Awesome Honeypots

A curated list of awesome honeypots, plus related components and much more, divided into categories such as Web, services, and others, with a focus on free and open source projects.

There is no pre-established order of items in each category, the order is for contribution. If you want to contribute, please read the guide.

Discover more awesome lists at 302566⭐  26845🍴 sindresorhus/awesome).

Contents

• Awesome Honeypots
• Contents
  • Related Lists
  • Honeypots
  • Honeyd Tools
  • Network and Artifact Analysis
  • Data Tools
  • Guides

Related Lists

•   2985⭐    463🍴 awesome-pcaptools) - Useful in network traffic analysis.
•  11097⭐   2493🍴 awesome-malware-analysis) - Some overlap here for artifact analysis.

Honeypots

• Database Honeypots

  •     19⭐      6🍴 Delilah) - Elasticsearch Honeypot written in Python (originally from Novetta).
  •     25⭐      4🍴 ESPot) - Elasticsearch honeypot written in NodeJS, to capture every attempts to exploit CVE-2014-3120.
  • 🌎 ElasticPot - An Elasticsearch Honeypot.
  •    181⭐     58🍴 Elastic honey) - Simple Elasticsearch Honeypot.
  •     88⭐     23🍴 MongoDB-HoneyProxy) - MongoDB honeypot proxy.
  •    102⭐     23🍴 NoSQLpot) - Honeypot framework built on a NoSQL-style database.
  •     29⭐     14🍴 mysql-honeypotd) - Low interaction MySQL honeypot written in C.
  •     20⭐      2🍴 MysqlPot) - MySQL honeypot, still very early stage.
  •     16⭐      7🍴 pghoney) - Low-interaction Postgres Honeypot.
  •      8⭐      5🍴 sticky_elephant) - Medium interaction postgresql honeypot.
  •     15⭐      7🍴 RedisHoneyPot) - High Interaction Honeypot Solution for Redis protocol.

• Web honeypots

  •     12⭐      4🍴 Express honeypot) - RFI & LFI honeypot using nodeJS and express.
  •     33⭐     20🍴 EoHoneypotBundle) - Honeypot type for Symfony2 forms.
  •    534⭐    174🍴 Glastopf) - Web Application Honeypot.
  • Google Hack Honeypot - Designed to provide reconnaissance against attackers that use search engines as a hacking tool against your resources.
  •    324⭐     27🍴 HellPot) - Honeypot that tries to crash the bots and clients that visit it's location.
  •    429⭐     43🍴 Laravel Application Honeypot) - Simple spam prevention package for Laravel applications.
  •     43⭐      9🍴 Nodepot) - NodeJS web application honeypot.
  •      1⭐      1🍴 PasitheaHoneypot) - RestAPI honeypot.
  •     12⭐      4🍴 Servletpot) - Web application Honeypot.
  • 🌎 Shadow Daemon - Modular Web Application Firewall / High-Interaction Honeypot for PHP, Perl, and Python apps.
  •     70⭐     17🍴 StrutsHoneypot) - Struts Apache 2 based honeypot as well as a detection module for Apache 2 servers.
  •     56⭐     15🍴 WebTrap) - Designed to create deceptive webpages to deceive and redirect attackers away from real websites.
  •     44⭐      4🍴 basic-auth-pot (bap)) - HTTP Basic Authentication honeypot.
  •     25⭐      1🍴 bwpot) - Breakable Web applications honeyPot.
  •   1000⭐    181🍴 django-admin-honeypot) - Fake Django admin login screen to notify admins of attempted unauthorized access.
  •     57⭐     11🍴 drupo) - Drupal Honeypot.
  •    283⭐     24🍴 galah) - an LLM-powered web honeypot using the OpenAI API.
  •     39⭐     14🍴 honeyhttpd) - Python-based web server honeypot builder.
  •     24⭐      3🍴 honeyup) - An uploader honeypot designed to look like poor website security.
  •     47⭐      1🍴 modpot) - Modpot is a modular web application honeypot framework and management application written in Golang and making use of gin framework.
  •     61⭐     15🍴 owa-honeypot) - A basic flask based Outlook Web Honey pot.
  •     64⭐     37🍴 phpmyadmin_honeypot) - Simple and effective phpMyAdmin honeypot.
  •      ?⭐      ?🍴 shockpot) - WebApp Honeypot for detecting Shell Shock exploit attempts.
  •     16⭐      1🍴 smart-honeypot) - PHP Script demonstrating a smart honey pot.
  • Snare/Tanner - successors to Glastopf
    •    432⭐    133🍴 Snare) - Super Next generation Advanced Reactive honeypot.
    •    214⭐     97🍴 Tanner) - Evaluating SNARE events.
  •     22⭐      3🍴 stack-honeypot) - Inserts a trap for spam bots into responses.
  •     10⭐      1🍴 tomcat-manager-honeypot) - Honeypot that mimics Tomcat manager endpoints. Logs requests and saves attacker's WAR file for later study.
  • WordPress honeypots
    •     27⭐      8🍴 HonnyPotter) - WordPress login honeypot for collection and analysis of failed login attempts.
    •      3⭐     11🍴 HoneyPress) - Python based WordPress honeypot in a Docker container.
    •     26⭐      4🍴 wp-smart-honeypot) - WordPress plugin to reduce comment spam with a smarter honeypot.
    •    174⭐     60🍴 wordpot) - WordPress Honeypot.
  •    408⭐    136🍴 Python-Honeypot) - OWASP Honeypot, Automated Deception Framework.

