awesome-honeypots
Honeypot catalog
A curated collection of honeypot projects and tools for detecting and preventing malicious activity
an awesome list of honeypot resources
9k stars
384 watching
1k forks
Language: Python
last commit: about 1 year ago
Linked from 16 awesome lists
awesomeawesome-listhoneydhoneypotlist
Contents / Related Lists | |||
| awesome-pcaptools | 3,143 | over 1 year ago | Useful in network traffic analysis |
| awesome-malware-analysis | 12,073 | over 1 year ago | Some overlap here for artifact analysis |
Contents / Honeypots | |||
| Delilah | 23 | over 10 years ago | Elasticsearch Honeypot written in Python (originally from Novetta) |
| ESPot | 27 | about 11 years ago | Elasticsearch honeypot written in NodeJS, to capture every attempts to exploit CVE-2014-3120 |
| ElasticPot | An Elasticsearch Honeypot | ||
| Elastic honey | 186 | over 10 years ago | Simple Elasticsearch Honeypot |
| MongoDB-HoneyProxy | 92 | over 2 years ago | MongoDB honeypot proxy |
| NoSQLpot | 101 | about 2 years ago | Honeypot framework built on a NoSQL-style database |
| mysql-honeypotd | 32 | 11 months ago | Low interaction MySQL honeypot written in C |
| MysqlPot | 21 | about 13 years ago | MySQL honeypot, still very early stage |
| pghoney | 18 | over 1 year ago | Low-interaction Postgres Honeypot |
| sticky_elephant | 11 | about 1 year ago | Medium interaction postgresql honeypot |
| RedisHoneyPot | 22 | over 4 years ago | High Interaction Honeypot Solution for Redis protocol |
| Express honeypot | 17 | over 1 year ago | RFI & LFI honeypot using nodeJS and express |
| EoHoneypotBundle | 36 | over 1 year ago | Honeypot type for Symfony2 forms |
| Glastopf | 564 | over 1 year ago | Web Application Honeypot |
| Google Hack Honeypot | Designed to provide reconnaissance against attackers that use search engines as a hacking tool against your resources | ||
| HellPot | 898 | 11 months ago | Honeypot that tries to crash the bots and clients that visit it's location |
| Laravel Application Honeypot | 431 | over 1 year ago | Simple spam prevention package for Laravel applications |
| Nodepot | 45 | about 10 years ago | NodeJS web application honeypot |
| PasitheaHoneypot | 2 | over 7 years ago | RestAPI honeypot |
| Servletpot | 14 | over 12 years ago | Web application Honeypot |
| Shadow Daemon | Modular Web Application Firewall / High-Interaction Honeypot for PHP, Perl, and Python apps | ||
| StrutsHoneypot | 72 | over 8 years ago | Struts Apache 2 based honeypot as well as a detection module for Apache 2 servers |
| WebTrap | 64 | over 7 years ago | Designed to create deceptive webpages to deceive and redirect attackers away from real websites |
| basic-auth-pot (bap) | 47 | almost 11 years ago | HTTP Basic Authentication honeypot |
| bwpot | 26 | over 6 years ago | Breakable Web applications honeyPot |
| django-admin-honeypot | 1,031 | over 1 year ago | Fake Django admin login screen to notify admins of attempted unauthorized access |
| drupo | 57 | over 6 years ago | Drupal Honeypot |
| galah | 440 | about 1 year ago | an LLM-powered web honeypot using the OpenAI API |
| honeyhttpd | 44 | over 1 year ago | Python-based web server honeypot builder |
| honeyup | 27 | 11 months ago | An uploader honeypot designed to look like poor website security |
| modpot | 54 | over 1 year ago | Modpot is a modular web application honeypot framework and management application written in Golang and making use of gin framework |
| owa-honeypot | 66 | over 2 years ago | A basic flask based Outlook Web Honey pot |
| phpmyadmin_honeypot | 66 | over 7 years ago | Simple and effective phpMyAdmin honeypot |
| shockpot | WebApp Honeypot for detecting Shell Shock exploit attempts | ||
