awesome-honeypots
an awesome list of honeypot resources
9k stars
382 watching
1k forks
Language: Python
last commit: about 2 months ago
Linked from 16 awesome lists
awesomeawesome-listhoneydhoneypotlist
Contents / Related Lists | |||
awesome-pcaptools | 3,116 | 5 months ago | Useful in network traffic analysis |
awesome-malware-analysis | 11,701 | 4 months ago | Some overlap here for artifact analysis |
Contents / Honeypots | |||
Delilah | 22 | over 9 years ago | Elasticsearch Honeypot written in Python (originally from Novetta) |
ESPot | 27 | about 10 years ago | Elasticsearch honeypot written in NodeJS, to capture every attempts to exploit CVE-2014-3120 |
ElasticPot | An Elasticsearch Honeypot | ||
Elastic honey | 183 | about 9 years ago | Simple Elasticsearch Honeypot |
MongoDB-HoneyProxy | 89 | over 1 year ago | MongoDB honeypot proxy |
NoSQLpot | 102 | 12 months ago | Honeypot framework built on a NoSQL-style database |
mysql-honeypotd | 31 | 5 days ago | Low interaction MySQL honeypot written in C |
MysqlPot | 21 | almost 12 years ago | MySQL honeypot, still very early stage |
pghoney | 18 | 5 months ago | Low-interaction Postgres Honeypot |
sticky_elephant | 10 | 2 months ago | Medium interaction postgresql honeypot |
RedisHoneyPot | 17 | over 3 years ago | High Interaction Honeypot Solution for Redis protocol |
Express honeypot | 16 | 8 months ago | RFI & LFI honeypot using nodeJS and express |
EoHoneypotBundle | 34 | 5 months ago | Honeypot type for Symfony2 forms |
Glastopf | 556 | 3 months ago | Web Application Honeypot |
Google Hack Honeypot | Designed to provide reconnaissance against attackers that use search engines as a hacking tool against your resources | ||
HellPot | 744 | 5 days ago | Honeypot that tries to crash the bots and clients that visit it's location |
Laravel Application Honeypot | 429 | 5 months ago | Simple spam prevention package for Laravel applications |
Nodepot | 45 | about 9 years ago | NodeJS web application honeypot |
PasitheaHoneypot | 2 | over 6 years ago | RestAPI honeypot |
Servletpot | 13 | over 11 years ago | Web application Honeypot |
Shadow Daemon | Modular Web Application Firewall / High-Interaction Honeypot for PHP, Perl, and Python apps | ||
StrutsHoneypot | 72 | over 7 years ago | Struts Apache 2 based honeypot as well as a detection module for Apache 2 servers |
WebTrap | 62 | over 6 years ago | Designed to create deceptive webpages to deceive and redirect attackers away from real websites |
basic-auth-pot (bap) | 47 | over 9 years ago | HTTP Basic Authentication honeypot |
bwpot | 26 | over 5 years ago | Breakable Web applications honeyPot |
django-admin-honeypot | 1,017 | 6 months ago | Fake Django admin login screen to notify admins of attempted unauthorized access |
drupo | 57 | about 5 years ago | Drupal Honeypot |
galah | 393 | 30 days ago | an LLM-powered web honeypot using the OpenAI API |
honeyhttpd | 43 | 3 months ago | Python-based web server honeypot builder |
honeyup | 26 | almost 3 years ago | An uploader honeypot designed to look like poor website security |
modpot | 53 | 5 months ago | Modpot is a modular web application honeypot framework and management application written in Golang and making use of gin framework |
owa-honeypot | 64 | over 1 year ago | A basic flask based Outlook Web Honey pot |
phpmyadmin_honeypot | 65 | over 6 years ago | Simple and effective phpMyAdmin honeypot |
shockpot | WebApp Honeypot for detecting Shell Shock exploit attempts | ||
smart-honeypot | 17 | over 10 years ago | PHP Script demonstrating a smart honey pot |
