Skip to content
This repository has been archived by the owner on Jan 28, 2023. It is now read-only.
/ Honeypot Public archive

Low interaction honeypot that displays real time attacks

Notifications You must be signed in to change notification settings


Folders and files

Last commit message
Last commit date

Latest commit



55 Commits

Repository files navigation


Low interaction honeypot application that displays real time attacks in the web-interface. Made just for fun and it is not production ready.

Written in Node.js the application listens on 128 most common TCP ports and saves results to the MySQL Database for further analysis.


Web-interface demo available at

How to Deploy

We need nodejs, git and tcpdump

sudo yum install git nodejs tcpdump -y

Clone the repo, install dependencies and run the app.js. Please make sure that none of your own services are listening on the ports 21, 22, 80 and ~128 more ports.

git clone
cd Honeypot/ && npm install
sudo node app.js # Please think twice before running random person's code with the sudo privileges

That is it. You should be able to access the app on the port 80 from your web-browser.

Monthly Statistics

Stats for the past 30 days are available at

Below example is custom-made and displays the data for the month of June 2018:

  • There were total of 69 074 requests to the server;
  • IP Geolocation based on 11 918 unique IP Addresses;
  • IP Geolocation Map is made with the help of Google Maps API and Google Fusion Tables.