| smart-honeypot | 17 | over 11 years ago | PHP Script demonstrating a smart honey pot |
Contents / Honeypots / Snare/Tanner | |||
| Snare | 450 | over 1 year ago | Super Next generation Advanced Reactive honeypot |
| Tanner | 223 | about 1 year ago | Evaluating SNARE events |
Contents / Honeypots | |||
| stack-honeypot | 23 | almost 12 years ago | Inserts a trap for spam bots into responses |
| tomcat-manager-honeypot | 11 | about 8 years ago | Honeypot that mimics Tomcat manager endpoints. Logs requests and saves attacker's WAR file for later study |
Contents / Honeypots / WordPress honeypots | |||
| HonnyPotter | 32 | almost 8 years ago | WordPress login honeypot for collection and analysis of failed login attempts |
| HoneyPress | 6 | almost 5 years ago | Python based WordPress honeypot in a Docker container |
| wp-smart-honeypot | 28 | about 8 years ago | WordPress plugin to reduce comment spam with a smarter honeypot |
| wordpot | 180 | over 2 years ago | WordPress Honeypot |
Contents / Honeypots | |||
| Python-Honeypot | 443 | about 1 year ago | OWASP Honeypot, Automated Deception Framework |
| ADBHoney | 161 | 12 months ago | Low interaction honeypot that simulates an Android device running Android Debug Bridge (ADB) server process |
| AMTHoneypot | 17 | over 1 year ago | Honeypot for Intel's AMT Firmware Vulnerability CVE-2017-5689 |
| ddospot | 52 | almost 5 years ago | NTP, DNS, SSDP, Chargen and generic UDP-based amplification DDoS honeypot |
| dionaea | 719 | about 1 year ago | Home of the dionaea honeypot |
| dhp | 30 | about 5 years ago | Simple Docker Honeypot server emulating small snippets of the Docker HTTP API |
| DolosHoneypot | 2 | over 7 years ago | SDN (software defined networking) honeypot |
| Ensnare | 66 | over 8 years ago | Easy to deploy Ruby honeypot |
| Helix | 40 | almost 2 years ago | K8s API Honeypot with Active Defense Capabilities |
| honeycomb_plugins | 27 | about 2 years ago | Plugin repository for Honeycomb, the honeypot framework by Cymmetria |
| https://honeydb.io/downloads | [honeydb] ( ) - Multi-service honeypot that is easy to deploy and configure. Can be configured to send interaction data to to HoneyDB's centralized collectors for access via REST API | ||
| honeyntp | 52 | over 11 years ago | NTP logger/honeypot |
| honeypot-camera | 50 | over 10 years ago | Observation camera honeypot |
| honeypot-ftp | 30 | almost 2 years ago | FTP Honeypot |
| honeypots | 704 | 11 months ago | 25 different honeypots in a single pypi package! (dns, ftp, httpproxy, http, https, imap, mysql, pop3, postgres, redis, smb, smtp, socks5, ssh, telnet, vnc, mssql, elastic, ldap, ntp, memcache, snmp, oracle, sip and irc) |
| honeytrap | 1,226 | about 2 years ago | Advanced Honeypot framework written in Go that can be connected with other honeypot software |
| HoneyPy | 461 | over 1 year ago | Low interaction honeypot |
| Honeygrove | 20 | over 4 years ago | Multi-purpose modular honeypot based on Twisted |
| Honeyport | 43 | over 8 years ago | Simple honeyport written in Bash and Python |
| Honeyprint | 19 | almost 10 years ago | Printer honeypot |
| Lyrebird | Modern high-interaction honeypot framework | ||
| MICROS honeypot | 15 | about 7 years ago | Low interaction honeypot to detect CVE-2018-2636 in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (MICROS) |
| node-ftp-honeypot | 5 | about 2 years ago | FTP server honeypot in JS |
| pyrdp | 1,556 | over 1 year ago | RDP man-in-the-middle and library for Python 3 with the ability to watch connections live or after the fact |
| rdppot | 63 | over 6 years ago | RDP honeypot |
| RDPy | 1,694 | over 4 years ago | Microsoft Remote Desktop Protocol (RDP) honeypot implemented in Python |