Contents / Honeypots / Snare/Tanner | |||
Snare | 444 | 4 months ago | Super Next generation Advanced Reactive honeypot |
Tanner | 222 | about 2 months ago | Evaluating SNARE events |
Contents / Honeypots | |||
stack-honeypot | 23 | over 10 years ago | Inserts a trap for spam bots into responses |
tomcat-manager-honeypot | 10 | about 7 years ago | Honeypot that mimics Tomcat manager endpoints. Logs requests and saves attacker's WAR file for later study |
Contents / Honeypots / WordPress honeypots | |||
HonnyPotter | 30 | over 6 years ago | WordPress login honeypot for collection and analysis of failed login attempts |
HoneyPress | 5 | almost 4 years ago | Python based WordPress honeypot in a Docker container |
wp-smart-honeypot | 27 | almost 7 years ago | WordPress plugin to reduce comment spam with a smarter honeypot |
wordpot | 177 | over 1 year ago | WordPress Honeypot |
Contents / Honeypots | |||
Python-Honeypot | 431 | 27 days ago | OWASP Honeypot, Automated Deception Framework |
ADBHoney | 159 | about 2 years ago | Low interaction honeypot that simulates an Android device running Android Debug Bridge (ADB) server process |
AMTHoneypot | 17 | 8 months ago | Honeypot for Intel's AMT Firmware Vulnerability CVE-2017-5689 |
ddospot | 45 | almost 4 years ago | NTP, DNS, SSDP, Chargen and generic UDP-based amplification DDoS honeypot |
dionaea | 702 | 2 months ago | Home of the dionaea honeypot |
dhp | 30 | about 4 years ago | Simple Docker Honeypot server emulating small snippets of the Docker HTTP API |
DolosHoneypot | 2 | over 6 years ago | SDN (software defined networking) honeypot |
Ensnare | 66 | over 7 years ago | Easy to deploy Ruby honeypot |
Helix | 36 | 9 months ago | K8s API Honeypot with Active Defense Capabilities |
honeycomb_plugins | 27 | 12 months ago | Plugin repository for Honeycomb, the honeypot framework by Cymmetria |
https://honeydb.io/downloads | [honeydb] ( ) - Multi-service honeypot that is easy to deploy and configure. Can be configured to send interaction data to to HoneyDB's centralized collectors for access via REST API | ||
honeyntp | 53 | over 10 years ago | NTP logger/honeypot |
honeypot-camera | 51 | over 9 years ago | Observation camera honeypot |
honeypot-ftp | 28 | 9 months ago | FTP Honeypot |
honeypots | 664 | 1 day ago | 25 different honeypots in a single pypi package! (dns, ftp, httpproxy, http, https, imap, mysql, pop3, postgres, redis, smb, smtp, socks5, ssh, telnet, vnc, mssql, elastic, ldap, ntp, memcache, snmp, oracle, sip and irc) |
honeytrap | 1,222 | about 1 year ago | Advanced Honeypot framework written in Go that can be connected with other honeypot software |
HoneyPy | 459 | 7 months ago | Low interaction honeypot |
Honeygrove | 20 | over 3 years ago | Multi-purpose modular honeypot based on Twisted |
Honeyport | 42 | over 7 years ago | Simple honeyport written in Bash and Python |
Honeyprint | 20 | over 8 years ago | Printer honeypot |
Lyrebird | Modern high-interaction honeypot framework | ||
MICROS honeypot | 15 | about 6 years ago | Low interaction honeypot to detect CVE-2018-2636 in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (MICROS) |
node-ftp-honeypot | 5 | about 1 year ago | FTP server honeypot in JS |
pyrdp | 1,496 | 4 months ago | RDP man-in-the-middle and library for Python 3 with the ability to watch connections live or after the fact |
rdppot | 62 | over 5 years ago | RDP honeypot |
RDPy | 1,681 | over 3 years ago | Microsoft Remote Desktop Protocol (RDP) honeypot implemented in Python |
SMB Honeypot | 47 | over 3 years ago | High interaction SMB service honeypot capable of capturing wannacry-like Malware |
