Arctic Swallow
A low-interaction honeypot for detecting and analyzing security threats
honeydet is a signature based, multi-step, high interaction, multi-threaded honeypot detection tool written in Golang. It can detect honeypots based upon the premise that, given a set of specifically crafted requests they will generate a unique and identifying response. It can be run either as a web server, a command line tool, or as a web API. Signatures support multi-step, hex, string and regex detection on TCP and UDP. Features a SQL backend for persistent scans which can be managed through the web interface. Shodan API integration for non-private IPs, automatically adds shodan host information when the flag is set (currently CLI only) Signatures The signature list is growing as I run through different methods of fuzzing, reverse engineering and comparing real protocols and servers to their emulated counterparts. I continue to add features to the signature format as required, and will extend the applications support of protocols using additional libraries as needed for things like DICOM and Modbus. Frontend Features: Multi-threaded, and now super fast. /24 single port scan in around 1 second Supports single and multiple target
A low-interaction honeypot for detecting and analyzing security threats
A FTP honeypot tool for detecting and capturing malicious file upload attempts.
A Go-based honeypot server for detecting and logging attacker activity
SSH Honeypot written in Go that records commands and IP addresses of attempted logins.
An LLM-based honeypot file system creator that generates realistic file systems and configurations to lure attackers and improve analyst engagement.
HoneyThing is a honeypot for Internet of TR-069 things, emulating vulnerabilities and supporting TR-069 protocol.