Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
awesome-honeypots
an awesome list of honeypot resources
https://github.com/paralax/awesome-honeypots
Last synced: 6 days ago
JSON representation
-
Related Lists
- awesome-pcaptools - Useful in network traffic analysis.
- awesome-malware-analysis - Some overlap here for artifact analysis.
-
Honeypots
- Google Hack Honeypot - Designed to provide reconnaissance against attackers that use search engines as a hacking tool against your resources.
- Shadow Daemon - Modular Web Application Firewall / High-Interaction Honeypot for PHP, Perl, and Python apps.
- shockpot - WebApp Honeypot for detecting Shell Shock exploit attempts.
- Lyrebird - Modern high-interaction honeypot framework.
- SCADA honeynet - Building Honeypots for Industrial Networks.
- scada-honeynet - Mimics many of the services from a popular PLC and better helps SCADA researchers understand potential risks of exposed control system devices.
- dnsMole - Analyses DNS traffic and potentionaly detect botnet command and control server activity, along with infected hosts.
- Frida - Inject JavaScript to explore native apps on Windows, Mac, Linux, iOS and Android.
- HIHAT - Transform arbitrary PHP applications into web-based high-interaction Honeypots.
- Kippo-Malware - Python script that will download all malicious files stored as URLs in a Kippo SSH honeypot database.
- Community Honey Network - CHN aims to make deployments honeypots and honeypot management tools easy and flexible. The default deployment method uses Docker Compose and Docker to deploy with a few simple commands.
- Modern Honey Network - Multi-snort and honeypot sensor management, uses a network of VMs, small footprint SNORT installations, stealthy dionaeas, and a centralized server for management.
- Tracexploit - Replay network packets.
- LogAnon - Log anonymization library that helps having anonymous logs consistent between logs and network captures.
- Honeymole - Deploy multiple sensors that redirect traffic to a centralized collection of honeypots.
- mitmproxy - Allows traffic flows to be intercepted, inspected, modified, and replayed.
- Sysdig - Open source, system-level exploration allows one to capture system state and activity from a running GNU/Linux instance, then save, filter, and analyze the results.
- vmitools - C library with Python bindings that makes it easy to monitor the low-level details of a running virtual machine.
- Honeyperl - Honeypot software based in Perl with plugins developed for many functions like : wingates, telnet, squid, smtp, etc.
- T-Pot - All in one honeypot appliance from telecom provider T-Mobile
- HFlow2 - Data coalesing tool for honeynet/network analysis.
- Amun - Vulnerability emulation honeypot.
- Bait and Switch - Redirects all hostile traffic to a honeypot that is partially mirroring your production system.
- Conpot - Low interactive server side Industrial Control Systems honeypot.
- Honeysink - Open source network sinkhole that provides a mechanism for detection and prevention of malicious traffic on a given network.
- KFSensor - Windows based honeypot Intrusion Detection System (IDS).
- LaBrea - Takes over unused IP addresses, and creates virtual servers that are attractive to worms, hackers, and other denizens of the Internet.
- mwcollectd - Versatile malware collection daemon, uniting the best features of nepenthes and honeytrap.
- Honeycomb - Automated signature creation using honeypots.
- CC2ASN - Simple lookup service for AS-numbers and prefixes belonging to any given country in the world.
- HPfriends - Honeypot data-sharing platform.
- hpfriends - real-time social data-sharing - Presentation about HPFriends feed system
- HPFeeds - Lightweight authenticated publish-subscribe protocol.
- PHARM - Manage, report, and analyze your distributed Nepenthes instances.
- Impost - Network security auditing tool designed to analyze the forensics behind compromised and/or vulnerable daemons.
- Modern Honeynet Network - Streamlines deployment and management of secure honeypots.
- Wireshark Extensions - Apply Snort IDS rules and signatures against packet capture files using Wireshark.
- CWSandbox / GFI Sandbox
- Capture-HPC-Linux
- Capture-HPC - High interaction client honeypot (also called honeyclient).
- HoneyBOT
- HoneyC
- HoneyWeb - Web interface created to manage and remotely share Honeyclients resources.
- MonkeySpider
- Pwnypot - High Interaction Client Honeypot.
- Rumal - Thug's Rumāl: a Thug's dress and weapon.
- Shelia - Client-side honeypot for attack detection.
- Thug Distributed Task Queuing
- Trigona
- URLQuery
- Deception Toolkit
- HoneyBrid
- Kojoney - Python-based Low interaction honeypot that emulates an SSH server implemented with Twisted Conch.
- LongTail Log Analysis @ Marist College - Analyzed SSH honeypot logs.
- DShield Web Honeypot Project
- Honeysnap
- Honeywall
- Honeeepi - Honeypot sensor on a Raspberry Pi based on a customized Raspbian OS.
- TestDisk & PhotoRec
- Capture BAT
- DAVIX - The DAVIX Live CD.
- Mail::SMTP::Honeypot - Perl module that appears to provide the functionality of a standard SMTP server.
