A low-interaction SSH honeypot written in C. Command Line Options: Usage: ssh-honeypotd [options]... Mandatory arguments to long options are mandatory for short options too. Options: -k, --host-key FILE: the file containing the private host key (RSA, DSA, ECDSA, ED25519) -b, --address ADDRESS: the IP address to bind to (default: 0.0.0.0) -p, --port PORT: the port to bind to (default: 22) -P, --pid FILE: the PID file (if not specified, the daemon will run in the foreground) -n, --name NAME: the name of the daemon for syslog (default: ssh-honeypotd) -u, --user USER: drop privileges and switch to this USER (default: daemon or nobody) -g, --group GROUP: drop privileges and switch to this GROUP (default: daemon or nogroup) -x, --no-syslog: log messages only to stderr (only works with --foreground) -f, --foreground: do not daemonize -h, --help: display help and exit -v, --version: output version information and exit -k option must be specified at least once if ssh-honeypots is compiled against libssh prior to 0.8.0 (note that in Ubuntu (and possibly Debian), libssh 0.8.0 is detected as 0.7.0 because of a bug in libssh.h). For newer libssh versions, the host key is generated automatically.
FEATURES
ALTERNATIVES
A network recon framework including tools for passive and active recon
Netis Cloud Probe is an open source project for capturing and analyzing network packets across different machines.
Ensnare is a gem plugin for Ruby on Rails that enables quick deployment of a malicious behavior detection and response scheme using Honey Traps and Trap Responses.
Suricata offers real-time intrusion detection, intrusion prevention, and network monitoring.
Tcpdump is a command-line packet analyzer for capturing and analyzing network traffic.
A simple honeypot that opens a listening socket and waits for connection attempts, with configurable reply and event handling
PCAPdroid is a privacy-friendly app for tracking, analyzing, and blocking network connections on your device.
A simpler version of a honeypot that looks for connections from external parties and performs a specific action, usually blacklisting.
PINNED

Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.

PTJunior
An AI-powered penetration testing platform that autonomously discovers, exploits, and documents vulnerabilities while generating NIST-compliant reports.

OSINTLeak
OSINTLeak is a tool for discovering and analyzing leaked sensitive information across various online sources to identify potential security risks.

ImmuniWeb® Discovery
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.