A curated list of awesome honeypots, plus related components and much more, divided into categories such as Web, services, and others, with a focus on free and open source projects.
There is no pre-established order of items in each category, the order is for contribution. If you want to contribute, please read the guide.
Discover more awesome lists at 303058⭐
26857🍴
sindresorhus/awesome).
-
2989⭐
463🍴
awesome-pcaptools) - Useful in network traffic analysis. -
11119⭐
2496🍴
awesome-malware-analysis) - Some overlap here for artifact analysis.
-
Database Honeypots
-
19⭐
6🍴
Delilah) - Elasticsearch Honeypot written in Python (originally from Novetta). -
25⭐
4🍴
ESPot) - Elasticsearch honeypot written in NodeJS, to capture every attempts to exploit CVE-2014-3120. - 🌎 ElasticPot - An Elasticsearch Honeypot.
-
181⭐
58🍴
Elastic honey) - Simple Elasticsearch Honeypot. -
88⭐
23🍴
MongoDB-HoneyProxy) - MongoDB honeypot proxy. -
102⭐
23🍴
NoSQLpot) - Honeypot framework built on a NoSQL-style database. -
29⭐
14🍴
mysql-honeypotd) - Low interaction MySQL honeypot written in C. -
20⭐
2🍴
MysqlPot) - MySQL honeypot, still very early stage. -
16⭐
7🍴
pghoney) - Low-interaction Postgres Honeypot. -
8⭐
5🍴
sticky_elephant) - Medium interaction postgresql honeypot. -
15⭐
7🍴
RedisHoneyPot) - High Interaction Honeypot Solution for Redis protocol.
-
-
Web honeypots
-
12⭐
4🍴
Express honeypot) - RFI & LFI honeypot using nodeJS and express. -
33⭐
20🍴
EoHoneypotBundle) - Honeypot type for Symfony2 forms. -
534⭐
174🍴
Glastopf) - Web Application Honeypot. - Google Hack Honeypot - Designed to provide reconnaissance against attackers that use search engines as a hacking tool against your resources.
-
331⭐
28🍴
HellPot) - Honeypot that tries to crash the bots and clients that visit it's location. -
428⭐
43🍴
Laravel Application Honeypot) - Simple spam prevention package for Laravel applications. -
43⭐
9🍴
Nodepot) - NodeJS web application honeypot. -
1⭐
1🍴
PasitheaHoneypot) - RestAPI honeypot. -
12⭐
4🍴
Servletpot) - Web application Honeypot. - 🌎 Shadow Daemon - Modular Web Application Firewall / High-Interaction Honeypot for PHP, Perl, and Python apps.
-
70⭐
17🍴
StrutsHoneypot) - Struts Apache 2 based honeypot as well as a detection module for Apache 2 servers. -
56⭐
15🍴
WebTrap) - Designed to create deceptive webpages to deceive and redirect attackers away from real websites. -
44⭐
4🍴
basic-auth-pot (bap)) - HTTP Basic Authentication honeypot. -
25⭐
1🍴
bwpot) - Breakable Web applications honeyPot. -
1001⭐
182🍴
django-admin-honeypot) - Fake Django admin login screen to notify admins of attempted unauthorized access. -
57⭐
11🍴
drupo) - Drupal Honeypot. -
287⭐
25🍴
galah) - an LLM-powered web honeypot using the OpenAI API. -
39⭐
15🍴
honeyhttpd) - Python-based web server honeypot builder. -
24⭐
3🍴
honeyup) - An uploader honeypot designed to look like poor website security. -
47⭐
1🍴
modpot) - Modpot is a modular web application honeypot framework and management application written in Golang and making use of gin framework. -
62⭐
15🍴
owa-honeypot) - A basic flask based Outlook Web Honey pot. -
64⭐
37🍴
phpmyadmin_honeypot) - Simple and effective phpMyAdmin honeypot. -
?⭐
?🍴
shockpot) - WebApp Honeypot for detecting Shell Shock exploit attempts. -
16⭐
1🍴
smart-honeypot) - PHP Script demonstrating a smart honey pot. - Snare/Tanner - successors to Glastopf
-
22⭐
3🍴
stack-honeypot) - Inserts a trap for spam bots into responses. -
10⭐
1🍴
tomcat-manager-honeypot) - Honeypot that mimics Tomcat manager endpoints. Logs requests and saves attacker's WAR file for later study. - WordPress honeypots
-
27⭐
8🍴
HonnyPotter) - WordPress login honeypot for collection and analysis of failed login attempts. -
3⭐
11🍴
HoneyPress) - Python based WordPress honeypot in a Docker container. -
26⭐
4🍴
wp-smart-honeypot) - WordPress plugin to reduce comment spam with a smarter honeypot. -
174⭐
60🍴
wordpot) - WordPress Honeypot.
