146 tools and resources
The DShield Raspberry Pi Sensor is a tool that turns a Raspberry Pi into a honeypot to collect and submit security logs to the DShield project for analysis.
An Open-source intelligence (OSINT) honeypot that monitors reconnaissance attempts by threat actors and generates actionable intelligence for Blue Teamers.
A signature-based, multi-step, high interaction honeypot detection tool with support for various detection methods and protocols.
An LLM-based honeypot file system creator that generates realistic file systems and configurations to lure attackers and improve analyst engagement.
An active and aggressive honeypot tool for network security.
Open-source honeypot tool for detecting and analyzing malicious activities in the Apache Struts exploit.
A project providing honeypots for embedded device vulnerabilities with support for AWS integration and JSON output.
A PHP port of Rack::Honeypot, a spam trap that detects and blocks spambots
FraudGuard is a service that provides real-time internet traffic analysis and IP tracking to help validate usage and prevent fraud.
A honeypot that emulates a Belkin N300 Home Wireless router with default setup to observe traffic
A script for extracting network metadata and fingerprints such as JA3 and HASSH from packet capture files or live network traffic.
A low-interaction honeypot that uses Dionaea as its core, providing a simple and easy-to-use interface for setting up and managing honeypots.
A configurable DNS honeypot with SQLite logging and Docker support.
Blacknet is a low interaction SSH multi-head honeypot system with logging capabilities.
A high-interaction honeypot solution for detecting and analyzing SMB-based attacks
An extensible and open-source system for running, monitoring, and managing honeypots with advanced features.
A honeypot for remote file inclusion (RFI) and local file inclusion (LFI) using fake URLs to catch scanning bots and malwares.
IMAP-Honey is a honeypot tool for IMAP and SMTP protocols with support for logging to console or syslog.
A toolkit that transforms PHP applications into web-based high-interaction Honeypots for monitoring and analyzing attacks.
WordPress honeypot tool running in a Docker container for monitoring access attempts.
A foundational guide for using deception against computer network adversaries using honeypots to detect adversaries before they accomplish their goals.
Helix is a versatile honeypot designed to mimic the behavior of various protocols including Kubernetes API server, HTTP, TCP, and UDP.
Detects Kippo SSH honeypot instances externally
A PoC tool for utilizing GPT3.5 in developing an SMTP honeypot.
Tango is a set of scripts and Splunk apps for deploying honeypots with ease.
Modular honeypot based on Python with support for Siemens S7 protocol.
Honeytrap is a low-interaction honeypot and network security tool with various modes of operation and plugin support for catching attacks against TCP and UDP services.
A simple honeypot that collects credentials across various protocols
SMTP honeypot tool with configurable response messages, email storage, and automatic information extraction.
Beelzebub is an advanced honeypot framework for detecting and analyzing cyber attacks, with integration options for OpenAI GPT-3 and deployment on Kubernetes using Helm.
A honeypot designed to detect and analyze malicious activities in instant messaging platforms.
WordPress plugin to reduce comment spam with a smarter honeypot.
Hived is a honeypot tool for deceiving attackers and gathering information.
Low interaction MySQL honeypot with various configuration options.
ElasticSearch honeypot to capture attempts to exploit CVE-2014-3120, with logging and daemon options.
Medium interaction SSH honeypot for logging brute force attacks and shell interactions.
GasPot is a honeypot simulation tool for Gas Station tanks in the oil and gas industry.
Galah is an LLM-powered web honeypot that mimics various web applications by dynamically responding to HTTP requests.
HoneyDB is a honeypot-based threat intelligence platform that provides real-time insights into attacker behavior and malicious activity on networks.
A Python web application honeypot that provides simple statistics for the Glastopf.
SMTP Honeypot with custom modules for different modes of operation.
A Python-based honeypot service for SSH, FTP, and Telnet connections
A honeypot for malware that spreads via USB storage devices, detecting infections without further information.
A honeypot installation for Drupal that supports Go modules and mimics different versions of Drupal.
Troje is a honeypot that creates a realistic environment within lxc containers to monitor and record traffic and changes to drives.
