Your first time on this page? Allow me to give some explanations.
an awesome list of honeypot resources
Here you can see meta information about this topic like the time we last updated this page, the original creator of the awesome list and a link to the original GitHub repository.
Thank you paralax & contributors
View Topic on GitHub:
Search for resources by name or description.
Simply type in what you are looking for and the results will be filtered on the fly.
Further filter the resources on this page by type (repository/other resource), number of stars on GitHub and time of last commit in months.
A collection of tools developed by other researchers in the Computer Science area to process network traces. All the right reserved for the original authors.
Defund the Police.
ESPot - ElasticSearch Honeypot
A Simple Elasticsearch Honeypot
A honeypot proxy for mongodb. When run, this will proxy and log all traffic to a dummy mongodb server.
The NoSQL Honeypot Framework
Low interaction MySQL honeypot written in C
A mysql honeypot, still very very early stage
Low-interaction Postgres Honeypot
medium interaction postgresql honeypot
Honeypot type for Symfony forms
Web Application Honeypot
HellPot is an endless honeypot that sends bots to hell. Based on Heffalump.
Simple spam prevention package for Laravel applications
A nodejs web application honeypot
Struts Apache 2 based honeypot as well as a detection module for Apache 2 servers
This project is designed to create deceptive webpages to deceive and redirect attackers away from real websites.
bap - http Basic Authentication honeyPot
A fake Django admin login screen page.
HoneyHTTPD is a Python-based web server honeypot/service imitation builder. Great for honeypots or faking HTTP services.
A simple and effective phpmyadmin honeypot
WebApp Honeypot for detecting Shell Shock exploit attempts
PHP Script demonstrating a smart honey pot.
Super Next generation Advanced Reactive honEypot
He who flays the hide
Inserts a trap for spam bots into responses.
Honeypot that mimics Tomcat manager endpoints. Logs requests and saves attacker's WAR file for later study
python based WordPress honeypot in a docker container
Wordpress plugin to reduce comment spam with a smarter honeypot.
A Wordpress Honeypot
Low interaction honeypot designed for Android Debug Bridge over TCP/IP
Honeypot for Intel's AMT Firmware Vulnerability CVE-2017-5689
A low to medium interaction honeypot.
A multi-purpose, modular medium-interaction honeypot based on Twisted.
Bash and Python Honeyport scripts
MICROS Honeypot is a low interaction honeypot to detect CVE-2018-2636 in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (MICROS). This is a directory traversal vulnerability.
Remote Desktop Protocol in Twisted Python
Simple High Interaction Honeypot Solution for SMB protocol
Tom's Honey Pot as seen in Applied Network Security Monitoring.
WebLogic Honeypot is a low interaction honeypot to detect CVE-2017-10271 in the Oracle WebLogic Server component of Oracle Fusion Middleware. This is a Remote Code Execution vulnerability.
Twisted based HoneyPot for WhiteFace
Simple Docker Honeypot server emulating small snippets of the Docker HTTP API
The plugin repository for Honeycomb, the honeypot framework by Cymmetria
observation camera honeypot
Advanced Honeypot framework.
RDP man-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact
Troje is a honeypot built around lxc containers. It will run each connection with the service within a seperate lxc container.
Quick proof of concept to detect a Kippo SSH honeypot instance externally
GasPot Released at Blackhat 2015
Open source tools for realistic-behaving electric grid honeynets
damn simple honey pot
Repo for the Open Source version of NOVA
Modular and decentralised honeypot
A low interaction honeypot for the Cisco ASA component capable of detecting CVE-2018-0101, a DoS and remote code execution vulnerability.
A medium interaction printer honeypot 🍯
Botnet command & control monitor
Google Summer of Code 2012 project, supported by The Honeynet Project organization.
Modern Honey Network
Honeypot for router backdoor (TCP 32764)
A honeypot that can be used to observe traffic directed at home routers.
A modern tool for the Windows kernel exploration and tracing
A honeypot for malware that propagates via USB storage devices
Passive Network Audit Framework
Script to create templates to use with VirtualBox to make vm detection harder
Automated Virtual Machine Generation and Cloaking for Cuckoo Sandbox.
A debugger backend and LUA wrapper for PIN
A debugger frontend
Reverse engineering, Malware and goodware analysis of Android applications ... and more (ninja !)
APKinspector is a powerful GUI tool for analysts to analyze the Android applications.
🍯 T-Pot - The All In One Honeypot Platform 🐝
The Artillery Project is an open-source blue team tool designed to protect Linux and Windows operating systems through multiple methods.