• Service Honeypots

  •    161⭐     32🍴 ADBHoney) - Low interaction honeypot that simulates an Android device running Android Debug Bridge (ADB) server process.
  •     16⭐      6🍴 AMTHoneypot) - Honeypot for Intel's AMT Firmware Vulnerability CVE-2017-5689.
  •     39⭐     10🍴 ddospot) - NTP, DNS, SSDP, Chargen and generic UDP-based amplification DDoS honeypot.
  •    681⭐    183🍴 dionaea) - Home of the dionaea honeypot.
  •     24⭐      4🍴 dhp) - Simple Docker Honeypot server emulating small snippets of the Docker HTTP API.
  •      1⭐      1🍴 DolosHoneypot) - SDN (software defined networking) honeypot.
  •     65⭐     14🍴 Ensnare) - Easy to deploy Ruby honeypot.
  •     31⭐      4🍴 Helix) - K8s API Honeypot with Active Defense Capabilities.
  •     26⭐     15🍴 honeycomb_plugins) - Plugin repository for Honeycomb, the honeypot framework by Cymmetria.
  • [honeydb] (https://honeydb.io/downloads) - Multi-service honeypot that is easy to deploy and configure. Can be configured to send interaction data to to HoneyDB's centralized collectors for access via REST API.
  •     52⭐     12🍴 honeyntp) - NTP logger/honeypot.
  •     51⭐     19🍴 honeypot-camera) - Observation camera honeypot.
  •     26⭐     14🍴 honeypot-ftp) - FTP Honeypot.
  •    595⭐    105🍴 honeypots) - 25 different honeypots in a single pypi package! (dns, ftp, httpproxy, http, https, imap, mysql, pop3, postgres, redis, smb, smtp, socks5, ssh, telnet, vnc, mssql, elastic, ldap, ntp, memcache, snmp, oracle, sip and irc).
  •   1194⭐    177🍴 honeytrap) - Advanced Honeypot framework written in Go that can be connected with other honeypot software.
  •    457⭐     94🍴 HoneyPy) - Low interaction honeypot.
  •     19⭐      8🍴 Honeygrove) - Multi-purpose modular honeypot based on Twisted.
  •     40⭐      7🍴 Honeyport) - Simple honeyport written in Bash and Python.
  •     19⭐     11🍴 Honeyprint) - Printer honeypot.
  • 🌎 Lyrebird - Modern high-interaction honeypot framework.
  •     14⭐      4🍴 MICROS honeypot) - Low interaction honeypot to detect CVE-2018-2636 in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (MICROS).
  •      4⭐      0🍴 node-ftp-honeypot) - FTP server honeypot in JS.
  •   1434⭐    239🍴 pyrdp) - RDP man-in-the-middle and library for Python 3 with the ability to watch connections live or after the fact.
  •     61⭐     10🍴 rdppot) - RDP honeypot
  •   1664⭐    547🍴 RDPy) - Microsoft Remote Desktop Protocol (RDP) honeypot implemented in Python.
  •     45⭐     17🍴 SMB Honeypot) - High interaction SMB service honeypot capable of capturing wannacry-like Malware.
  •     25⭐      8🍴 Tom's Honeypot) - Low interaction Python honeypot.
  •      ?⭐      ?🍴 troje) - Honeypot that runs each connection with the service within a separate LXC container.
  •     31⭐     12🍴 WebLogic honeypot) - Low interaction honeypot to detect CVE-2017-10271 in the Oracle WebLogic Server component of Oracle Fusion Middleware.
  •      4⭐      2🍴 WhiteFace Honeypot) - Twisted based honeypot for WhiteFace.