-
-
408⭐
136🍴
Python-Honeypot) - OWASP Honeypot, Automated Deception Framework.
-
-
Service Honeypots
-
161⭐
32🍴
ADBHoney) - Low interaction honeypot that simulates an Android device running Android Debug Bridge (ADB) server process. -
16⭐
6🍴
AMTHoneypot) - Honeypot for Intel's AMT Firmware Vulnerability CVE-2017-5689. -
39⭐
10🍴
ddospot) - NTP, DNS, SSDP, Chargen and generic UDP-based amplification DDoS honeypot. -
682⭐
183🍴
dionaea) - Home of the dionaea honeypot. -
24⭐
4🍴
dhp) - Simple Docker Honeypot server emulating small snippets of the Docker HTTP API. -
1⭐
1🍴
DolosHoneypot) - SDN (software defined networking) honeypot. -
65⭐
14🍴
Ensnare) - Easy to deploy Ruby honeypot. -
32⭐
4🍴
Helix) - K8s API Honeypot with Active Defense Capabilities. -
26⭐
15🍴
honeycomb_plugins) - Plugin repository for Honeycomb, the honeypot framework by Cymmetria. - [honeydb] (https://honeydb.io/downloads) - Multi-service honeypot that is easy to deploy and configure. Can be configured to send interaction data to to HoneyDB's centralized collectors for access via REST API.
-
52⭐
12🍴
honeyntp) - NTP logger/honeypot. -
51⭐
19🍴
honeypot-camera) - Observation camera honeypot. -
26⭐
14🍴
honeypot-ftp) - FTP Honeypot. -
596⭐
105🍴
honeypots) - 25 different honeypots in a single pypi package! (dns, ftp, httpproxy, http, https, imap, mysql, pop3, postgres, redis, smb, smtp, socks5, ssh, telnet, vnc, mssql, elastic, ldap, ntp, memcache, snmp, oracle, sip and irc). -
1195⭐
177🍴
honeytrap) - Advanced Honeypot framework written in Go that can be connected with other honeypot software. -
457⭐
94🍴
HoneyPy) - Low interaction honeypot. -
19⭐
8🍴
Honeygrove) - Multi-purpose modular honeypot based on Twisted. -
40⭐
7🍴
Honeyport) - Simple honeyport written in Bash and Python. -
19⭐
11🍴
Honeyprint) - Printer honeypot. - 🌎 Lyrebird - Modern high-interaction honeypot framework.
-
14⭐
4🍴
MICROS honeypot) - Low interaction honeypot to detect CVE-2018-2636 in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (MICROS). -
4⭐
0🍴
node-ftp-honeypot) - FTP server honeypot in JS. -
1438⭐
239🍴
pyrdp) - RDP man-in-the-middle and library for Python 3 with the ability to watch connections live or after the fact. -
61⭐
10🍴
rdppot) - RDP honeypot -
1664⭐
547🍴
RDPy) - Microsoft Remote Desktop Protocol (RDP) honeypot implemented in Python. -
45⭐
17🍴
SMB Honeypot) - High interaction SMB service honeypot capable of capturing wannacry-like Malware. -
25⭐
8🍴
Tom's Honeypot) - Low interaction Python honeypot. -
?⭐
?🍴
troje) - Honeypot that runs each connection with the service within a separate LXC container. -
31⭐
12🍴
WebLogic honeypot) - Low interaction honeypot to detect CVE-2017-10271 in the Oracle WebLogic Server component of Oracle Fusion Middleware. -
4⭐
2🍴
WhiteFace Honeypot) - Twisted based honeypot for WhiteFace.