| SMB Honeypot | 47 | over 4 years ago | High interaction SMB service honeypot capable of capturing wannacry-like Malware |
| Tom's Honeypot | 26 | over 10 years ago | Low interaction Python honeypot |
| Trapster Commmunity | 28 | 11 months ago | Modural and easy to install Python Honeypot, with comprehensive alerting |
| troje | 45 | about 11 years ago | Honeypot that runs each connection with the service within a separate LXC container |
| WebLogic honeypot | 32 | over 5 years ago | Low interaction honeypot to detect CVE-2017-10271 in the Oracle WebLogic Server component of Oracle Fusion Middleware |
| WhiteFace Honeypot | 5 | over 10 years ago | Twisted based honeypot for WhiteFace |
| DemonHunter | 61 | over 7 years ago | Low interaction honeypot server |
| canarytokendetector | 19 | almost 2 years ago | Tool for detection and nullification of Thinkst CanaryTokens |
| honeydet | 85 | 11 months ago | Signature based honeypot detector tool written in Golang |
| kippo_detect | 56 | almost 11 years ago | Offensive component that detects the presence of the kippo honeypot |
| Conpot | 1,258 | over 1 year ago | ICS/SCADA honeypot |
| GasPot | 139 | over 1 year ago | Veeder Root Gaurdian AST, common in the oil and gas industry |
| SCADA honeynet | Building Honeypots for Industrial Networks | ||
| gridpot | 56 | over 10 years ago | Open source tools for realistic-behaving electric grid honeynets |
| scada-honeynet | Mimics many of the services from a popular PLC and better helps SCADA researchers understand potential risks of exposed control system devices | ||
| CitrixHoneypot | 114 | almost 6 years ago | Detect and log CVE-2019-19781 scan and exploitation attempts |
| Damn Simple Honeypot (DSHP) | 16 | over 9 years ago | Honeypot framework with pluggable handlers |
| dicompot | 24 | about 2 years ago | DICOM Honeypot |
| IPP Honey | A honeypot for the Internet Printing Protocol | ||
| Log4Pot | 91 | 11 months ago | A honeypot for the Log4Shell vulnerability (CVE-2021-44228) |
| Masscanned | 109 | 11 months ago | Let's be scanned. A low-interaction honeypot focused on network scanners and bots. It integrates very well with IVRE to build a self-hosted alternative to GreyNoise |
| medpot | 24 | over 1 year ago | HL7 / FHIR honeypot |
| NOVA | 75 | over 2 years ago | Uses honeypots as detectors, looks like a complete system |
| OpenFlow Honeypot (OFPot) | 23 | almost 13 years ago | Redirects traffic for unused IPs to a honeypot, built on POX |
| OpenCanary | 2,350 | 11 months ago | Modular and decentralised honeypot daemon that runs several canary versions of services that alerts when a service is (ab)used |
| ciscoasa_honeypot | 51 | almost 7 years ago | A low interaction honeypot for the Cisco ASA component capable of detecting CVE-2018-0101, a DoS and remote code execution vulnerability |
| miniprint | 202 | over 2 years ago | A medium interaction printer honeypot |
| Hale | 188 | over 3 years ago | Botnet command and control monitor |
| dnsMole | Analyses DNS traffic and potentionaly detect botnet command and control server activity, along with infected hosts | ||
| ipv6-attack-detector | 39 | over 5 years ago | Google Summer of Code 2012 project, supported by The Honeynet Project organization |
| Frida | Inject JavaScript to explore native apps on Windows, Mac, Linux, iOS and Android | ||
| HIHAT | Transform arbitrary PHP applications into web-based high-interaction Honeypots | ||
| Kippo-Malware | Python script that will download all malicious files stored as URLs in a Kippo SSH honeypot database | ||
| Community Honey Network | CHN aims to make deployments honeypots and honeypot management tools easy and flexible. The default deployment method uses Docker Compose and Docker to deploy with a few simple commands | ||