Tom's Honeypot | 26 | over 9 years ago | Low interaction Python honeypot |
Trapster Commmunity | 24 | 13 days ago | Modural and easy to install Python Honeypot, with comprehensive alerting |
troje | 45 | about 10 years ago | Honeypot that runs each connection with the service within a separate LXC container |
WebLogic honeypot | 32 | over 4 years ago | Low interaction honeypot to detect CVE-2017-10271 in the Oracle WebLogic Server component of Oracle Fusion Middleware |
WhiteFace Honeypot | 5 | over 9 years ago | Twisted based honeypot for WhiteFace |
DemonHunter | 59 | over 6 years ago | Low interaction honeypot server |
canarytokendetector | 15 | 10 months ago | Tool for detection and nullification of Thinkst CanaryTokens |
honeydet | 79 | 5 months ago | Signature based honeypot detector tool written in Golang |
kippo_detect | 56 | almost 10 years ago | Offensive component that detects the presence of the kippo honeypot |
Conpot | 1,233 | 7 months ago | ICS/SCADA honeypot |
GasPot | 135 | 5 months ago | Veeder Root Gaurdian AST, common in the oil and gas industry |
SCADA honeynet | Building Honeypots for Industrial Networks | ||
gridpot | 56 | over 9 years ago | Open source tools for realistic-behaving electric grid honeynets |
scada-honeynet | Mimics many of the services from a popular PLC and better helps SCADA researchers understand potential risks of exposed control system devices | ||
CitrixHoneypot | 113 | over 4 years ago | Detect and log CVE-2019-19781 scan and exploitation attempts |
Damn Simple Honeypot (DSHP) | 16 | over 8 years ago | Honeypot framework with pluggable handlers |
dicompot | 23 | about 1 year ago | DICOM Honeypot |
IPP Honey | A honeypot for the Internet Printing Protocol | ||
Log4Pot | 90 | over 2 years ago | A honeypot for the Log4Shell vulnerability (CVE-2021-44228) |
Masscanned | 106 | 4 days ago | Let's be scanned. A low-interaction honeypot focused on network scanners and bots. It integrates very well with IVRE to build a self-hosted alternative to GreyNoise |
medpot | 22 | 5 months ago | HL7 / FHIR honeypot |
NOVA | 74 | over 1 year ago | Uses honeypots as detectors, looks like a complete system |
OpenFlow Honeypot (OFPot) | 23 | almost 12 years ago | Redirects traffic for unused IPs to a honeypot, built on POX |
OpenCanary | 2,298 | 4 days ago | Modular and decentralised honeypot daemon that runs several canary versions of services that alerts when a service is (ab)used |
ciscoasa_honeypot | 50 | almost 6 years ago | A low interaction honeypot for the Cisco ASA component capable of detecting CVE-2018-0101, a DoS and remote code execution vulnerability |
miniprint | 201 | over 1 year ago | A medium interaction printer honeypot |
Hale | 185 | over 2 years ago | Botnet command and control monitor |
dnsMole | Analyses DNS traffic and potentionaly detect botnet command and control server activity, along with infected hosts | ||
ipv6-attack-detector | 39 | about 4 years ago | Google Summer of Code 2012 project, supported by The Honeynet Project organization |
Frida | Inject JavaScript to explore native apps on Windows, Mac, Linux, iOS and Android | ||
HIHAT | Transform arbitrary PHP applications into web-based high-interaction Honeypots | ||
Kippo-Malware | Python script that will download all malicious files stored as URLs in a Kippo SSH honeypot database | ||
Community Honey Network | CHN aims to make deployments honeypots and honeypot management tools easy and flexible. The default deployment method uses Docker Compose and Docker to deploy with a few simple commands | ||