-
-
Distributed Honeypots
-
58⭐
12🍴
DemonHunter) - Low interaction honeypot server.
-
-
Anti-honeypot stuff
-
11⭐
1🍴
canarytokendetector) - Tool for detection and nullification of Thinkst CanaryTokens -
63⭐
4🍴
honeydet) - Signature based honeypot detector tool written in Golang -
56⭐
12🍴
kippo_detect) - Offensive component that detects the presence of the kippo honeypot.
-
-
ICS/SCADA honeypots
-
1192⭐
406🍴
Conpot) - ICS/SCADA honeypot. -
129⭐
33🍴
GasPot) - Veeder Root Gaurdian AST, common in the oil and gas industry. - SCADA honeynet - Building Honeypots for Industrial Networks.
-
53⭐
13🍴
gridpot) - Open source tools for realistic-behaving electric grid honeynets. - scada-honeynet - Mimics many of the services from a popular PLC and better helps SCADA researchers understand potential risks of exposed control system devices.
-
-
Other/random
-
114⭐
28🍴
CitrixHoneypot) - Detect and log CVE-2019-19781 scan and exploitation attempts. -
15⭐
4🍴
Damn Simple Honeypot (DSHP)) - Honeypot framework with pluggable handlers. -
22⭐
8🍴
dicompot) - DICOM Honeypot. - 🌎 IPP Honey - A honeypot for the Internet Printing Protocol.
-
87⭐
26🍴
Log4Pot) - A honeypot for the Log4Shell vulnerability (CVE-2021-44228). -
94⭐
15🍴
Masscanned) - Let's be scanned. A low-interaction honeypot focused on network scanners and bots. It integrates very well with IVRE to build a self-hosted alternative to GreyNoise. -
21⭐
6🍴
medpot) - HL7 / FHIR honeypot. -
73⭐
22🍴
NOVA) - Uses honeypots as detectors, looks like a complete system. -
22⭐
2🍴
OpenFlow Honeypot (OFPot)) - Redirects traffic for unused IPs to a honeypot, built on POX. -
2017⭐
346🍴
OpenCanary) - Modular and decentralised honeypot daemon that runs several canary versions of services that alerts when a service is (ab)used. -
50⭐
22🍴
ciscoasa_honeypot) A low interaction honeypot for the Cisco ASA component capable of detecting CVE-2018-0101, a DoS and remote code execution vulnerability. -
198⭐
18🍴
miniprint) - A medium interaction printer honeypot.
-
-
Botnet C2 tools
-
IPv6 attack detection tool
-
?⭐
?🍴
ipv6-attack-detector) - Google Summer of Code 2012 project, supported by The Honeynet Project organization.
-
-
Dynamic code instrumentation toolkit
- 🌎 Frida - Inject JavaScript to explore native apps on Windows, Mac, Linux, iOS and Android.
-
Tool to convert website to server honeypots
- HIHAT - Transform arbitrary PHP applications into web-based high-interaction Honeypots.
-
Malware collector
- 🌎 Kippo-Malware - Python script that will download all malicious files stored as URLs in a Kippo SSH honeypot database.
-
Distributed sensor deployment
- 🌎 Community Honey Network - CHN aims to make deployments honeypots and honeypot management tools easy and flexible. The default deployment method uses Docker Compose and Docker to deploy with a few simple commands.
-
?⭐
?🍴
Modern Honey Network) - Multi-snort and honeypot sensor management, uses a network of VMs, small footprint SNORT installations, stealthy dionaeas, and a centralized server for management.