| Modern Honey Network | Multi-snort and honeypot sensor management, uses a network of VMs, small footprint SNORT installations, stealthy dionaeas, and a centralized server for management | ||
| Tracexploit | Replay network packets | ||
| LogAnon | Log anonymization library that helps having anonymous logs consistent between logs and network captures | ||
| Honeypot-32764 | 16 | over 11 years ago | Honeypot for router backdoor (TCP 32764) |
| WAPot | 18 | almost 7 years ago | Honeypot that can be used to observe traffic directed at home routers |
| Honeymole | Deploy multiple sensors that redirect traffic to a centralized collection of honeypots | ||
| mitmproxy | Allows traffic flows to be intercepted, inspected, modified, and replayed | ||
| Sysdig | Open source, system-level exploration allows one to capture system state and activity from a running GNU/Linux instance, then save, filter, and analyze the results | ||
| Fibratus | 2,246 | 11 months ago | Tool for exploration and tracing of the Windows kernel |
| Ghost-usb | 97 | over 10 years ago | Honeypot for malware that propagates via USB storage devices |
| Kippo2MySQL | Extracts some very basic stats from Kippo’s text-based log files and inserts them in a MySQL database | ||
| Kippo2ElasticSearch | Python script to transfer data from a Kippo SSH honeypot MySQL database to an ElasticSearch instance (server or cluster) | ||
| Passive Network Audit Framework (pnaf) | 32 | over 7 years ago | Framework that combines multiple passive and automated analysis techniques in order to provide a security assessment of network platforms |
| Antivmdetect | 717 | almost 3 years ago | Script to create templates to use with VirtualBox to make VM detection harder |
| VMCloak | 487 | over 1 year ago | Automated Virtual Machine Generation and Cloaking for Cuckoo Sandbox |
| vmitools | C library with Python bindings that makes it easy to monitor the low-level details of a running virtual machine | ||
| Hexgolems - Pint Debugger Backend | 32 | almost 12 years ago | Debugger backend and LUA wrapper for PIN |
| Hexgolems - Schem Debugger Frontend | 142 | almost 10 years ago | Debugger frontend |
| Androguard | 5,324 | 11 months ago | Reverse engineering, Malware and goodware analysis of Android applications and more |
| APKinspector | 833 | over 12 years ago | Powerful GUI tool for analysts to analyze the Android applications |
| Honeyperl | Honeypot software based in Perl with plugins developed for many functions like : wingates, telnet, squid, smtp, etc | ||
| T-Pot | 6,943 | 11 months ago | All in one honeypot appliance from telecom provider T-Mobile |
| beelzebub | 703 | 11 months ago | A secure honeypot framework, extremely easy to configure by yaml 🚀 |
| HFlow2 | Data coalesing tool for honeynet/network analysis | ||
| Amun | Vulnerability emulation honeypot | ||
| Artillery | 330 | about 5 years ago | Open-source blue team tool designed to protect Linux and Windows operating systems through multiple methods |
| Bait and Switch | Redirects all hostile traffic to a honeypot that is partially mirroring your production system | ||
| Bifrozt | 5 | over 9 years ago | Automatic deploy bifrozt with ansible |
| Conpot | Low interactive server side Industrial Control Systems honeypot | ||
| Heralding | 377 | over 1 year ago | Credentials catching honeypot |
| HoneyWRT | 21 | about 10 years ago | Low interaction Python honeypot designed to mimic services or ports that might get targeted by attackers |
| Honeyd | 11 | over 10 years ago | See |
| Honeysink | Open source network sinkhole that provides a mechanism for detection and prevention of malicious traffic on a given network | ||
| Hontel | 161 | over 6 years ago | Telnet Honeypot |
| KFSensor | Windows based honeypot Intrusion Detection System (IDS) | ||
