Skip to content

Latest commit

 

History

History
2403 lines (2403 loc) · 44.2 KB

awesome-honeypots.md

File metadata and controls

2403 lines (2403 loc) · 44.2 KB
Raw

Awesome Honeypots

Awesome Honeypots

A curated list of awesome honeypots, tools, components and much more. The list is divided into categories such as web, services, and others, focusing on open source projects.

There is no pre-established order of items in each category, the order is for contribution. If you want to contribute, please read the guide .

Discover more awesome lists at sindresorhus/awesome .

Sections

Related Lists

Honeypots

  • Database Honeypots

    • Elastic honey - A Simple Elasticsearch Honeypot
    • mysql - A mysql honeypot, still very very early stage ★ 7, pushed 1422 days ago
    • NoSQLpot - The NoSQL Honeypot Framework. ★ 56, pushed 382 days ago
    • ESPot - ElasticSearch Honeypot ★ 4, pushed 742 days ago
    ★ 67, pushed 419 days ago

  • Web honeypots

    • Glastopf - Web Application Honeypot
    • phpmyadmin_honeypot - - A simple and effective phpMyAdmin honeypot ★ 23, pushed 430 days ago
    • servlet - Web application Honeypot ★ 4, pushed 1212 days ago
    • Nodepot - A nodejs web application honeypot ★ 12, pushed 379 days ago
    • basic-auth-pot bap - http Basic Authentication honeyPot ★ 6, pushed 599 days ago
    • Shadow Daemon - A modular Web Application Firewall / High-Interaction Honeypot for PHP, Perl & Python apps
    • Servletpot - Web application Honeypot ★ 4, pushed 1212 days ago
    • Google Hack Honeypot - designed to provide reconnaissance against attackers that use search engines as a hacking tool against your resources.
    • smart-honeypot - PHP Script demonstrating a smart honey pot ★ 6, pushed 870 days ago
    • HonnyPotter - A WordPress login honeypot for collection and analysis of failed login attempts. ★ 16, pushed 267 days ago
    • HoneyPress - python based WordPress honeypot in a docker container
    • wp-smart-honeypot - WordPress plugin to reduce comment spam with a smarter honeypot ★ 11, pushed 161 days ago
    • wordpot - A WordPress Honeypot ★ 67, pushed 447 days ago
    • Bukkit Honeypot Honeypot - A honeypot plugin for Bukkit ★ 6, pushed 1918 days ago
    • Laravel Application Honeypot - Honeypot - Simple spam prevention package for Laravel applications ★ 227, pushed 217 days ago
    • stack-honeypot - Inserts a trap for spam bots into responses ★ 15, pushed 949 days ago
    • EoHoneypotBundle - Honeypot type for Symfony2 forms ★ 17, pushed 131 days ago
    • shockpot - WebApp Honeypot for detecting Shell Shock exploit attempts ★ 36, pushed 263 days ago
    • django-admin-honeypot - A fake Django admin login screen to notify admins of attempted unauthorized access. ★ 274, pushed 205 days ago
    ★ 198, pushed 184 days ago

  • Service Honeypots

    ★ 628, pushed 320 days ago

  • Anti-honeypot stuff

    • kippo_detect - This is not a honeypot, but it detects kippo. (This guy has lots of more interesting stuff)
    ★ 11, pushed 635 days ago

  • ICS/SCADA honeypots

    • Conpot - ICS/SCADA honeypot
    • gridpot - Open source tools for realistic-behaving electric grid honeynets ★ 18, pushed 532 days ago
    • scada-honeynet - mimics many of the services from a popular PLC and better helps SCADA researchers understand potential risks of exposed control system devices
    • SCADA honeynet - Building Honeypots for Industrial Networks
    • GasPot - Veeder Root Gaurdian AST, common in the oil and gas industry.
    ★ 226, pushed 276 days ago

  • Deployment

  • Data Analysis

    • Kippo-Graph - a full featured script to visualize statistics from a Kippo SSH honeypot
    • Kippo stats - Mojolicious app to display statistics for your kippo SSH honeypot ★ 16, pushed 1951 days ago

  • Other/random

    • NOVA uses honeypots as detectors, looks like a complete system.
    • Open Canary - A low interaction honeypot intended to be run on internal networks.
    • libemu - Shellcode emulation library, useful for shellcode detection. ★ 9, pushed 152 days ago
    • OFPot - OpenFlow Honeypot, redirects traffic for unused IPs to a honeypot. Built on POX. ★ 2, pushed 1339 days ago
    • OpenCanary - Modular and decentralised honeypot ★ 109, pushed 174 days ago
    ★ 24, pushed 573 days ago

  • Open Relay Spam Honeypot

    ★ 8, pushed 440 days ago

  • Botnet C2 monitor

    • Hale - Botnet command & control monitor
    ★ 56, pushed 1623 days ago

  • IPv6 attack detection tool

  • Research Paper

    • vEYE - behavioral footprinting for self-propagating worm detection and profiling

