Attack Detection

Honeyntp is an NTP honeypot and logging tool that captures NTP packets into a Redis database to detect DDoS attacks and monitor network time protocol traffic.

A honeypot system that detects and identifies attack commands, recon attempts, and download commands, mimicking a vulnerable Elasticsearch instance.

A nodejs web application honeypot designed for small environments like Raspberry Pi to capture and analyze malicious web-based attacks.

An open source DDoS protection system that uses distributed algorithms to defend against multi-vector attacks and scale to handle varying bandwidth requirements for network operators and service providers.

A simple Telnet honeypot program that logs login attempts and credentials from botnet attacks, specifically designed to track Mirai botnet activity.

A honeypot that simulates an exposed networked printer using PJL protocol to capture and log attacker interactions through a virtual filesystem.

A plugin repository that extends the Honeycomb honeypot framework with additional features and capabilities for enhanced threat detection and analysis.

A low-interaction SSH honeypot that logs connection attempts, usernames, and passwords without allowing actual login access.

Ensnare is a Ruby on Rails gem that deploys honey traps and automated responses to detect and interfere with malicious behavior in web applications.

A Go-based honeypot server for detecting and logging attacker activity

DDoSPot is a plugin-based honeypot platform that tracks UDP-based DDoS attacks and generates daily blacklists of potential attackers and scanners.