- Shiva The Spam Honeypot Tips And Tricks For Getting It Up And Running
- Spamhole
- spamd
- Dockerized Thug - Dockerized [Thug](https://github.com/buffer/thug) to analyze malicious web content.
- Quechua
- Artemnesia VoIP
- Kojoney - Python-based Low interaction honeypot that emulates an SSH server implemented with Twisted Conch.
- Delilah - Elasticsearch Honeypot written in Python (originally from Novetta).
- ESPot - Elasticsearch honeypot written in NodeJS, to capture every attempts to exploit CVE-2014-3120.
- ElasticPot - An Elasticsearch Honeypot.
- Elastic honey - Simple Elasticsearch Honeypot.
- MongoDB-HoneyProxy - MongoDB honeypot proxy.
- NoSQLpot - Honeypot framework built on a NoSQL-style database.
- mysql-honeypotd - Low interaction MySQL honeypot written in C.
- MysqlPot - MySQL honeypot, still very early stage.
- pghoney - Low-interaction Postgres Honeypot.
- sticky_elephant - Medium interaction postgresql honeypot.
- RedisHoneyPot - High Interaction Honeypot Solution for Redis protocol.
- Express honeypot - RFI & LFI honeypot using nodeJS and express.
- EoHoneypotBundle - Honeypot type for Symfony2 forms.
- Glastopf - Web Application Honeypot.
- HellPot - Honeypot that tries to crash the bots and clients that visit it's location.
- Laravel Application Honeypot - Simple spam prevention package for Laravel applications.
- Nodepot - NodeJS web application honeypot.
- PasitheaHoneypot - RestAPI honeypot.
- Servletpot - Web application Honeypot.
- StrutsHoneypot - Struts Apache 2 based honeypot as well as a detection module for Apache 2 servers.
- WebTrap - Designed to create deceptive webpages to deceive and redirect attackers away from real websites.
- basic-auth-pot (bap) - HTTP Basic Authentication honeypot.
- bwpot - Breakable Web applications honeyPot.
- django-admin-honeypot - Fake Django admin login screen to notify admins of attempted unauthorized access.
- drupo - Drupal Honeypot.
- galah - an LLM-powered web honeypot using the OpenAI API.
- honeyhttpd - Python-based web server honeypot builder.
- honeyup - An uploader honeypot designed to look like poor website security.
- modpot - Modpot is a modular web application honeypot framework and management application written in Golang and making use of gin framework.
- owa-honeypot - A basic flask based Outlook Web Honey pot.
- phpmyadmin_honeypot - Simple and effective phpMyAdmin honeypot.
- smart-honeypot - PHP Script demonstrating a smart honey pot.
- Snare - Super Next generation Advanced Reactive honeypot.
- Tanner - Evaluating SNARE events.
- stack-honeypot - Inserts a trap for spam bots into responses.
- tomcat-manager-honeypot - Honeypot that mimics Tomcat manager endpoints. Logs requests and saves attacker's WAR file for later study.
- HonnyPotter - WordPress login honeypot for collection and analysis of failed login attempts.
- HoneyPress - Python based WordPress honeypot in a Docker container.
- wp-smart-honeypot - WordPress plugin to reduce comment spam with a smarter honeypot.
- wordpot - WordPress Honeypot.
- Python-Honeypot - OWASP Honeypot, Automated Deception Framework.
- ADBHoney - Low interaction honeypot that simulates an Android device running Android Debug Bridge (ADB) server process.
- ddospot - NTP, DNS, SSDP, Chargen and generic UDP-based amplification DDoS honeypot.
- dionaea - Home of the dionaea honeypot.
- dhp - Simple Docker Honeypot server emulating small snippets of the Docker HTTP API.
- DolosHoneypot - SDN (software defined networking) honeypot.
- Ensnare - Easy to deploy Ruby honeypot.
- Helix - K8s API Honeypot with Active Defense Capabilities.
- honeycomb_plugins - Plugin repository for Honeycomb, the honeypot framework by Cymmetria.
- honeyntp - NTP logger/honeypot.
- honeypot-camera - Observation camera honeypot.
- honeypot-ftp - FTP Honeypot.
- honeypots - 25 different honeypots in a single pypi package! (dns, ftp, httpproxy, http, https, imap, mysql, pop3, postgres, redis, smb, smtp, socks5, ssh, telnet, vnc, mssql, elastic, ldap, ntp, memcache, snmp, oracle, sip and irc).
- honeytrap - Advanced Honeypot framework written in Go that can be connected with other honeypot software.
- HoneyPy - Low interaction honeypot.
- Honeygrove - Multi-purpose modular honeypot based on Twisted.
- Honeyport - Simple honeyport written in Bash and Python.
- Honeyprint - Printer honeypot.
- MICROS honeypot - Low interaction honeypot to detect CVE-2018-2636 in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (MICROS).
- node-ftp-honeypot - FTP server honeypot in JS.
