SSH Honeypot is a low-interaction honeypot designed to monitor and log SSH connection attempts. The tool listens for incoming SSH connections and captures the IP address, username, and password credentials used by connecting clients. The honeypot operates as a deceptive service that mimics an SSH server but does not allow actual login access, preventing attackers or malware from gaining system access. It functions purely as a logging mechanism to gather intelligence on brute force attacks and unauthorized access attempts. The tool requires several development libraries including libssh, openssl, libjson-c, and libpcap for compilation. It generates RSA keys for SSH simulation and can be configured to run on specified ports. The honeypot outputs collected data in a structured format for analysis. Originally developed for gathering basic intelligence on SSH-based attacks, the tool is commonly deployed in capture-the-flag (CTF) competitions and educational environments. It can be paired with complementary tools like sshunt for enhanced functionality. The software supports Linux environments with full functionality and provides experimental support for macOS systems. Installation involves installing required dependencies, compiling the source code, generating SSH keys, and running the honeypot service.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
An SDN honeypot tool for detecting and analyzing malicious activities in Software-Defined Networking environments.
A combination of honeypot, monitoring tool, and alerting system for detecting insecure configurations.
A plugin repository that extends the Honeycomb honeypot framework with additional features and capabilities for enhanced threat detection and analysis.
A low interaction client honeypot that detects malicious websites using signature, anomaly and pattern matching techniques with automated URL collection and JavaScript analysis capabilities.
A low interaction honeypot to detect CVE-2018-2636 in Oracle Hospitality Applications.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.