Explore 163 curated tools and resources
Want your tool featured here?
Get maximum visibility with pinned placement
A low-interaction honeypot that simulates network services to detect and monitor potential intrusion attempts on internal networks.
A low-interaction honeypot that simulates network services to detect and monitor potential intrusion attempts on internal networks.
The DShield Raspberry Pi Sensor is a tool that turns a Raspberry Pi into a honeypot to collect and submit security logs to the DShield project for analysis.
The DShield Raspberry Pi Sensor is a tool that turns a Raspberry Pi into a honeypot to collect and submit security logs to the DShield project for analysis.
An open-source OSINT honeypot that monitors threat actor reconnaissance attempts and generates early-warning intelligence for blue teams during the pre-attack phase.
A signature-based, multi-threaded honeypot detection tool written in Golang that identifies honeypots through crafted requests and response analysis.
HoneyFS is an LLM-powered honeypot tool that generates realistic fake file systems using GPT-3.5 to deceive attackers and enhance security analysis.
Open-source honeypot tool for detecting and analyzing malicious activities in the Apache Struts exploit.
A Splunk application that processes honeypot data from hpfeeds channels to generate clustered meta-events and visualizations for security analysis.
A Splunk application that processes honeypot data from hpfeeds channels to generate clustered meta-events and visualizations for security analysis.
A project providing honeypots for embedded device vulnerabilities with support for AWS integration and JSON output.
A PHP port of Rack::Honeypot, a spam trap that detects and blocks spambots
A PHP port of Rack::Honeypot, a spam trap that detects and blocks spambots
FraudGuard is a service that provides real-time internet traffic analysis and IP tracking to help validate usage and prevent fraud.
FraudGuard is a service that provides real-time internet traffic analysis and IP tracking to help validate usage and prevent fraud.
A honeypot that emulates a Belkin N300 Home Wireless router with default setup to observe traffic
A honeypot that emulates a Belkin N300 Home Wireless router with default setup to observe traffic
A script for extracting network metadata and fingerprints such as JA3 and HASSH from packet capture files or live network traffic.
A script for extracting network metadata and fingerprints such as JA3 and HASSH from packet capture files or live network traffic.
A low-interaction honeypot that uses Dionaea as its core, providing a simple and easy-to-use interface for setting up and managing honeypots.
Blacknet is a low interaction SSH multi-head honeypot system with logging capabilities.
A high-interaction honeypot solution for detecting and analyzing SMB-based attacks
An extensible and open-source system for running, monitoring, and managing honeypots with advanced features.
An extensible and open-source system for running, monitoring, and managing honeypots with advanced features.
A honeypot for remote file inclusion (RFI) and local file inclusion (LFI) using fake URLs to catch scanning bots and malwares.
GridPot is a honeypot framework that combines GridLAB-D, Conpot, and libiec61850 to simulate industrial control systems and detect attacks on power grid infrastructure.
IMAP-Honey is a honeypot tool for IMAP and SMTP protocols with support for logging to console or syslog.
A toolkit that transforms PHP applications into web-based high-interaction Honeypots for monitoring and analyzing attacks.
A toolkit that transforms PHP applications into web-based high-interaction Honeypots for monitoring and analyzing attacks.
WordPress honeypot tool running in a Docker container for monitoring access attempts.
A foundational guide for using deception against computer network adversaries using honeypots to detect adversaries before they accomplish their goals.
A foundational guide for using deception against computer network adversaries using honeypots to detect adversaries before they accomplish their goals.
A serverless application that creates and monitors fake HTTP endpoints as honeytokens to detect attackers, malicious insiders, and automated threats.
A serverless application that creates and monitors fake HTTP endpoints as honeytokens to detect attackers, malicious insiders, and automated threats.
Helix is a versatile honeypot designed to mimic the behavior of various protocols including Kubernetes API server, HTTP, TCP, and UDP.
Helix is a versatile honeypot designed to mimic the behavior of various protocols including Kubernetes API server, HTTP, TCP, and UDP.
A PoC tool for utilizing GPT3.5 in developing an SMTP honeypot.
Modular honeypot based on Python with support for Siemens S7 protocol.
Honeytrap is a low-interaction honeypot and network security tool with various modes of operation and plugin support for catching attacks against TCP and UDP services.
Honeytrap is a low-interaction honeypot and network security tool with various modes of operation and plugin support for catching attacks against TCP and UDP services.