-
Network Analysis Tool
- 🌎 Tracexploit - Replay network packets.
-
Log anonymizer
- LogAnon - Log anonymization library that helps having anonymous logs consistent between logs and network captures.
-
Low interaction honeypot (router back door)
-
15⭐
3🍴
Honeypot-32764) - Honeypot for router backdoor (TCP 32764). -
16⭐
1🍴
WAPot) - Honeypot that can be used to observe traffic directed at home routers.
-
-
honeynet farm traffic redirector
- 🌎 Honeymole - Deploy multiple sensors that redirect traffic to a centralized collection of honeypots.
-
HTTPS Proxy
- 🌎 mitmproxy - Allows traffic flows to be intercepted, inspected, modified, and replayed.
-
System instrumentation
-
Honeypot for USB-spreading malware
-
92⭐
26🍴
Ghost-usb) - Honeypot for malware that propagates via USB storage devices.
-
-
Data Collection
- 🌎 Kippo2MySQL - Extracts some very basic stats from Kippo’s text-based log files and inserts them in a MySQL database.
- 🌎 Kippo2ElasticSearch - Python script to transfer data from a Kippo SSH honeypot MySQL database to an ElasticSearch instance (server or cluster).
-
Passive network audit framework parser
-
31⭐
9🍴
Passive Network Audit Framework (pnaf)) - Framework that combines multiple passive and automated analysis techniques in order to provide a security assessment of network platforms.
-
-
VM monitoring and tools
-
691⭐
122🍴
Antivmdetect) - Script to create templates to use with VirtualBox to make VM detection harder. -
476⭐
118🍴
VMCloak) - Automated Virtual Machine Generation and Cloaking for Cuckoo Sandbox. - vmitools - C library with Python bindings that makes it easy to monitor the low-level details of a running virtual machine.
-
-
Binary debugger
-
31⭐
7🍴
Hexgolems - Pint Debugger Backend) - Debugger backend and LUA wrapper for PIN. -
142⭐
15🍴
Hexgolems - Schem Debugger Frontend) - Debugger frontend.
-
-
Mobile Analysis Tool
-
4972⭐
1044🍴
Androguard) - Reverse engineering, Malware and goodware analysis of Android applications and more. -
?⭐
?🍴
APKinspector) - Powerful GUI tool for analysts to analyze the Android applications.
-
-
Low interaction honeypot
- 🌎 Honeyperl - Honeypot software based in Perl with plugins developed for many functions like : wingates, telnet, squid, smtp, etc.
-
5953⭐
997🍴
T-Pot) - All in one honeypot appliance from telecom provider T-Mobile -
579⭐
48🍴
beelzebub) - A secure honeypot framework, extremely easy to configure by yaml 🚀
-
Honeynet data fusion
- 🌎 HFlow2 - Data coalesing tool for honeynet/network analysis.
-
Server
- Amun - Vulnerability emulation honeypot.
-
?⭐
?🍴
Artillery) - Open-source blue team tool designed to protect Linux and Windows operating systems through multiple methods. - Bait and Switch - Redirects all hostile traffic to a honeypot that is partially mirroring your production system.
-
4⭐
4🍴
Bifrozt) - Automatic deploy bifrozt with ansible. - Conpot - Low interactive server side Industrial Control Systems honeypot.
-
366⭐
79🍴
Heralding) - Credentials catching honeypot. -
20⭐
4🍴
HoneyWRT) - Low interaction Python honeypot designed to mimic services or ports that might get targeted by attackers. -
8⭐
7🍴
Honeyd) - See honeyd tools. - Honeysink - Open source network sinkhole that provides a mechanism for detection and prevention of malicious traffic on a given network.
-
157⭐
48🍴
Hontel) - Telnet Honeypot. - KFSensor - Windows based honeypot Intrusion Detection System (IDS).
- LaBrea - Takes over unused IP addresses, and creates virtual servers that are attractive to worms, hackers, and other denizens of the Internet.
