Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

awesome-honeypots


https://github.com/qince1455373819/awesome-honeypots

Last synced: about 7 hours ago
JSON representation

  • Honeypots

    • Delilah - Elasticsearch Honeypot written in Python (originally from Novetta).
    • ESPot - Elasticsearch honeypot written in NodeJS, to capture every attempts to exploit CVE-2014-3120.
    • Elastic honey - Simple Elasticsearch Honeypot.
    • MongoDB-HoneyProxy - MongoDB honeypot proxy.
    • NoSQLpot - Honeypot framework built on a NoSQL-style database.
    • mysql-honeypotd - Low interaction MySQL honeypot written in C.
    • MysqlPot - MySQL honeypot, still very early stage.
    • pghoney - Low-interaction Postgres Honeypot.
    • sticky_elephant - Medium interaction postgresql honeypot.
    • Bukkit Honeypot - Honeypot plugin for Bukkit.
    • EoHoneypotBundle - Honeypot type for Symfony2 forms.
    • Glastopf - Web Application Honeypot.
    • Laravel Application Honeypot - Simple spam prevention package for Laravel applications.
    • Nodepot - NodeJS web application honeypot.
    • Servletpot - Web application Honeypot.
    • StrutsHoneypot - Struts Apache 2 based honeypot as well as a detection module for Apache 2 servers.
    • WebTrap - Designed to create deceptive webpages to deceive and redirect attackers away from real websites.
    • basic-auth-pot (bap) - HTTP Basic Authentication honeypot.
    • bwpot - Breakable Web applications honeyPot.
    • django-admin-honeypot - Fake Django admin login screen to notify admins of attempted unauthorized access.
    • drupo - Drupal Honeypot.
    • honeyhttpd - Python-based web server honeypot builder.
    • phpmyadmin_honeypot - Simple and effective phpMyAdmin honeypot.
    • smart-honeypot - PHP Script demonstrating a smart honey pot.
    • Snare - Super Next generation Advanced Reactive honeypot.
    • Tanner - Evaluating SNARE events.
    • stack-honeypot - Inserts a trap for spam bots into responses.
    • tomcat-manager-honeypot - Honeypot that mimics Tomcat manager endpoints. Logs requests and saves attacker's WAR file for later study
    • HonnyPotter - WordPress login honeypot for collection and analysis of failed login attempts.
    • wp-smart-honeypot - WordPress plugin to reduce comment spam with a smarter honeypot.
    • wordpot - WordPress Honeypot.
    • ADBHoney - Low interaction honeypot that simulates an Android device running Android Debug Bridge (ADB) server process.
    • Ensnare - Easy to deploy Ruby honeypot.
    • HoneyPy - Low interaction honeypot.
    • Honeygrove - Multi-purpose modular honeypot based on Twisted.
    • Honeyport - Simple honeyport written in Bash and Python.
    • Honeyprint - Printer honeypot.
    • MICROS honeypot - Low interaction honeypot to detect CVE-2018-2636 in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (MICROS).
    • RDPy - Microsoft Remote Desktop Protocol (RDP) honeypot implemented in Python.
    • Tom's Honeypot - Low interaction Python honeypot.
    • WebLogic honeypot - Low interaction honeypot to detect CVE-2017-10271 in the Oracle WebLogic Server component of Oracle Fusion Middleware.
    • WhiteFace Honeypot - Twisted based honeypot for WhiteFace.
    • honeycomb_plugins - Plugin repository for Honeycomb, the honeypot framework by Cymmetria.
    • honeyntp - NTP logger/honeypot.
    • honeypot-camera - Observation camera honeypot.
    • honeypot-ftp - FTP Honeypot.
    • honeytrap - Advanced Honeypot framework written in Go that can be connected with other honeypot software.
    • pyrdp - RDP man-in-the-middle and library for Python 3 with the ability to watch connections live or after the fact.
    • DemonHunter - Low interaction honeypot server.
    • kippo_detect - Offensive component that detects the presence of the kippo honeypot.
    • Conpot - ICS/SCADA honeypot.
    • GasPot - Veeder Root Gaurdian AST, common in the oil and gas industry.
    • gridpot - Open source tools for realistic-behaving electric grid honeynets.
    • Damn Simple Honeypot (DSHP) - Honeypot framework with pluggable handlers.
    • NOVA - Uses honeypots as detectors, looks like a complete system.
    • OpenFlow Honeypot (OFPot) - Redirects traffic for unused IPs to a honeypot, built on POX.
    • OpenCanary - Modular and decentralised honeypot daemon that runs several canary versions of services that alerts when a service is (ab)used.
    • ciscoasa_honeypot - 2018-0101, a DoS and remote code execution vulnerability.
    • miniprint - A medium interaction printer honeypot.
    • Hale - Botnet command and control monitor.
