Honeyntp
Honeyntp is an NTP-based honeypot and logging tool that captures and analyzes Network Time Protocol (NTP) traffic for security monitoring purposes. The tool functions as both a scanner logger and honeypot, recording all incoming NTP packets into a Redis database for storage and analysis. It maintains detailed tracking information including first-seen and last-seen timestamps for each unique IP address and port combination. Built on the ntplib library, Honeyntp has been tested and verified to work on both Linux and Windows 7 operating systems. The tool provides cross-platform compatibility for deployment in various network environments. One of the primary use cases for Honeyntp is detecting Distributed Denial of Service (DDoS) attacks that leverage NTP amplification techniques. The tool is particularly effective at identifying malicious traffic patterns where attackers commonly use port 80 as the source port for their attacks. The Redis database backend enables efficient storage and retrieval of captured NTP traffic data, allowing security analysts to perform historical analysis and identify trends in attack patterns over time.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A honeypot tool to detect and log CVE-2019-19781 scan and exploitation attempts.
A serverless application that creates and monitors fake HTTP endpoints as honeytokens to detect attackers, malicious insiders, and automated threats.
An SDN honeypot tool for detecting and analyzing malicious activities in Software-Defined Networking environments.
A low interaction client honeypot that detects malicious websites using signature, anomaly and pattern matching techniques with automated URL collection and JavaScript analysis capabilities.
A combination of honeypot, monitoring tool, and alerting system for detecting insecure configurations.
A web-based visualization tool that displays statistics and generates charts from Shockpot honeypot data stored in PostgreSQL databases.
A low-interaction SSH authentication logging honeypot that logs all authentication attempts in JSON format.
PINNED
Proton Pass is a cross-platform password manager that provides encrypted storage, password generation, and security monitoring features with integrated 2FA and dark web monitoring capabilities.
NordVPN is a commercial VPN service that encrypts internet connections and hides IP addresses through a global network of servers, featuring integrated threat protection and multi-device support.
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.