Honeypot
Explore 153 curated tools and resources
Search by name, description, or purpose... (⌘+K)
PINNED
Promoted • 7 toolsCommercial
Data Protection
Commercial
Network Security
Commercial
Consulting
Commercial
Vulnerability Management
Commercial
Application Security
Commercial
Cloud Security
Commercial
Application Security
Want your tool featured here?
Get maximum visibility with pinned placement
LATEST ADDITIONS
A low-interaction honeypot that simulates network services to detect and monitor potential intrusion attempts on internal networks.
A low-interaction honeypot that simulates network services to detect and monitor potential intrusion attempts on internal networks.
The DShield Raspberry Pi Sensor is a tool that turns a Raspberry Pi into a honeypot to collect and submit security logs to the DShield project for analysis.
The DShield Raspberry Pi Sensor is a tool that turns a Raspberry Pi into a honeypot to collect and submit security logs to the DShield project for analysis.
An Open-source intelligence (OSINT) honeypot that monitors reconnaissance attempts by threat actors and generates actionable intelligence for Blue Teamers.
A signature-based, multi-step, high interaction honeypot detection tool with support for various detection methods and protocols.
An LLM-based honeypot file system creator that generates realistic file systems and configurations to lure attackers and improve analyst engagement.
Open-source honeypot tool for detecting and analyzing malicious activities in the Apache Struts exploit.
A project providing honeypots for embedded device vulnerabilities with support for AWS integration and JSON output.
A PHP port of Rack::Honeypot, a spam trap that detects and blocks spambots
A PHP port of Rack::Honeypot, a spam trap that detects and blocks spambots
FraudGuard is a service that provides real-time internet traffic analysis and IP tracking to help validate usage and prevent fraud.
FraudGuard is a service that provides real-time internet traffic analysis and IP tracking to help validate usage and prevent fraud.
A honeypot that emulates a Belkin N300 Home Wireless router with default setup to observe traffic
A honeypot that emulates a Belkin N300 Home Wireless router with default setup to observe traffic
A script for extracting network metadata and fingerprints such as JA3 and HASSH from packet capture files or live network traffic.
A script for extracting network metadata and fingerprints such as JA3 and HASSH from packet capture files or live network traffic.
A low-interaction honeypot that uses Dionaea as its core, providing a simple and easy-to-use interface for setting up and managing honeypots.
Blacknet is a low interaction SSH multi-head honeypot system with logging capabilities.
A high-interaction honeypot solution for detecting and analyzing SMB-based attacks
An extensible and open-source system for running, monitoring, and managing honeypots with advanced features.
An extensible and open-source system for running, monitoring, and managing honeypots with advanced features.
A honeypot for remote file inclusion (RFI) and local file inclusion (LFI) using fake URLs to catch scanning bots and malwares.
IMAP-Honey is a honeypot tool for IMAP and SMTP protocols with support for logging to console or syslog.
A toolkit that transforms PHP applications into web-based high-interaction Honeypots for monitoring and analyzing attacks.
A toolkit that transforms PHP applications into web-based high-interaction Honeypots for monitoring and analyzing attacks.
WordPress honeypot tool running in a Docker container for monitoring access attempts.
A foundational guide for using deception against computer network adversaries using honeypots to detect adversaries before they accomplish their goals.
A foundational guide for using deception against computer network adversaries using honeypots to detect adversaries before they accomplish their goals.
Helix is a versatile honeypot designed to mimic the behavior of various protocols including Kubernetes API server, HTTP, TCP, and UDP.
Helix is a versatile honeypot designed to mimic the behavior of various protocols including Kubernetes API server, HTTP, TCP, and UDP.
A PoC tool for utilizing GPT3.5 in developing an SMTP honeypot.
Modular honeypot based on Python with support for Siemens S7 protocol.
Honeytrap is a low-interaction honeypot and network security tool with various modes of operation and plugin support for catching attacks against TCP and UDP services.
Honeytrap is a low-interaction honeypot and network security tool with various modes of operation and plugin support for catching attacks against TCP and UDP services.
SMTP honeypot tool with configurable response messages, email storage, and automatic information extraction.
SMTP honeypot tool with configurable response messages, email storage, and automatic information extraction.
Beelzebub is an advanced honeypot framework for detecting and analyzing cyber attacks, with integration options for OpenAI GPT-3 and deployment on Kubernetes using Helm.
Beelzebub is an advanced honeypot framework for detecting and analyzing cyber attacks, with integration options for OpenAI GPT-3 and deployment on Kubernetes using Helm.
A honeypot designed to detect and analyze malicious activities in instant messaging platforms.
