Home>Programming related>Third-party components
Download

Awesome Honeypots

A curated list of awesome honeypots, plus related components and much more, divided into categories such as Web, services, and others, with a focus on free and open source projects.

There is no pre-established order of items in each category, the order is for contribution. If you want to contribute, please read the guide.

Discover more awesome lists at 339283  28127? sindresorhus/awesome).

Contents

  • Awesome Honeypots Awesome Honeypots
  • Contents
    • Related Lists
    • Honeypots
    • Honeyd Tools
    • Network and Artifact Analysis
    • Data Tools
    • Guides

Related Lists

  •   3149    466? awesome-pcaptools) - Useful in network traffic analysis.
  •  12105   2584? awesome-malware-analysis) - Some overlap here for artifact analysis.

Honeypots

  • Database Honeypots

    •     23      7? Delilah) - Elasticsearch Honeypot written in Python (originally from Novetta).
    •     27      4? ESPot) - Elasticsearch honeypot written in NodeJS, to capture every attempts to exploit CVE-2014-3120.
    • ? ElasticPot - An Elasticsearch Honeypot.
    •    186     55? Elastic honey) - Simple Elasticsearch Honeypot.
    •     92     23? MongoDB-HoneyProxy) - MongoDB honeypot proxy.
    •    101     23? NoSQLpot) - Honeypot framework built on a NoSQL-style database.
    •     32     14? mysql-honeypotd) - Low interaction MySQL honeypot written in C.
    •     21      2? MysqlPot) - MySQL honeypot, still very early stage.
    •     18      7? pghoney) - Low-interaction Postgres Honeypot.
    •     11      5? sticky_elephant) - Medium interaction postgresql honeypot.
    •     22     10? RedisHoneyPot) - High Interaction Honeypot Solution for Redis protocol.

  • Web honeypots

    •     18      6? Express honeypot) - RFI & LFI honeypot using nodeJS and express.
    •     36     21? EoHoneypotBundle) - Honeypot type for Symfony2 forms.
    •    565    168? Glastopf) - Web Application Honeypot.
    • Google Hack Honeypot - Designed to provide reconnaissance against attackers that use search engines as a hacking tool against your resources.
    •    917     40? HellPot) - Honeypot that tries to crash the bots and clients that visit it's location.
    •    431     44? Laravel Application Honeypot) - Simple spam prevention package for Laravel applications.
    •     45      9? Nodepot) - NodeJS web application honeypot.
    •      2      1? PasitheaHoneypot) - RestAPI honeypot.
    •     14      4? Servletpot) - Web application Honeypot.
    • ? Shadow Daemon - Modular Web Application Firewall / High-Interaction Honeypot for PHP, Perl, and Python apps.
    •     72     17? StrutsHoneypot) - Struts Apache 2 based honeypot as well as a detection module for Apache 2 servers.
    •     64     16? WebTrap) - Designed to create deceptive webpages to deceive and redirect attackers away from real websites.
    •     47      4? basic-auth-pot (bap)) - HTTP Basic Authentication honeypot.
    •     26      1? bwpot) - Breakable Web applications honeyPot.
    •   1037    188? django-admin-honeypot) - Fake Django admin login screen to notify admins of attempted unauthorized access.
    •     57     11? drupo) - Drupal Honeypot.
    •    451     41? galah) - an LLM-powered web honeypot using the OpenAI API.
    •     44     15? honeyhttpd) - Python-based web server honeypot builder.
    •     27      4? honeyup) - An uploader honeypot designed to look like poor website security.
    •     54      1? modpot) - Modpot is a modular web application honeypot framework and management application written in Golang and making use of gin framework.
    •     66     15? owa-honeypot) - A basic flask based Outlook Web Honey pot.
    •     65     36? phpmyadmin_honeypot) - Simple and effective phpMyAdmin honeypot.
    •      ?      ?? shockpot) - WebApp Honeypot for detecting Shell Shock exploit attempts.
    •     17      1? smart-honeypot) - PHP Script demonstrating a smart honey pot.
    • Snare/Tanner - successors to Glastopf
      •    450    137? Snare) - Super Next generation Advanced Reactive honeypot.
      •    223    103? Tanner) - Evaluating SNARE events.
    •     23      3? stack-honeypot) - Inserts a trap for spam bots into responses.
    •     11      1? tomcat-manager-honeypot) - Honeypot that mimics Tomcat manager endpoints. Logs requests and saves attacker's WAR file for later study.
    • WordPress honeypots
      •     32      8? HonnyPotter) - WordPress login honeypot for collection and analysis of failed login attempts.
      •      6     11? HoneyPress) - Python based WordPress honeypot in a Docker container.
      •     28      4? wp-smart-honeypot) - WordPress plugin to reduce comment spam with a smarter honeypot.
      •    180     62? wordpot) - WordPress Honeypot.
    •    444    142? Python-Honeypot) - OWASP Honeypot, Automated Deception Framework.