• Distributed Honeypots

  •     58⭐     12🍴 DemonHunter) - Low interaction honeypot server.

• Anti-honeypot stuff

  •     11⭐      1🍴 canarytokendetector) - Tool for detection and nullification of Thinkst CanaryTokens
  •     59⭐      4🍴 honeydet) - Signature based honeypot detector tool written in Golang
  •     56⭐     12🍴 kippo_detect) - Offensive component that detects the presence of the kippo honeypot.

• ICS/SCADA honeypots

  •   1190⭐    406🍴 Conpot) - ICS/SCADA honeypot.
  •    128⭐     33🍴 GasPot) - Veeder Root Gaurdian AST, common in the oil and gas industry.
  • SCADA honeynet - Building Honeypots for Industrial Networks.
  •     53⭐     13🍴 gridpot) - Open source tools for realistic-behaving electric grid honeynets.
  • scada-honeynet - Mimics many of the services from a popular PLC and better helps SCADA researchers understand potential risks of exposed control system devices.

• Other/random

  •    114⭐     28🍴 CitrixHoneypot) - Detect and log CVE-2019-19781 scan and exploitation attempts.
  •     15⭐      4🍴 Damn Simple Honeypot (DSHP)) - Honeypot framework with pluggable handlers.
  •     22⭐      8🍴 dicompot) - DICOM Honeypot.
  • 🌎 IPP Honey - A honeypot for the Internet Printing Protocol.
  •     87⭐     26🍴 Log4Pot) - A honeypot for the Log4Shell vulnerability (CVE-2021-44228).
  •     94⭐     15🍴 Masscanned) - Let's be scanned. A low-interaction honeypot focused on network scanners and bots. It integrates very well with IVRE to build a self-hosted alternative to GreyNoise.
  •     21⭐      5🍴 medpot) - HL7 / FHIR honeypot.
  •     73⭐     22🍴 NOVA) - Uses honeypots as detectors, looks like a complete system.
  •     22⭐      2🍴 OpenFlow Honeypot (OFPot)) - Redirects traffic for unused IPs to a honeypot, built on POX.
  •   2016⭐    346🍴 OpenCanary) - Modular and decentralised honeypot daemon that runs several canary versions of services that alerts when a service is (ab)used.
  •     50⭐     22🍴 ciscoasa_honeypot) A low interaction honeypot for the Cisco ASA component capable of detecting CVE-2018-0101, a DoS and remote code execution vulnerability.
  •    198⭐     18🍴 miniprint) - A medium interaction printer honeypot.

• Botnet C2 tools

  •    183⭐     63🍴 Hale) - Botnet command and control monitor.
  • 🌎 dnsMole - Analyses DNS traffic and potentionaly detect botnet command and control server activity, along with infected hosts.

• IPv6 attack detection tool

  •      ?⭐      ?🍴 ipv6-attack-detector) - Google Summer of Code 2012 project, supported by The Honeynet Project organization.

• Dynamic code instrumentation toolkit

  • 🌎 Frida - Inject JavaScript to explore native apps on Windows, Mac, Linux, iOS and Android.

• Tool to convert website to server honeypots

  • HIHAT - Transform arbitrary PHP applications into web-based high-interaction Honeypots.

• Malware collector

  • 🌎 Kippo-Malware - Python script that will download all malicious files stored as URLs in a Kippo SSH honeypot database.

• Distributed sensor deployment

  • 🌎 Community Honey Network - CHN aims to make deployments honeypots and honeypot management tools easy and flexible. The default deployment method uses Docker Compose and Docker to deploy with a few simple commands.
  •      ?⭐      ?🍴 Modern Honey Network) - Multi-snort and honeypot sensor management, uses a network of VMs, small footprint SNORT installations, stealthy dionaeas, and a centralized server for management.