-
102⭐
34🍴
MTPot) - Open Source Telnet Honeypot, focused on Mirai malware. -
12⭐
2🍴
SIREN) - Semi-Intelligent HoneyPot Network - HoneyNet Intelligent Virtual Environment. -
0⭐
0🍴
TelnetHoney) - Simple telnet honeypot. -
46⭐
10🍴
UDPot Honeypot) - Simple UDP/DNS honeypot scripts. -
8⭐
0🍴
Yet Another Fake Honeypot (YAFH)) - Simple honeypot written in Go. -
1⭐
0🍴
arctic-swallow) - Low interaction honeypot. -
1495⭐
173🍴
fapro) - Fake Protocol Server. -
227⭐
56🍴
glutton) - All eating honeypot. -
42⭐
4🍴
go-HoneyPot) - Honeypot server written in Go. -
8⭐
5🍴
go-emulators) - Honeypot Golang emulators. -
27⭐
8🍴
honeymail) - SMTP honeypot written in Golang. -
93⭐
18🍴
honeytrap) - Low-interaction honeypot and network security tool written to catch attacks against TCP and UDP services. -
24⭐
3🍴
imap-honey) - IMAP honeypot written in Golang. - 🌎 mwcollectd - Versatile malware collection daemon, uniting the best features of nepenthes and honeytrap.
-
28⭐
6🍴
potd) - Highly scalable low- to medium-interaction SSH/TCP honeypot designed for OpenWrt/IoT devices leveraging several Linux kernel features, such as namespaces, seccomp and thread capabilities. -
28⭐
4🍴
portlurker) - Port listener in Rust with protocol guessing and safe string display. -
15⭐
5🍴
slipm-honeypot) - Simple low-interaction port monitoring honeypot. -
301⭐
95🍴
telnet-iot-honeypot) - Python telnet honeypot for catching botnet binaries. -
235⭐
62🍴
telnetlogger) - Telnet honeypot designed to track the Mirai botnet. -
22⭐
6🍴
vnclowpot) - Low interaction VNC honeypot.
-
IDS signature generation
- Honeycomb - Automated signature creation using honeypots.
-
Lookup service for AS-numbers and prefixes
- CC2ASN - Simple lookup service for AS-numbers and prefixes belonging to any given country in the world.
-
Data Collection / Data Sharing
-
HPfriends - Honeypot data-sharing platform.
- 🌎 hpfriends - real-time social data-sharing - Presentation about HPFriends feed system
-
?⭐
?🍴
HPFeeds) - Lightweight authenticated publish-subscribe protocol.
-
HPfriends - Honeypot data-sharing platform.
-
Central management tool
- PHARM - Manage, report, and analyze your distributed Nepenthes instances.
-
Network connection analyzer
- Impost - Network security auditing tool designed to analyze the forensics behind compromised and/or vulnerable daemons.
-
Honeypot deployment
-
0⭐
0🍴
honeyfs) - Tool to create artificial file systems for medium/high interaction honeypots. - Modern Honeynet Network - Streamlines deployment and management of secure honeypots.
-
-
Honeypot extensions to Wireshark
- 🌎 Wireshark Extensions - Apply Snort IDS rules and signatures against packet capture files using Wireshark.
-
Client
- 🌎 CWSandbox / GFI Sandbox
- 🌎 Capture-HPC-Linux
-
10⭐
10🍴
Capture-HPC-NG) - 🌎 Capture-HPC - High interaction client honeypot (also called honeyclient).
- HoneyBOT
- 🌎 HoneyC
-
28⭐
9🍴
HoneySpider Network) - Highly-scalable system integrating multiple client honeypots to detect malicious websites. - 🌎 HoneyWeb - Web interface created to manage and remotely share Honeyclients resources.