  • Service Honeypots

    •    162     33? ADBHoney) - Low interaction honeypot that simulates an Android device running Android Debug Bridge (ADB) server process.
    •     17      6? AMTHoneypot) - Honeypot for Intel's AMT Firmware Vulnerability CVE-2017-5689.
    •     52     11? ddospot) - NTP, DNS, SSDP, Chargen and generic UDP-based amplification DDoS honeypot.
    •    718    184? dionaea) - Home of the dionaea honeypot.
    •     30      4? dhp) - Simple Docker Honeypot server emulating small snippets of the Docker HTTP API.
    •      2      1? DolosHoneypot) - SDN (software defined networking) honeypot.
    •     66     14? Ensnare) - Easy to deploy Ruby honeypot.
    •     40      4? Helix) - K8s API Honeypot with Active Defense Capabilities.
    •     27     14? honeycomb_plugins) - Plugin repository for Honeycomb, the honeypot framework by Cymmetria.
    • [honeydb] (https://honeydb.io/downloads) - Multi-service honeypot that is easy to deploy and configure. Can be configured to send interaction data to to HoneyDB's centralized collectors for access via REST API.
    •     52     12? honeyntp) - NTP logger/honeypot.
    •     50     19? honeypot-camera) - Observation camera honeypot.
    •     30     14? honeypot-ftp) - FTP Honeypot.
    •    713    113? honeypots) - 25 different honeypots in a single pypi package! (dns, ftp, httpproxy, http, https, imap, mysql, pop3, postgres, redis, smb, smtp, socks5, ssh, telnet, vnc, mssql, elastic, ldap, ntp, memcache, snmp, oracle, sip and irc).
    •   1230    174? honeytrap) - Advanced Honeypot framework written in Go that can be connected with other honeypot software.
    •    461     94? HoneyPy) - Low interaction honeypot.
    •     20      8? Honeygrove) - Multi-purpose modular honeypot based on Twisted.
    •     43      7? Honeyport) - Simple honeyport written in Bash and Python.
    •     19     11? Honeyprint) - Printer honeypot.
    • ? Lyrebird - Modern high-interaction honeypot framework.
    •     15      4? MICROS honeypot) - Low interaction honeypot to detect CVE-2018-2636 in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (MICROS).
    •      5      0? node-ftp-honeypot) - FTP server honeypot in JS.
    •   1592    252? pyrdp) - RDP man-in-the-middle and library for Python 3 with the ability to watch connections live or after the fact.
    •     64     11? rdppot) - RDP honeypot
    •   1696    548? RDPy) - Microsoft Remote Desktop Protocol (RDP) honeypot implemented in Python.
    •     47     17? SMB Honeypot) - High interaction SMB service honeypot capable of capturing wannacry-like Malware.
    •     26      8? Tom's Honeypot) - Low interaction Python honeypot.
    •     58      9? Trapster Commmunity) - Modural and easy to install Python Honeypot, with comprehensive alerting
    •      ?      ?? troje) - Honeypot that runs each connection with the service within a separate LXC container.
    •     32     12? WebLogic honeypot) - Low interaction honeypot to detect CVE-2017-10271 in the Oracle WebLogic Server component of Oracle Fusion Middleware.
    •      5      2? WhiteFace Honeypot) - Twisted based honeypot for WhiteFace.

  • Distributed Honeypots

    •     61     12? DemonHunter) - Low interaction honeypot server.

  • Anti-honeypot stuff

    •     19      3? canarytokendetector) - Tool for detection and nullification of Thinkst CanaryTokens
    •     85      6? honeydet) - Signature based honeypot detector tool written in Golang
    •     56     12? kippo_detect) - Offensive component that detects the presence of the kippo honeypot.