    • mitmproxy - Allows traffic flows to be intercepted, inspected, modified, and replayed.
    • Sysdig - Open source, system-level exploration allows one to capture system state and activity from a running GNU/Linux instance, then save, filter, and analyze the results.
    • Honeyperl - Honeypot software based in Perl with plugins developed for many functions like : wingates, telnet, squid, smtp, etc.
    • HFlow2 - Data coalesing tool for honeynet/network analysis.
    • Conpot - Low interactive server side Industrial Control Systems honeypot.
    • Honeysink - Open source network sinkhole that provides a mechanism for detection and prevention of malicious traffic on a given network.
    • HoneyMysql - Simple Mysql honeypot project.
    • MongoDB-HoneyProxyPy - MongoDB honeypot proxy by python3.
    • Shadow Daemon - Modular Web Application Firewall / High-Interaction Honeypot for PHP, Perl, and Python apps.
    • shockpot - WebApp Honeypot for detecting Shell Shock exploit attempts.
    • HoneyPress - Python based WordPress honeypot in a Docker container.
    • Lyrebird - Modern high-interaction honeypot framework.
    • dnsMole - Analyses DNS traffic and potentionaly detect botnet command and control server activity, along with infected hosts.
    • Modern Honey Network - Multi-snort and honeypot sensor management, uses a network of VMs, small footprint SNORT installations, stealthy dionaeas, and a centralized server for management.
    • Tracexploit - Replay network packets.
    • LogAnon - Log anonymization library that helps having anonymous logs consistent between logs and network captures.
    • Honeymole - Deploy multiple sensors that redirect traffic to a centralized collection of honeypots.
    • Honeycomb - Automated signature creation using honeypots.
    • HPfriends - Honeypot data-sharing platform.
    • hpfriends - real-time social data-sharing - Presentation about HPFriends feed system
    • PHARM - Manage, report, and analyze your distributed Nepenthes instances.
    • Modern Honeynet Network - Streamlines deployment and management of secure honeypots.
    • Whireshark Extensions - Apply Snort IDS rules and signatures against packet capture files using Wireshark.
    • CWSandbox / GFI Sandbox
    • Capture-HPC-Linux
    • Capture-HPC - High interaction client honeypot (also called honeyclient).
    • HoneyC
    • HoneyWeb - Web interface created to manage and remotely share Honeyclients resources.
    • Pwnypot - High Interaction Client Honeypot.
    • Rumal - Thug's Rumāl: a Thug's dress and weapon.
    • Shelia - Client-side honeypot for attack detection.
    • Thug Distributed Task Queuing
    • Trigona
    • URLQuery
    • Deception Toolkit
    • LongTail Log Analysis @ Marist College - Analyzed SSH honeypot logs.
    • DShield Web Honeypot Project
    • Honeysnap
    • Honeywall
    • Honeeepi - Honeypot sensor on a Raspberry Pi based on a customized Raspbian OS.
    • TestDisk & PhotoRec
    • Capture BAT
    • DAVIX - The DAVIX Live CD.
    • Shiva The Spam Honeypot Tips And Tricks For Getting It Up And Running
    • Spamhole
    • spamd
    • Dockerized Thug - Dockerized [Thug](https://github.com/buffer/thug) to analyze malicious web content.
    • Quechua
    • Artemnesia VoIP
    • Kippo-Malware - Python script that will download all malicious files stored as URLs in a Kippo SSH honeypot database.
    • SMB Honeypot - High interaction SMB service honeypot capable of capturing wannacry-like Malware.
    • troje - Honeypot that runs each connection with the service within a seperate LXC container.
    • ipv6-attack-detector - Google Summer of Code 2012 project, supported by The Honeynet Project organization.
    • AMTHoneypot - Honeypot for Intel's AMT Firmware Vulnerability CVE-2017-5689.
    • Kippo2ElasticSearch - Python script to transfer data from a Kippo SSH honeypot MySQL database to an ElasticSearch instance (server or cluster).
  • Honeyd Tools

  • Network and Artifact Analysis

    • Argos - Emulator for capturing zero-day attacks.
    • COMODO automated sandbox
    • Cuckoo - Leading open source automated malware analysis system.
    • RFISandbox - PHP 5.x script sandbox built on top of [funcall](https://pecl.php.net/package/funcall).
    • Joebox Cloud - Analyzes the behavior of malicious files including PEs, PDFs, DOCs, PPTs, XLSs, APKs, URLs and MachOs on Windows, Android and Mac OS X for suspicious activities.
    • malwr.com - Free malware analysis service and community.
  • Data Tools

    • HoneyStats - Statistical view of the recorded activity on a Honeynet.
    • Kippo-Graph - Full featured script to visualize statistics from a Kippo SSH honeypot.
  • Guides