| LaBrea | Takes over unused IP addresses, and creates virtual servers that are attractive to worms, hackers, and other denizens of the Internet | ||
| MTPot | 104 | over 8 years ago | Open Source Telnet Honeypot, focused on Mirai malware |
| SIREN | 13 | over 7 years ago | Semi-Intelligent HoneyPot Network - HoneyNet Intelligent Virtual Environment |
| TelnetHoney | 1 | almost 10 years ago | Simple telnet honeypot |
| UDPot Honeypot | 48 | almost 2 years ago | Simple UDP/DNS honeypot scripts |
| Yet Another Fake Honeypot (YAFH) | 9 | almost 8 years ago | Simple honeypot written in Go |
| arctic-swallow | 2 | over 7 years ago | Low interaction honeypot |
| fapro | 1,528 | almost 3 years ago | Fake Protocol Server |
| glutton | 247 | 12 months ago | All eating honeypot |
| go-HoneyPot | 43 | about 6 years ago | Honeypot server written in Go |
| go-emulators | 10 | over 9 years ago | Honeypot Golang emulators |
| honeymail | 28 | about 9 years ago | SMTP honeypot written in Golang |
| honeytrap | 94 | over 8 years ago | Low-interaction honeypot and network security tool written to catch attacks against TCP and UDP services |
| imap-honey | 25 | over 3 years ago | IMAP honeypot written in Golang |
| mwcollectd | Versatile malware collection daemon, uniting the best features of nepenthes and honeytrap | ||
| potd | 29 | over 5 years ago | Highly scalable low- to medium-interaction SSH/TCP honeypot designed for OpenWrt/IoT devices leveraging several Linux kernel features, such as namespaces, seccomp and thread capabilities |
| portlurker | 31 | 11 months ago | Port listener in Rust with protocol guessing and safe string display |
| slipm-honeypot | 17 | over 5 years ago | Simple low-interaction port monitoring honeypot |
| telnet-iot-honeypot | 304 | over 1 year ago | Python telnet honeypot for catching botnet binaries |
| telnetlogger | 238 | over 8 years ago | Telnet honeypot designed to track the Mirai botnet |
| vnclowpot | 23 | about 6 years ago | Low interaction VNC honeypot |
| Honeycomb | Automated signature creation using honeypots | ||
| CC2ASN | Simple lookup service for AS-numbers and prefixes belonging to any given country in the world | ||
| HPfriends | Honeypot data-sharing platform | ||
Contents / Honeypots / HPfriends | |||
| hpfriends - real-time social data-sharing | Presentation about HPFriends feed system | ||
Contents / Honeypots | |||
| HPFeeds | 213 | about 2 years ago | Lightweight authenticated publish-subscribe protocol |
| PHARM | Manage, report, and analyze your distributed Nepenthes instances | ||
| Impost | Network security auditing tool designed to analyze the forensics behind compromised and/or vulnerable daemons | ||
| honeyfs | 5 | almost 2 years ago | Tool to create artificial file systems for medium/high interaction honeypots |
| Modern Honeynet Network | Streamlines deployment and management of secure honeypots | ||
| Wireshark Extensions | Apply Snort IDS rules and signatures against packet capture files using Wireshark | ||
| CWSandbox / GFI Sandbox | |||
| Capture-HPC-Linux | |||
| Capture-HPC-NG | 11 | almost 14 years ago | |
| Capture-HPC | High interaction client honeypot (also called honeyclient) | ||
| HoneyBOT | |||
| HoneyC | |||
| HoneySpider Network | 29 | over 9 years ago | Highly-scalable system integrating multiple client honeypots to detect malicious websites |
| HoneyWeb | Web interface created to manage and remotely share Honeyclients resources | ||
| Jsunpack-n | 163 | over 10 years ago | |
| MonkeySpider | |||
| PhoneyC | 25 | over 10 years ago | Python honeyclient (later replaced by Thug) |
| Pwnypot | High Interaction Client Honeypot | ||
| Rumal | Thug's Rumāl: a Thug's dress and weapon | ||