• Network Analysis Tool

  • 🌎 Tracexploit - Replay network packets.

• Log anonymizer

  • LogAnon - Log anonymization library that helps having anonymous logs consistent between logs and network captures.

• Low interaction honeypot (router back door)

  •     15⭐      3🍴 Honeypot-32764) - Honeypot for router backdoor (TCP 32764).
  •     16⭐      1🍴 WAPot) - Honeypot that can be used to observe traffic directed at home routers.

• honeynet farm traffic redirector

  • 🌎 Honeymole - Deploy multiple sensors that redirect traffic to a centralized collection of honeypots.

• HTTPS Proxy

  • 🌎 mitmproxy - Allows traffic flows to be intercepted, inspected, modified, and replayed.

• System instrumentation

  • 🌎 Sysdig - Open source, system-level exploration allows one to capture system state and activity from a running GNU/Linux instance, then save, filter, and analyze the results.
  •   2085⭐    183🍴 Fibratus) - Tool for exploration and tracing of the Windows kernel.

• Honeypot for USB-spreading malware

  •     92⭐     26🍴 Ghost-usb) - Honeypot for malware that propagates via USB storage devices.

• Data Collection

  • 🌎 Kippo2MySQL - Extracts some very basic stats from Kippo’s text-based log files and inserts them in a MySQL database.
  • 🌎 Kippo2ElasticSearch - Python script to transfer data from a Kippo SSH honeypot MySQL database to an ElasticSearch instance (server or cluster).

• Passive network audit framework parser

  •     31⭐      9🍴 Passive Network Audit Framework (pnaf)) - Framework that combines multiple passive and automated analysis techniques in order to provide a security assessment of network platforms.

• VM monitoring and tools

  •    690⭐    122🍴 Antivmdetect) - Script to create templates to use with VirtualBox to make VM detection harder.
  •    476⭐    118🍴 VMCloak) - Automated Virtual Machine Generation and Cloaking for Cuckoo Sandbox.
  • vmitools - C library with Python bindings that makes it easy to monitor the low-level details of a running virtual machine.

• Binary debugger

  •     31⭐      7🍴 Hexgolems - Pint Debugger Backend) - Debugger backend and LUA wrapper for PIN.
  •    142⭐     15🍴 Hexgolems - Schem Debugger Frontend) - Debugger frontend.

• Mobile Analysis Tool

  •   4964⭐   1043🍴 Androguard) - Reverse engineering, Malware and goodware analysis of Android applications and more.
  •      ?⭐      ?🍴 APKinspector) - Powerful GUI tool for analysts to analyze the Android applications.

• Low interaction honeypot

  • 🌎 Honeyperl - Honeypot software based in Perl with plugins developed for many functions like : wingates, telnet, squid, smtp, etc.
  •   5941⭐    995🍴 T-Pot) - All in one honeypot appliance from telecom provider T-Mobile
  •    580⭐     47🍴 beelzebub) - A secure honeypot framework, extremely easy to configure by yaml 🚀

• Honeynet data fusion

  • 🌎 HFlow2 - Data coalesing tool for honeynet/network analysis.