A honeypot designed to detect and analyze malicious activities in instant messaging platforms.
WordPress plugin to reduce comment spam with a smarter honeypot.
WordPress plugin to reduce comment spam with a smarter honeypot.
TANNER is a remote data analysis service that evaluates HTTP requests and generates responses for SNARE honeypots while emulating application vulnerabilities.
Hived is a honeypot tool for deceiving attackers and gathering information.
Low interaction MySQL honeypot with various configuration options.
ElasticSearch honeypot to capture attempts to exploit CVE-2014-3120, with logging and daemon options.
Medium interaction SSH honeypot for logging brute force attacks and shell interactions.
GasPot is a honeypot simulation tool for Gas Station tanks in the oil and gas industry.
GasPot is a honeypot simulation tool for Gas Station tanks in the oil and gas industry.
Galah is an LLM-powered web honeypot that mimics various web applications by dynamically responding to HTTP requests.
HoneyDB is a honeypot-based threat intelligence platform that provides real-time insights into attacker behavior and malicious activity on networks.
HoneyDB is a honeypot-based threat intelligence platform that provides real-time insights into attacker behavior and malicious activity on networks.
A Go-based honeypot that mimics Intel's AMT management service to detect and log exploitation attempts targeting the CVE-2017-5689 firmware vulnerability.
A Go-based honeypot that mimics Intel's AMT management service to detect and log exploitation attempts targeting the CVE-2017-5689 firmware vulnerability.
A Python web application that provides statistical analysis and visualization for Glastopf honeypot data by connecting to the honeypot's SQLite database.
Ghost USB Honeypot emulates USB storage devices to detect and analyze malware that spreads via USB without requiring prior threat intelligence.
Ghost USB Honeypot emulates USB storage devices to detect and analyze malware that spreads via USB without requiring prior threat intelligence.
MiniCPS is a framework for real-time Cyber-Physical Systems simulation that supports physical process and control device simulation along with network emulation capabilities.
MiniCPS is a framework for real-time Cyber-Physical Systems simulation that supports physical process and control device simulation along with network emulation capabilities.
Troje is a honeypot that creates a realistic environment within lxc containers to monitor and record traffic and changes to drives.
Troje is a honeypot that creates a realistic environment within lxc containers to monitor and record traffic and changes to drives.
A low-interaction SSH authentication logging honeypot that logs all authentication attempts in JSON format.
Multi-honeypot platform with various honeypots and monitoring tools.
SSH honeypot with rich features for recording and analyzing malicious activities.
Apache 2 based honeypot for detecting and blocking Struts CVE 2017-5638 exploit with added support for content disposition filename parsing vulnerability.
A multiarch honeypot platform supporting 20+ honeypots and offering visualization options and security tools.
A multiarch honeypot platform supporting 20+ honeypots and offering visualization options and security tools.
An SDN honeypot tool for detecting and analyzing malicious activities in Software-Defined Networking environments.
An SDN honeypot tool for detecting and analyzing malicious activities in Software-Defined Networking environments.
HoneyDrive is the premier honeypot Linux distro with over 10 pre-installed honeypot software packages and numerous analysis tools.
HoneyDrive is the premier honeypot Linux distro with over 10 pre-installed honeypot software packages and numerous analysis tools.
A honeypot system designed to detect and analyze potential security threats
A honeypot system designed to detect and analyze potential security threats
Distributed low interaction honeypot with Agent/Master design supporting various protocol handlers.
Distributed low interaction honeypot with Agent/Master design supporting various protocol handlers.
A low interaction honeypot for detecting CVE-2018-0101 vulnerability in Cisco ASA component.
A low interaction honeypot for detecting CVE-2018-0101 vulnerability in Cisco ASA component.
A fake Django admin login screen to detect and notify admins of attempted unauthorized access
A fake Django admin login screen to detect and notify admins of attempted unauthorized access
A combination of honeypot, monitoring tool, and alerting system for detecting insecure configurations.
A combination of honeypot, monitoring tool, and alerting system for detecting insecure configurations.
A honeypot daemon project for processing, filtering, and redirecting incoming traffic to a sandbox environment.
A honeypot daemon project for processing, filtering, and redirecting incoming traffic to a sandbox environment.
A low interaction client honeypot that detects malicious websites using signature, anomaly and pattern matching techniques with automated URL collection and JavaScript analysis capabilities.
A low interaction client honeypot that detects malicious websites using signature, anomaly and pattern matching techniques with automated URL collection and JavaScript analysis capabilities.
A honeypot specifically designed to detect and capture Log4Shell vulnerability exploitation attempts with payload analysis and flexible logging capabilities.