| Shelia | Client-side honeypot for attack detection | ||
| Thug | Python-based low-interaction honeyclient | ||
| Thug Distributed Task Queuing | |||
| Trigona | |||
| URLQuery | |||
| YALIH (Yet Another Low Interaction Honeyclient) | 69 | over 6 years ago | Low-interaction client honeypot designed to detect malicious websites through signature, anomaly, and pattern matching techniques |
| Deception Toolkit | |||
| IMHoneypot | 16 | over 9 years ago | |
| peepdf | 1,319 | about 1 year ago | Powerful Python tool to analyze PDF documents |
| HoneyBrid | |||
| Blacknet | 22 | over 1 year ago | Multi-head SSH honeypot system |
| Cowrie | 5,260 | 11 months ago | Cowrie SSH Honeypot (based on kippo) |
| DShield docker | 15 | over 9 years ago | Docker container running cowrie with DShield output enabled |
| endlessh | 7,356 | over 1 year ago | SSH tarpit that slowly sends an endless banner. ( ) |
| HonSSH | 373 | almost 4 years ago | Logs all SSH communications between a client and server |
| HUDINX | 6 | over 6 years ago | Tiny interaction SSH honeypot engineered in Python to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker |
| Kippo | 1,633 | almost 2 years ago | Medium interaction SSH honeypot |
| Kippo_JunOS | 10 | almost 10 years ago | Kippo configured to be a backdoored netscreen |
| Kojoney2 | 38 | almost 11 years ago | Low interaction SSH honeypot written in Python and based on Kojoney by Jose Antonio Coret |
| Kojoney | Python-based Low interaction honeypot that emulates an SSH server implemented with Twisted Conch | ||
| Longitudinal Analysis of SSH Cowrie Honeypot Logs | 18 | almost 3 years ago | Python based command line tool to analyze cowrie logs over time |
| LongTail Log Analysis @ Marist College | Analyzed SSH honeypot logs | ||
| Malbait | 8 | over 1 year ago | Simple TCP/UDP honeypot implemented in Perl |
| MockSSH | 125 | almost 2 years ago | Mock an SSH server and define all commands it supports (Python, Twisted) |
| cowrie2neo | 7 | about 8 years ago | Parse cowrie honeypot logs into a neo4j database |
| go-sshoney | 32 | over 8 years ago | SSH Honeypot |
| go0r | 35 | over 10 years ago | Simple ssh honeypot in Golang |
| gohoney | 11 | almost 12 years ago | SSH honeypot written in Go |
| hived | 3 | about 8 years ago | Golang-based honeypot |
| hnypots-agent) | 37 | 11 months ago | SSH Server in Go that logs username and password combinations |
| honeypot.go | 28 | almost 12 years ago | SSH Honeypot written in Go |
| honeyssh | 12 | about 6 years ago | Credential dumping SSH honeypot with statistics |
| hornet | 22 | over 7 years ago | Medium interaction SSH honeypot that supports multiple virtual hosts |
| ssh-auth-logger | 19 | about 1 year ago | Low/zero interaction SSH authentication logging honeypot |
| ssh-honeypot | 631 | about 1 year ago | Fake sshd that logs IP addresses, usernames, and passwords |
| ssh-honeypot | 26 | almost 7 years ago | Modified version of the OpenSSH deamon that forwards commands to Cowrie where all commands are interpreted and returned |
| ssh-honeypotd | 15 | 11 months ago | Low-interaction SSH honeypot written in C |
| sshForShits | 39 | over 5 years ago | Framework for a high interaction SSH honeypot |
| sshesame | 1,562 | about 1 year ago | Fake SSH server that lets everyone in and logs their activity |
| sshhipot | 168 | over 7 years ago | High-interaction MitM SSH honeypot |
| sshlowpot | 14 | over 5 years ago | Yet another no-frills low-interaction SSH honeypot in Go |
| sshsyrup | 96 | over 6 years ago | Simple SSH Honeypot with features to capture terminal activity and upload to asciinema.org |
| twisted-honeypots | 86 | almost 6 years ago | SSH, FTP and Telnet honeypots based on Twisted |
| DShield Web Honeypot Project | |||