Automatic deploy bifrozt with ansible. ALPHA
Credentials catching honeypot
Open Source Telnet Honeypot
Semi-Intelligent HoneyPot Network - Semi-Intelligent Reactive Environment Network
A simple telnet honeypot
Simple UDP honeypot script
Yet Another Fake Honeypot written in Go
a low interaction honeypot.
Generic Low Interaction Honeypot
A honeypot server written in Go.
honeypot go lang emulators
SMTP honeypot written in Golang
a low-interaction honeypot
IMAP honeypot written in Golang
A high scalable low to medium interactive SSH/TCP honeypot using Linux Namespaces, capabilities, seccomp, cgroups designed for OpenWrt and IoT devices.
Port listener / honeypot in Rust with protocol guessing and safe string display
A simple low-interaction port monitoring honeypot.
Python telnet honeypot for catching botnet binaries
Simulates enough of a Telnet connection in order to log failed login attempts.
Low-interaction VNC honeypot with a static challenge.
Honeynet Project generic authenticated datafeed protocol
HoneySpider Network version of Capture-HPC
Automatically exported from code.google.com/p/jsunpack-n
PwnyPot, High Interaction Client Honeypot
YALIH (Yet Another Low Interaction Honeyclient) is a low Interaction Client honeypot designed to detect malicious websites through signature, anomaly and pattern matching techniques
Instant messenger honeypot
Powerful Python tool to analyze PDF documents
Multi-head SSH honeypot system.
Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io
Docker container running cowrie with DShield output enabled.
HonSSH is designed to log all SSH communications between a client and server.
Hudinx is a tiny interaction SSH honeypot engineered in Python to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker.
Kippo - SSH Honeypot
Kippo configured to be a backdoored netscreen
Kojoney2 is a low interaction SSH honeypot written in Python. Based on Kojoney by Jose Antonio Coret
Simple TCP/UDP honeypot implemented in Perl
Mock an SSH server and define all commands it supports (Python, Twisted)
Parse cowrie honeypot logs into a neo4j database
A simple ssh honeypot in golang
A SSH honeypot written in Go
hived is a honeypot
A SSH Server in Go that logs username/password combos
SSH Honeypot written in Go
A credential dumping SSH honeypot with statistics
A low/zero interaction ssh authentication logging honeypot
Fake sshd that logs ip addresses, usernames, and passwords.
A low-interaction SSH honeypot written in C
framework for a high interaction SSH honeypot
A fake SSH server that lets everyone in and logs their activity
High-interaction MitM SSH honeypot
Yet another no-frills low-interaction ssh honeypot in Go.
A low-to-medium interaction SSH Honeypot with features to capture terminal activity and upload to asciinema.org
SSH, FTP and Telnet honeypots based on Twisted
An SMTP Honeypot
Fetch all Honeypot
Spam Honeypot with Intelligent Virtual Analyzer
Spam Honeypot Tool
The Project Honey Pot un-official PHP SDK
Docker configs and build scripts.
A docker based honeypot.
Docker based honeypot (Dionaea & Kippo)
Very simple but effective honeypot to detect port scanning on your network
Core elements of the Modern Honey Network implemented in Docker
Kako "IoT" honeypot framework.
Canarytokens helps track activity and actions on your network.
A PoC tool designed to enhance the effectiveness of your traps by spreading breadcrumbs & honeytokens across your systems to lure the attacker toward your honeypots
honeyλ - a simple, serverless application designed to create and monitor fake HTTP endpoints (i.e. URL honeytokens) automatically, on top of AWS Lambda and Amazon API Gateway
A tool for deploying and detecting use of Active Directory honeytokens
A Heroku-based web honeypot that can be used to create and monitor fake HTTP endpoints (i.e. honeytokens).
Designed to provide reconnaissance against attackers that use search engines as a hacking tool against your resources.
Modular Web Application Firewall / High-Interaction Honeypot for PHP, Perl, and Python apps.
Mimics many of the services from a popular PLC and better helps SCADA researchers understand potential risks of exposed control system devices.
Analyses DNS traffic and potentionaly detect botnet command and control server activity, along with infected hosts.
Transform arbitrary PHP applications into web-based high-interaction Honeypots.
Python script that will download all malicious files stored as URLs in a Kippo SSH honeypot database.
CHN aims to make deployments honeypots and honeypot management tools easy and flexible. The default deployment method uses Docker Compose and Docker to deploy with a few simple commands.
Log anonymization library that helps having anonymous logs consistent between logs and network captures.
Deploy multiple sensors that redirect traffic to a centralized collection of honeypots.