A low-interaction SSH authentication logging honeypot that logs all authentication attempts in JSON format.
Multi-honeypot platform with various honeypots and monitoring tools.
SSH honeypot with rich features for recording and analyzing malicious activities.
High-interaction SSH honeypot for logging SSH proxy with ongoing development.
Apache 2 based honeypot for detecting and blocking Struts CVE 2017-5638 exploit with added support for content disposition filename parsing vulnerability.
A multiarch honeypot platform supporting 20+ honeypots and offering visualization options and security tools.
An SDN honeypot tool for detecting and analyzing malicious activities in Software-Defined Networking environments.
A high-interaction honeypot system supporting the Redis protocol.
HoneyDrive is the premier honeypot Linux distro with over 10 pre-installed honeypot software packages and numerous analysis tools.
A honeypot system designed to detect and analyze potential security threats
Distributed low interaction honeypot with Agent/Master design supporting various protocol handlers.
An easy to set up SSH honeypot for logging SSH connections and activity.
A low interaction honeypot for detecting CVE-2018-0101 vulnerability in Cisco ASA component.
A fake Django admin login screen to detect and notify admins of attempted unauthorized access
Bluetooth Honeypot with monitoring capabilities
A combination of honeypot, monitoring tool, and alerting system for detecting insecure configurations.
A honeypot daemon project for processing, filtering, and redirecting incoming traffic to a sandbox environment.
A low Interaction Client honeypot designed to detect malicious websites through signature, anomaly and pattern matching techniques.
A honeypot for the Log4Shell vulnerability (CVE-2021-44228) with various detection and logging features.
A platform providing real-time threat intelligence streams and reports on internet-exposed assets to help organizations monitor and secure their attack surface.
A crawler-based low-interaction client honeypot for exposing website threats.
A medium-interaction PostgreSQL honeypot with configurable settings
SSHoney is an SSH honeypot for logging SSH connection attempts.
An open source honeypot for NoSQL databases with support for Redis and additional features for detecting attackers and logging attack incidents.
A modified version of OpenSSH deamon forwarding commands to Cowrie for logging brute force attacks and shell interactions.
A honeypot agent for running honeypots with service and data at threatwar.com.
Medium interaction SSH Honeypot with multiple virtual hosts and sandboxed filesystems.
A webapp for displaying statistics about your kippo SSH honeypot.
A FTP honeypot tool for detecting and capturing malicious file upload attempts.
A honeypot trap for Symfony2 forms to reduce spam submissions.
KFSensor is an advanced Windows honeypot system for detecting hackers and worms by simulating vulnerable system services.
A honeypot for the SSH Service
Python web application honeypot with vulnerability type emulation and modular design.
A subset of the Modern Honey Network project set up to run in docker, including hpfeeds broker, cowrie honeypot, and dionaea honeypot.
A comprehensive dashboard for managing and monitoring honeypots with detailed information on attack attempts and connections.
FTP Honeypot tool with FTP + SSL-FTP features, used for catching credentials and malware files, distributing honeytoken files, and generating SSL certificates.
SHIVA: Spam Honeypot with Intelligent Virtual Analyzer for capturing and analyzing spam data.
A low-interaction honeypot for detecting and analyzing potential attacks on Android devices via ADB over TCP/IP
Docker-based honeypot setup with detailed installation and configuration instructions.
A simple Docker-based honeypot to detect port scanning
Maltego transform pack for analyzing and graphing Honeypots using MySQL data.
Automated signature creation using honeypots for network intrusion detection systems.
A honeypot tool emulating HL7 / FHIR protocols with various installation and customization options.
Low-interaction VNC honeypot for logging responses to a static VNC Auth challenge.
A highly interactive honeypot for observing access from attackers by building easily targeted and compromised web applications, forwarding logs to Google BigQuery for accumulation and visualization.
A hybrid honeypot framework that combines low and high interaction honeypots for network security
A low-interaction SSH honeypot tool for recording authentication attempts.
A low-interaction honeypot to detect and analyze attempts to exploit the CVE-2017-10271 vulnerability in Oracle WebLogic Server
Script for turning a Raspberry Pi into a Honey Pot Pi with various monitoring and logging capabilities.