| Honeysnap | |||
| Honeywall | |||
| HoneyDrive | |||
| Honeeepi | Honeypot sensor on a Raspberry Pi based on a customized Raspbian OS | ||
| TestDisk & PhotoRec | |||
| Capture BAT | |||
| DAVIX | The DAVIX Live CD | ||
| Mail::SMTP::Honeypot | Perl module that appears to provide the functionality of a standard SMTP server | ||
| Mailoney | 256 | over 2 years ago | SMTP honeypot, Open Relay, Cred Harvester written in python |
| SendMeSpamIDS.py | 12 | about 7 years ago | Simple SMTP fetch all IDS and analyzer |
| Shiva | 133 | over 1 year ago | Spam Honeypot with Intelligent Virtual Analyzer |
Contents / Honeypots / Shiva | |||
| Shiva The Spam Honeypot Tips And Tricks For Getting It Up And Running | |||
Contents / Honeypots | |||
| SMTPLLMPot | 5 | almost 2 years ago | A super simple SMTP Honeypot built using GPT3.5 |
| SpamHAT | 26 | over 9 years ago | Spam Honeypot Tool |
| Spamhole | |||
| honeypot | 3 | almost 10 years ago | The Project Honey Pot un-official PHP SDK |
| spamd | |||
| Cymmetria Mazerunner | Leads attackers away from real targets and creates a footprint of the attack | ||
| Bluepot | 245 | almost 5 years ago | |
| Droidbox | |||
| Docker honeynet | 22 | almost 11 years ago | Several Honeynet tools set up for Docker containers |
| Dockerized Thug | Dockerized to analyze malicious web content | ||
| Dockerpot | 148 | over 10 years ago | Docker based honeypot |
| Manuka | 24 | over 10 years ago | Docker based honeypot (Dionaea and Kippo) |
| honey_ports | 7 | about 6 years ago | Very simple but effective docker deployed honeypot to detect port scanning in your environment |
| mhn-core-docker | 34 | over 3 years ago | Core elements of the Modern Honey Network implemented in Docker |
| Quechua | |||
| Artemnesia VoIP | |||
| SentryPeer | 176 | 11 months ago | Protect your SIP Servers from bad actors |
| HoneyThing | 121 | over 9 years ago | TR-069 Honeypot |
| Kako | 26 | about 5 years ago | Honeypots for a number of well known and deployed embedded device vulnerabilities |
| CanaryTokens | 1,768 | 11 months ago | Self-hostable honeytoken generator and reporting dashboard; demo version available at |
| Honeybits | 273 | over 6 years ago | Simple tool designed to enhance the effectiveness of your traps by spreading breadcrumbs and honeytokens across your production servers and workstations to lure the attacker toward your honeypots |
| Honeyλ (HoneyLambda) | 511 | about 7 years ago | Simple, serverless application designed to create and monitor URL honeytokens, on top of AWS Lambda and Amazon API Gateway |
| dcept | 498 | over 3 years ago | Tool for deploying and detecting use of Active Directory honeytokens |
| honeyku | 60 | over 6 years ago | Heroku-based web honeypot that can be used to create and monitor fake HTTP endpoints (i.e. honeytokens) |
Contents / Honeyd Tools | |||
| Honeycomb | |||
| Honeyview | |||
| Honeyd2MySQL | |||
| Honeyd-Viz | |||
| Honeydsum.pl | 351 | over 2 years ago | |
Contents / Network and Artifact Analysis | |||
| Argos | Emulator for capturing zero-day attacks | ||
| COMODO automated sandbox | |||
| Cuckoo | Leading open source automated malware analysis system | ||
| Pylibemu | 126 | almost 2 years ago | Libemu Cython wrapper |
| RFISandbox | PHP 5.x script sandbox built on top of | ||
| dorothy2 | 197 | about 2 years ago | Malware/botnet analysis framework written in Ruby |
| imalse | 13 | almost 12 years ago | Integrated MALware Simulator and Emulator |
| libemu | 148 | over 1 year ago | Shellcode emulation library, useful for shellcode detection |
| Hybrid Analysis | Free malware analysis service powered by Payload Security that detects and analyzes unknown threats using a unique Hybrid Analysis technology | ||