SMTP honeypot tool with configurable response messages, email storage, and automatic information extraction.
SMTP honeypot tool with configurable response messages, email storage, and automatic information extraction.
Beelzebub is an advanced honeypot framework for detecting and analyzing cyber attacks, with integration options for OpenAI GPT-3 and deployment on Kubernetes using Helm.
Beelzebub is an advanced honeypot framework for detecting and analyzing cyber attacks, with integration options for OpenAI GPT-3 and deployment on Kubernetes using Helm.
A honeypot designed to detect and analyze malicious activities in instant messaging platforms.
A honeypot designed to detect and analyze malicious activities in instant messaging platforms.
WordPress plugin to reduce comment spam with a smarter honeypot.
WordPress plugin to reduce comment spam with a smarter honeypot.
TANNER is a remote data analysis service that evaluates HTTP requests and generates responses for SNARE honeypots while emulating application vulnerabilities.
Hived is a honeypot tool for deceiving attackers and gathering information.
Low interaction MySQL honeypot with various configuration options.
ElasticSearch honeypot to capture attempts to exploit CVE-2014-3120, with logging and daemon options.
Medium interaction SSH honeypot for logging brute force attacks and shell interactions.
GasPot is a honeypot simulation tool for Gas Station tanks in the oil and gas industry.
GasPot is a honeypot simulation tool for Gas Station tanks in the oil and gas industry.
Galah is an LLM-powered web honeypot that mimics various web applications by dynamically responding to HTTP requests.
HoneyDB is a honeypot-based threat intelligence platform that provides real-time insights into attacker behavior and malicious activity on networks.
HoneyDB is a honeypot-based threat intelligence platform that provides real-time insights into attacker behavior and malicious activity on networks.
A Go-based honeypot that mimics Intel's AMT management service to detect and log exploitation attempts targeting the CVE-2017-5689 firmware vulnerability.
A Go-based honeypot that mimics Intel's AMT management service to detect and log exploitation attempts targeting the CVE-2017-5689 firmware vulnerability.
A Python web application that provides statistical analysis and visualization for Glastopf honeypot data by connecting to the honeypot's SQLite database.
Ghost USB Honeypot emulates USB storage devices to detect and analyze malware that spreads via USB without requiring prior threat intelligence.
Ghost USB Honeypot emulates USB storage devices to detect and analyze malware that spreads via USB without requiring prior threat intelligence.
MiniCPS is a framework for real-time Cyber-Physical Systems simulation that supports physical process and control device simulation along with network emulation capabilities.
MiniCPS is a framework for real-time Cyber-Physical Systems simulation that supports physical process and control device simulation along with network emulation capabilities.
Troje is a honeypot that creates dynamic LXC container environments to attract and monitor attackers while recording their activities and system changes.
Troje is a honeypot that creates dynamic LXC container environments to attract and monitor attackers while recording their activities and system changes.
A low-interaction SSH authentication logging honeypot that logs all authentication attempts in JSON format.
Multi-honeypot platform with various honeypots and monitoring tools.
Syrup is a Go-based SSH honeypot that simulates SSH services with fake shells, session recording, and comprehensive logging to monitor and analyze unauthorized access attempts.
An Apache 2 based honeypot with detection capabilities specifically designed to identify and analyze Struts CVE-2017-5638 exploitation attempts.
A multiarch honeypot platform supporting 20+ honeypots and offering visualization options and security tools.
A multiarch honeypot platform supporting 20+ honeypots and offering visualization options and security tools.
An SDN honeypot tool for detecting and analyzing malicious activities in Software-Defined Networking environments.
An SDN honeypot tool for detecting and analyzing malicious activities in Software-Defined Networking environments.
HoneyDrive is the premier honeypot Linux distro with over 10 pre-installed honeypot software packages and numerous analysis tools.
HoneyDrive is the premier honeypot Linux distro with over 10 pre-installed honeypot software packages and numerous analysis tools.
A honeypot system designed to detect and analyze potential security threats
A honeypot system designed to detect and analyze potential security threats
Distributed low interaction honeypot with Agent/Master design supporting various protocol handlers.
Distributed low interaction honeypot with Agent/Master design supporting various protocol handlers.
A low interaction honeypot for detecting CVE-2018-0101 vulnerability in Cisco ASA component.