-
157⭐
65🍴
Jsunpack-n) - MonkeySpider
-
24⭐
9🍴
PhoneyC) - Python honeyclient (later replaced by Thug). -
?⭐
?🍴
Pwnypot) - High Interaction Client Honeypot. -
?⭐
?🍴
Rumal) - Thug's Rumāl: a Thug's dress and weapon. - 🌎 Shelia - Client-side honeypot for attack detection.
- 🌎 Thug - Python-based low-interaction honeyclient.
- 🌎 Thug Distributed Task Queuing
- 🌎 Trigona
- 🌎 URLQuery
-
68⭐
10🍴
YALIH (Yet Another Low Interaction Honeyclient)) - Low-interaction client honeypot designed to detect malicious websites through signature, anomaly, and pattern matching techniques.
-
Honeypot
- Deception Toolkit
-
15⭐
8🍴
IMHoneypot)
-
PDF document inspector
-
1242⭐
236🍴
peepdf) - Powerful Python tool to analyze PDF documents.
-
-
Hybrid low/high interaction honeypot
-
SSH Honeypots
-
18⭐
4🍴
Blacknet) - Multi-head SSH honeypot system. -
4929⭐
851🍴
Cowrie) - Cowrie SSH Honeypot (based on kippo). -
14⭐
3🍴
DShield docker) - Docker container running cowrie with DShield output enabled. -
6910⭐
268🍴
endlessh) - SSH tarpit that slowly sends an endless banner. 🌎 docker image) -
371⭐
74🍴
HonSSH) - Logs all SSH communications between a client and server. -
3⭐
1🍴
HUDINX) - Tiny interaction SSH honeypot engineered in Python to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker. -
1585⭐
280🍴
Kippo) - Medium interaction SSH honeypot. -
9⭐
2🍴
Kippo_JunOS) - Kippo configured to be a backdoored netscreen. -
36⭐
5🍴
Kojoney2) - Low interaction SSH honeypot written in Python and based on Kojoney by Jose Antonio Coret. - Kojoney - Python-based Low interaction honeypot that emulates an SSH server implemented with Twisted Conch.
-
14⭐
2🍴
Longitudinal Analysis of SSH Cowrie Honeypot Logs) - Python based command line tool to analyze cowrie logs over time. - LongTail Log Analysis @ Marist College - Analyzed SSH honeypot logs.
-
6⭐
0🍴
Malbait) - Simple TCP/UDP honeypot implemented in Perl. -
122⭐
22🍴
MockSSH) - Mock an SSH server and define all commands it supports (Python, Twisted). -
4⭐
4🍴
cowrie2neo) - Parse cowrie honeypot logs into a neo4j database. -
31⭐
5🍴
go-sshoney) - SSH Honeypot. -
34⭐
5🍴
go0r) - Simple ssh honeypot in Golang. -
9⭐
3🍴
gohoney) - SSH honeypot written in Go. -
2⭐
0🍴
hived) - Golang-based honeypot. -
37⭐
12🍴
hnypots-agent)) - SSH Server in Go that logs username and password combinations. -
26⭐
7🍴
honeypot.go) - SSH Honeypot written in Go. -
11⭐
1🍴
honeyssh) - Credential dumping SSH honeypot with statistics. -
21⭐
2🍴
hornet) - Medium interaction SSH honeypot that supports multiple virtual hosts. -
18⭐
8🍴
ssh-auth-logger) - Low/zero interaction SSH authentication logging honeypot. -
594⭐
240🍴
ssh-honeypot) - Fake sshd that logs IP addresses, usernames, and passwords. -
24⭐
0🍴
ssh-honeypot) - Modified version of the OpenSSH deamon that forwards commands to Cowrie where all commands are interpreted and returned. -
11⭐
3🍴
ssh-honeypotd) - Low-interaction SSH honeypot written in C. -
38⭐
5🍴
sshForShits) - Framework for a high interaction SSH honeypot. -
1425⭐
85🍴
sshesame) - Fake SSH server that lets everyone in and logs their activity. -
168⭐
53🍴
sshhipot) - High-interaction MitM SSH honeypot. -
12⭐
3🍴
sshlowpot) - Yet another no-frills low-interaction SSH honeypot in Go. -
95⭐
9🍴
sshsyrup) - Simple SSH Honeypot with features to capture terminal activity and upload to asciinema.org. -
85⭐
23🍴
twisted-honeypots) - SSH, FTP and Telnet honeypots based on Twisted.