A platform providing real-time threat intelligence streams and reports on internet-exposed assets to help organizations monitor and secure their attack surface.
A platform providing real-time threat intelligence streams and reports on internet-exposed assets to help organizations monitor and secure their attack surface.
A crawler-based low-interaction client honeypot for exposing website threats.
A crawler-based low-interaction client honeypot for exposing website threats.
An open source honeypot for NoSQL databases with support for Redis and additional features for detecting attackers and logging attack incidents.
An open source honeypot for NoSQL databases with support for Redis and additional features for detecting attackers and logging attack incidents.
A modified version of OpenSSH deamon forwarding commands to Cowrie for logging brute force attacks and shell interactions.
A honeypot agent for running honeypots with service and data at threatwar.com.
A honeypot agent for running honeypots with service and data at threatwar.com.
Medium interaction SSH Honeypot with multiple virtual hosts and sandboxed filesystems.
A FTP honeypot tool for detecting and capturing malicious file upload attempts.
A FTP honeypot tool for detecting and capturing malicious file upload attempts.
A honeypot trap for Symfony2 forms to reduce spam submissions.
A honeypot trap for Symfony2 forms to reduce spam submissions.
KFSensor is an advanced Windows honeypot system for detecting hackers and worms by simulating vulnerable system services.
Python web application honeypot with vulnerability type emulation and modular design.
A subset of the Modern Honey Network project set up to run in docker, including hpfeeds broker, cowrie honeypot, and dionaea honeypot.
A comprehensive dashboard for managing and monitoring honeypots with detailed information on attack attempts and connections.
A comprehensive dashboard for managing and monitoring honeypots with detailed information on attack attempts and connections.
FTP Honeypot tool with FTP + SSL-FTP features, used for catching credentials and malware files, distributing honeytoken files, and generating SSL certificates.
SHIVA: Spam Honeypot with Intelligent Virtual Analyzer for capturing and analyzing spam data.
SHIVA: Spam Honeypot with Intelligent Virtual Analyzer for capturing and analyzing spam data.
A low-interaction honeypot for detecting and analyzing potential attacks on Android devices via ADB over TCP/IP
A low-interaction honeypot for detecting and analyzing potential attacks on Android devices via ADB over TCP/IP
A simple Docker-based honeypot to detect port scanning
Automated signature creation using honeypots for network intrusion detection systems.
Automated signature creation using honeypots for network intrusion detection systems.
Low-interaction VNC honeypot for logging responses to a static VNC Auth challenge.
A highly interactive honeypot for observing access from attackers by building easily targeted and compromised web applications, forwarding logs to Google BigQuery for accumulation and visualization.
A highly interactive honeypot for observing access from attackers by building easily targeted and compromised web applications, forwarding logs to Google BigQuery for accumulation and visualization.
A hybrid honeypot framework that combines low and high interaction honeypots for network security
A hybrid honeypot framework that combines low and high interaction honeypots for network security
A low-interaction honeypot to detect and analyze attempts to exploit the CVE-2017-10271 vulnerability in Oracle WebLogic Server
A low-interaction honeypot to detect and analyze attempts to exploit the CVE-2017-10271 vulnerability in Oracle WebLogic Server
Script for turning a Raspberry Pi into a Honey Pot Pi with various monitoring and logging capabilities.
Script for turning a Raspberry Pi into a Honey Pot Pi with various monitoring and logging capabilities.
A script for setting up a dionaea and kippo honeypot using Docker images.
A script for setting up a dionaea and kippo honeypot using Docker images.
A basic Flask-based Outlook Web App (OWA) honeypot for cybersecurity experimentation.
A basic Flask-based Outlook Web App (OWA) honeypot for cybersecurity experimentation.
Kippo is a medium interaction SSH honeypot with fake filesystem and session logging capabilities.
A honeypot that logs NTP packets into a Redis database to detect DDoS attempts.
A honeypot tool to mimic the router backdoor 'TCP32764' found in various router firmwares, providing a way to test for vulnerabilities.
Ansible role for deploying and managing Bifrozt honeypots
A low interaction Python honeypot designed to mimic various services and ports to attract attackers and log access attempts.
A low interaction Python honeypot designed to mimic various services and ports to attract attackers and log access attempts.
OpenCanary is a multi-protocol network honeypot with low resource requirements and alerting capabilities.
OpenCanary is a multi-protocol network honeypot with low resource requirements and alerting capabilities.
A honeypot system that detects and identifies attack commands, recon attempts, and download commands, mimicking a vulnerable Elasticsearch instance.
A honeypot system that detects and identifies attack commands, recon attempts, and download commands, mimicking a vulnerable Elasticsearch instance.