Interactive intercepting HTTP proxy for penetration testers and software developers. ![Open-Source Software][OSS Icon] ![Freeware][Freeware Icon]
Open source, system-level exploration allows one to capture system state and activity from a running GNU/Linux instance, then save, filter, and analyze the results.
Extracts some very basic stats from Kippo’s text-based log files and inserts them in a MySQL database.
Python script to transfer data from a Kippo SSH honeypot MySQL database to an ElasticSearch instance (server or cluster).
C library with Python bindings that makes it easy to monitor the low-level details of a running virtual machine.
Honeypot software based in Perl with plugins developed for many functions like : wingates, telnet, squid, smtp, etc.
Redirects all hostile traffic to a honeypot that is partially mirroring your production system.
ICS/SCADA Honeypot. Conpot is a low interactive server side Industrial Control Systems honeypot designed to be easy to deploy, modify and extend. By providing a range of common industrial control protocols we created the basics to build your own system, capable to emulate complex infrastructures to convince an adversary that he just found a huge industrial complex. To improve the deceptive capabilities, we also provided the possibility to server a custom human machine interface to increase the honeypots attack surface. The response times of the services can be artificially delayed to mimic the behaviour of a system under constant load. Because we are providing complete stacks of the protocols, Conpot can be accessed with productive HMI's or extended with real hardware. Conpot is developed under the umbrella of the Honeynet Project and on the shoulders of a couple of very big giants.
Open source network sinkhole that provides a mechanism for detection and prevention of malicious traffic on a given network.
Takes over unused IP addresses, and creates virtual servers that are attractive to worms, hackers, and other denizens of the Internet.
Versatile malware collection daemon, uniting the best features of nepenthes and honeytrap.
Simple lookup service for AS-numbers and prefixes belonging to any given country in the world.
Presentation about HPFriends feed system
Manage, report, and analyze your distributed Nepenthes instances.
Network security auditing tool designed to analyze the forensics behind compromised and/or vulnerable daemons.
Streamlines deployment and management of secure honeypots.
Apply Snort IDS rules and signatures against packet capture files using Wireshark.
High interaction client honeypot (also called honeyclient).
Web interface created to manage and remotely share Honeyclients resources.
Kojoney is a low level interaction honeypot that emulates an SSH server. The daemon is written in Python using the Twisted Conch libraries.
Analyzed SSH honeypot logs.
Honeypot sensor on a Raspberry Pi based on a customized Raspbian OS.
Perl module that appears to provide the functionality of a standard SMTP server.
Dockerized Thug to analyze malicious web content.
Network and Artifact Analysis
A Libemu Cython wrapper
A malware/botnet analysis framework written in Ruby.
Integrated MALware Simulator and Emulator
x86 emulation and shellcode detection
PHP 5.x script sandbox built on top of funcall.
Free malware analysis service powered by Payload Security that detects and analyzes unknown threats using a unique Hybrid Analysis technology.
Analyzes the behavior of malicious files including PEs, PDFs, DOCs, PPTs, XLSs, APKs, URLs and MachOs on Windows, Android and Mac OS X for suspicious activities.
VirusTotal, a subsidiary of Google, is a free online service that analyzes files and URLs enabling the identification of viruses, worms, trojans and other kinds of malicious content detected by antivirus engines and website scanners. At the same time, it may be used as a means to detect false positives, i.e. innocuous resources detected as malicious by one or more scanners.
Dionaea Front Web
Django App for kippo SSH Honeypot: https://code.google.com/p/kippo/
Honeypot Intelligence with Splunk
Simplified UI for showing honeypot alarms
A flask website which displays data I've gathered with my SSH Honeypot
Attack Community Graphs through Event Clustering
AfterGlow Cloud is a security visualization tool which lets users upload data and visualize the data as graphs on-the-fly (part of Google Summer of Code 2012).
easy honeypot statistics
Maltego tranforms for mapping Honeypot systems.
Real-time websocket stream of GPS events on a fancy SVG world map
HpfeedsHoneyGraph is a visualization app to visualize hpfeeds logs
Mojolicious app to display statistics for your kippo SSH honeypot
The Intelligent Honey Net Project attempts to create actionable information from honeypots
Statistical view of the recorded activity on a Honeynet.
Honeypot (Dionaea and kippo) setup script
Script for turning a Raspberry Pi into a Honey Pot Pi
Tutorial on setting up Dionaea on an EC2 instance.
The Raspberry Pi based system will allow us to maintain one code base that will make it easier to collect rich logs beyond firewall logs.