awesome-honeypots
an awesome list of honeypot resources
https://github.com/eric-erki/awesome-honeypots
Last synced: 2 days ago
JSON representation
-
Related Lists
- awesome-malware-analysis - Some overlap here for artifact analysis.
- awesome-pcaptools - Useful in network traffic analysis.
-
Honeypots
- URLQuery
- Conpot - Low interactive server side Industrial Control Systems honeypot.
- Shadow Daemon - Modular Web Application Firewall / High-Interaction Honeypot for PHP, Perl, and Python apps.
- shockpot - WebApp Honeypot for detecting Shell Shock exploit attempts.
- Lyrebird - Modern high-interaction honeypot framework.
- dnsMole - Analyses DNS traffic and potentionaly detect botnet command and control server activity, along with infected hosts.
- Tracexploit - Replay network packets.
- LogAnon - Log anonymization library that helps having anonymous logs consistent between logs and network captures.
- Honeymole - Deploy multiple sensors that redirect traffic to a centralized collection of honeypots.
- Sysdig - Open source, system-level exploration allows one to capture system state and activity from a running GNU/Linux instance, then save, filter, and analyze the results.
- Honeyperl - Honeypot software based in Perl with plugins developed for many functions like : wingates, telnet, squid, smtp, etc.
- HFlow2 - Data coalesing tool for honeynet/network analysis.
- Honeysink - Open source network sinkhole that provides a mechanism for detection and prevention of malicious traffic on a given network.
- Honeycomb - Automated signature creation using honeypots.
- HPfriends - Honeypot data-sharing platform.
- hpfriends - real-time social data-sharing - Presentation about HPFriends feed system
- PHARM - Manage, report, and analyze your distributed Nepenthes instances.
- Modern Honeynet Network - Streamlines deployment and management of secure honeypots.
- Whireshark Extensions - Apply Snort IDS rules and signatures against packet capture files using Wireshark.
- CWSandbox / GFI Sandbox
- Capture-HPC-Linux
- Capture-HPC - High interaction client honeypot (also called honeyclient).
- HoneyC
- HoneyWeb - Web interface created to manage and remotely share Honeyclients resources.
- Pwnypot - High Interaction Client Honeypot.
- Rumal - Thug's Rumāl: a Thug's dress and weapon.
- Shelia - Client-side honeypot for attack detection.
- Thug Distributed Task Queuing
- Trigona
- Deception Toolkit
- LongTail Log Analysis @ Marist College - Analyzed SSH honeypot logs.
- DShield Web Honeypot Project
- Honeysnap
- Honeywall
- Honeeepi - Honeypot sensor on a Raspberry Pi based on a customized Raspbian OS.
- TestDisk & PhotoRec
- Capture BAT
- DAVIX - The DAVIX Live CD.
- Shiva The Spam Honeypot Tips And Tricks For Getting It Up And Running
- Spamhole
- spamd
- Dockerized Thug - Dockerized [Thug](https://github.com/buffer/thug) to analyze malicious web content.
- Quechua
- Artemnesia VoIP
- Kippo-Malware - Python script that will download all malicious files stored as URLs in a Kippo SSH honeypot database.
- django-admin-honeypot - Fake Django admin login screen to notify admins of attempted unauthorized access.
- Conpot - ICS/SCADA honeypot.
- Cowrie - Cowrie SSH Honeypot (based on kippo).
- DemonHunter - Low interaction honeypot server.
- Glastopf - Web Application Honeypot.
- honeytrap - Advanced Honeypot framework written in Go that can be connected with other honeypot software.
- Androguard - Reverse engineering, Malware and goodware analysis of Android applications and more.
- Fibratus - Tool for exploration and tracing of the Windows kernel.
- CanaryTokens - Self-hostable honeytoken generator and reporting dashboard; demo version available at [CanaryTokens.org](https://canarytokens.org/generate).
- Kippo - Medium interaction SSH honeypot.
- OpenCanary - Modular and decentralised honeypot daemon that runs several canary versions of services that alerts when a service is (ab)used.
- RDPy - Microsoft Remote Desktop Protocol (RDP) honeypot implemented in Python.