Modern Honey Network | Multi-snort and honeypot sensor management, uses a network of VMs, small footprint SNORT installations, stealthy dionaeas, and a centralized server for management | ||
Tracexploit | Replay network packets | ||
LogAnon | Log anonymization library that helps having anonymous logs consistent between logs and network captures | ||
Honeypot-32764 | 16 | over 10 years ago | Honeypot for router backdoor (TCP 32764) |
WAPot | 18 | almost 6 years ago | Honeypot that can be used to observe traffic directed at home routers |
Honeymole | Deploy multiple sensors that redirect traffic to a centralized collection of honeypots | ||
mitmproxy | Allows traffic flows to be intercepted, inspected, modified, and replayed | ||
Sysdig | Open source, system-level exploration allows one to capture system state and activity from a running GNU/Linux instance, then save, filter, and analyze the results | ||
Fibratus | 2,205 | 9 days ago | Tool for exploration and tracing of the Windows kernel |
Ghost-usb | 97 | over 9 years ago | Honeypot for malware that propagates via USB storage devices |
Kippo2MySQL | Extracts some very basic stats from Kippo’s text-based log files and inserts them in a MySQL database | ||
Kippo2ElasticSearch | Python script to transfer data from a Kippo SSH honeypot MySQL database to an ElasticSearch instance (server or cluster) | ||
Passive Network Audit Framework (pnaf) | 32 | over 6 years ago | Framework that combines multiple passive and automated analysis techniques in order to provide a security assessment of network platforms |
Antivmdetect | 714 | almost 2 years ago | Script to create templates to use with VirtualBox to make VM detection harder |
VMCloak | 482 | 5 months ago | Automated Virtual Machine Generation and Cloaking for Cuckoo Sandbox |
vmitools | C library with Python bindings that makes it easy to monitor the low-level details of a running virtual machine | ||
Hexgolems - Pint Debugger Backend | 32 | almost 11 years ago | Debugger backend and LUA wrapper for PIN |
Hexgolems - Schem Debugger Frontend | 142 | almost 9 years ago | Debugger frontend |
Androguard | 5,211 | 19 days ago | Reverse engineering, Malware and goodware analysis of Android applications and more |
APKinspector | 830 | over 11 years ago | Powerful GUI tool for analysts to analyze the Android applications |
Honeyperl | Honeypot software based in Perl with plugins developed for many functions like : wingates, telnet, squid, smtp, etc | ||
T-Pot | 6,709 | 4 days ago | All in one honeypot appliance from telecom provider T-Mobile |
beelzebub | 661 | 11 days ago | A secure honeypot framework, extremely easy to configure by yaml 🚀 |
HFlow2 | Data coalesing tool for honeynet/network analysis | ||
Amun | Vulnerability emulation honeypot | ||
Artillery | 327 | about 4 years ago | Open-source blue team tool designed to protect Linux and Windows operating systems through multiple methods |
Bait and Switch | Redirects all hostile traffic to a honeypot that is partially mirroring your production system | ||
Bifrozt | 5 | over 8 years ago | Automatic deploy bifrozt with ansible |
Conpot | Low interactive server side Industrial Control Systems honeypot | ||
Heralding | 372 | 5 months ago | Credentials catching honeypot |
HoneyWRT | 21 | about 9 years ago | Low interaction Python honeypot designed to mimic services or ports that might get targeted by attackers |
Honeyd | 11 | over 9 years ago | See |
Honeysink | Open source network sinkhole that provides a mechanism for detection and prevention of malicious traffic on a given network | ||