  • ICS/SCADA honeypots

    •   1261    417? Conpot) - ICS/SCADA honeypot.
    •    139     36? GasPot) - Veeder Root Gaurdian AST, common in the oil and gas industry.
    • SCADA honeynet - Building Honeypots for Industrial Networks.
    •     56     13? gridpot) - Open source tools for realistic-behaving electric grid honeynets.
    • scada-honeynet - Mimics many of the services from a popular PLC and better helps SCADA researchers understand potential risks of exposed control system devices.

  • Other/random

    •    114     29? CitrixHoneypot) - Detect and log CVE-2019-19781 scan and exploitation attempts.
    •     16      4? Damn Simple Honeypot (DSHP)) - Honeypot framework with pluggable handlers.
    •     24      8? dicompot) - DICOM Honeypot.
    • ? IPP Honey - A honeypot for the Internet Printing Protocol.
    •     91     28? Log4Pot) - A honeypot for the Log4Shell vulnerability (CVE-2021-44228).
    •    110     15? Masscanned) - Let's be scanned. A low-interaction honeypot focused on network scanners and bots. It integrates very well with IVRE to build a self-hosted alternative to GreyNoise.
    •     24      6? medpot) - HL7 / FHIR honeypot.
    •     75     22? NOVA) - Uses honeypots as detectors, looks like a complete system.
    •     23      2? OpenFlow Honeypot (OFPot)) - Redirects traffic for unused IPs to a honeypot, built on POX.
    •   2353    366? OpenCanary) - Modular and decentralised honeypot daemon that runs several canary versions of services that alerts when a service is (ab)used.
    •     51     23? ciscoasa_honeypot) A low interaction honeypot for the Cisco ASA component capable of detecting CVE-2018-0101, a DoS and remote code execution vulnerability.
    •    202     20? miniprint) - A medium interaction printer honeypot.

  • Botnet C2 tools

    •    188     62? Hale) - Botnet command and control monitor.
    • ? dnsMole - Analyses DNS traffic and potentionaly detect botnet command and control server activity, along with infected hosts.

  • IPv6 attack detection tool

    •      ?      ?? ipv6-attack-detector) - Google Summer of Code 2012 project, supported by The Honeynet Project organization.

  • Dynamic code instrumentation toolkit

    • ? Frida - Inject JavaScript to explore native apps on Windows, Mac, Linux, iOS and Android.

  • Tool to convert website to server honeypots

    • HIHAT - Transform arbitrary PHP applications into web-based high-interaction Honeypots.

  • Malware collector

    • ? Kippo-Malware - Python script that will download all malicious files stored as URLs in a Kippo SSH honeypot database.

  • Distributed sensor deployment

    • ? Community Honey Network - CHN aims to make deployments honeypots and honeypot management tools easy and flexible. The default deployment method uses Docker Compose and Docker to deploy with a few simple commands.
    •      ?      ?? Modern Honey Network) - Multi-snort and honeypot sensor management, uses a network of VMs, small footprint SNORT installations, stealthy dionaeas, and a centralized server for management.

  • Network Analysis Tool

    • ? Tracexploit - Replay network packets.

  • Log anonymizer

    • LogAnon - Log anonymization library that helps having anonymous logs consistent between logs and network captures.

  • Low interaction honeypot (router back door)

    •     16      3? Honeypot-32764) - Honeypot for router backdoor (TCP 32764).
    •     18      1? WAPot) - Honeypot that can be used to observe traffic directed at home routers.

  • honeynet farm traffic redirector

    • ? Honeymole - Deploy multiple sensors that redirect traffic to a centralized collection of honeypots.

  • HTTPS Proxy

    • ? mitmproxy - Allows traffic flows to be intercepted, inspected, modified, and replayed.

  • System instrumentation

    • ? Sysdig - Open source, system-level exploration allows one to capture system state and activity from a running GNU/Linux instance, then save, filter, and analyze the results.
    •   2259    194? Fibratus) - Tool for exploration and tracing of the Windows kernel.

  • Honeypot for USB-spreading malware

    •     97     26? Ghost-usb) - Honeypot for malware that propagates via USB storage devices.

  • Data Collection

    • ? Kippo2MySQL - Extracts some very basic stats from Kippo’s text-based log files and inserts them in a MySQL database.
    • ? Kippo2ElasticSearch - Python script to transfer data from a Kippo SSH honeypot MySQL database to an ElasticSearch instance (server or cluster).

  • Passive network audit framework parser

    •     32      9? Passive Network Audit Framework (pnaf)) - Framework that combines multiple passive and automated analysis techniques in order to provide a security assessment of network platforms.