• Server

  • Amun - Vulnerability emulation honeypot.
  •      ?⭐      ?🍴 Artillery) - Open-source blue team tool designed to protect Linux and Windows operating systems through multiple methods.
  • Bait and Switch - Redirects all hostile traffic to a honeypot that is partially mirroring your production system.
  •      4⭐      4🍴 Bifrozt) - Automatic deploy bifrozt with ansible.
  • Conpot - Low interactive server side Industrial Control Systems honeypot.
  •    366⭐     79🍴 Heralding) - Credentials catching honeypot.
  •     20⭐      4🍴 HoneyWRT) - Low interaction Python honeypot designed to mimic services or ports that might get targeted by attackers.
  •      8⭐      7🍴 Honeyd) - See honeyd tools.
  • Honeysink - Open source network sinkhole that provides a mechanism for detection and prevention of malicious traffic on a given network.
  •    157⭐     48🍴 Hontel) - Telnet Honeypot.
  • KFSensor - Windows based honeypot Intrusion Detection System (IDS).
  • LaBrea - Takes over unused IP addresses, and creates virtual servers that are attractive to worms, hackers, and other denizens of the Internet.
  •    102⭐     34🍴 MTPot) - Open Source Telnet Honeypot, focused on Mirai malware.
  •     12⭐      2🍴 SIREN) - Semi-Intelligent HoneyPot Network - HoneyNet Intelligent Virtual Environment.
  •      0⭐      0🍴 TelnetHoney) - Simple telnet honeypot.
  •     46⭐     10🍴 UDPot Honeypot) - Simple UDP/DNS honeypot scripts.
  •      8⭐      0🍴 Yet Another Fake Honeypot (YAFH)) - Simple honeypot written in Go.
  •      1⭐      0🍴 arctic-swallow) - Low interaction honeypot.
  •   1495⭐    173🍴 fapro) - Fake Protocol Server.
  •    227⭐     56🍴 glutton) - All eating honeypot.
  •     42⭐      4🍴 go-HoneyPot) - Honeypot server written in Go.
  •      8⭐      5🍴 go-emulators) - Honeypot Golang emulators.
  •     27⭐      8🍴 honeymail) - SMTP honeypot written in Golang.
  •     93⭐     18🍴 honeytrap) - Low-interaction honeypot and network security tool written to catch attacks against TCP and UDP services.
  •     24⭐      3🍴 imap-honey) - IMAP honeypot written in Golang.
  • 🌎 mwcollectd - Versatile malware collection daemon, uniting the best features of nepenthes and honeytrap.
  •     28⭐      6🍴 potd) - Highly scalable low- to medium-interaction SSH/TCP honeypot designed for OpenWrt/IoT devices leveraging several Linux kernel features, such as namespaces, seccomp and thread capabilities.
  •     28⭐      4🍴 portlurker) - Port listener in Rust with protocol guessing and safe string display.
  •     15⭐      5🍴 slipm-honeypot) - Simple low-interaction port monitoring honeypot.
  •    301⭐     95🍴 telnet-iot-honeypot) - Python telnet honeypot for catching botnet binaries.
  •    235⭐     62🍴 telnetlogger) - Telnet honeypot designed to track the Mirai botnet.
  •     22⭐      6🍴 vnclowpot) - Low interaction VNC honeypot.

• IDS signature generation

  • Honeycomb - Automated signature creation using honeypots.

• Lookup service for AS-numbers and prefixes

  • CC2ASN - Simple lookup service for AS-numbers and prefixes belonging to any given country in the world.

• Data Collection / Data Sharing

  • HPfriends - Honeypot data-sharing platform.
    • 🌎 hpfriends - real-time social data-sharing - Presentation about HPFriends feed system
  •      ?⭐      ?🍴 HPFeeds) - Lightweight authenticated publish-subscribe protocol.

• Central management tool

  • PHARM - Manage, report, and analyze your distributed Nepenthes instances.

• Network connection analyzer

  • Impost - Network security auditing tool designed to analyze the forensics behind compromised and/or vulnerable daemons.

• Honeypot deployment

  •      0⭐      0🍴 honeyfs) - Tool to create artificial file systems for medium/high interaction honeypots.
  • Modern Honeynet Network - Streamlines deployment and management of secure honeypots.

• Honeypot extensions to Wireshark

  • 🌎 Wireshark Extensions - Apply Snort IDS rules and signatures against packet capture files using Wireshark.

• Client

  • 🌎 CWSandbox / GFI Sandbox
  • 🌎 Capture-HPC-Linux
  •     10⭐     10🍴 Capture-HPC-NG)
  • 🌎 Capture-HPC - High interaction client honeypot (also called honeyclient).
  • HoneyBOT
  • 🌎 HoneyC
  •     28⭐      9🍴 HoneySpider Network) - Highly-scalable system integrating multiple client honeypots to detect malicious websites.
  • 🌎 HoneyWeb - Web interface created to manage and remotely share Honeyclients resources.
  •    157⭐     65🍴 Jsunpack-n)
  • MonkeySpider
  •     24⭐      9🍴 PhoneyC) - Python honeyclient (later replaced by Thug).
  •      ?⭐      ?🍴 Pwnypot) - High Interaction Client Honeypot.
  •      ?⭐      ?🍴 Rumal) - Thug's Rumāl: a Thug's dress and weapon.
  • 🌎 Shelia - Client-side honeypot for attack detection.
  • 🌎 Thug - Python-based low-interaction honeyclient.
  • 🌎 Thug Distributed Task Queuing
  • 🌎 Trigona
  • 🌎 URLQuery
  •     68⭐     10🍴 YALIH (Yet Another Low Interaction Honeyclient)) - Low-interaction client honeypot designed to detect malicious websites through signature, anomaly, and pattern matching techniques.