Hontel | 161 | over 5 years ago | Telnet Honeypot |
KFSensor | Windows based honeypot Intrusion Detection System (IDS) | ||
LaBrea | Takes over unused IP addresses, and creates virtual servers that are attractive to worms, hackers, and other denizens of the Internet | ||
MTPot | 104 | over 7 years ago | Open Source Telnet Honeypot, focused on Mirai malware |
SIREN | 13 | over 6 years ago | Semi-Intelligent HoneyPot Network - HoneyNet Intelligent Virtual Environment |
TelnetHoney | 1 | over 8 years ago | Simple telnet honeypot |
UDPot Honeypot | 48 | 12 months ago | Simple UDP/DNS honeypot scripts |
Yet Another Fake Honeypot (YAFH) | 9 | almost 7 years ago | Simple honeypot written in Go |
arctic-swallow | 2 | about 6 years ago | Low interaction honeypot |
fapro | 1,516 | over 1 year ago | Fake Protocol Server |
glutton | 241 | 4 months ago | All eating honeypot |
go-HoneyPot | 43 | about 5 years ago | Honeypot server written in Go |
go-emulators | 10 | over 8 years ago | Honeypot Golang emulators |
honeymail | 28 | about 8 years ago | SMTP honeypot written in Golang |
honeytrap | 93 | over 7 years ago | Low-interaction honeypot and network security tool written to catch attacks against TCP and UDP services |
imap-honey | 25 | over 2 years ago | IMAP honeypot written in Golang |
mwcollectd | Versatile malware collection daemon, uniting the best features of nepenthes and honeytrap | ||
potd | 29 | about 4 years ago | Highly scalable low- to medium-interaction SSH/TCP honeypot designed for OpenWrt/IoT devices leveraging several Linux kernel features, such as namespaces, seccomp and thread capabilities |
portlurker | 31 | 6 months ago | Port listener in Rust with protocol guessing and safe string display |
slipm-honeypot | 17 | over 4 years ago | Simple low-interaction port monitoring honeypot |
telnet-iot-honeypot | 303 | 8 months ago | Python telnet honeypot for catching botnet binaries |
telnetlogger | 237 | over 7 years ago | Telnet honeypot designed to track the Mirai botnet |
vnclowpot | 23 | about 5 years ago | Low interaction VNC honeypot |
Honeycomb | Automated signature creation using honeypots | ||
CC2ASN | Simple lookup service for AS-numbers and prefixes belonging to any given country in the world | ||
HPfriends | Honeypot data-sharing platform | ||
Contents / Honeypots / HPfriends | |||
hpfriends - real-time social data-sharing | Presentation about HPFriends feed system | ||
Contents / Honeypots | |||
HPFeeds | 212 | 12 months ago | Lightweight authenticated publish-subscribe protocol |
PHARM | Manage, report, and analyze your distributed Nepenthes instances | ||
Impost | Network security auditing tool designed to analyze the forensics behind compromised and/or vulnerable daemons | ||
honeyfs | 3 | 10 months ago | Tool to create artificial file systems for medium/high interaction honeypots |
Modern Honeynet Network | Streamlines deployment and management of secure honeypots | ||
Wireshark Extensions | Apply Snort IDS rules and signatures against packet capture files using Wireshark | ||
CWSandbox / GFI Sandbox | |||
Capture-HPC-Linux | |||
Capture-HPC-NG | 11 | almost 13 years ago | |
Capture-HPC | High interaction client honeypot (also called honeyclient) | ||
HoneyBOT | |||
HoneyC | |||
HoneySpider Network | 29 | over 8 years ago | Highly-scalable system integrating multiple client honeypots to detect malicious websites |
HoneyWeb | Web interface created to manage and remotely share Honeyclients resources | ||
Jsunpack-n | 161 | over 9 years ago | |
MonkeySpider | |||