  • VM monitoring and tools

    •    719    123? Antivmdetect) - Script to create templates to use with VirtualBox to make VM detection harder.
    •    489    123? VMCloak) - Automated Virtual Machine Generation and Cloaking for Cuckoo Sandbox.
    • vmitools - C library with Python bindings that makes it easy to monitor the low-level details of a running virtual machine.

  • Binary debugger

    •     32      7? Hexgolems - Pint Debugger Backend) - Debugger backend and LUA wrapper for PIN.
    •    142     15? Hexgolems - Schem Debugger Frontend) - Debugger frontend.

  • Mobile Analysis Tool

    •   5336   1073? Androguard) - Reverse engineering, Malware and goodware analysis of Android applications and more.
    •      ?      ?? APKinspector) - Powerful GUI tool for analysts to analyze the Android applications.

  • Low interaction honeypot

    • ? Honeyperl - Honeypot software based in Perl with plugins developed for many functions like : wingates, telnet, squid, smtp, etc.
    •   7028   1097? T-Pot) - All in one honeypot appliance from telecom provider T-Mobile
    •    710     55? beelzebub) - A secure honeypot framework, extremely easy to configure by yaml

  • Honeynet data fusion

    • ? HFlow2 - Data coalesing tool for honeynet/network analysis.

  • Server

    • Amun - Vulnerability emulation honeypot.
    •      ?      ?? Artillery) - Open-source blue team tool designed to protect Linux and Windows operating systems through multiple methods.
    • Bait and Switch - Redirects all hostile traffic to a honeypot that is partially mirroring your production system.
    •      5      4? Bifrozt) - Automatic deploy bifrozt with ansible.
    • Conpot - Low interactive server side Industrial Control Systems honeypot.
    •    377     79? Heralding) - Credentials catching honeypot.
    •     21      4? HoneyWRT) - Low interaction Python honeypot designed to mimic services or ports that might get targeted by attackers.
    •     11      7? Honeyd) - See honeyd tools.
    • Honeysink - Open source network sinkhole that provides a mechanism for detection and prevention of malicious traffic on a given network.
    •    161     48? Hontel) - Telnet Honeypot.
    • KFSensor - Windows based honeypot Intrusion Detection System (IDS).
    • LaBrea - Takes over unused IP addresses, and creates virtual servers that are attractive to worms, hackers, and other denizens of the Internet.
    •    104     34? MTPot) - Open Source Telnet Honeypot, focused on Mirai malware.
    •     13      2? SIREN) - Semi-Intelligent HoneyPot Network - HoneyNet Intelligent Virtual Environment.
    •      1      0? TelnetHoney) - Simple telnet honeypot.
    •     48     11? UDPot Honeypot) - Simple UDP/DNS honeypot scripts.
    •      9      0? Yet Another Fake Honeypot (YAFH)) - Simple honeypot written in Go.
    •      2      0? arctic-swallow) - Low interaction honeypot.
    •   1529    180? fapro) - Fake Protocol Server.
    •    248     58? glutton) - All eating honeypot.
    •     43      5? go-HoneyPot) - Honeypot server written in Go.
    •     10      5? go-emulators) - Honeypot Golang emulators.
    •     28      6? honeymail) - SMTP honeypot written in Golang.
    •     94     14? honeytrap) - Low-interaction honeypot and network security tool written to catch attacks against TCP and UDP services.
    •     25      3? imap-honey) - IMAP honeypot written in Golang.
    • ? mwcollectd - Versatile malware collection daemon, uniting the best features of nepenthes and honeytrap.
    •     29      6? potd) - Highly scalable low- to medium-interaction SSH/TCP honeypot designed for OpenWrt/IoT devices leveraging several Linux kernel features, such as namespaces, seccomp and thread capabilities.
    •     31      4? portlurker) - Port listener in Rust with protocol guessing and safe string display.
    •     17      5? slipm-honeypot) - Simple low-interaction port monitoring honeypot.
    •    304     84? telnet-iot-honeypot) - Python telnet honeypot for catching botnet binaries.
    •    238     62? telnetlogger) - Telnet honeypot designed to track the Mirai botnet.
    •     23      6? vnclowpot) - Low interaction VNC honeypot.

  • IDS signature generation

    • Honeycomb - Automated signature creation using honeypots.

  • Lookup service for AS-numbers and prefixes

    • CC2ASN - Simple lookup service for AS-numbers and prefixes belonging to any given country in the world.