- peepdf - Powerful Python tool to analyze PDF documents.
- Delilah - Elasticsearch Honeypot written in Python (originally from Novetta).
- ESPot - Elasticsearch honeypot written in NodeJS, to capture every attempts to exploit CVE-2014-3120.
- Elastic honey - Simple Elasticsearch Honeypot.
- MongoDB-HoneyProxy - MongoDB honeypot proxy.
- NoSQLpot - Honeypot framework built on a NoSQL-style database.
- mysql-honeypotd - Low interaction MySQL honeypot written in C.
- MysqlPot - MySQL honeypot, still very early stage.
- pghoney - Low-interaction Postgres Honeypot.
- sticky_elephant - Medium interaction postgresql honeypot.
- Bukkit Honeypot - Honeypot plugin for Bukkit.
- EoHoneypotBundle - Honeypot type for Symfony2 forms.
- Laravel Application Honeypot - Simple spam prevention package for Laravel applications.
- Nodepot - NodeJS web application honeypot.
- Servletpot - Web application Honeypot.
- StrutsHoneypot - Struts Apache 2 based honeypot as well as a detection module for Apache 2 servers.
- WebTrap - Designed to create deceptive webpages to deceive and redirect attackers away from real websites.
- basic-auth-pot (bap) - HTTP Basic Authentication honeypot.
- bwpot - Breakable Web applications honeyPot.
- drupo - Drupal Honeypot.
- honeyhttpd - Python-based web server honeypot builder.
- phpmyadmin_honeypot - Simple and effective phpMyAdmin honeypot.
- smart-honeypot - PHP Script demonstrating a smart honey pot.
- Snare - Super Next generation Advanced Reactive honeypot.
- Tanner - Evaluating SNARE events.
- stack-honeypot - Inserts a trap for spam bots into responses.
- tomcat-manager-honeypot - Honeypot that mimics Tomcat manager endpoints. Logs requests and saves attacker's WAR file for later study
- HonnyPotter - WordPress login honeypot for collection and analysis of failed login attempts.
- wp-smart-honeypot - WordPress plugin to reduce comment spam with a smarter honeypot.
- wordpot - WordPress Honeypot.
- ADBHoney - Low interaction honeypot that simulates an Android device running Android Debug Bridge (ADB) server process.
- Ensnare - Easy to deploy Ruby honeypot.
- HoneyPy - Low interaction honeypot.
- Honeygrove - Multi-purpose modular honeypot based on Twisted.
- Honeyport - Simple honeyport written in Bash and Python.
- Honeyprint - Printer honeypot.
- MICROS honeypot - Low interaction honeypot to detect CVE-2018-2636 in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (MICROS).
- SMB Honeypot - High interaction SMB service honeypot capable of capturing wannacry-like Malware.
- Tom's Honeypot - Low interaction Python honeypot.
- WebLogic honeypot - Low interaction honeypot to detect CVE-2017-10271 in the Oracle WebLogic Server component of Oracle Fusion Middleware.
- WhiteFace Honeypot - Twisted based honeypot for WhiteFace.
- honeycomb_plugins - Plugin repository for Honeycomb, the honeypot framework by Cymmetria.
- honeyntp - NTP logger/honeypot.
- honeypot-camera - Observation camera honeypot.
- honeypot-ftp - FTP Honeypot.
- pyrdp - RDP man-in-the-middle and library for Python 3 with the ability to watch connections live or after the fact.
- troje - Honeypot that runs each connection with the service within a seperate LXC container.
- kippo_detect - Offensive component that detects the presence of the kippo honeypot.
- GasPot - Veeder Root Gaurdian AST, common in the oil and gas industry.
- gridpot - Open source tools for realistic-behaving electric grid honeynets.
- Damn Simple Honeypot (DSHP) - Honeypot framework with pluggable handlers.
- NOVA - Uses honeypots as detectors, looks like a complete system.
- OpenFlow Honeypot (OFPot) - Redirects traffic for unused IPs to a honeypot, built on POX.
- ciscoasa_honeypot - 2018-0101, a DoS and remote code execution vulnerability.
- miniprint - A medium interaction printer honeypot.
- Hale - Botnet command and control monitor.
