-
Notifications
You must be signed in to change notification settings - Fork 0
FlowchartDiagram
The Flowchart Diagram illustrates the internal workflow of the WISETrap honeypot system from the moment an attacker interacts with the trap endpoint until the administrator receives a security alert.
This diagram demonstrates how the system detects suspicious requests, records attack information, stores logs, and triggers real-time notifications.
WISETrap is a web-based credential honeypot designed to simulate a vulnerable environment by intentionally exposing a fake credential file located at:
https://honeypot.wise.local/login.txt
When an attacker or automated bot accesses the trap endpoint or attempts to use the exposed credentials, the system automatically processes the request, logs the activity, and sends an alert notification to the administrator.
The monitoring process begins when the WISETrap system is active and waiting for incoming HTTP requests.
The system receives an incoming request from:
- Attacker
- Bot
- Scanner
- External user
The request may target:
- /login.txt
- Fake login page
- Honeypot endpoints
The system analyzes the request and determines whether the activity is suspicious.
Examples:
- Accessing exposed trap files
- Attempting fake credentials
- Suspicious scanning behavior
- The request is ignored
- No alert is generated
- Monitoring continues
The system proceeds to the logging and alert stages.
The system records:
- IP Address
- Requested URL
- Timestamp
- User Agent
- Request information
The collected attack data is securely stored inside the honeypot database for monitoring and future analysis.
The system generates an alert message and sends it through the configured email service.
The alert may contain:
- Attacker IP
- Accessed endpoint
- Timestamp
- Request details
The administrator receives the notification in real time and can:
- View attack logs
- Analyze suspicious activity
- Monitor attacker behavior
- Take defensive action if needed
After processing the request, the system returns to monitoring mode and waits for additional incoming requests.
Attempts to access trap resources or exploit fake credentials.
Processes requests, logs suspicious activity, and generates alerts.
Stores collected request and attack information.
Delivers alert notifications to the administrator.
Receives alerts and monitors the honeypot system.

The purpose of this flowchart is to describe the operational workflow of the WISETrap honeypot system and demonstrate how suspicious requests are detected, processed, logged, and reported using deception-based security techniques.
- The system only logs suspicious activity.
- All request data is stored securely.
- Alerts are sent in real time.
- The administrator continuously monitors the honeypot environment.
- The workflow is fully automated after detection.