• Honeypot

  • Deception Toolkit
  •     15⭐      8🍴 IMHoneypot)

• PDF document inspector

  •   1241⭐    236🍴 peepdf) - Powerful Python tool to analyze PDF documents.

• Hybrid low/high interaction honeypot

  • HoneyBrid

• SSH Honeypots

  •     18⭐      4🍴 Blacknet) - Multi-head SSH honeypot system.
  •   4924⭐    850🍴 Cowrie) - Cowrie SSH Honeypot (based on kippo).
  •     14⭐      3🍴 DShield docker) - Docker container running cowrie with DShield output enabled.
  •   6904⭐    268🍴 endlessh) - SSH tarpit that slowly sends an endless banner. 🌎 docker image)
  •    370⭐     74🍴 HonSSH) - Logs all SSH communications between a client and server.
  •      3⭐      1🍴 HUDINX) - Tiny interaction SSH honeypot engineered in Python to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker.
  •   1583⭐    280🍴 Kippo) - Medium interaction SSH honeypot.
  •      9⭐      2🍴 Kippo_JunOS) - Kippo configured to be a backdoored netscreen.
  •     36⭐      5🍴 Kojoney2) - Low interaction SSH honeypot written in Python and based on Kojoney by Jose Antonio Coret.
  • Kojoney - Python-based Low interaction honeypot that emulates an SSH server implemented with Twisted Conch.
  •     14⭐      2🍴 Longitudinal Analysis of SSH Cowrie Honeypot Logs) - Python based command line tool to analyze cowrie logs over time.
  • LongTail Log Analysis @ Marist College - Analyzed SSH honeypot logs.
  •      6⭐      0🍴 Malbait) - Simple TCP/UDP honeypot implemented in Perl.
  •    122⭐     22🍴 MockSSH) - Mock an SSH server and define all commands it supports (Python, Twisted).
  •      4⭐      4🍴 cowrie2neo) - Parse cowrie honeypot logs into a neo4j database.
  •     31⭐      5🍴 go-sshoney) - SSH Honeypot.
  •     34⭐      5🍴 go0r) - Simple ssh honeypot in Golang.
  •      9⭐      3🍴 gohoney) - SSH honeypot written in Go.
  •      2⭐      0🍴 hived) - Golang-based honeypot.
  •     37⭐     12🍴 hnypots-agent)) - SSH Server in Go that logs username and password combinations.
  •     26⭐      7🍴 honeypot.go) - SSH Honeypot written in Go.
  •     11⭐      1🍴 honeyssh) - Credential dumping SSH honeypot with statistics.
  •     21⭐      2🍴 hornet) - Medium interaction SSH honeypot that supports multiple virtual hosts.
  •     18⭐      8🍴 ssh-auth-logger) - Low/zero interaction SSH authentication logging honeypot.
  •    594⭐    240🍴 ssh-honeypot) - Fake sshd that logs IP addresses, usernames, and passwords.
  •     24⭐      0🍴 ssh-honeypot) - Modified version of the OpenSSH deamon that forwards commands to Cowrie where all commands are interpreted and returned.
  •     11⭐      3🍴 ssh-honeypotd) - Low-interaction SSH honeypot written in C.
  •     38⭐      5🍴 sshForShits) - Framework for a high interaction SSH honeypot.
  •   1416⭐     85🍴 sshesame) - Fake SSH server that lets everyone in and logs their activity.
  •    168⭐     53🍴 sshhipot) - High-interaction MitM SSH honeypot.
  •     12⭐      3🍴 sshlowpot) - Yet another no-frills low-interaction SSH honeypot in Go.
  •     95⭐      9🍴 sshsyrup) - Simple SSH Honeypot with features to capture terminal activity and upload to asciinema.org.
  •     85⭐     23🍴 twisted-honeypots) - SSH, FTP and Telnet honeypots based on Twisted.