- ipv6-attack-detector - Google Summer of Code 2012 project, supported by The Honeynet Project organization.
- sshesame - Fake SSH server that lets everyone in and logs their activity.
- Antivmdetect - Script to create templates to use with VirtualBox to make VM detection harder.
- VMCloak - Automated Virtual Machine Generation and Cloaking for Cuckoo Sandbox.
- Heralding - Credentials catching honeypot.
- ssh-honeypot - Fake sshd that logs IP addresses, usernames, and passwords.
- glutton - All eating honeypot.
- Shiva - Spam Honeypot with Intelligent Virtual Analyzer.
- HoneyThing - TR-069 Honeypot.
- honeytrap - Low-interaction honeypot and network security tool written to catch attacks against TCP and UDP services.
- Ghost-usb - Honeypot for malware that propagates via USB storage devices.
- PhoneyC - Python honeyclient (later replaced by Thug).
- vnclowpot - Low interaction VNC honeypot.
- SpamHAT - Spam Honeypot Tool.
- imap-honey - IMAP honeypot written in Golang.
- SendMeSpamIDS.py - Simple SMTP fetch all IDS and analyzer.
- Honeypot-32764 - Honeypot for router backdoor (TCP 32764).
- slipm-honeypot - Simple low-interaction port monitoring honeypot.
- go-emulators - Honeypot Golang emulators.
- IMHoneypot
- portlurker - Port listener in Rust with protocol guessing and safe string display.
- honeymail - SMTP honeypot written in Golang.
- hived - Golang-based honeypot.
- cowrie2neo - Parse cowrie honeypot logs into a neo4j database.
- arctic-swallow - Low interaction honeypot.
- honeypot - The Project Honey Pot un-official PHP SDK.
- Honeyd - See [honeyd tools](#honeyd-tools).
- telnetlogger - Telnet honeypot designed to track the Mirai botnet.
- sshhipot - High-interaction MitM SSH honeypot.
- Hontel - Telnet Honeypot.
- twisted-honeypots - SSH, FTP and Telnet honeypots based on Twisted.
- Kojoney2 - Low interaction SSH honeypot written in Python and based on Kojoney by Jose Antonio Coret.
- go0r - Simple ssh honeypot in Golang.
- hornet - Medium interaction SSH honeypot that supports multiple virtual hosts.
- honeypot.go - SSH Honeypot written in Go.
- ssh-honeypot - Modified version of the OpenSSH deamon that forwards commands to Cowrie where all commands are interpreted and returned.
- go-sshoney - SSH Honeypot.
- sshlowpot - Yet another no-frills low-interaction SSH honeypot in Go.
- honeyssh - Credential dumping SSH honeypot with statistics.
- ssh-honeypotd - Low-interaction SSH honeypot written in C.
- Blacknet - Multi-head SSH honeypot system.
- Dockerpot - Docker based honeypot.
- Manuka - Docker based honeypot (Dionaea and Kippo).
- DShield docker - Docker container running cowrie with DShield output enabled.
- dcept - Tool for deploying and detecting use of Active Directory honeytokens.
- HonSSH - Logs all SSH communications between a client and server.
- Honeybits - Simple tool designed to enhance the effectiveness of your traps by spreading breadcrumbs and honeytokens across your production servers and workstations to lure the attacker toward your honeypots.
- MockSSH - Mock an SSH server and define all commands it supports (Python, Twisted).
- T-Pot - All in one honeypot appliance from telecom provider T-Mobile
- AMTHoneypot - Honeypot for Intel's AMT Firmware Vulnerability CVE-2017-5689.
- HoneyMysql - Simple Mysql honeypot project.
- MongoDB-HoneyProxyPy - MongoDB honeypot proxy by python3.
- Kippo-Malware - Python script that will download all malicious files stored as URLs in a Kippo SSH honeypot database.
- LogAnon - Log anonymization library that helps having anonymous logs consistent between logs and network captures.
- WAPot - Honeypot that can be used to observe traffic directed at home routers.
- Kippo2ElasticSearch - Python script to transfer data from a Kippo SSH honeypot MySQL database to an ElasticSearch instance (server or cluster).