A low interaction honeypot for detecting CVE-2018-0101 vulnerability in Cisco ASA component.
A fake Django admin login screen to detect and notify admins of attempted unauthorized access
A fake Django admin login screen to detect and notify admins of attempted unauthorized access
A Java-based Bluetooth honeypot that captures and analyzes malware and attacks targeting Bluetooth-enabled devices.
A combination of honeypot, monitoring tool, and alerting system for detecting insecure configurations.
A combination of honeypot, monitoring tool, and alerting system for detecting insecure configurations.
A honeypot daemon project for processing, filtering, and redirecting incoming traffic to a sandbox environment.
A honeypot daemon project for processing, filtering, and redirecting incoming traffic to a sandbox environment.
A low interaction client honeypot that detects malicious websites using signature, anomaly and pattern matching techniques with automated URL collection and JavaScript analysis capabilities.
A low interaction client honeypot that detects malicious websites using signature, anomaly and pattern matching techniques with automated URL collection and JavaScript analysis capabilities.
A honeypot specifically designed to detect and capture Log4Shell vulnerability exploitation attempts with payload analysis and flexible logging capabilities.
A platform providing real-time threat intelligence streams and reports on internet-exposed assets to help organizations monitor and secure their attack surface.
A platform providing real-time threat intelligence streams and reports on internet-exposed assets to help organizations monitor and secure their attack surface.
A crawler-based low-interaction client honeypot for exposing website threats.
A crawler-based low-interaction client honeypot for exposing website threats.
An open source honeypot for NoSQL databases with support for Redis and additional features for detecting attackers and logging attack incidents.
An open source honeypot for NoSQL databases with support for Redis and additional features for detecting attackers and logging attack incidents.
A modified version of OpenSSH deamon forwarding commands to Cowrie for logging brute force attacks and shell interactions.
A honeypot agent for running honeypots with service and data at threatwar.com.
A honeypot agent for running honeypots with service and data at threatwar.com.
Medium interaction SSH Honeypot with multiple virtual hosts and sandboxed filesystems.
A FTP honeypot tool for detecting and capturing malicious file upload attempts.
A FTP honeypot tool for detecting and capturing malicious file upload attempts.
A honeypot trap for Symfony2 forms to reduce spam submissions.
A honeypot trap for Symfony2 forms to reduce spam submissions.
KFSensor is an advanced Windows honeypot system for detecting hackers and worms by simulating vulnerable system services.
Python web application honeypot with vulnerability type emulation and modular design.
A Docker-based honeypot network implementation featuring cowrie and dionaea honeypots with centralized event collection, geolocation enrichment, and real-time attack visualization.
A Docker-based honeypot network implementation featuring cowrie and dionaea honeypots with centralized event collection, geolocation enrichment, and real-time attack visualization.
A comprehensive dashboard for managing and monitoring honeypots with detailed information on attack attempts and connections.
A comprehensive dashboard for managing and monitoring honeypots with detailed information on attack attempts and connections.
FTP Honeypot tool with FTP + SSL-FTP features, used for catching credentials and malware files, distributing honeytoken files, and generating SSL certificates.
SHIVA: Spam Honeypot with Intelligent Virtual Analyzer for capturing and analyzing spam data.
SHIVA: Spam Honeypot with Intelligent Virtual Analyzer for capturing and analyzing spam data.
A low-interaction honeypot for detecting and analyzing potential attacks on Android devices via ADB over TCP/IP
A low-interaction honeypot for detecting and analyzing potential attacks on Android devices via ADB over TCP/IP
A simple Docker-based honeypot to detect port scanning
A honeypot system that simulates RDP services on port 3389, automatically assigns virtual machines to incoming connections, and captures comprehensive forensic data including packet captures and disk images.
Automated signature creation using honeypots for network intrusion detection systems.
Automated signature creation using honeypots for network intrusion detection systems.
A WordPress plugin that logs failed login attempts to help monitor unauthorized access attempts on WordPress websites.
A WordPress plugin that logs failed login attempts to help monitor unauthorized access attempts on WordPress websites.
Low-interaction VNC honeypot for logging responses to a static VNC Auth challenge.
BW-Pot is an interactive web application honeypot that deploys vulnerable applications to attract and monitor HTTP/HTTPS attacks, with automated logging to Google BigQuery for analysis.