PhoneyC | 25 | over 9 years ago | Python honeyclient (later replaced by Thug) |
Pwnypot | High Interaction Client Honeypot | ||
Rumal | Thug's Rumāl: a Thug's dress and weapon | ||
Shelia | Client-side honeypot for attack detection | ||
Thug | Python-based low-interaction honeyclient | ||
Thug Distributed Task Queuing | |||
Trigona | |||
URLQuery | |||
YALIH (Yet Another Low Interaction Honeyclient) | 69 | over 5 years ago | Low-interaction client honeypot designed to detect malicious websites through signature, anomaly, and pattern matching techniques |
Deception Toolkit | |||
IMHoneypot | 16 | over 8 years ago | |
peepdf | 1,299 | about 2 months ago | Powerful Python tool to analyze PDF documents |
HoneyBrid | |||
Blacknet | 19 | 7 months ago | Multi-head SSH honeypot system |
Cowrie | 5,138 | 3 days ago | Cowrie SSH Honeypot (based on kippo) |
DShield docker | 15 | over 8 years ago | Docker container running cowrie with DShield output enabled |
endlessh | 7,231 | 4 months ago | SSH tarpit that slowly sends an endless banner. ( ) |
HonSSH | 372 | almost 3 years ago | Logs all SSH communications between a client and server |
HUDINX | 4 | over 5 years ago | Tiny interaction SSH honeypot engineered in Python to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker |
Kippo | 1,611 | 11 months ago | Medium interaction SSH honeypot |
Kippo_JunOS | 10 | almost 9 years ago | Kippo configured to be a backdoored netscreen |
Kojoney2 | 38 | almost 10 years ago | Low interaction SSH honeypot written in Python and based on Kojoney by Jose Antonio Coret |
Kojoney | Python-based Low interaction honeypot that emulates an SSH server implemented with Twisted Conch | ||
Longitudinal Analysis of SSH Cowrie Honeypot Logs | 18 | almost 2 years ago | Python based command line tool to analyze cowrie logs over time |
LongTail Log Analysis @ Marist College | Analyzed SSH honeypot logs | ||
Malbait | 8 | 6 months ago | Simple TCP/UDP honeypot implemented in Perl |
MockSSH | 125 | 10 months ago | Mock an SSH server and define all commands it supports (Python, Twisted) |
cowrie2neo | 7 | almost 7 years ago | Parse cowrie honeypot logs into a neo4j database |
go-sshoney | 32 | over 7 years ago | SSH Honeypot |
go0r | 35 | over 9 years ago | Simple ssh honeypot in Golang |
gohoney | 10 | almost 11 years ago | SSH honeypot written in Go |
hived | 3 | about 7 years ago | Golang-based honeypot |
hnypots-agent) | 38 | 11 months ago | SSH Server in Go that logs username and password combinations |
honeypot.go | 28 | almost 11 years ago | SSH Honeypot written in Go |
honeyssh | 12 | almost 5 years ago | Credential dumping SSH honeypot with statistics |
hornet | 22 | over 6 years ago | Medium interaction SSH honeypot that supports multiple virtual hosts |
ssh-auth-logger | 18 | 2 months ago | Low/zero interaction SSH authentication logging honeypot |
ssh-honeypot | 618 | almost 2 years ago | Fake sshd that logs IP addresses, usernames, and passwords |
ssh-honeypot | 26 | almost 6 years ago | Modified version of the OpenSSH deamon that forwards commands to Cowrie where all commands are interpreted and returned |
ssh-honeypotd | 14 | 4 days ago | Low-interaction SSH honeypot written in C |
sshForShits | 39 | over 4 years ago | Framework for a high interaction SSH honeypot |
sshesame | 1,515 | 5 days ago | Fake SSH server that lets everyone in and logs their activity |
sshhipot | 169 | over 6 years ago | High-interaction MitM SSH honeypot |
sshlowpot | 14 | over 4 years ago | Yet another no-frills low-interaction SSH honeypot in Go |
