Honeypots

Elasticsearch Honeypot written in Python (originally from Novetta).

Elasticsearch honeypot written in NodeJS, to capture every attempts to exploit CVE-2014-3120.

Simple Elasticsearch Honeypot.

MongoDB honeypot proxy.

Honeypot framework built on a NoSQL-style database.

Low interaction MySQL honeypot written in C.

MySQL honeypot, still very early stage.

Low-interaction Postgres Honeypot.

Medium interaction postgresql honeypot.

High Interaction Honeypot Solution for Redis protocol.

Cloud active defense lets you deploy decoys right into your cloud applications, putting adversaries into a dilemma: to hack or not to hack?

RFI & LFI honeypot using nodeJS and express.

Honeypot type for Symfony2 forms.

Web Application Honeypot.

Honeypot that tries to crash the bots and clients that visit it's location.

Simple spam prevention package for Laravel applications.

Distributed web application honeypot to interact with large scale exploitation attempts.

NodeJS web application honeypot.

RestAPI honeypot.

Web application Honeypot.

Struts Apache 2 based honeypot as well as a detection module for Apache 2 servers.

Designed to create deceptive webpages to deceive and redirect attackers away from real websites.

HTTP Basic Authentication honeypot.

Breakable Web applications honeyPot.

Fake Django admin login screen to notify admins of attempted unauthorized access.

Drupal Honeypot.

an LLM-powered web honeypot using the OpenAI API.

Python-based web server honeypot builder.

An uploader honeypot designed to look like poor website security.

Modpot is a modular web application honeypot framework and management application written in Golang and making use of gin framework.

A basic flask based Outlook Web Honey pot.

Simple and effective phpMyAdmin honeypot.

WebApp Honeypot for detecting Shell Shock exploit attempts.

PHP Script demonstrating a smart honey pot.

Super Next generation Advanced Reactive honeypot.

Evaluating SNARE events.

Inserts a trap for spam bots into responses.

Honeypot that mimics Tomcat manager endpoints. Logs requests and saves attacker's WAR file for later study.

WordPress login honeypot for collection and analysis of failed login attempts.

Python based WordPress honeypot in a Docker container.

WordPress plugin to reduce comment spam with a smarter honeypot.

WordPress Honeypot.

OWASP Honeypot, Automated Deception Framework.

Low interaction honeypot that simulates an Android device running Android Debug Bridge (ADB) server process.

Honeypot for Intel's AMT Firmware Vulnerability CVE-2017-5689.

NTP, DNS, SSDP, Chargen and generic UDP-based amplification DDoS honeypot.

Home of the dionaea honeypot.

Simple Docker Honeypot server emulating small snippets of the Docker HTTP API.

SDN (software defined networking) honeypot.

Easy to deploy Ruby honeypot.

The first A.I based open source honeypot. supports POP3 and SMTP protocols and generates content using A.I based on user description.

K8s API Honeypot with Active Defense Capabilities.

Plugin repository for Honeycomb, the honeypot framework by Cymmetria.

NTP logger/honeypot.

Observation camera honeypot.

FTP Honeypot.

25 different honeypots in a single pypi package! (dns, ftp, httpproxy, http, https, imap, mysql, pop3, postgres, redis, smb, smtp, socks5, ssh, telnet, vnc, mssql, elastic, ldap, ntp, memcache, snmp, oracle, sip and irc).

Advanced Honeypot framework written in Go that can be connected with other honeypot software.

Low interaction honeypot.

Multi-purpose modular honeypot based on Twisted.

Simple honeyport written in Bash and Python.

Printer honeypot.

Low interaction honeypot to detect CVE-2018-2636 in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (MICROS).

FTP server honeypot in JS.

RDP man-in-the-middle and library for Python 3 with the ability to watch connections live or after the fact.

RDP honeypot

Microsoft Remote Desktop Protocol (RDP) honeypot implemented in Python.

High interaction SMB service honeypot capable of capturing wannacry-like Malware.

Low interaction Python honeypot.

Modural and easy to install Python Honeypot, with comprehensive alerting

Honeypot that runs each connection with the service within a separate LXC container.

