Capture Malicious Payload
Switch branches/tags
Clone or download
Latest commit 6e999d5 Sep 18, 2018
Failed to load latest commit information.
config add honeypot Mar 4, 2018
decoder updage Aug 2, 2018
doc/images update Jul 9, 2018
honeypot update Sep 18, 2018
logp delete metrics May 29, 2017
outputs add heartbeat Jun 21, 2018
paths fixbug May 2, 2017
sniffer add debug info Aug 8, 2017
utils support send log to nsq Sep 20, 2017
LICENSE update license Mar 7, 2018
Makefile add intelAMTResponse Jan 15, 2018 Update Jul 21, 2018 add tls Feb 16, 2018
main.go add honeypot Mar 4, 2018


Capture malicious payload

It is built on the shoulders of Beats and blackhole. A big thanks.


  • System tools
    • conntrack #Netfilter's connection tracking userspace tools


  • Low Interaction Honeypot
  • Capture TCP/SYN and backscatter packet only.
  • Capture Malicious payload,reference blackhole.
  • Capture all packets.

Installation from source

go get
cd $GOPATH/src/
make install
apacket -i eth1 -bs -f "not tcp port 22 and not arp" -r 102400 -k 10 -p ./apacket.logs -n apacket.log  -listen -tlslisten -crt ./localhost.crt -key ./ocalhost.key smtp memcached

#install log server
go get
cd $GOPATH/src/
make install
sapacket -h