Honeytrap is a low-interaction honeypot and network security tool written to catch attacks against TCP and UDP services. In its default configuration, it runs as a daemon and starts server processes on demand when a connection attempt to a port is made. Different modes of operation are available that control how connections are handled. In normal mode, a server sends arbitrary data provided in template files as a basic means to emulate well-known protocols. Many automated attack tools will be fooled and continue with the attack dialog. A popular mode is the so-called mirror mode in which incoming connections are proxied back to the initiator. This trick eliminates the need for protocol emulation in many cases. A third mode, the proxy mode, allows forwarding of specific sessions to other systems, e.g., high-interaction honeypots. Plugins: A module API provides an easy way to write custom extensions that are dynamically loaded into the honeypot. Arriving attack data is assembled to a so-called attack string that can be saved to files or a SQL database for manual investigation. Honeytrap comes with different plugins that run on these attack strings to extract additional info.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
Apache 2 based honeypot for detecting and blocking Struts CVE 2017-5638 exploit with added support for content disposition filename parsing vulnerability.
A low-interaction SSH authentication logging honeypot that logs all authentication attempts in JSON format.
A low Interaction Client honeypot designed to detect malicious websites through signature, anomaly and pattern matching techniques.
An SDN honeypot tool for detecting and analyzing malicious activities in Software-Defined Networking environments.
A low-interaction honeypot to detect and analyze attempts to exploit the CVE-2017-10271 vulnerability in Oracle WebLogic Server
A low interaction honeypot to detect CVE-2018-2636 in Oracle Hospitality Applications.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.