Syrup is an SSH honeypot implementation written in Go that simulates SSH services to attract and monitor unauthorized access attempts. The tool provides SSH server functionality with configurable user accounts and passwords, allowing security professionals to create realistic decoy environments. It includes a fake shell interface that presents attackers with a simulated command-line environment while recording their activities. Key features include session recording capabilities that capture all shell interactions, virtual filesystem support that creates the appearance of a real system, and comprehensive logging of client activities including SSH key fingerprints. The honeypot supports both SFTP and SCP protocols to provide additional attack vectors for monitoring. Syrup outputs logs in JSON format for easy integration with security information systems and includes built-in ElasticSearch integration for centralized log management and analysis. The command set can be extended to customize the simulated environment based on specific monitoring requirements. The tool is designed to be cross-platform compatible, supporting deployment on Linux, Mac, and Windows systems. It serves as a deception technology solution for detecting reconnaissance activities and understanding attacker behavior patterns in SSH-based attacks.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A WordPress plugin that logs failed login attempts to help monitor unauthorized access attempts on WordPress websites.
A honeypot tool to detect and log CVE-2019-19781 scan and exploitation attempts.
A low-interaction SSH authentication logging honeypot that logs all authentication attempts in JSON format.
A web-based visualization tool that displays statistics and generates charts from Shockpot honeypot data stored in PostgreSQL databases.
A Docker-based honeypot network implementation featuring cowrie and dionaea honeypots with centralized event collection, geolocation enrichment, and real-time attack visualization.
A low interaction honeypot to detect CVE-2018-2636 in Oracle Hospitality Applications.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.