| Joebox Cloud | Analyzes the behavior of malicious files including PEs, PDFs, DOCs, PPTs, XLSs, APKs, URLs and MachOs on Windows, Android and Mac OS X for suspicious activities | ||
| VirusTotal | Analyze suspicious files and URLs to detect types of malware, and automatically share them with the security community | ||
| malwr.com | Free malware analysis service and community | ||
Contents / Data Tools | |||
| DionaeaFR | 66 | about 8 years ago | Front Web to Dionaea low-interaction honeypot |
| Django-kippo | 12 | over 13 years ago | Django App for kippo SSH Honeypot |
| Shockpot-Frontend | 3 | almost 10 years ago | Full featured script to visualize statistics from a Shockpot honeypot |
| Tango | 254 | about 7 years ago | Honeypot Intelligence with Splunk |
| Wordpot-Frontend | 5 | almost 10 years ago | Full featured script to visualize statistics from a Wordpot honeypot |
| honeyalarmg2 | 4 | over 8 years ago | Simplified UI for showing honeypot alarms |
| honeypotDisplay | 3 | over 9 years ago | Flask website which displays data gathered from an SSH Honeypot |
| Acapulco | 10 | about 10 years ago | Automated Attack Community Graph Construction |
| Afterglow Cloud | 15 | over 12 years ago | |
| Afterglow | |||
| Glastopf Analytics | 3 | almost 10 years ago | Easy honeypot statistics |
| HoneyMalt | 14 | almost 11 years ago | Maltego tranforms for mapping Honeypot systems |
| HoneyMap | 219 | about 9 years ago | Real-time websocket stream of GPS events on a fancy SVG world map |
| HoneyStats | Statistical view of the recorded activity on a Honeynet | ||
| HpfeedsHoneyGraph | 15 | over 12 years ago | Visualization app to visualize hpfeeds logs |
| IVRE | 3,561 | 11 months ago | Network recon framework, published by @cea-sec & @ANSSI-FR. Build your own, self-hosted and fully-controlled alternatives to Criminalip / Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, collect and analyse network intelligence from your sensors, and much more! |
| Kippo stats | 18 | over 14 years ago | Mojolicious app to display statistics for your kippo SSH honeypot |
| Kippo-Graph | Full featured script to visualize statistics from a Kippo SSH honeypot | ||
| The Intelligent HoneyNet | 62 | almost 10 years ago | Create actionable information from honeypots |
| ovizart | 47 | over 12 years ago | Visual analysis for network traffic |
Contents / Guides | |||
| Dionaea and EC2 in 20 Minutes | Tutorial on setting up Dionaea on an EC2 instance | ||
| Using a Raspberry Pi honeypot to contribute data to DShield/ISC | The Raspberry Pi based system will allow us to maintain one code base that will make it easier to collect rich logs beyond firewall logs | ||
| honeypotpi | 32 | about 1 year ago | Script for turning a Raspberry Pi into a HoneyPot Pi |
| Honeypot research papers | 30 | over 7 years ago | PDFs of research papers on honeypots |
| vEYE | Behavioral footprinting for self-propagating worm detection and profiling | ||
Backlinks from these awesome lists:
-
sindresorhus/awesome
-
hack-with-github/awesome-hacking
-
bayandin/awesome-awesomeness
-
enaqx/awesome-pentest
-
jivoi/awesome-osint
-
sbilly/awesome-security
-
rshipp/awesome-malware-analysis
-
jnv/lists
-
decalage2/awesome-security-hardening
-
cugu/awesome-forensics
-
0x4d31/awesome-threat-detection
-
inquest/awesome-yara
-
jaredthecoder/awesome-vehicle-security
-
0ex/more-awesome
-
hexsecs/awesome-embedded-security
-
netanmangal/awesome-hacking
More related projects:
-
projectdiscovery/dnsx
-
ajinabraham/mobile-security-framework-mobsf
-
mobsf/mobile-security-framework-mobsf
-
spectralops/netz
-
jhwohlgemuth/zsh-pentest
-
stamparm/maltrail
-
johnnyxmas/scancannon
-
alaa-abdulridha/serpscan
-
deviantony/docker-elk
-
m0bilesecurity/rms-runtime-mobile-security
-
-
cedrozor/myrtille