Honeypots

Elasticsearch Honeypot written in Python (originally from Novetta).

Elasticsearch honeypot written in NodeJS, to capture every attempts to exploit CVE-2014-3120.

Simple Elasticsearch Honeypot.

MongoDB honeypot proxy.

Honeypot framework built on a NoSQL-style database.

Low interaction MySQL honeypot written in C.

MySQL honeypot, still very early stage.

Low-interaction Postgres Honeypot.

Medium interaction postgresql honeypot.

High Interaction Honeypot Solution for Redis protocol.

Cloud active defense lets you deploy decoys right into your cloud applications, putting adversaries into a dilemma: to hack or not to hack?

RFI & LFI honeypot using nodeJS and express.

Honeypot type for Symfony2 forms.

Web Application Honeypot.

Honeypot that tries to crash the bots and clients that visit it's location.

Simple spam prevention package for Laravel applications.

Distributed web application honeypot to interact with large scale exploitation attempts.

NodeJS web application honeypot.

RestAPI honeypot.

Web application Honeypot.

Struts Apache 2 based honeypot as well as a detection module for Apache 2 servers.

Designed to create deceptive webpages to deceive and redirect attackers away from real websites.

HTTP Basic Authentication honeypot.

Breakable Web applications honeyPot.

Fake Django admin login screen to notify admins of attempted unauthorized access.

Drupal Honeypot.

an LLM-powered web honeypot using the OpenAI API.

Python-based web server honeypot builder.

An uploader honeypot designed to look like poor website security.

Modpot is a modular web application honeypot framework and management application written in Golang and making use of gin framework.

A basic flask based Outlook Web Honey pot.

Simple and effective phpMyAdmin honeypot.

WebApp Honeypot for detecting Shell Shock exploit attempts.

PHP Script demonstrating a smart honey pot.

Super Next generation Advanced Reactive honeypot.

Evaluating SNARE events.

Inserts a trap for spam bots into responses.

Honeypot that mimics Tomcat manager endpoints. Logs requests and saves attacker's WAR file for later study.

WordPress login honeypot for collection and analysis of failed login attempts.

Python based WordPress honeypot in a Docker container.

WordPress plugin to reduce comment spam with a smarter honeypot.

WordPress Honeypot.

OWASP Honeypot, Automated Deception Framework.

Low interaction honeypot that simulates an Android device running Android Debug Bridge (ADB) server process.

Honeypot for Intel's AMT Firmware Vulnerability CVE-2017-5689.

NTP, DNS, SSDP, Chargen and generic UDP-based amplification DDoS honeypot.

Home of the dionaea honeypot.

Simple Docker Honeypot server emulating small snippets of the Docker HTTP API.

SDN (software defined networking) honeypot.

Easy to deploy Ruby honeypot.

The first A.I based open source honeypot. supports POP3 and SMTP protocols and generates content using A.I based on user description.

K8s API Honeypot with Active Defense Capabilities.

Plugin repository for Honeycomb, the honeypot framework by Cymmetria.

NTP logger/honeypot.

Observation camera honeypot.

FTP Honeypot.

25 different honeypots in a single pypi package! (dns, ftp, httpproxy, http, https, imap, mysql, pop3, postgres, redis, smb, smtp, socks5, ssh, telnet, vnc, mssql, elastic, ldap, ntp, memcache, snmp, oracle, sip and irc).

Advanced Honeypot framework written in Go that can be connected with other honeypot software.

Low interaction honeypot.

Multi-purpose modular honeypot based on Twisted.

Simple honeyport written in Bash and Python.

Printer honeypot.

Low interaction honeypot to detect CVE-2018-2636 in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (MICROS).

FTP server honeypot in JS.

RDP man-in-the-middle and library for Python 3 with the ability to watch connections live or after the fact.

RDP honeypot

Microsoft Remote Desktop Protocol (RDP) honeypot implemented in Python.

High interaction SMB service honeypot capable of capturing wannacry-like Malware.

Low interaction Python honeypot.

Modural and easy to install Python Honeypot, with comprehensive alerting

Honeypot that runs each connection with the service within a separate LXC container.

Low interaction honeypot to detect CVE-2017-10271 in the Oracle WebLogic Server component of Oracle Fusion Middleware.

Twisted based honeypot for WhiteFace.

Low interaction honeypot server.

Tool for detection and nullification of Thinkst CanaryTokens

Signature based honeypot detector tool written in Golang

Offensive component that detects the presence of the kippo honeypot.

ICS/SCADA honeypot.

Veeder Root Gaurdian AST, common in the oil and gas industry.

Open source tools for realistic-behaving electric grid honeynets.

Detect and log CVE-2019-19781 scan and exploitation attempts.

Honeypot framework with pluggable handlers.

DICOM Honeypot.

A honeypot for the Log4Shell vulnerability (CVE-2021-44228).

Let's be scanned. A low-interaction honeypot focused on network scanners and bots. It integrates very well with IVRE to build a self-hosted alternative to GreyNoise.

HL7 / FHIR honeypot.

Uses honeypots as detectors, looks like a complete system.

Redirects traffic for unused IPs to a honeypot, built on POX.

Modular and decentralised honeypot daemon that runs several canary versions of services that alerts when a service is (ab)used.

A low interaction honeypot for the Cisco ASA component capable of detecting CVE-2018-0101, a DoS and remote code execution vulnerability.

A medium interaction printer honeypot.

Botnet command and control monitor.

Google Summer of Code 2012 project, supported by The Honeynet Project organization.

Tool for exploration and tracing of the Windows kernel.

Open source, system-level exploration allows one to capture system state and activity from a running GNU/Linux instance, then save, filter, and analyze the results.

Honeypot for malware that propagates via USB storage devices.

Multi-snort and honeypot sensor management, uses a network of VMs, small footprint SNORT installations, stealthy dionaeas, and a centralized server for management.

Honeypot for router backdoor (TCP 32764).

Honeypot that can be used to observe traffic directed at home routers.

Debugger backend and LUA wrapper for PIN.

Framework that combines multiple passive and automated analysis techniques in order to provide a security assessment of network platforms.

Script to create templates to use with VirtualBox to make VM detection harder.

Automated Virtual Machine Generation and Cloaking for Cuckoo Sandbox.

Python-based low-interaction honeyclient.

Python script that will download all malicious files stored as URLs in a Kippo SSH honeypot database.

Extracts some very basic stats from Kippo’s text-based log files and inserts them in a MySQL database.

Python script to transfer data from a Kippo SSH honeypot MySQL database to an ElasticSearch instance (server or cluster).

Front Web to Dionaea low-interaction honeypot.

Django App for kippo SSH Honeypot.

Full featured script to visualize statistics from a Shockpot honeypot.

Honeypot Intelligence with Splunk.

Full featured script to visualize statistics from a Wordpot honeypot.

Simplified UI for showing honeypot alarms.

Flask website which displays data gathered from an SSH Honeypot.

Automated Attack Community Graph Construction.

Easy honeypot statistics.

Maltego tranforms for mapping Honeypot systems.

Real-time websocket stream of GPS events on a fancy SVG world map.

Visualization app to visualize hpfeeds logs.

Network recon framework, published by @cea-sec & @ANSSI-FR. Build your own, self-hosted and fully-controlled alternatives to Criminalip / Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, collect and analyse network intelligence from your sensors, and much more!

Mojolicious app to display statistics for your kippo SSH honeypot.

Create actionable information from honeypots.

Visual analysis for network traffic.

Script for turning a Raspberry Pi into a HoneyPot Pi.

PDFs of research papers on honeypots.