- pyrdp - RDP man-in-the-middle and library for Python 3 with the ability to watch connections live or after the fact.
- rdppot - RDP honeypot
- RDPy - Microsoft Remote Desktop Protocol (RDP) honeypot implemented in Python.
- Tom's Honeypot - Low interaction Python honeypot.
- WebLogic honeypot - Low interaction honeypot to detect CVE-2017-10271 in the Oracle WebLogic Server component of Oracle Fusion Middleware.
- WhiteFace Honeypot - Twisted based honeypot for WhiteFace.
- DemonHunter - Low interaction honeypot server.
- canarytokendetector - Tool for detection and nullification of Thinkst CanaryTokens
- honeydet - Signature based honeypot detector tool written in Golang
- kippo_detect - Offensive component that detects the presence of the kippo honeypot.
- Conpot - ICS/SCADA honeypot.
- GasPot - Veeder Root Gaurdian AST, common in the oil and gas industry.
- gridpot - Open source tools for realistic-behaving electric grid honeynets.
- CitrixHoneypot - Detect and log CVE-2019-19781 scan and exploitation attempts.
- Damn Simple Honeypot (DSHP) - Honeypot framework with pluggable handlers.
- dicompot - DICOM Honeypot.
- IPP Honey - A honeypot for the Internet Printing Protocol.
- Log4Pot - A honeypot for the Log4Shell vulnerability (CVE-2021-44228).
- Masscanned - Let's be scanned. A low-interaction honeypot focused on network scanners and bots. It integrates very well with IVRE to build a self-hosted alternative to GreyNoise.
- medpot - HL7 / FHIR honeypot.
- NOVA - Uses honeypots as detectors, looks like a complete system.
- OpenFlow Honeypot (OFPot) - Redirects traffic for unused IPs to a honeypot, built on POX.
- OpenCanary - Modular and decentralised honeypot daemon that runs several canary versions of services that alerts when a service is (ab)used.
- ciscoasa_honeypot - 2018-0101, a DoS and remote code execution vulnerability.
- miniprint - A medium interaction printer honeypot.
- Hale - Botnet command and control monitor.
- Kippo-Malware - Python script that will download all malicious files stored as URLs in a Kippo SSH honeypot database.
- Trapster Commmunity - Modural and easy to install Python Honeypot, with comprehensive alerting
-
Honeyd Tools
-
Network and Artifact Analysis
- Argos - Emulator for capturing zero-day attacks.
- COMODO automated sandbox
- Cuckoo - Leading open source automated malware analysis system.
- RFISandbox - PHP 5.x script sandbox built on top of [funcall](https://pecl.php.net/package/funcall).
- Hybrid Analysis - Free malware analysis service powered by Payload Security that detects and analyzes unknown threats using a unique Hybrid Analysis technology.
- Joebox Cloud - Analyzes the behavior of malicious files including PEs, PDFs, DOCs, PPTs, XLSs, APKs, URLs and MachOs on Windows, Android and Mac OS X for suspicious activities.
- VirusTotal - Analyze suspicious files and URLs to detect types of malware, and automatically share them with the security community.
- malwr.com - Free malware analysis service and community.
- VirusTotal - Analyze suspicious files and URLs to detect types of malware, and automatically share them with the security community.
-
Data Tools
- Afterglow
- HoneyStats - Statistical view of the recorded activity on a Honeynet.
- Kippo-Graph - Full featured script to visualize statistics from a Kippo SSH honeypot.
-
Guides
- T-Pot: A Multi-Honeypot Platform
- Dionaea and EC2 in 20 Minutes - Tutorial on setting up Dionaea on an EC2 instance.
- Using a Raspberry Pi honeypot to contribute data to DShield/ISC - The Raspberry Pi based system will allow us to maintain one code base that will make it easier to collect rich logs beyond firewall logs.
- vEYE - Behavioral footprinting for self-propagating worm detection and profiling.
-
Uncategorized
-
Uncategorized
- Awesome Honeypots ![Awesome Honeypots - honeypots-)
-
Categories
Sub Categories
Keywords
honeypot
35
security
17
python
7
deception
7
security-tools
6
golang
4
infosec
3
vulnerability
3
security-vulnerability
3
cybersecurity
3
malware-analysis
3
twisted
3
oracle
2
cyber-threat-intelligence
2
honeypots
2
awesome-list
2
execution-vulnerability
2
awesome
2
flood
1
fasthttp
1
heffalump
1
http
1
markov-chain
1
spam
1
stress
1
web
1
web-server
1
deceptive-webpages
1
web-cloner
1
django
1
llm
1
openai
1
openai-api
1
honeypot-http
1
http-server
1
python-web
1
python-web-server
1
cti
1
owa
1
analysis-framework
1
automated-analysis
1
chinese
1
chinese-translation
1
domain-analysis
1
drop-ice
1
dynamic-analysis
1
list
1
malware-collection
1
malware-research
1
malware-samples
1