A honeypot mimicking Tomcat manager endpoints to log requests and save attacker's WAR files for analysis.
A honeypot mimicking Tomcat manager endpoints to log requests and save attacker's WAR files for analysis.
A Perl honeypot program for monitoring hostile traffic and wasting hackers' time.
A Perl honeypot program for monitoring hostile traffic and wasting hackers' time.
A Docker container that starts a SSH honeypot and reports statistics to the SANS ISC DShield project
A Docker container that starts a SSH honeypot and reports statistics to the SANS ISC DShield project
GHH is a honeypot tool to defend against search engine hackers using Google as a hacking tool.
GHH is a honeypot tool to defend against search engine hackers using Google as a hacking tool.
Honeypot for analyzing data with customizable services and logging capabilities.
Honeypot for analyzing data with customizable services and logging capabilities.
An open-source Python software for creating honeypots and honeynets securely.
An open-source Python software for creating honeypots and honeynets securely.
A simple Elasticsearch honeypot to catch attackers exploiting RCE vulnerabilities.
A simple Elasticsearch honeypot to catch attackers exploiting RCE vulnerabilities.
A web application honeypot sensor attracting malicious traffic from the Internet
An observation camera honeypot for proof-of-concept purposes
A simple honeypot that opens a listening socket and waits for connection attempts, with configurable reply and event handling
A simple honeypot that opens a listening socket and waits for connection attempts, with configurable reply and event handling
A low interaction honeypot to detect CVE-2018-2636 in Oracle Hospitality Applications.
A low interaction honeypot to detect CVE-2018-2636 in Oracle Hospitality Applications.
A spam prevention technique using hidden fields to detect and deter spam bots in Laravel applications.
A spam prevention technique using hidden fields to detect and deter spam bots in Laravel applications.
A low to medium interaction honeypot with a variety of plugins for cybersecurity monitoring.
Building Honeypots for Industrial Networks using Honeyd and simulating SCADA, DCS, and PLC architectures.
Building Honeypots for Industrial Networks using Honeyd and simulating SCADA, DCS, and PLC architectures.
A low-interaction SSH honeypot written in C
A simplified UI for showing honeypot alarms for the DTAG early warning system
A simplified UI for showing honeypot alarms for the DTAG early warning system
Emulates Docker HTTP API with event logging and AWS deployment script.
Emulates Docker HTTP API with event logging and AWS deployment script.
A honeypot that simulates an exposed networked printer using PJL protocol to capture and log attacker interactions through a virtual filesystem.
A web-based visualization tool that displays statistics and generates charts from Shockpot honeypot data stored in PostgreSQL databases.
A web-based visualization tool that displays statistics and generates charts from Shockpot honeypot data stored in PostgreSQL databases.
A printer honeypot PoC that simulates a printer on a network to detect and analyze potential attackers.
A printer honeypot PoC that simulates a printer on a network to detect and analyze potential attackers.
Repository of plugins for the Honeycomb honeypot framework
A low-interaction honeypot that logs IP addresses, usernames, and passwords used by clients connecting via SSH, primarily used for gathering intelligence on brute force attacks.
A low-interaction honeypot that logs IP addresses, usernames, and passwords used by clients connecting via SSH, primarily used for gathering intelligence on brute force attacks.
A simpler version of a honeypot that looks for connections from external parties and performs a specific action, usually blacklisting.
HoneyThing is a honeypot for Internet of TR-069 things, emulating vulnerabilities and supporting TR-069 protocol.
HoneyThing is a honeypot for Internet of TR-069 things, emulating vulnerabilities and supporting TR-069 protocol.
Ensnare is a Ruby on Rails gem that deploys honey traps and automated responses to detect and interfere with malicious behavior in web applications.
Automated script to install and deploy a honeypot with kippo, dionaea, and p0f on Ubuntu 12.04.
Automated script to install and deploy a honeypot with kippo, dionaea, and p0f on Ubuntu 12.04.
A Go-based honeypot server for detecting and logging attacker activity
Honeypot platform for tracking and monitoring UDP-based DDoS attacks with support for various honeypot services.
Port listener / honeypot in Rust with protocol guessing, safe string display and rudimentary SQLite logging.
Port listener / honeypot in Rust with protocol guessing, safe string display and rudimentary SQLite logging.
A modular web application honeypot framework with automation and logging capabilities.
Recorded talks from Hack.lu 2018 covering various cybersecurity topics.
Recorded talks from Hack.lu 2018 covering various cybersecurity topics.
A low-interaction honeypot for detecting and analyzing security threats
A honeypot tool that simulates an open relay to capture and analyze spam
A honeypot tool that simulates an open relay to capture and analyze spam