sshsyrup | 96 | over 5 years ago | Simple SSH Honeypot with features to capture terminal activity and upload to asciinema.org |
twisted-honeypots | 84 | almost 5 years ago | SSH, FTP and Telnet honeypots based on Twisted |
DShield Web Honeypot Project | |||
Honeysnap | |||
Honeywall | |||
HoneyDrive | |||
Honeeepi | Honeypot sensor on a Raspberry Pi based on a customized Raspbian OS | ||
TestDisk & PhotoRec | |||
Capture BAT | |||
DAVIX | The DAVIX Live CD | ||
Mail::SMTP::Honeypot | Perl module that appears to provide the functionality of a standard SMTP server | ||
Mailoney | 251 | over 1 year ago | SMTP honeypot, Open Relay, Cred Harvester written in python |
SendMeSpamIDS.py | 12 | about 6 years ago | Simple SMTP fetch all IDS and analyzer |
Shiva | 132 | 5 months ago | Spam Honeypot with Intelligent Virtual Analyzer |
Contents / Honeypots / Shiva | |||
Shiva The Spam Honeypot Tips And Tricks For Getting It Up And Running | |||
Contents / Honeypots | |||
SMTPLLMPot | 4 | 11 months ago | A super simple SMTP Honeypot built using GPT3.5 |
SpamHAT | 26 | over 8 years ago | Spam Honeypot Tool |
Spamhole | |||
honeypot | 3 | over 8 years ago | The Project Honey Pot un-official PHP SDK |
spamd | |||
Cymmetria Mazerunner | Leads attackers away from real targets and creates a footprint of the attack | ||
Bluepot | 236 | almost 4 years ago | |
Droidbox | |||
Docker honeynet | 22 | almost 10 years ago | Several Honeynet tools set up for Docker containers |
Dockerized Thug | Dockerized to analyze malicious web content | ||
Dockerpot | 149 | over 9 years ago | Docker based honeypot |
Manuka | 24 | over 9 years ago | Docker based honeypot (Dionaea and Kippo) |
honey_ports | 7 | almost 5 years ago | Very simple but effective docker deployed honeypot to detect port scanning in your environment |
mhn-core-docker | 33 | over 2 years ago | Core elements of the Modern Honey Network implemented in Docker |
Quechua | |||
Artemnesia VoIP | |||
SentryPeer | 170 | 2 days ago | Protect your SIP Servers from bad actors |
HoneyThing | 122 | over 8 years ago | TR-069 Honeypot |
Kako | 25 | about 4 years ago | Honeypots for a number of well known and deployed embedded device vulnerabilities |
CanaryTokens | 1,736 | 4 days ago | Self-hostable honeytoken generator and reporting dashboard; demo version available at |
Honeybits | 273 | over 5 years ago | Simple tool designed to enhance the effectiveness of your traps by spreading breadcrumbs and honeytokens across your production servers and workstations to lure the attacker toward your honeypots |
Honeyλ (HoneyLambda) | 509 | almost 6 years ago | Simple, serverless application designed to create and monitor URL honeytokens, on top of AWS Lambda and Amazon API Gateway |
dcept | 499 | about 2 years ago | Tool for deploying and detecting use of Active Directory honeytokens |
honeyku | 60 | over 5 years ago | Heroku-based web honeypot that can be used to create and monitor fake HTTP endpoints (i.e. honeytokens) |
Contents / Honeyd Tools | |||
Honeycomb | |||
Honeyview | |||
Honeyd2MySQL | |||
Honeyd-Viz | |||
Honeydsum.pl | 346 | over 1 year ago | |
Contents / Network and Artifact Analysis | |||
Argos | Emulator for capturing zero-day attacks | ||
COMODO automated sandbox | |||
Cuckoo | Leading open source automated malware analysis system | ||
Pylibemu | 126 | 11 months ago | Libemu Cython wrapper |
RFISandbox | PHP 5.x script sandbox built on top of | ||
dorothy2 | 197 | about 1 year ago | Malware/botnet analysis framework written in Ruby |
imalse | 12 | almost 11 years ago | Integrated MALware Simulator and Emulator |