• Distributed sensor project

  • 🌎 DShield Web Honeypot Project

• A pcap analyzer

  • 🌎 Honeysnap

• Network traffic redirector

  • 🌎 Honeywall

• Honeypot Distribution with mixed content

  • 🌎 HoneyDrive

• Honeypot sensor

  • 🌎 Honeeepi - Honeypot sensor on a Raspberry Pi based on a customized Raspbian OS.

• File carving

  • 🌎 TestDisk & PhotoRec

• Behavioral analysis tool for win32

  • 🌎 Capture BAT

• Live CD

  • 🌎 DAVIX - The DAVIX Live CD.

• Spamtrap

  • 🌎 Mail::SMTP::Honeypot - Perl module that appears to provide the functionality of a standard SMTP server.
  •    245⭐     70🍴 Mailoney) - SMTP honeypot, Open Relay, Cred Harvester written in python.
  •     11⭐      8🍴 SendMeSpamIDS.py) - Simple SMTP fetch all IDS and analyzer.
  •    129⭐     37🍴 Shiva) - Spam Honeypot with Intelligent Virtual Analyzer.
    • 🌎 Shiva The Spam Honeypot Tips And Tricks For Getting It Up And Running
  •      2⭐      0🍴 SMTPLLMPot) - A super simple SMTP Honeypot built using GPT3.5
  •     25⭐      2🍴 SpamHAT) - Spam Honeypot Tool.
  • Spamhole
  •      2⭐      0🍴 honeypot) - The Project Honey Pot un-official PHP SDK.
  • spamd

• Commercial honeynet

  • Cymmetria Mazerunner - Leads attackers away from real targets and creates a footprint of the attack.

• Server (Bluetooth)

  •    226⭐     32🍴 Bluepot)

• Dynamic analysis of Android apps

  • 🌎 Droidbox

• Dockerized Low Interaction packaging

  •     21⭐      4🍴 Docker honeynet) - Several Honeynet tools set up for Docker containers.
  • 🌎 Dockerized Thug - Dockerized    959⭐    204🍴 Thug) to analyze malicious web content.
  •    147⭐     14🍴 Dockerpot) - Docker based honeypot.
  •     22⭐      5🍴 Manuka) - Docker based honeypot (Dionaea and Kippo).
  •      5⭐      1🍴 honey_ports) - Very simple but effective docker deployed honeypot to detect port scanning in your environment.
  •     32⭐      5🍴 mhn-core-docker) - Core elements of the Modern Honey Network implemented in Docker.

• Network analysis

  • 🌎 Quechua

• SIP Server

  • Artemnesia VoIP

• SIP

  •    148⭐     17🍴 SentryPeer) - Protect your SIP Servers from bad actors.

• IOT Honeypot

  •    117⭐     42🍴 HoneyThing) - TR-069 Honeypot.
  •     24⭐      8🍴 Kako) - Honeypots for a number of well known and deployed embedded device vulnerabilities.

• Honeytokens

  •   1665⭐    248🍴 CanaryTokens) - Self-hostable honeytoken generator and reporting dashboard; demo version available at 🌎 CanaryTokens.org.
  •    271⭐     45🍴 Honeybits) - Simple tool designed to enhance the effectiveness of your traps by spreading breadcrumbs and honeytokens across your production servers and workstations to lure the attacker toward your honeypots.
  •    505⭐     55🍴 Honeyλ (HoneyLambda)) - Simple, serverless application designed to create and monitor URL honeytokens, on top of AWS Lambda and Amazon API Gateway.
  •    498⭐    108🍴 dcept) - Tool for deploying and detecting use of Active Directory honeytokens.
  •     58⭐     11🍴 honeyku) - Heroku-based web honeypot that can be used to create and monitor fake HTTP endpoints (i.e. honeytokens).

