Docker

Terrascan is a static code analyzer that scans Infrastructure as Code for security misconfigurations and compliance violations across multiple cloud platforms and container environments.

Automatically curate open-source Yara rules and run scans with YAYA.

Strelka is a real-time, container-based file scanning system that performs file extraction and metadata collection at enterprise scale for threat hunting, detection, and incident response.

A Docker-based honeypot network implementation featuring cowrie and dionaea honeypots with centralized event collection, geolocation enrichment, and real-time attack visualization.

A framework for analyzing container images, running scripts inside containers, and gathering information for static analysis and policy enforcement.

Mobile Audit is a Docker-based SAST and malware analysis tool that performs comprehensive security analysis of Android APK files, including vulnerability detection, certificate verification, and Virus Total integration.

Docker-based honeypot setup with detailed installation and configuration instructions.

A simple Docker-based honeypot to detect port scanning

A Docker security analysis tool that scans containers and networks to identify vulnerabilities and security weaknesses in Docker environments.

A honeypot tool emulating HL7 / FHIR protocols with various installation and customization options.

Passive Network Audit Framework (PNAF) v0.1.2 provides passive network auditing capabilities and is now a project of COSMIC-Chapter of The Honeynet Project.

BW-Pot is an interactive web application honeypot that deploys vulnerable applications to attract and monitor HTTP/HTTPS attacks, with automated logging to Google BigQuery for analysis.

A Python library for interacting with TAXII servers

Research project on bypassing default Falco ruleset with Dockerfile for sshayb/fuber:latest image.

A script for setting up a dionaea and kippo honeypot using Docker images.

Buildah is a command-line tool for building and managing container images in OCI and Docker formats without requiring a running daemon.

Sysdig is a universal system visibility tool that provides deep monitoring and analysis capabilities for traditional systems and containerized environments through system call tracing and network activity monitoring.

Cross-platform HTTP honeypot that traps bots with infinite data streams

Aggregator of FireHOL IP lists with HTTP-based API service and Python client package.

Fake SSH server that sends push notifications for login attempts

Exploit that launches a process on the host from within a Docker container run with the --privileged flag by abusing the Linux cgroup v1 “notification on release” feature.

A collection of tips and tricks for container and container orchestration hacking and security testing.

A Docker MultiStage build implementation that integrates CVE scanning into Alpine Linux container builds using Docker 17.05's build-time vulnerability assessment capabilities.

BunkerWeb is a next-generation and open-source Web Application Firewall (WAF) with seamless integration and user-friendly customization options.