-
-
Distributed sensor project
-
A pcap analyzer
-
Network traffic redirector
-
Honeypot Distribution with mixed content
-
Honeypot sensor
- 🌎 Honeeepi - Honeypot sensor on a Raspberry Pi based on a customized Raspbian OS.
-
File carving
-
Behavioral analysis tool for win32
-
Live CD
- 🌎 DAVIX - The DAVIX Live CD.
-
Spamtrap
- 🌎 Mail::SMTP::Honeypot - Perl module that appears to provide the functionality of a standard SMTP server.
-
246⭐
71🍴
Mailoney) - SMTP honeypot, Open Relay, Cred Harvester written in python. -
11⭐
8🍴
SendMeSpamIDS.py) - Simple SMTP fetch all IDS and analyzer. -
130⭐
35🍴
Shiva) - Spam Honeypot with Intelligent Virtual Analyzer. -
2⭐
0🍴
SMTPLLMPot) - A super simple SMTP Honeypot built using GPT3.5 -
25⭐
2🍴
SpamHAT) - Spam Honeypot Tool. - Spamhole
-
2⭐
0🍴
honeypot) - The Project Honey Pot un-official PHP SDK. - spamd
-
Commercial honeynet
- Cymmetria Mazerunner - Leads attackers away from real targets and creates a footprint of the attack.
-
Server (Bluetooth)
-
227⭐
32🍴
Bluepot)
-
-
Dynamic analysis of Android apps
- 🌎 Droidbox
-
Dockerized Low Interaction packaging
-
21⭐
4🍴
Docker honeynet) - Several Honeynet tools set up for Docker containers. - 🌎 Dockerized Thug - Dockerized
959⭐
204🍴
Thug) to analyze malicious web content. -
147⭐
14🍴
Dockerpot) - Docker based honeypot. -
22⭐
5🍴
Manuka) - Docker based honeypot (Dionaea and Kippo). -
5⭐
1🍴
honey_ports) - Very simple but effective docker deployed honeypot to detect port scanning in your environment. -
32⭐
5🍴
mhn-core-docker) - Core elements of the Modern Honey Network implemented in Docker.
-
-
Network analysis
- 🌎 Quechua
-
SIP Server
-
SIP
-
150⭐
17🍴
SentryPeer) - Protect your SIP Servers from bad actors.
-
-
IOT Honeypot
-
117⭐
42🍴
HoneyThing) - TR-069 Honeypot. -
24⭐
8🍴
Kako) - Honeypots for a number of well known and deployed embedded device vulnerabilities.
-
-
Honeytokens
-
1668⭐
248🍴
CanaryTokens) - Self-hostable honeytoken generator and reporting dashboard; demo version available at 🌎 CanaryTokens.org. -
271⭐
45🍴
Honeybits) - Simple tool designed to enhance the effectiveness of your traps by spreading breadcrumbs and honeytokens across your production servers and workstations to lure the attacker toward your honeypots. -
505⭐
55🍴
Honeyλ (HoneyLambda)) - Simple, serverless application designed to create and monitor URL honeytokens, on top of AWS Lambda and Amazon API Gateway. -
498⭐
108🍴
dcept) - Tool for deploying and detecting use of Active Directory honeytokens. -
58⭐
11🍴
honeyku) - Heroku-based web honeypot that can be used to create and monitor fake HTTP endpoints (i.e. honeytokens).
-
-
Honeyd plugin
-
Honeyd viewer
-
Honeyd to MySQL connector
-
A script to visualize statistics from honeyd
-
Honeyd stats
-
332⭐
99🍴
Honeydsum.pl)
-
-
Sandbox
- Argos - Emulator for capturing zero-day attacks.