BW-Pot is an interactive web application honeypot that deploys vulnerable applications to attract and monitor HTTP/HTTPS attacks, with automated logging to Google BigQuery for analysis.
A hybrid honeypot framework that combines low and high interaction honeypots for network security
A hybrid honeypot framework that combines low and high interaction honeypots for network security
A low-interaction honeypot to detect and analyze attempts to exploit the CVE-2017-10271 vulnerability in Oracle WebLogic Server
A low-interaction honeypot to detect and analyze attempts to exploit the CVE-2017-10271 vulnerability in Oracle WebLogic Server
Script for turning a Raspberry Pi into a Honey Pot Pi with various monitoring and logging capabilities.
Script for turning a Raspberry Pi into a Honey Pot Pi with various monitoring and logging capabilities.
A script for setting up a dionaea and kippo honeypot using Docker images.
A script for setting up a dionaea and kippo honeypot using Docker images.
A Flask-based honeypot that simulates Outlook Web App (OWA) environments to attract and analyze malicious activities targeting OWA systems.
Kippo is a medium interaction SSH honeypot with fake filesystem and session logging capabilities.
PhoneyC is a client-side honeypot that emulates vulnerable web browsers to detect and analyze malicious web content and browser-based exploits.
PhoneyC is a client-side honeypot that emulates vulnerable web browsers to detect and analyze malicious web content and browser-based exploits.
HellPot is an endless honeypot that traps malicious HTTP bots by sending them infinite streams of generated content to exhaust their resources.
Honeyntp is an NTP honeypot and logging tool that captures NTP packets into a Redis database to detect DDoS attacks and monitor network time protocol traffic.
A honeypot tool to mimic the router backdoor 'TCP32764' found in various router firmwares, providing a way to test for vulnerabilities.
An Ansible role that automates the deployment and management of Bifrozt honeypots for network security monitoring.
An Ansible role that automates the deployment and management of Bifrozt honeypots for network security monitoring.
A low interaction Python honeypot designed to mimic various services and ports to attract attackers and log access attempts.
A low interaction Python honeypot designed to mimic various services and ports to attract attackers and log access attempts.
OpenCanary is a multi-protocol network honeypot with low resource requirements and alerting capabilities.
OpenCanary is a multi-protocol network honeypot with low resource requirements and alerting capabilities.
A honeypot system that detects and identifies attack commands, recon attempts, and download commands, mimicking a vulnerable Elasticsearch instance.
A honeypot system that detects and identifies attack commands, recon attempts, and download commands, mimicking a vulnerable Elasticsearch instance.
HpfeedsHoneyGraph is a visualization application that creates graphical representations of hpfeeds logs to aid cybersecurity analysis of honeypot data.
HpfeedsHoneyGraph is a visualization application that creates graphical representations of hpfeeds logs to aid cybersecurity analysis of honeypot data.
A honeypot mimicking Tomcat manager endpoints to log requests and save attacker's WAR files for analysis.
A honeypot mimicking Tomcat manager endpoints to log requests and save attacker's WAR files for analysis.
A Perl honeypot program for monitoring hostile traffic and wasting hackers' time.
A Perl honeypot program for monitoring hostile traffic and wasting hackers' time.
A nodejs web application honeypot designed for small environments like Raspberry Pi to capture and analyze malicious web-based attacks.
A Docker container that starts a SSH honeypot and reports statistics to the SANS ISC DShield project
A Docker container that starts a SSH honeypot and reports statistics to the SANS ISC DShield project
GHH is a honeypot tool to defend against search engine hackers using Google as a hacking tool.
GHH is a honeypot tool to defend against search engine hackers using Google as a hacking tool.
Honeypot for analyzing data with customizable services and logging capabilities.
Honeypot for analyzing data with customizable services and logging capabilities.
An open-source Python software for creating honeypots and honeynets securely.
An open-source Python software for creating honeypots and honeynets securely.
A simple Elasticsearch honeypot to catch attackers exploiting RCE vulnerabilities.
A simple Elasticsearch honeypot to catch attackers exploiting RCE vulnerabilities.
A web application honeypot sensor attracting malicious traffic from the Internet
An observation camera honeypot for proof-of-concept purposes
A simple honeypot that opens a listening socket and waits for connection attempts, with configurable reply and event handling
A simple honeypot that opens a listening socket and waits for connection attempts, with configurable reply and event handling
cowrie2neo parses Cowrie honeypot logs and imports the data into Neo4j databases for graph-based analysis and visualization of honeypot interactions.
