Honeypot
Explore 147 curated tools and resources
LATEST ADDITIONS
A low-interaction honeypot that simulates network services to detect and monitor potential intrusion attempts on internal networks.
The DShield Raspberry Pi Sensor is a tool that turns a Raspberry Pi into a honeypot to collect and submit security logs to the DShield project for analysis.
An Open-source intelligence (OSINT) honeypot that monitors reconnaissance attempts by threat actors and generates actionable intelligence for Blue Teamers.
A signature-based, multi-step, high interaction honeypot detection tool with support for various detection methods and protocols.
An active and aggressive honeypot tool for network security.
A project providing honeypots for embedded device vulnerabilities with support for AWS integration and JSON output.
A PHP port of Rack::Honeypot, a spam trap that detects and blocks spambots
FraudGuard is a service that provides real-time internet traffic analysis and IP tracking to help validate usage and prevent fraud.
A honeypot that emulates a Belkin N300 Home Wireless router with default setup to observe traffic
A script for extracting network metadata and fingerprints such as JA3 and HASSH from packet capture files or live network traffic.
A low-interaction honeypot that uses Dionaea as its core, providing a simple and easy-to-use interface for setting up and managing honeypots.
A configurable DNS honeypot with SQLite logging and Docker support.
An extensible and open-source system for running, monitoring, and managing honeypots with advanced features.
A honeypot for remote file inclusion (RFI) and local file inclusion (LFI) using fake URLs to catch scanning bots and malwares.
IMAP-Honey is a honeypot tool for IMAP and SMTP protocols with support for logging to console or syslog.
A toolkit that transforms PHP applications into web-based high-interaction Honeypots for monitoring and analyzing attacks.
WordPress honeypot tool running in a Docker container for monitoring access attempts.
A foundational guide for using deception against computer network adversaries using honeypots to detect adversaries before they accomplish their goals.
Helix is a versatile honeypot designed to mimic the behavior of various protocols including Kubernetes API server, HTTP, TCP, and UDP.
A PoC tool for utilizing GPT3.5 in developing an SMTP honeypot.
Modular honeypot based on Python with support for Siemens S7 protocol.
Honeytrap is a low-interaction honeypot and network security tool with various modes of operation and plugin support for catching attacks against TCP and UDP services.
SMTP honeypot tool with configurable response messages, email storage, and automatic information extraction.
Beelzebub is an advanced honeypot framework for detecting and analyzing cyber attacks, with integration options for OpenAI GPT-3 and deployment on Kubernetes using Helm.
A honeypot designed to detect and analyze malicious activities in instant messaging platforms.
WordPress plugin to reduce comment spam with a smarter honeypot.
Hived is a honeypot tool for deceiving attackers and gathering information.
Low interaction MySQL honeypot with various configuration options.
ElasticSearch honeypot to capture attempts to exploit CVE-2014-3120, with logging and daemon options.
GasPot is a honeypot simulation tool for Gas Station tanks in the oil and gas industry.
Galah is an LLM-powered web honeypot that mimics various web applications by dynamically responding to HTTP requests.
HoneyDB is a honeypot-based threat intelligence platform that provides real-time insights into attacker behavior and malicious activity on networks.
A Python web application honeypot that provides simple statistics for the Glastopf.
A Python-based honeypot service for SSH, FTP, and Telnet connections
A honeypot for malware that spreads via USB storage devices, detecting infections without further information.
Troje is a honeypot that creates a realistic environment within lxc containers to monitor and record traffic and changes to drives.
A low-interaction SSH authentication logging honeypot that logs all authentication attempts in JSON format.
Multi-honeypot platform with various honeypots and monitoring tools.
Apache 2 based honeypot for detecting and blocking Struts CVE 2017-5638 exploit with added support for content disposition filename parsing vulnerability.
A multiarch honeypot platform supporting 20+ honeypots and offering visualization options and security tools.
An SDN honeypot tool for detecting and analyzing malicious activities in Software-Defined Networking environments.
A high-interaction honeypot system supporting the Redis protocol.
HoneyDrive is the premier honeypot Linux distro with over 10 pre-installed honeypot software packages and numerous analysis tools.
A honeypot system designed to detect and analyze potential security threats
Distributed low interaction honeypot with Agent/Master design supporting various protocol handlers.
A low interaction honeypot for detecting CVE-2018-0101 vulnerability in Cisco ASA component.
A fake Django admin login screen to detect and notify admins of attempted unauthorized access
A combination of honeypot, monitoring tool, and alerting system for detecting insecure configurations.
A honeypot daemon project for processing, filtering, and redirecting incoming traffic to a sandbox environment.
A low Interaction Client honeypot designed to detect malicious websites through signature, anomaly and pattern matching techniques.
A honeypot for the Log4Shell vulnerability (CVE-2021-44228) with various detection and logging features.
A platform providing real-time threat intelligence streams and reports on internet-exposed assets to help organizations monitor and secure their attack surface.
A crawler-based low-interaction client honeypot for exposing website threats.
A medium-interaction PostgreSQL honeypot with configurable settings
An open source honeypot for NoSQL databases with support for Redis and additional features for detecting attackers and logging attack incidents.
A modified version of OpenSSH deamon forwarding commands to Cowrie for logging brute force attacks and shell interactions.
A honeypot agent for running honeypots with service and data at threatwar.com.
