Honeytrap by Till Mannw Logo

Honeytrap by Till Mannw

0
Free
Visit Website

Honeytrap is a low-interaction honeypot and network security tool written to catch attacks against TCP and UDP services. In its default configuration, it runs as a daemon and starts server processes on demand when a connection attempt to a port is made. Different modes of operation are available that control how connections are handled. In normal mode, a server sends arbitrary data provided in template files as a basic means to emulate well-known protocols. Many automated attack tools will be fooled and continue with the attack dialog. A popular mode is the so-called mirror mode in which incoming connections are proxied back to the initiator. This trick eliminates the need for protocol emulation in many cases. A third mode, the proxy mode, allows forwarding of specific sessions to other systems, e.g., high-interaction honeypots. Plugins: A module API provides an easy way to write custom extensions that are dynamically loaded into the honeypot. Arriving attack data is assembled to a so-called attack string that can be saved to files or a SQL database for manual investigation. Honeytrap comes with different plugins that run on these attack strings to extract additional info.

FEATURES

ALTERNATIVES

A Perl honeypot program for monitoring hostile traffic and wasting hackers' time.

A nodejs web application honeypot designed for small environments.

A script for setting up a dionaea and kippo honeypot using Docker images.

Building Honeypots for Industrial Networks using Honeyd and simulating SCADA, DCS, and PLC architectures.

Repository of plugins for the Honeycomb honeypot framework

A honeypot tool to mimic the router backdoor 'TCP32764' found in various router firmwares, providing a way to test for vulnerabilities.

Blacknet is a low interaction SSH multi-head honeypot system with logging capabilities.

A signature-based, multi-step, high interaction honeypot detection tool with support for various detection methods and protocols.