- Passive Network Audit Framework (pnaf) - Framework that combines multiple passive and automated analysis techniques in order to provide a security assessment of network platforms.
- Hexgolems - Pint Debugger Backend - Debugger backend and LUA wrapper for PIN.
- Hexgolems - Schem Debugger Frontend - Debugger frontend.
- Bifrozt - Automatic deploy bifrozt with ansible.
- Conpot - Low interactive server side Industrial Control Systems honeypot.
- HoneyWRT - Low interaction Python honeypot designed to mimic services or ports that might get targeted by attackers.
- MTPot - Open Source Telnet Honeypot, focused on Mirai malware.
- SIREN - Semi-Intelligent HoneyPot Network - HoneyNet Intelligent Virtual Environment.
- TelnetHoney - Simple telnet honeypot.
- UDPot Honeypot - Simple UDP/DNS honeypot scripts.
- Yet Another Fake Honeypot (YAFH) - Simple honeypot written in Go.
- go-HoneyPot - Honeypot server written in Go.
- telnet-iot-honeypot - Python telnet honeypot for catching botnet binaries.
- Capture-HPC-NG
- HoneySpider Network - Highly-scalable system integrating multiple client honeypots to detect malicious websites.
- Jsunpack-n
- Thug - Python-based low-interaction honeyclient.
- YALIH (Yet Another Low Interaction Honeyclient) - Low-interaction client honeypot designed to detect malicious websites through signature, anomaly, and pattern matching techniques.
- Deception Toolkit
- HUDINX - Tiny interaction SSH honeypot engineered in Python to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker.
- Kippo_JunOS - Kippo configured to be a backdoored netscreen.
- Malbait - Simple TCP/UDP honeypot implemented in Perl.
- gohoney - SSH honeypot written in Go.
- ssh-auth-logger - Low/zero interaction SSH authentication logging honeypot.
- sshForShits - Framework for a high interaction SSH honeypot.
- DShield Web Honeypot Project
- HoneyDrive
- Mail::SMTP::Honeypot - Perl module that appears to provide the functionality of a standard SMTP server.
- Spamhole
- Bluepot
- Docker honeynet - Several Honeynet tools set up for Docker containers.
- mhn-core-docker - Core elements of the Modern Honey Network implemented in Docker.
- Kako - Honeypots for a number of well known and deployed embedded device vulnerabilities.
- Honeyλ (HoneyLambda) - Simple, serverless application designed to create and monitor URL honeytokens, on top of AWS Lambda and Amazon API Gateway.
- honeyku - Heroku-based web honeypot that can be used to create and monitor fake HTTP endpoints (i.e. honeytokens).
- Kippo2MySQL - Extracts some very basic stats from Kippo’s text-based log files and inserts them in a MySQL database.
- DShield Web Honeypot Project
- mitmproxy - Allows traffic flows to be intercepted, inspected, modified, and replayed.
- LaBrea - Takes over unused IP addresses, and creates virtual servers that are attractive to worms, hackers, and other denizens of the Internet.
- DShield Web Honeypot Project
- DShield Web Honeypot Project
- DShield Web Honeypot Project
- DShield Web Honeypot Project
- Kojoney - Python-based Low interaction honeypot that emulates an SSH server implemented with Twisted Conch.
- DShield Web Honeypot Project
- DShield Web Honeypot Project
- DShield Web Honeypot Project
- DShield Web Honeypot Project
- DShield Web Honeypot Project
- DShield Web Honeypot Project
- SMB Honeypot - High interaction SMB service honeypot capable of capturing wannacry-like Malware.
- troje - Honeypot that runs each connection with the service within a seperate LXC container.
- ipv6-attack-detector - Google Summer of Code 2012 project, supported by The Honeynet Project organization.
- HPFeeds - Lightweight authenticated publish-subscribe protocol.
- HoneyBOT
- Rumal - Thug's Rumāl: a Thug's dress and weapon.
- DShield Web Honeypot Project
- Modern Honey Network - Multi-snort and honeypot sensor management, uses a network of VMs, small footprint SNORT installations, stealthy dionaeas, and a centralized server for management.