A script for setting up a dionaea and kippo honeypot using Docker images.
A basic Flask-based Outlook Web App (OWA) honeypot for cybersecurity experimentation.
High interaction honeypot solution for Linux systems with data control and integrity features.
Kippo is a medium interaction SSH honeypot with fake filesystem and session logging capabilities.
HellPot is an endless honeypot that sends unruly HTTP bots to hell with grave consequences.
A honeypot system that allows you to set up a decoy API to detect and analyze potential security threats.
A honeypot that logs NTP packets into a Redis database to detect DDoS attempts.
A honeypot tool to mimic the router backdoor 'TCP32764' found in various router firmwares, providing a way to test for vulnerabilities.
bap is a webservice honeypot that logs HTTP basic authentication credentials.
Ansible role for deploying and managing Bifrozt honeypots
A low interaction Python honeypot designed to mimic various services and ports to attract attackers and log access attempts.
OpenCanary is a multi-protocol network honeypot with low resource requirements and alerting capabilities.
A honeypot system that detects and identifies attack commands, recon attempts, and download commands, mimicking a vulnerable Elasticsearch instance.
A honeypot mimicking Tomcat manager endpoints to log requests and save attacker's WAR files for analysis.
A Perl honeypot program for monitoring hostile traffic and wasting hackers' time.
A nodejs web application honeypot designed for small environments.
Honeypot tool with bug-catching capabilities and support for multiple protocols.
A Docker container that starts a SSH honeypot and reports statistics to the SANS ISC DShield project
GHH is a honeypot tool to defend against search engine hackers using Google as a hacking tool.
Honeypot for analyzing data with customizable services and logging capabilities.
An open-source Python software for creating honeypots and honeynets securely.
A simple Elasticsearch honeypot to catch attackers exploiting RCE vulnerabilities.
A web application honeypot sensor attracting malicious traffic from the Internet
An observation camera honeypot for proof-of-concept purposes
A simple SSH honeypot written in Golang with a Persian-inspired name.
A simple honeypot that opens a listening socket and waits for connection attempts, with configurable reply and event handling
Parse Cowrie honeypot logs into a Neo4j database.
A low interaction honeypot to detect CVE-2018-2636 in Oracle Hospitality Applications.
A spam prevention technique using hidden fields to detect and deter spam bots in Laravel applications.
A low to medium interaction honeypot with a variety of plugins for cybersecurity monitoring.
Building Honeypots for Industrial Networks using Honeyd and simulating SCADA, DCS, and PLC architectures.
Python telnet honeypot for catching botnet binaries
A low-interaction SSH honeypot written in C
A simplified UI for showing honeypot alarms for the DTAG early warning system
Uploader honeypot designed to look like poor website security.
Emulates Docker HTTP API with event logging and AWS deployment script.
A honeypot tool with RDP and VNC feed support.
A printer honeypot PoC that simulates a printer on a network to detect and analyze potential attackers.
Repository of plugins for the Honeycomb honeypot framework
A web honeypot tool for detecting and monitoring potential attacks on phpMyAdmin installations.
A low-interaction honeypot that logs IP addresses, usernames, and passwords used by clients connecting via SSH, primarily used for gathering intelligence on brute force attacks.
A simpler version of a honeypot that looks for connections from external parties and performs a specific action, usually blacklisting.
HoneyThing is a honeypot for Internet of TR-069 things, emulating vulnerabilities and supporting TR-069 protocol.
Automated script to install and deploy a honeypot with kippo, dionaea, and p0f on Ubuntu 12.04.
A Go-based honeypot server for detecting and logging attacker activity
Honeypot platform for tracking and monitoring UDP-based DDoS attacks with support for various honeypot services.
Port listener / honeypot in Rust with protocol guessing, safe string display and rudimentary SQLite logging.
A modular web application honeypot framework with automation and logging capabilities.
Recorded talks from Hack.lu 2018 covering various cybersecurity topics.
A low-interaction honeypot for detecting and analyzing security threats
A honeypot tool that simulates an open relay to capture and analyze spam