libemu | 139 | 7 months ago | Shellcode emulation library, useful for shellcode detection |
Hybrid Analysis | Free malware analysis service powered by Payload Security that detects and analyzes unknown threats using a unique Hybrid Analysis technology | ||
Joebox Cloud | Analyzes the behavior of malicious files including PEs, PDFs, DOCs, PPTs, XLSs, APKs, URLs and MachOs on Windows, Android and Mac OS X for suspicious activities | ||
VirusTotal | Analyze suspicious files and URLs to detect types of malware, and automatically share them with the security community | ||
malwr.com | Free malware analysis service and community | ||
Contents / Data Tools | |||
DionaeaFR | 66 | about 7 years ago | Front Web to Dionaea low-interaction honeypot |
Django-kippo | 12 | over 12 years ago | Django App for kippo SSH Honeypot |
Shockpot-Frontend | 3 | almost 9 years ago | Full featured script to visualize statistics from a Shockpot honeypot |
Tango | 253 | almost 6 years ago | Honeypot Intelligence with Splunk |
Wordpot-Frontend | 5 | almost 9 years ago | Full featured script to visualize statistics from a Wordpot honeypot |
honeyalarmg2 | 4 | over 7 years ago | Simplified UI for showing honeypot alarms |
honeypotDisplay | 3 | over 8 years ago | Flask website which displays data gathered from an SSH Honeypot |
Acapulco | 10 | about 9 years ago | Automated Attack Community Graph Construction |
Afterglow Cloud | 15 | over 11 years ago | |
Afterglow | |||
Glastopf Analytics | 3 | almost 9 years ago | Easy honeypot statistics |
HoneyMalt | 13 | almost 10 years ago | Maltego tranforms for mapping Honeypot systems |
HoneyMap | 219 | about 8 years ago | Real-time websocket stream of GPS events on a fancy SVG world map |
HoneyStats | Statistical view of the recorded activity on a Honeynet | ||
HpfeedsHoneyGraph | 15 | over 11 years ago | Visualization app to visualize hpfeeds logs |
IVRE | 3,441 | 13 days ago | Network recon framework, published by @cea-sec & @ANSSI-FR. Build your own, self-hosted and fully-controlled alternatives to Criminalip / Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, collect and analyse network intelligence from your sensors, and much more! |
Kippo stats | 18 | over 13 years ago | Mojolicious app to display statistics for your kippo SSH honeypot |
Kippo-Graph | Full featured script to visualize statistics from a Kippo SSH honeypot | ||
The Intelligent HoneyNet | 62 | almost 9 years ago | Create actionable information from honeypots |
ovizart | 47 | over 11 years ago | Visual analysis for network traffic |
Contents / Guides | |||
Dionaea and EC2 in 20 Minutes | Tutorial on setting up Dionaea on an EC2 instance | ||
Using a Raspberry Pi honeypot to contribute data to DShield/ISC | The Raspberry Pi based system will allow us to maintain one code base that will make it easier to collect rich logs beyond firewall logs | ||
honeypotpi | 32 | 17 days ago | Script for turning a Raspberry Pi into a HoneyPot Pi |
Honeypot research papers | 28 | over 6 years ago | PDFs of research papers on honeypots |
vEYE | Behavioral footprinting for self-propagating worm detection and profiling |
Backlinks from these awesome lists:
- sindresorhus/awesome
- hack-with-github/awesome-hacking
- bayandin/awesome-awesomeness
- enaqx/awesome-pentest
- jivoi/awesome-osint
- sbilly/awesome-security
- rshipp/awesome-malware-analysis
- jnv/lists
- decalage2/awesome-security-hardening
- cugu/awesome-forensics
- 0x4d31/awesome-threat-detection
- inquest/awesome-yara
- jaredthecoder/awesome-vehicle-security
- 0ex/more-awesome
- netanmangal/awesome-hacking
- hexsecs/awesome-embedded-security