Honeyntp Logo

Honeyntp

0
Free
54
27 Mar 2014
10 September 2025
Visit Website

Honeyntp is an NTP-based honeypot and logging tool that captures and analyzes Network Time Protocol (NTP) traffic for security monitoring purposes. The tool functions as both a scanner logger and honeypot, recording all incoming NTP packets into a Redis database for storage and analysis. It maintains detailed tracking information including first-seen and last-seen timestamps for each unique IP address and port combination. Built on the ntplib library, Honeyntp has been tested and verified to work on both Linux and Windows 7 operating systems. The tool provides cross-platform compatibility for deployment in various network environments. One of the primary use cases for Honeyntp is detecting Distributed Denial of Service (DDoS) attacks that leverage NTP amplification techniques. The tool is particularly effective at identifying malicious traffic patterns where attackers commonly use port 80 as the source port for their attacks. The Redis database backend enables efficient storage and retrieval of captured NTP traffic data, allowing security analysts to perform historical analysis and identify trends in attack patterns over time.

FEATURES

SIMILAR TOOLS

Uploader honeypot designed to look like poor website security.

Open-source honeypot tool for detecting and analyzing malicious activities in the Apache Struts exploit.

A honeypot tool to detect and log CVE-2019-19781 scan and exploitation attempts.

A serverless application that creates and monitors fake HTTP endpoints as honeytokens to detect attackers, malicious insiders, and automated threats.

An SDN honeypot tool for detecting and analyzing malicious activities in Software-Defined Networking environments.

A low interaction client honeypot that detects malicious websites using signature, anomaly and pattern matching techniques with automated URL collection and JavaScript analysis capabilities.

A combination of honeypot, monitoring tool, and alerting system for detecting insecure configurations.

A web-based visualization tool that displays statistics and generates charts from Shockpot honeypot data stored in PostgreSQL databases.

A low-interaction SSH authentication logging honeypot that logs all authentication attempts in JSON format.

PINNED

Proton Pass Logo

Proton Pass is a cross-platform password manager that provides encrypted storage, password generation, and security monitoring features with integrated 2FA and dark web monitoring capabilities.

Data Protection
NordVPN Logo

NordVPN is a commercial VPN service that encrypts internet connections and hides IP addresses through a global network of servers, featuring integrated threat protection and multi-device support.

Network Security
Mandos Logo

Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.

Consulting
Checkmarx SCA Logo

Checkmarx SCA

A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Application Security
Orca Security Logo

Orca Security

A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

Cloud Security
DryRun Logo

DryRun

A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.

Application Security
CybersecTools logoCybersecTools

Explore the largest curated directory of cybersecurity tools and resources to enhance your security practices. Find the right solution for your domain.

Operated by:

Mandos Cyber • KVK: 97994448

Netherlands • contact@mandos.io

VAT: NL005301434B12

Copyright © 2025 - All rights reserved