Troje is a honeypot solution that creates realistic environments within physical or virtual machines using LXC containers. The tool dynamically generates containers upon the first connection attempt to desired services like SSH, establishing an interactive environment for attackers to engage with. The system operates by intercepting and passing all network traffic between the service and the attacker's connection, while simultaneously monitoring all activities within the LXC container environment. Troje records changes made to the container's file system and drives, providing comprehensive logging of attacker behavior and system modifications. The honeypot creates authentic-looking environments that can attract and contain malicious actors, allowing security teams to observe attack patterns, techniques, and tools used by threat actors. All interactions within the containerized environment are captured for analysis and threat intelligence purposes. This tool represents a proof of concept implementation and has not undergone extensive testing for production environments.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A Docker-based honeypot network implementation featuring cowrie and dionaea honeypots with centralized event collection, geolocation enrichment, and real-time attack visualization.
An SDN honeypot tool for detecting and analyzing malicious activities in Software-Defined Networking environments.
A plugin repository that extends the Honeycomb honeypot framework with additional features and capabilities for enhanced threat detection and analysis.
A low-interaction honeypot to detect and analyze attempts to exploit the CVE-2017-10271 vulnerability in Oracle WebLogic Server
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.