n/a

Mojolicious app to display statistics for your kippo SSH honeypot

20
2
10y 8m
n/a

The Intelligent Honey Net Project attempts to create actionable information from honeypots

55
10
5y 11m
n/a
46
15
8y 6m
GPL-3.0

Statistical view of the recorded activity on a Honeynet.

Full featured script to visualize statistics from a Kippo SSH honeypot.

Guides

Honeypot (Dionaea and kippo) setup script

74
36
4y 11m
n/a

Script for turning a Raspberry Pi into a Honey Pot Pi

26
4
6y 10m
n/a

Tutorial on setting up Dionaea on an EC2 instance.

The Raspberry Pi based system will allow us to maintain one code base that will make it easier to collect rich logs beyond firewall logs.

Behavioral footprinting for self-propagating worm detection and profiling.