  • Data Collection / Data Sharing

    • HPfriends - Honeypot data-sharing platform.
      • ? hpfriends - real-time social data-sharing - Presentation about HPFriends feed system
    •      ?      ?? HPFeeds) - Lightweight authenticated publish-subscribe protocol.

  • Central management tool

    • PHARM - Manage, report, and analyze your distributed Nepenthes instances.

  • Network connection analyzer

    • Impost - Network security auditing tool designed to analyze the forensics behind compromised and/or vulnerable daemons.

  • Honeypot deployment

    •      5      0? honeyfs) - Tool to create artificial file systems for medium/high interaction honeypots.
    • Modern Honeynet Network - Streamlines deployment and management of secure honeypots.

  • Honeypot extensions to Wireshark

    • ? Wireshark Extensions - Apply Snort IDS rules and signatures against packet capture files using Wireshark.

  • Client

    • ? CWSandbox / GFI Sandbox
    • ? Capture-HPC-Linux
    •     11     10? Capture-HPC-NG)
    • ? Capture-HPC - High interaction client honeypot (also called honeyclient).
    • HoneyBOT
    • ? HoneyC
    •     29      9? HoneySpider Network) - Highly-scalable system integrating multiple client honeypots to detect malicious websites.
    • ? HoneyWeb - Web interface created to manage and remotely share Honeyclients resources.
    •    163     65? Jsunpack-n)
    • MonkeySpider
    •     25      9? PhoneyC) - Python honeyclient (later replaced by Thug).
    •      ?      ?? Pwnypot) - High Interaction Client Honeypot.
    •      ?      ?? Rumal) - Thug's Rumāl: a Thug's dress and weapon.
    • ? Shelia - Client-side honeypot for attack detection.
    • ? Thug - Python-based low-interaction honeyclient.
    • ? Thug Distributed Task Queuing
    • ? Trigona
    • ? URLQuery
    •     69     11? YALIH (Yet Another Low Interaction Honeyclient)) - Low-interaction client honeypot designed to detect malicious websites through signature, anomaly, and pattern matching techniques.

  • Honeypot

    • Deception Toolkit
    •     16      8? IMHoneypot)

  • PDF document inspector

    •   1321    243? peepdf) - Powerful Python tool to analyze PDF documents.

  • Hybrid low/high interaction honeypot

    • HoneyBrid

  • SSH Honeypots

    •     22      4? Blacknet) - Multi-head SSH honeypot system.
    •   5274    903? Cowrie) - Cowrie SSH Honeypot (based on kippo).
    •     15      3? DShield docker) - Docker container running cowrie with DShield output enabled.
    •   7396    283? endlessh) - SSH tarpit that slowly sends an endless banner. ? docker image)
    •    373     71? HonSSH) - Logs all SSH communications between a client and server.
    •      6      1? HUDINX) - Tiny interaction SSH honeypot engineered in Python to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker.
    •   1634    277? Kippo) - Medium interaction SSH honeypot.
    •     10      2? Kippo_JunOS) - Kippo configured to be a backdoored netscreen.
    •     38      5? Kojoney2) - Low interaction SSH honeypot written in Python and based on Kojoney by Jose Antonio Coret.
    • Kojoney - Python-based Low interaction honeypot that emulates an SSH server implemented with Twisted Conch.
    •     18      2? Longitudinal Analysis of SSH Cowrie Honeypot Logs) - Python based command line tool to analyze cowrie logs over time.
    • LongTail Log Analysis @ Marist College - Analyzed SSH honeypot logs.
    •      8      1? Malbait) - Simple TCP/UDP honeypot implemented in Perl.
    •    126     23? MockSSH) - Mock an SSH server and define all commands it supports (Python, Twisted).
    •      7      4? cowrie2neo) - Parse cowrie honeypot logs into a neo4j database.
    •     32      5? go-sshoney) - SSH Honeypot.
    •     35      5? go0r) - Simple ssh honeypot in Golang.
    •     11      2? gohoney) - SSH honeypot written in Go.
    •      3      0? hived) - Golang-based honeypot.
    •     37     12? hnypots-agent)) - SSH Server in Go that logs username and password combinations.
    •     28      7? honeypot.go) - SSH Honeypot written in Go.
    •     12      1? honeyssh) - Credential dumping SSH honeypot with statistics.
    •     22      2? hornet) - Medium interaction SSH honeypot that supports multiple virtual hosts.
    •     19      8? ssh-auth-logger) - Low/zero interaction SSH authentication logging honeypot.
    •    633    242? ssh-honeypot) - Fake sshd that logs IP addresses, usernames, and passwords.
    •     26      1? ssh-honeypot) - Modified version of the OpenSSH deamon that forwards commands to Cowrie where all commands are interpreted and returned.
    •     15      4? ssh-honeypotd) - Low-interaction SSH honeypot written in C.
    •     39      5? sshForShits) - Framework for a high interaction SSH honeypot.
    •   1567     95? sshesame) - Fake SSH server that lets everyone in and logs their activity.
    •    167     46? sshhipot) - High-interaction MitM SSH honeypot.
    •     14      3? sshlowpot) - Yet another no-frills low-interaction SSH honeypot in Go.
    •     96      8? sshsyrup) - Simple SSH Honeypot with features to capture terminal activity and upload to asciinema.org.
    •     86     21? twisted-honeypots) - SSH, FTP and Telnet honeypots based on Twisted.

