https://github.com/mariocandela/beelzebub
A secure low code honeypot framework, leveraging LLM for System Virtualization.
https://github.com/mariocandela/beelzebub
cloudnative cloudsecurity cybersecurity deception framework go golang honeypot kubernetes llama3 llm llm-honeypot llm-security low-code ollama openai research research-project security whitehat
Last synced: 11 days ago
JSON representation
A secure low code honeypot framework, leveraging LLM for System Virtualization.
- Host: GitHub
- URL: https://github.com/mariocandela/beelzebub
- Owner: mariocandela
- License: gpl-3.0
- Created: 2022-05-08T18:47:02.000Z (about 3 years ago)
- Default Branch: main
- Last Pushed: 2025-05-06T06:28:10.000Z (20 days ago)
- Last Synced: 2025-05-08T20:52:15.671Z (17 days ago)
- Topics: cloudnative, cloudsecurity, cybersecurity, deception, framework, go, golang, honeypot, kubernetes, llama3, llm, llm-honeypot, llm-security, low-code, ollama, openai, research, research-project, security, whitehat
- Language: Go
- Homepage: https://beelzebub-honeypot.com
- Size: 346 KB
- Stars: 1,066
- Watchers: 15
- Forks: 79
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- Changelog: historystore/history_store.go
- Contributing: CONTRIBUTING.md
- Funding: .github/FUNDING.yml
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
- Security: SECURITY.md
Awesome Lists containing this project
- awesome-go - beelzebub - A secure low code honeypot framework, leveraging AI for System Virtualization. (Security / HTTP Clients)
- awesome-gpt-security - beelzebub - Go-Based Low-Code Honeypot Framework with Enhanced Security, Leveraging GPT-3 for System Virtualization (Tools / Investigation)
- awesome-chatgpt - Beelzebub - Secure honeypot framework. (Web apps / Self-hosted)
- fucking-awesome-chatgpt - Beelzebub ChatGPT Honeypot
- awesome-chatgpt - Beelzebub ChatGPT Honeypot
- awesome-chatgpt - Beelzebub ChatGPT Honeypot
- awesome-chatgpt - mariocandela/beelzebub - Go based low code Honeypot Framework with Enhanced Security, leveraging OpenAI GPT for System Virtualization (Channel Resources / GitHub Projects)
- awesome-chatgpt - beelzebub
- awesome-chatgpt-zh - Beelzebub ChatGPT 蜜罐
- awesome-chatgpt - Beelzebub - Secure honeypot framework. (Web apps / Self-hosted)
- awesome-gpt - Beelzebub ChatGPT Honeypot
- Awesome-ChatGPT - Beelzebub ChatGPT Honeypot
- awesome-chatgpt-resources - beelzebub
- awesome-chatgpt-resources - beelzebub
- awesome-go - beelzebub - A secure low code honeypot framework, leveraging AI for System Virtualization. Stars:`1.1K`. (Security / HTTP Clients)
- awesome-chatgpt - mariocandela/beelzebub - Beelzebub is a secure low-code honeypot framework leveraging large language models for system virtualization to detect and analyze cyber attacks with AI-driven interaction. (SDK, Libraries, Frameworks / Golang library, sdk or frameworks)
README
# Beelzebub
[](https://github.com/mariocandela/beelzebub/actions/workflows/ci.yml) [](https://github.com/mariocandela/beelzebub/actions/workflows/docker-image.yml) [](https://github.com/mariocandela/beelzebub/actions/workflows/codeql.yml)
[](https://goreportcard.com/report/github.com/mariocandela/beelzebub/v3)
[](https://codecov.io/gh/mariocandela/beelzebub)
[](https://pkg.go.dev/github.com/mariocandela/beelzebub/v3)
[](https://github.com/avelino/awesome-go)
## Overview
Beelzebub is an advanced honeypot framework designed to provide a highly secure environment for detecting and analyzing cyber attacks. It offers a low code approach for easy implementation and uses AI to mimic the behavior of a high-interaction honeypot.
## LLM Honeypot
[](https://asciinema.org/a/665295)
## Telegram Bot for Real-Time Attacks
Stay updated on real-time attacks by joining our dedicated Telegram channel: [Telegram Channel](https://t.me/beelzebubhoneypot)
## Examples
To better understand the capabilities of Beelzebub, you can explore our example repository: [mariocandela/beelzebub-example](https://github.com/mariocandela/beelzebub-example)
## Quick Start
We provide two quick start options for build and run Beelzebub: using Docker Compose or the Go compiler.
### Using Docker Compose
1. Build the Docker images:
```bash
$ docker-compose build
```
2. Start Beelzebub in detached mode:
```bash
$ docker-compose up -d
```
### Using Go Compiler
1. Download the necessary Go modules:
```bash
$ go mod download
```
2. Build the Beelzebub executable:
```bash
$ go build
```
3. Run Beelzebub:
```bash
$ ./beelzebub
```
### Deploy on kubernetes cluster using helm
1. Install helm
2. Deploy beelzebub:
```bash
$ helm install beelzebub ./beelzebub-chart
```
3. Next release
```bash
$ helm upgrade beelzebub ./beelzebub-chart
```
## Testing
We provide two types of tests: unit tests and integration tests.
### Unit Tests
To run unit tests:
```bash
$ make test.unit
```
### Integration Tests
To run integration tests:
```bash
$ make test.dependencies.start
$ make test.integration
$ make test.dependencies.down
```
## Key Features
Beelzebub offers a wide range of features to enhance your honeypot environment:
- Support for Ollama
- Support for OpenAI
- SSH Honeypot
- HTTP Honeypot
- TCP Honeypot
- Prometheus openmetrics integration
- Docker integration
- RabbitMQ integration
- kubernetes
## Example Configuration
Beelzebub allows easy configuration for different services and ports. Simply create a new file for each service/port within the `/configurations/services` directory.