- potd - Highly scalable low- to medium-interaction SSH/TCP honeypot designed for OpenWrt/IoT devices leveraging several Linux kernel features, such as namespaces, seccomp and thread capabilities.
- APKinspector - Powerful GUI tool for analysts to analyze the Android applications.
- DShield Web Honeypot Project
- DShield Web Honeypot Project
- DShield Web Honeypot Project
- DShield Web Honeypot Project
- DShield Web Honeypot Project
-
Network and Artifact Analysis
- malwr.com - Free malware analysis service and community.
- Cuckoo - Leading open source automated malware analysis system.
- Argos - Emulator for capturing zero-day attacks.
- COMODO automated sandbox
- RFISandbox - PHP 5.x script sandbox built on top of [funcall](https://pecl.php.net/package/funcall).
- Joebox Cloud - Analyzes the behavior of malicious files including PEs, PDFs, DOCs, PPTs, XLSs, APKs, URLs and MachOs on Windows, Android and Mac OS X for suspicious activities.
- Pylibemu - Libemu Cython wrapper.
- libemu - Shellcode emulation library, useful for shellcode detection.
- VirusTotal - Analyze suspicious files and URLs to detect types of malware, and automatically share them with the security community.
- dorothy2 - Malware/botnet analysis framework written in Ruby.
- imalse - Integrated MALware Simulator and Emulator.
- imalse - Integrated MALware Simulator and Emulator.
-
Honeyd Tools
-
Data Tools
- HoneyStats - Statistical view of the recorded activity on a Honeynet.
- HoneyMap - Real-time websocket stream of GPS events on a fancy SVG world map.
- HoneyMalt - Maltego tranforms for mapping Honeypot systems.
- Kippo stats - Mojolicious app to display statistics for your kippo SSH honeypot.
- Django-kippo - Django App for kippo SSH Honeypot.
- DionaeaFR - Front Web to Dionaea low-interaction honeypot.
- Shockpot-Frontend - Full featured script to visualize statistics from a Shockpot honeypot.
- Tango - Honeypot Intelligence with Splunk.
- Wordpot-Frontend - Full featured script to visualize statistics from a Wordpot honeypot.
- honeypotDisplay - Flask website which displays data gathered from an SSH Honeypot.
- Acapulco - Automated Attack Community Graph Construction.
- Afterglow Cloud
- Glastopf Analytics - Easy honeypot statistics.
- HpfeedsHoneyGraph - Visualization app to visualize hpfeeds logs.
- Kippo-Graph - Full featured script to visualize statistics from a Kippo SSH honeypot.
- The Intelligent HoneyNet - Create actionable information from honeypots.
- ovizart - Visual analysis for network traffic.
- Afterglow
- honeyalarmg2 - Simplified UI for showing honeypot alarms.
-
Guides
- T-Pot: A Multi-Honeypot Platform
- Using a Raspberry Pi honeypot to contribute data to DShield/ISC - The Raspberry Pi based system will allow us to maintain one code base that will make it easier to collect rich logs beyond firewall logs.
- vEYE - Behavioral footprinting for self-propagating worm detection and profiling.
- honeypotpi - Script for turning a Raspberry Pi into a HoneyPot Pi.
- Honeypot research papers - PDFs of research papers on honeypots.
- Honeypot (Dionaea and kippo) setup script
Categories
Sub Categories
Keywords
honeypot
39
security
21
python
11
deception
8
security-tools
7
golang
6
ssh
6
twisted
4
security-vulnerability
3
malware-analysis
3
vulnerability
3
go
3
telnet
2
oracle
2
infosec
2
shell
2
execution-vulnerability
2
ssh-server
2
cybersecurity
2
threat-sharing
2
threatintel
2
cowrie
2
blueteam
1
adversary
1
reverse-engineering
1
pentesting
1
odex
1
dex
1
dalvik
1
android
1
edr
1
etw
1
instrumentation
1
mitre
1
windows
1
windows-kernel
1
information-security
1
mongo
1
mongodb
1
proxy
1
mysql
1
deceptive-webpages
1
web-cloner
1
analysis-framework
1
automated-analysis
1
awesome
1
awesome-list
1
chinese
1
chinese-translation
1
domain-analysis
1