  • Distributed sensor project

    • ? DShield Web Honeypot Project

  • A pcap analyzer

    • ? Honeysnap

  • Network traffic redirector

    • ? Honeywall

  • Honeypot Distribution with mixed content

    • ? HoneyDrive

  • Honeypot sensor

    • ? Honeeepi - Honeypot sensor on a Raspberry Pi based on a customized Raspbian OS.

  • File carving

    • ? TestDisk & PhotoRec

  • Behavioral analysis tool for win32

    • ? Capture BAT

  • Live CD

    • ? DAVIX - The DAVIX Live CD.

  • Spamtrap

    • ? Mail::SMTP::Honeypot - Perl module that appears to provide the functionality of a standard SMTP server.
    •    258     73? Mailoney) - SMTP honeypot, Open Relay, Cred Harvester written in python.
    •     12      8? SendMeSpamIDS.py) - Simple SMTP fetch all IDS and analyzer.
    •    133     38? Shiva) - Spam Honeypot with Intelligent Virtual Analyzer.
      • ? Shiva The Spam Honeypot Tips And Tricks For Getting It Up And Running
    •      5      0? SMTPLLMPot) - A super simple SMTP Honeypot built using GPT3.5
    •     26      3? SpamHAT) - Spam Honeypot Tool.
    • Spamhole
    •      3      0? honeypot) - The Project Honey Pot un-official PHP SDK.
    • spamd

  • Commercial honeynet

    • Cymmetria Mazerunner - Leads attackers away from real targets and creates a footprint of the attack.

  • Server (Bluetooth)

    •    246     29? Bluepot)

  • Dynamic analysis of Android apps

    • ? Droidbox

  • Dockerized Low Interaction packaging

    •     22      4? Docker honeynet) - Several Honeynet tools set up for Docker containers.
    • ? Dockerized Thug - Dockerized    998    203? Thug) to analyze malicious web content.
    •    148     14? Dockerpot) - Docker based honeypot.
    •     24      5? Manuka) - Docker based honeypot (Dionaea and Kippo).
    •      7      1? honey_ports) - Very simple but effective docker deployed honeypot to detect port scanning in your environment.
    •     34      5? mhn-core-docker) - Core elements of the Modern Honey Network implemented in Docker.

  • Network analysis

    • ? Quechua

  • SIP Server

    • Artemnesia VoIP

  • SIP

    •    176     18? SentryPeer) - Protect your SIP Servers from bad actors.

  • IOT Honeypot

    •    121     43? HoneyThing) - TR-069 Honeypot.
    •     26      8? Kako) - Honeypots for a number of well known and deployed embedded device vulnerabilities.

  • Honeytokens

    •   1777    258? CanaryTokens) - Self-hostable honeytoken generator and reporting dashboard; demo version available at ? CanaryTokens.org.
    •    273     45? Honeybits) - Simple tool designed to enhance the effectiveness of your traps by spreading breadcrumbs and honeytokens across your production servers and workstations to lure the attacker toward your honeypots.
    •    511     55? Honeyλ (HoneyLambda)) - Simple, serverless application designed to create and monitor URL honeytokens, on top of AWS Lambda and Amazon API Gateway.
    •    498    102? dcept) - Tool for deploying and detecting use of Active Directory honeytokens.
    •     60     10? honeyku) - Heroku-based web honeypot that can be used to create and monitor fake HTTP endpoints (i.e. honeytokens).