- 🌎 COMODO automated sandbox
- 🌎 Cuckoo - Leading open source automated malware analysis system.
-
125⭐
31🍴
Pylibemu) - Libemu Cython wrapper. - 🌎 RFISandbox - PHP 5.x script sandbox built on top of 🌎 funcall.
-
197⭐
35🍴
dorothy2) - Malware/botnet analysis framework written in Ruby. -
11⭐
6🍴
imalse) - Integrated MALware Simulator and Emulator. -
137⭐
47🍴
libemu) - Shellcode emulation library, useful for shellcode detection.
-
Sandbox-as-a-Service
- 🌎 Hybrid Analysis - Free malware analysis service powered by Payload Security that detects and analyzes unknown threats using a unique Hybrid Analysis technology.
- 🌎 Joebox Cloud - Analyzes the behavior of malicious files including PEs, PDFs, DOCs, PPTs, XLSs, APKs, URLs and MachOs on Windows, Android and Mac OS X for suspicious activities.
- 🌎 VirusTotal - Analyze suspicious files and URLs to detect types of malware, and automatically share them with the security community.
- 🌎 malwr.com - Free malware analysis service and community.
-
Front Ends
-
65⭐
27🍴
DionaeaFR) - Front Web to Dionaea low-interaction honeypot. -
11⭐
1🍴
Django-kippo) - Django App for kippo SSH Honeypot. -
2⭐
0🍴
Shockpot-Frontend) - Full featured script to visualize statistics from a Shockpot honeypot. -
252⭐
43🍴
Tango) - Honeypot Intelligence with Splunk. -
3⭐
1🍴
Wordpot-Frontend) - Full featured script to visualize statistics from a Wordpot honeypot. -
3⭐
1🍴
honeyalarmg2) - Simplified UI for showing honeypot alarms. -
2⭐
0🍴
honeypotDisplay) - Flask website which displays data gathered from an SSH Honeypot.
-
-
Visualization
-
9⭐
6🍴
Acapulco) - Automated Attack Community Graph Construction. -
14⭐
7🍴
Afterglow Cloud) - Afterglow
-
1⭐
0🍴
Glastopf Analytics) - Easy honeypot statistics. -
13⭐
3🍴
HoneyMalt) - Maltego tranforms for mapping Honeypot systems. -
217⭐
90🍴
HoneyMap) - Real-time websocket stream of GPS events on a fancy SVG world map. - 🌎 HoneyStats - Statistical view of the recorded activity on a Honeynet.
-
14⭐
4🍴
HpfeedsHoneyGraph) - Visualization app to visualize hpfeeds logs. -
3321⭐
625🍴
IVRE) - Network recon framework, published by @cea-sec & @ANSSI-FR. Build your own, self-hosted and fully-controlled alternatives to Criminalip / Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, collect and analyse network intelligence from your sensors, and much more! -
17⭐
2🍴
Kippo stats) - Mojolicious app to display statistics for your kippo SSH honeypot. - 🌎 Kippo-Graph - Full featured script to visualize statistics from a Kippo SSH honeypot.
-
61⭐
11🍴
The Intelligent HoneyNet) - Create actionable information from honeypots. -
46⭐
15🍴
ovizart) - Visual analysis for network traffic.
-
-
Deployment
- Dionaea and EC2 in 20 Minutes - Tutorial on setting up Dionaea on an EC2 instance.
- 🌎 Using a Raspberry Pi honeypot to contribute data to DShield/ISC - The Raspberry Pi based system will allow us to maintain one code base that will make it easier to collect rich logs beyond firewall logs.
-
32⭐
5🍴
honeypotpi) - Script for turning a Raspberry Pi into a HoneyPot Pi.
-
Research Papers
-
24⭐
5🍴
Honeypot research papers) - PDFs of research papers on honeypots. - 🌎 vEYE - Behavioral footprinting for self-propagating worm detection and profiling.
-
8088⭐
1221🍴
paralax/awesome-honeypots)