A low interaction honeypot to detect CVE-2018-2636 in Oracle Hospitality Applications.
A low interaction honeypot to detect CVE-2018-2636 in Oracle Hospitality Applications.
A spam prevention technique using hidden fields to detect and deter spam bots in Laravel applications.
A spam prevention technique using hidden fields to detect and deter spam bots in Laravel applications.
A low to medium interaction honeypot with a variety of plugins for cybersecurity monitoring.
Building Honeypots for Industrial Networks using Honeyd and simulating SCADA, DCS, and PLC architectures.
Building Honeypots for Industrial Networks using Honeyd and simulating SCADA, DCS, and PLC architectures.
A Python telnet honeypot that emulates shell environments to capture and analyze IoT malware and botnet binaries through automated detection mechanisms.
A Python telnet honeypot that emulates shell environments to capture and analyze IoT malware and botnet binaries through automated detection mechanisms.
A low-interaction SSH honeypot written in C that simulates SSH services to capture and log unauthorized access attempts.
A low-interaction SSH honeypot written in C that simulates SSH services to capture and log unauthorized access attempts.
A simplified UI for showing honeypot alarms for the DTAG early warning system
A simplified UI for showing honeypot alarms for the DTAG early warning system
Emulates Docker HTTP API with event logging and AWS deployment script.
Emulates Docker HTTP API with event logging and AWS deployment script.
A simple Telnet honeypot program that logs login attempts and credentials from botnet attacks, specifically designed to track Mirai botnet activity.
A honeypot that simulates an exposed networked printer using PJL protocol to capture and log attacker interactions through a virtual filesystem.
A web-based visualization tool that displays statistics and generates charts from Shockpot honeypot data stored in PostgreSQL databases.
A web-based visualization tool that displays statistics and generates charts from Shockpot honeypot data stored in PostgreSQL databases.
A printer honeypot PoC that simulates a printer on a network to detect and analyze potential attackers.
A printer honeypot PoC that simulates a printer on a network to detect and analyze potential attackers.
A plugin repository that extends the Honeycomb honeypot framework with additional features and capabilities for enhanced threat detection and analysis.
A plugin repository that extends the Honeycomb honeypot framework with additional features and capabilities for enhanced threat detection and analysis.
A command-line tool for analyzing Cowrie honeypot log files over time, generating statistics and visualizations from local or remote log data.
A low-interaction SSH honeypot that logs connection attempts, usernames, and passwords without allowing actual login access.
A low-interaction SSH honeypot that logs connection attempts, usernames, and passwords without allowing actual login access.
A simpler version of a honeypot that looks for connections from external parties and performs a specific action, usually blacklisting.
HoneyThing is a honeypot for Internet of TR-069 things, emulating vulnerabilities and supporting TR-069 protocol.
HoneyThing is a honeypot for Internet of TR-069 things, emulating vulnerabilities and supporting TR-069 protocol.
Ensnare is a Ruby on Rails gem that deploys honey traps and automated responses to detect and interfere with malicious behavior in web applications.
Automated script to install and deploy a honeypot with kippo, dionaea, and p0f on Ubuntu 12.04.
Automated script to install and deploy a honeypot with kippo, dionaea, and p0f on Ubuntu 12.04.
A Go-based honeypot server for detecting and logging attacker activity
DDoSPot is a plugin-based honeypot platform that tracks UDP-based DDoS attacks and generates daily blacklists of potential attackers and scanners.
Port listener / honeypot in Rust with protocol guessing, safe string display and rudimentary SQLite logging.
Port listener / honeypot in Rust with protocol guessing, safe string display and rudimentary SQLite logging.
A modular web application honeypot framework with automation and logging capabilities.
Recorded talks from Hack.lu 2018 covering various cybersecurity topics.
Recorded talks from Hack.lu 2018 covering various cybersecurity topics.
A low-interaction honeypot for detecting and analyzing security threats
A honeypot tool that simulates an open relay to capture and analyze spam
A honeypot tool that simulates an open relay to capture and analyze spam
A Python script that detects and removes Thinkst Canary Tokens from files using signature-based detection methods.
A Python script that detects and removes Thinkst Canary Tokens from files using signature-based detection methods.