Honeyd Tools

• Honeyd plugin

  • Honeycomb

• Honeyd viewer

  • Honeyview

• Honeyd to MySQL connector

  • 🌎 Honeyd2MySQL

• A script to visualize statistics from honeyd

  • 🌎 Honeyd-Viz

• Honeyd stats

  •    332⭐     99🍴 Honeydsum.pl)

Network and Artifact Analysis

• Sandbox

  • Argos - Emulator for capturing zero-day attacks.
  • 🌎 COMODO automated sandbox
  • 🌎 Cuckoo - Leading open source automated malware analysis system.
  •    125⭐     31🍴 Pylibemu) - Libemu Cython wrapper.
  • 🌎 RFISandbox - PHP 5.x script sandbox built on top of 🌎 funcall.
  •    197⭐     35🍴 dorothy2) - Malware/botnet analysis framework written in Ruby.
  •     11⭐      6🍴 imalse) - Integrated MALware Simulator and Emulator.
  •    137⭐     47🍴 libemu) - Shellcode emulation library, useful for shellcode detection.

• Sandbox-as-a-Service

  • 🌎 Hybrid Analysis - Free malware analysis service powered by Payload Security that detects and analyzes unknown threats using a unique Hybrid Analysis technology.
  • 🌎 Joebox Cloud - Analyzes the behavior of malicious files including PEs, PDFs, DOCs, PPTs, XLSs, APKs, URLs and MachOs on Windows, Android and Mac OS X for suspicious activities.
  • 🌎 VirusTotal - Analyze suspicious files and URLs to detect types of malware, and automatically share them with the security community.
  • 🌎 malwr.com - Free malware analysis service and community.

Data Tools

• Front Ends

  •     65⭐     27🍴 DionaeaFR) - Front Web to Dionaea low-interaction honeypot.
  •     11⭐      1🍴 Django-kippo) - Django App for kippo SSH Honeypot.
  •      2⭐      0🍴 Shockpot-Frontend) - Full featured script to visualize statistics from a Shockpot honeypot.
  •    252⭐     43🍴 Tango) - Honeypot Intelligence with Splunk.
  •      3⭐      1🍴 Wordpot-Frontend) - Full featured script to visualize statistics from a Wordpot honeypot.
  •      3⭐      1🍴 honeyalarmg2) - Simplified UI for showing honeypot alarms.
  •      2⭐      0🍴 honeypotDisplay) - Flask website which displays data gathered from an SSH Honeypot.

• Visualization

  •      9⭐      6🍴 Acapulco) - Automated Attack Community Graph Construction.
  •     14⭐      7🍴 Afterglow Cloud)
  • Afterglow
  •      1⭐      0🍴 Glastopf Analytics) - Easy honeypot statistics.
  •     13⭐      3🍴 HoneyMalt) - Maltego tranforms for mapping Honeypot systems.
  •    217⭐     90🍴 HoneyMap) - Real-time websocket stream of GPS events on a fancy SVG world map.
  • 🌎 HoneyStats - Statistical view of the recorded activity on a Honeynet.
  •     14⭐      4🍴 HpfeedsHoneyGraph) - Visualization app to visualize hpfeeds logs.
  •   3314⭐    624🍴 IVRE) - Network recon framework, published by @cea-sec & @ANSSI-FR. Build your own, self-hosted and fully-controlled alternatives to Criminalip / Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, collect and analyse network intelligence from your sensors, and much more!
  •     17⭐      2🍴 Kippo stats) - Mojolicious app to display statistics for your kippo SSH honeypot.
  • 🌎 Kippo-Graph - Full featured script to visualize statistics from a Kippo SSH honeypot.
  •     61⭐     11🍴 The Intelligent HoneyNet) - Create actionable information from honeypots.
  •     46⭐     15🍴 ovizart) - Visual analysis for network traffic.

Guides

• 🌎 T-Pot: A Multi-Honeypot Platform

•      ?⭐      ?🍴 Honeypot (Dionaea and kippo) setup script)

• Deployment

  • Dionaea and EC2 in 20 Minutes - Tutorial on setting up Dionaea on an EC2 instance.
  • 🌎 Using a Raspberry Pi honeypot to contribute data to DShield/ISC - The Raspberry Pi based system will allow us to maintain one code base that will make it easier to collect rich logs beyond firewall logs.
  •     32⭐      5🍴 honeypotpi) - Script for turning a Raspberry Pi into a HoneyPot Pi.

• Research Papers

  •     24⭐      5🍴 Honeypot research papers) - PDFs of research papers on honeypots.
  • 🌎 vEYE - Behavioral footprinting for self-propagating worm detection and profiling.

Source

  8075⭐   1220🍴 paralax/awesome-honeypots)