Honeyd Tools

  • Honeyd plugin

    • Honeycomb

  • Honeyd viewer

    • Honeyview

  • Honeyd to MySQL connector

    • ? Honeyd2MySQL

  • A script to visualize statistics from honeyd

    • ? Honeyd-Viz

  • Honeyd stats

    •    351    103? Honeydsum.pl)

Network and Artifact Analysis

  • Sandbox

    • Argos - Emulator for capturing zero-day attacks.
    • ? COMODO automated sandbox
    • ? Cuckoo - Leading open source automated malware analysis system.
    •    126     31? Pylibemu) - Libemu Cython wrapper.
    • ? RFISandbox - PHP 5.x script sandbox built on top of ? funcall.
    •    197     35? dorothy2) - Malware/botnet analysis framework written in Ruby.
    •     13      6? imalse) - Integrated MALware Simulator and Emulator.
    •    150     40? libemu) - Shellcode emulation library, useful for shellcode detection.

  • Sandbox-as-a-Service

    • ? Hybrid Analysis - Free malware analysis service powered by Payload Security that detects and analyzes unknown threats using a unique Hybrid Analysis technology.
    • ? Joebox Cloud - Analyzes the behavior of malicious files including PEs, PDFs, DOCs, PPTs, XLSs, APKs, URLs and MachOs on Windows, Android and Mac OS X for suspicious activities.
    • ? VirusTotal - Analyze suspicious files and URLs to detect types of malware, and automatically share them with the security community.
    • ? malwr.com - Free malware analysis service and community.

Data Tools

  • Front Ends

    •     66     27? DionaeaFR) - Front Web to Dionaea low-interaction honeypot.
    •     12      1? Django-kippo) - Django App for kippo SSH Honeypot.
    •      3      0? Shockpot-Frontend) - Full featured script to visualize statistics from a Shockpot honeypot.
    •    254     43? Tango) - Honeypot Intelligence with Splunk.
    •      5      1? Wordpot-Frontend) - Full featured script to visualize statistics from a Wordpot honeypot.
    •      4      1? honeyalarmg2) - Simplified UI for showing honeypot alarms.
    •      3      0? honeypotDisplay) - Flask website which displays data gathered from an SSH Honeypot.

  • Visualization

    •     10      6? Acapulco) - Automated Attack Community Graph Construction.
    •     15      7? Afterglow Cloud)
    • Afterglow
    •      3      0? Glastopf Analytics) - Easy honeypot statistics.
    •     14      3? HoneyMalt) - Maltego tranforms for mapping Honeypot systems.
    •    219     88? HoneyMap) - Real-time websocket stream of GPS events on a fancy SVG world map.
    • ? HoneyStats - Statistical view of the recorded activity on a Honeynet.
    •     15      4? HpfeedsHoneyGraph) - Visualization app to visualize hpfeeds logs.
    •   3584    647? IVRE) - Network recon framework, published by @cea-sec & @ANSSI-FR. Build your own, self-hosted and fully-controlled alternatives to Criminalip / Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, collect and analyse network intelligence from your sensors, and much more!
    •     18      2? Kippo stats) - Mojolicious app to display statistics for your kippo SSH honeypot.
    • ? Kippo-Graph - Full featured script to visualize statistics from a Kippo SSH honeypot.
    •     62     11? The Intelligent HoneyNet) - Create actionable information from honeypots.
    •     47     15? ovizart) - Visual analysis for network traffic.

Guides

  • ? T-Pot: A Multi-Honeypot Platform

  •      ?      ?? Honeypot (Dionaea and kippo) setup script)

  • Deployment

    • Dionaea and EC2 in 20 Minutes - Tutorial on setting up Dionaea on an EC2 instance.
    • ? Using a Raspberry Pi honeypot to contribute data to DShield/ISC - The Raspberry Pi based system will allow us to maintain one code base that will make it easier to collect rich logs beyond firewall logs.
    •     32      5? honeypotpi) - Script for turning a Raspberry Pi into a HoneyPot Pi.

  • Research Papers

    •     29      6? Honeypot research papers) - PDFs of research papers on honeypots.
    • ? vEYE - Behavioral footprinting for self-propagating worm detection and profiling.

Source

  8763   1267? paralax/awesome-honeypots)

Expand
Additional Information
Related Applications
Recommended for You
Related Information All