To execute Beelzebub with your custom path, use the following command:
```bash
$ ./beelzebub --confCore ./configurations/beelzebub.yaml --confServices ./configurations/services/
```
Here are some example configurations for different honeypot scenarios:
#### Example HTTP Honeypot on Port 80
###### http-80.yaml
```yaml
apiVersion: "v1"
protocol: "http"
address: ":80"
description: "Wordpress 6.0"
commands:
- regex: "^(/index.php|/index.html|/)$"
handler:
Wordpress 6 test page
Hello from Wordpress
headers:
- "Content-Type: text/html"
- "Server: Apache/2.4.53 (Debian)"
- "X-Powered-By: PHP/7.4.29"
statusCode: 200
- regex: "^(/wp-login.php|/wp-admin)$"
handler:
Wordpress 6 test page
Username
Password
Login
headers:
- "Content-Type: text/html"
- "Server: Apache/2.4.53 (Debian)"
- "X-Powered-By: PHP/7.4.29"
statusCode: 200
- regex: "^.*$"
handler:
404
Not found!
headers:
- "Content-Type: text/html"
- "Server: Apache/2.4.53 (Debian)"
- "X-Powered-By: PHP/7.4.29"
statusCode: 404
```
#### Example HTTP Honeypot on Port 8080
###### http-8080.yaml
```yaml
apiVersion: "v1"
protocol: "http"
address: ":8080"
description: "Apache 401"
commands:
- regex: ".*"
handler: "Unauthorized"
headers:
- "www-Authenticate: Basic"
- "server: Apache"
statusCode: 401
```
#### Example SSH Honeypot
###### LLM Honeypots
Follow a SSH LLM Honeypot using OpenAI as provider LLM:
```yaml
apiVersion: "v1"
protocol: "ssh"
address: ":2222"
description: "SSH interactive OpenAI GPT-4"
commands:
- regex: "^(.+)$"
plugin: "LLMHoneypot"
serverVersion: "OpenSSH"
serverName: "ubuntu"
passwordRegex: "^(root|qwerty|Smoker666|123456|jenkins|minecraft|sinus|alex|postgres|Ly123456)$"
deadlineTimeoutSeconds: 60
plugin:
llmProvider: "openai"
llmModel: "gpt-4o" #Models https://platform.openai.com/docs/models
openAISecretKey: "sk-proj-123456"
```
Examples with local Ollama instance using model codellama:7b:
```yaml
apiVersion: "v1"
protocol: "ssh"
address: ":2222"
description: "SSH Ollama Llama3"
commands:
- regex: "^(.+)$"
plugin: "LLMHoneypot"
serverVersion: "OpenSSH"
serverName: "ubuntu"
passwordRegex: "^(root|qwerty|Smoker666|123456|jenkins|minecraft|sinus|alex|postgres|Ly123456)$"
deadlineTimeoutSeconds: 60
plugin:
llmProvider: "ollama"
llmModel: "codellama:7b" #Models https://ollama.com/search
host: "http://example.com/api/chat" #default http://localhost:11434/api/chat
```
Example with custom prompt:
```yaml
apiVersion: "v1"
protocol: "ssh"
address: ":2222"
description: "SSH interactive OpenAI GPT-4"
commands:
- regex: "^(.+)$"
plugin: "LLMHoneypot"
serverVersion: "OpenSSH"
serverName: "ubuntu"
passwordRegex: "^(root|qwerty|Smoker666|123456|jenkins|minecraft|sinus|alex|postgres|Ly123456)$"
deadlineTimeoutSeconds: 60
plugin:
llmProvider: "openai"
llmModel: "gpt-4o"
openAISecretKey: "sk-proj-123456"
prompt: "You will act as an Ubuntu Linux terminal. The user will type commands, and you are to reply with what the terminal should show. Your responses must be contained within a single code block."
```
###### SSH Honeypot on Port 22
###### ssh-22.yaml
```yaml
apiVersion: "v1"
protocol: "ssh"
address: ":22"
description: "SSH interactive"
commands:
- regex: "^ls$"
handler: "Documents Images Desktop Downloads .m2 .kube .ssh .docker"
- regex: "^pwd$"
handler: "/home/"
- regex: "^uname -m$"
handler: "x86_64"
- regex: "^docker ps$"
handler: "CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES"
- regex: "^docker .*$"
handler: "Error response from daemon: dial unix docker.raw.sock: connect: connection refused"
- regex: "^uname$"
handler: "Linux"
- regex: "^ps$"
handler: "PID TTY TIME CMD\n21642 ttys000 0:00.07 /bin/dockerd"
- regex: "^(.+)$"
handler: "command not found"
serverVersion: "OpenSSH"
serverName: "ubuntu"
passwordRegex: "^(root|qwerty|Smoker666)$"
deadlineTimeoutSeconds: 60
```
## Roadmap
Our future plans for Beelzebub include developing it into a robust PaaS platform.
## Contributing
The Beelzebub team welcomes contributions and project participation. Whether you want to report bugs, contribute new features, or have any questions, please refer to our [Contributor Guide](CONTRIBUTING.md) for detailed information. We encourage all participants and maintainers to adhere to our [Code of Conduct](CODE_OF_CONDUCT.md) and foster a supportive and respectful community.
Happy hacking!
## License
Beelzebub is licensed under the [MIT License](LICENSE).
## Supported by
[](https://jb.gg/OpenSourceSupport)
