{"id":25477247,"url":"https://github.com/mrheinen/lophiid","last_synced_at":"2025-06-23T17:08:12.671Z","repository":{"id":253303456,"uuid":"716757221","full_name":"mrheinen/lophiid","owner":"mrheinen","description":"A distributed honeypot for monitoring large scale web attacks","archived":false,"fork":false,"pushed_at":"2024-10-29T19:35:08.000Z","size":51699,"stargazers_count":6,"open_issues_count":11,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-10-29T21:27:14.698Z","etag":null,"topics":["grpc-go","honeypot","intrusion-detection","security","threat-detection","threat-hunting","threat-intelligence"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mrheinen.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-11-09T20:08:25.000Z","updated_at":"2024-10-29T19:31:07.000Z","dependencies_parsed_at":"2024-09-13T01:48:21.920Z","dependency_job_id":"654fd24b-a5d3-40e9-bf5e-29f8387bbe7f","html_url":"https://github.com/mrheinen/lophiid","commit_stats":null,"previous_names":["mrheinen/lophiid"],"tags_count":6,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mrheinen%2Flophiid","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mrheinen%2Flophiid/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mrheinen%2Flophiid/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mrheinen%2Flophiid/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mrheinen","download_url":"https://codeload.github.com/mrheinen/lophiid/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239481437,"owners_count":19646039,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["grpc-go","honeypot","intrusion-detection","security","threat-detection","threat-hunting","threat-intelligence"],"created_at":"2025-02-18T13:38:20.353Z","updated_at":"2025-02-18T13:38:20.782Z","avatar_url":"https://github.com/mrheinen.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# lophiid\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"./images/logo-small.png\" /\u003e\n\u003c/p\u003e\n\n![Lophiid build workflow](https://github.com/mrheinen/lophiid/actions/workflows/go.yml/badge.svg)\n\n## Introduction\n\nLophiid is a distributed honeypot for detecting and interacting with mass web\napplication exploitation attempts.\n\nThe design of lophiid is that one backend controls multiple honeypot sensors\nagents across the web. Each honeypot can be configured individually but the\nbackend is able to track interactions with attackers across all of them.\n\nSay an attacker scans for / across the internet and it hits 50 lophiid\nhoneypots. The backend can make sure that during each individual interaction\nwith a honeypot a different response is send to the attacker and with that\nincreases the chance that the attacker gets something they are looking for which\ncan result in further interaction.\n\nSimilarly lophiid can respond differently to multiple command injections against\nthe same endpoint.\n\nKey features:\n\n- A distributed honeypot approach\n- Rule based interactions with attacks\n- Static, scripted (Javascript) and AI supported response handling\n- Alerting possible (Telegram, extensible)\n- UI with comprehensive search\n- AI analysis of attacks\n- Automatic tagging of requests and attacks to help triage\n- Automatically malware collection and storage\n- Yara (yara-x) integration\n- Direct integration with VirusTotal\n- Ratelimiting / DoS protection\n- Exporting of rules for sharing with the community\n- Extensive metrics for prometheus/grafana\n- Highly customizable\n\nRunning lophiid is already very interesting and you'll collect a lot of threat\ninformation. The project is still in an early phase of development though and\nlarge changes are still to be expected in the near future.\n\nFor more information check out the [Detailed Description](./DETAILED_DESCRIPTION.md) document and get started with the\n[Setup](./SETUP.md) guide.\n\nDon't hesitate to reach out to niels.heinen{at}gmail.com for any assistance.\n\n# Screenshots\n\nRequests page overview which shows all the requests that honeypots are getting.\n![Requests overview](./images/screenshot-requests-wget.png)\n\nThe downloads page shows information about all the downloaded payloads which\nwere obtained via attacks. The payloads themselves are also stored locally in\nthe malware directory (configurable via the backend config).\n![Downloads page](./images/screenshot-payloads.png)\n\n\n# Contributing\n\nContributions are super welcome! Just fork the repo and send us a PR. Please\nregularly check the [CONTRIBUTING.md](./CONTRIBUTING.md) for general guidelines\n\n# Documentation\n\n* [Setup guide](./SETUP.md)\n* [Detailed Description](./DETAILED_DESCRIPTION.md)\n* [Screenshots](./SCREENSHOTS.md)\n* [Scripted responses](./SCRIPTING.md)\n* [API cli client usage](./API_CLIENT.md)\n* [UI search - overview](./SEARCH.md)\n* [UI search - all keywords](./SEARCH_KEYWORDS.md)\n* [Payload fetching](./PAYLOAD_FETCHING.md)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmrheinen%2Flophiid","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmrheinen%2Flophiid","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmrheinen%2Flophiid/lists"}