Low interaction honeypot to detect CVE-2017-10271 in the Oracle WebLogic Server component of Oracle Fusion Middleware.

Twisted based honeypot for WhiteFace.

Low interaction honeypot server.

Tool for detection and nullification of Thinkst CanaryTokens

Signature based honeypot detector tool written in Golang

Offensive component that detects the presence of the kippo honeypot.

ICS/SCADA honeypot.

Veeder Root Gaurdian AST, common in the oil and gas industry.

Open source tools for realistic-behaving electric grid honeynets.

Detect and log CVE-2019-19781 scan and exploitation attempts.

Honeypot framework with pluggable handlers.

DICOM Honeypot.

A honeypot for the Log4Shell vulnerability (CVE-2021-44228).

Let's be scanned. A low-interaction honeypot focused on network scanners and bots. It integrates very well with IVRE to build a self-hosted alternative to GreyNoise.

HL7 / FHIR honeypot.

Uses honeypots as detectors, looks like a complete system.

Redirects traffic for unused IPs to a honeypot, built on POX.

Modular and decentralised honeypot daemon that runs several canary versions of services that alerts when a service is (ab)used.

A low interaction honeypot for the Cisco ASA component capable of detecting CVE-2018-0101, a DoS and remote code execution vulnerability.

A medium interaction printer honeypot.

Botnet command and control monitor.

Google Summer of Code 2012 project, supported by The Honeynet Project organization.

Tool for exploration and tracing of the Windows kernel.

Honeypot for malware that propagates via USB storage devices.

Multi-snort and honeypot sensor management, uses a network of VMs, small footprint SNORT installations, stealthy dionaeas, and a centralized server for management.

Honeypot for router backdoor (TCP 32764).

Honeypot that can be used to observe traffic directed at home routers.

Debugger backend and LUA wrapper for PIN.

Debugger frontend.

Reverse engineering, Malware and goodware analysis of Android applications and more.

Powerful GUI tool for analysts to analyze the Android applications.

All in one honeypot appliance from telecom provider T-Mobile

A secure honeypot framework, extremely easy to configure by yaml

Open-source blue team tool designed to protect Linux and Windows operating systems through multiple methods.

Automatic deploy bifrozt with ansible.

Credentials catching honeypot.

Low interaction Python honeypot designed to mimic services or ports that might get targeted by attackers.

See honeyd tools.

Telnet Honeypot.

Open Source Telnet Honeypot, focused on Mirai malware.

Semi-Intelligent HoneyPot Network - HoneyNet Intelligent Virtual Environment.

Simple telnet honeypot.

Simple UDP/DNS honeypot scripts.

Simple honeypot written in Go.

Low interaction honeypot.

Fake Protocol Server.

All eating honeypot.

Honeypot server written in Go.

Honeypot Golang emulators.

SMTP honeypot written in Golang.

Low-interaction honeypot and network security tool written to catch attacks against TCP and UDP services.

IMAP honeypot written in Golang.

Highly scalable low- to medium-interaction SSH/TCP honeypot designed for OpenWrt/IoT devices leveraging several Linux kernel features, such as namespaces, seccomp and thread capabilities.

Port listener in Rust with protocol guessing and safe string display.

Simple low-interaction port monitoring honeypot.

Python telnet honeypot for catching botnet binaries.

Telnet honeypot designed to track the Mirai botnet.

Low interaction VNC honeypot.

Lightweight authenticated publish-subscribe protocol.

Tool to create artificial file systems for medium/high interaction honeypots.

High interaction client honeypot (also called honeyclient).

Highly-scalable system integrating multiple client honeypots to detect malicious websites.

Python honeyclient (later replaced by Thug).

High Interaction Client Honeypot.

Low-interaction client honeypot designed to detect malicious websites through signature, anomaly, and pattern matching techniques.

.

Python-based low-interaction honeyclient.

.

Powerful Python tool to analyze PDF documents.

Multi-head SSH honeypot system.

Cowrie SSH Honeypot (based on kippo).

Docker container running cowrie with DShield output enabled.

SSH tarpit that slowly sends an endless banner.

Logs all SSH communications between a client and server.