A webapp for displaying statistics about your kippo SSH honeypot.
A FTP honeypot tool for detecting and capturing malicious file upload attempts.
A honeypot trap for Symfony2 forms to reduce spam submissions.
Python web application honeypot with vulnerability type emulation and modular design.
A subset of the Modern Honey Network project set up to run in docker, including hpfeeds broker, cowrie honeypot, and dionaea honeypot.
A comprehensive dashboard for managing and monitoring honeypots with detailed information on attack attempts and connections.
FTP Honeypot tool with FTP + SSL-FTP features, used for catching credentials and malware files, distributing honeytoken files, and generating SSL certificates.
SHIVA: Spam Honeypot with Intelligent Virtual Analyzer for capturing and analyzing spam data.
A low-interaction honeypot for detecting and analyzing potential attacks on Android devices via ADB over TCP/IP
A simple Docker-based honeypot to detect port scanning
Maltego transform pack for analyzing and graphing Honeypots using MySQL data.
Automated signature creation using honeypots for network intrusion detection systems.
A highly interactive honeypot for observing access from attackers by building easily targeted and compromised web applications, forwarding logs to Google BigQuery for accumulation and visualization.
A hybrid honeypot framework that combines low and high interaction honeypots for network security
A low-interaction honeypot to detect and analyze attempts to exploit the CVE-2017-10271 vulnerability in Oracle WebLogic Server
Script for turning a Raspberry Pi into a Honey Pot Pi with various monitoring and logging capabilities.
A script for setting up a dionaea and kippo honeypot using Docker images.
A basic Flask-based Outlook Web App (OWA) honeypot for cybersecurity experimentation.
A honeypot that logs NTP packets into a Redis database to detect DDoS attempts.
A honeypot tool to mimic the router backdoor 'TCP32764' found in various router firmwares, providing a way to test for vulnerabilities.
Ansible role for deploying and managing Bifrozt honeypots
A low interaction Python honeypot designed to mimic various services and ports to attract attackers and log access attempts.
OpenCanary is a multi-protocol network honeypot with low resource requirements and alerting capabilities.
A honeypot system that detects and identifies attack commands, recon attempts, and download commands, mimicking a vulnerable Elasticsearch instance.
A honeypot mimicking Tomcat manager endpoints to log requests and save attacker's WAR files for analysis.
A Perl honeypot program for monitoring hostile traffic and wasting hackers' time.
A Docker container that starts a SSH honeypot and reports statistics to the SANS ISC DShield project
GHH is a honeypot tool to defend against search engine hackers using Google as a hacking tool.
Honeypot for analyzing data with customizable services and logging capabilities.
An open-source Python software for creating honeypots and honeynets securely.
A simple Elasticsearch honeypot to catch attackers exploiting RCE vulnerabilities.
A web application honeypot sensor attracting malicious traffic from the Internet
An observation camera honeypot for proof-of-concept purposes
A simple honeypot that opens a listening socket and waits for connection attempts, with configurable reply and event handling
A low interaction honeypot to detect CVE-2018-2636 in Oracle Hospitality Applications.
A spam prevention technique using hidden fields to detect and deter spam bots in Laravel applications.
A low to medium interaction honeypot with a variety of plugins for cybersecurity monitoring.
Building Honeypots for Industrial Networks using Honeyd and simulating SCADA, DCS, and PLC architectures.
A simplified UI for showing honeypot alarms for the DTAG early warning system
Emulates Docker HTTP API with event logging and AWS deployment script.
A printer honeypot PoC that simulates a printer on a network to detect and analyze potential attackers.
Repository of plugins for the Honeycomb honeypot framework
A web honeypot tool for detecting and monitoring potential attacks on phpMyAdmin installations.
A low-interaction honeypot that logs IP addresses, usernames, and passwords used by clients connecting via SSH, primarily used for gathering intelligence on brute force attacks.
A simpler version of a honeypot that looks for connections from external parties and performs a specific action, usually blacklisting.
HoneyThing is a honeypot for Internet of TR-069 things, emulating vulnerabilities and supporting TR-069 protocol.
Automated script to install and deploy a honeypot with kippo, dionaea, and p0f on Ubuntu 12.04.
A Go-based honeypot server for detecting and logging attacker activity
Port listener / honeypot in Rust with protocol guessing, safe string display and rudimentary SQLite logging.
A modular web application honeypot framework with automation and logging capabilities.
Recorded talks from Hack.lu 2018 covering various cybersecurity topics.
A low-interaction honeypot for detecting and analyzing security threats
A honeypot tool that simulates an open relay to capture and analyze spam
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Commercial
Resources
Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
Free
Resources
Kriptos
An AI-driven data classification and governance platform that automatically discovers, analyzes, and labels sensitive information while providing risk management and compliance capabilities.
Commercial
Data Protection
System Two Security
An AI-powered platform that automates threat hunting and analysis by processing cyber threat intelligence and generating customized hunt packages for SOC teams.
Commercial
Security Operations
Aikido Security
Aikido is an all-in-one security platform that combines multiple security scanning and management functions for cloud-native applications and infrastructure.
Commercial
Application Security
Permiso
Permiso is an Identity Threat Detection and Response platform that provides comprehensive visibility and protection for identities across multiple cloud environments.
Commercial
IAM
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Commercial
Cloud Security
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.
Commercial
AI Security