Tiny interaction SSH honeypot engineered in Python to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker.

Medium interaction SSH honeypot.

Kippo configured to be a backdoored netscreen.

Low interaction SSH honeypot written in Python and based on Kojoney by Jose Antonio Coret.

Python based command line tool to analyze cowrie logs over time.

Simple TCP/UDP honeypot implemented in Perl.

Mock an SSH server and define all commands it supports (Python, Twisted).

Parse cowrie honeypot logs into a neo4j database.

SSH Honeypot.

Simple ssh honeypot in Golang.

SSH honeypot written in Go.

Golang-based honeypot.

SSH Server in Go that logs username and password combinations.

SSH Honeypot written in Go.

Credential dumping SSH honeypot with statistics.

Medium interaction SSH honeypot that supports multiple virtual hosts.

Low/zero interaction SSH authentication logging honeypot.

Fake sshd that logs IP addresses, usernames, and passwords.

Modified version of the OpenSSH deamon that forwards commands to Cowrie where all commands are interpreted and returned.

Low-interaction SSH honeypot written in C.

Framework for a high interaction SSH honeypot.

Fake SSH server that lets everyone in and logs their activity.

High-interaction MitM SSH honeypot.

Yet another no-frills low-interaction SSH honeypot in Go.

Simple SSH Honeypot with features to capture terminal activity and upload to asciinema.org.

SSH, FTP and Telnet honeypots based on Twisted.

SMTP honeypot written in python.

Simple SMTP fetch all IDS and analyzer.

Spam Honeypot with Intelligent Virtual Analyzer.

A super simple SMTP Honeypot built using GPT3.5

Spam Honeypot Tool.

The Project Honey Pot un-official PHP SDK.

.

Several Honeynet tools set up for Docker containers.

Docker based honeypot.

Docker based honeypot (Dionaea and Kippo).

Very simple but effective docker deployed honeypot to detect port scanning in your environment.

Core elements of the Modern Honey Network implemented in Docker.

Dockerized Thug to analyze malicious web content.

Protect your SIP Servers from bad actors.

TR-069 Honeypot.

Honeypots for a number of well known and deployed embedded device vulnerabilities.

Self-hostable honeytoken generator and reporting dashboard; demo version available at CanaryTokens.org.

Simple tool designed to enhance the effectiveness of your traps by spreading breadcrumbs and honeytokens across your production servers and workstations to lure the attacker toward your honeypots.

Simple, serverless application designed to create and monitor URL honeytokens, on top of AWS Lambda and Amazon API Gateway.

Tool for deploying and detecting use of Active Directory honeytokens.

Heroku-based web honeypot that can be used to create and monitor fake HTTP endpoints (i.e. honeytokens).

Framework that combines multiple passive and automated analysis techniques in order to provide a security assessment of network platforms.

Script to create templates to use with VirtualBox to make VM detection harder.

Automated Virtual Machine Generation and Cloaking for Cuckoo Sandbox.

Libemu Cython wrapper.

Malware/botnet analysis framework written in Ruby.

Integrated MALware Simulator and Emulator.

Shellcode emulation library, useful for shellcode detection.

Front Web to Dionaea low-interaction honeypot.

Django App for kippo SSH Honeypot.

Full featured script to visualize statistics from a Shockpot honeypot.

Honeypot Intelligence with Splunk.

Full featured script to visualize statistics from a Wordpot honeypot.

Simplified UI for showing honeypot alarms.

Flask website which displays data gathered from an SSH Honeypot.

Automated Attack Community Graph Construction.

Easy honeypot statistics.

Maltego tranforms for mapping Honeypot systems.

Real-time websocket stream of GPS events on a fancy SVG world map.

Visualization app to visualize hpfeeds logs.

Network recon framework, published by @cea-sec & @ANSSI-FR. Build your own, self-hosted and fully-controlled alternatives to Criminalip / Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, collect and analyse network intelligence from your sensors, and much more!

Mojolicious app to display statistics for your kippo SSH honeypot.

Create actionable information from honeypots.

Visual analysis for network traffic.

Script for turning a Raspberry Pi into a HoneyPot Pi.

PDFs of research papers on honeypots.