  • Honeynet statistics

    • HoneyStats - A statistical view of the recorded activity on a Honeynet

  • Dynamic code instrumentation toolkit

    • Frida - Inject JavaScript to explore native apps on Windows, Mac, Linux, iOS and Android

  • Front-end for dionaea

    • DionaeaFR - Front Web to Dionaea low-interaction honeypot
    ★ 27, pushed 629 days ago

  • Tool to convert website to server honeypots

    • HIHAT - ransform arbitrary PHP applications into web-based high-interaction Honeypots

  • Malware collector

    • Kippo-Malware - Python script that will download all malicious files stored as URLs in a Kippo SSH honeypot database

  • Sebek in QEMU

    • Qebek - QEMU based Sebek. As Sebek, it is data capture tool for high interaction honeypot

  • Malware Simulator

    • imalse - Integrated MALware Simulator and Emulator
    ★ 2, pushed 1000 days ago

  • Distributed sensor deployment

    • Smarthoneypot - custom honeypot intelligence system that is simple to deploy and easy to manage
    • Modern Honey Network - Multi-snort and honeypot sensor management, uses a network of VMs, small footprint SNORT installations, stealthy dionaeas, and a centralized server for management ★ 741, pushed 128 days ago
    • ADHD - Active Defense Harbinger Distribution (ADHD) is a Linux distro based on Ubuntu LTS. It comes with many tools aimed at active defense preinstalled and configured

  • Network Analysis Tool

  • Log anonymizer

    • LogAnon - log anonymization library that helps having anonymous logs consistent between logs and network captures

  • server

    • Honeysink - open source network sinkhole that provides a mechanism for detection and prevention of malicious traffic on a given network

  • Botnet traffic detection

    • dnsMole - analyse dns traffic, and to potentionaly detect botnet C&C server and infected hosts

  • Low interaction honeypot (router back door)

    ★ 4, pushed 942 days ago

  • honeynet farm traffic redirector

    • Honeymole - eploy multiple sensors that redirect traffic to a centralized collection of honeypots

  • HTTPS Proxy

    • mitmproxy - allows traffic flows to be intercepted, inspected, modified and replayed

  • spamtrap

    ★ 3, pushed 210 days ago

  • System instrumentation

    • Sysdig - open source, system-level exploration: capture system state and activity from a running Linux instance, then save, filter and analyze
    • Fibratus - tool for exploration and tracing of the Windows kernel

  • Honeypot for USB-spreading malware

    • Ghost-usb - honeypot for malware that propagates via USB storage devices
    ★ 30, pushed 531 days ago

  • Data Collection

    • Kippo2MySQL - extracts some very basic stats from Kippo’s text-based log files (a mess to analyze!) and inserts them in a MySQL database
    • Kippo2ElasticSearch - Python script to transfer data from a Kippo SSH honeypot MySQL database to an ElasticSearch instance (server or cluster)

  • Passive network audit framework parser

    • pnaf - Passive Network Audit Framework
    ★ 7, pushed 396 days ago

  • VM Introspection

  • Binary debugger

    ★ 127, pushed 299 days ago

  • Mobile Analysis Tool

    • APKinspector - APKinspector is a powerful GUI tool for analysts to analyze the Android applications
    • Androguard - Reverse engineering, Malware and goodware analysis of Android applications ... and more ★ 905, pushed 167 days ago

  • Low interaction honeypot

    • Honeypoint - platform of distributed honeypot technologies
    • Honeyperl - Honeypot software based in Perl with plugins developed for many functions like : wingates, telnet, squid, smtp, etc

  • Honeynet data fusion

    • HFlow2 - data coalesing tool for honeynet/network analysis

  • Server

    • LaBrea - takes over unused IP addresses, and creates virtual servers that are attractive to worms, hackers, and other denizens of the Internet.
    • Kippo - SSH honeypot
    • KFSensor - Windows based honeypot Intrusion Detection System (IDS)
    • Honeyd Also see more honeyd tools ★ 1, pushed 541 days ago
    • Glastopf - Honeypot which emulates thousands of vulnerabilities to gather data from attacks targeting web applications
    • UDPot Honeypot - Simple UDP / DNS honeypot scripts ★ 12, pushed 901 days ago
    • Conpot - ow interactive server side Industrial Control Systems honeypot
    • Bifrozt - High interaction honeypot solution for Linux based systems
    • Beeswarm - Honeypot deployment made easy
    • Bait and Switch - redirects all hostile traffic to a honeypot that is partially mirroring your production system
    • Artillery - open-source blue team tool designed to protect Linux and Windows operating systems through multiple methods
    • Amun - vulnerability emulation honeypot
    • TelnetHoney - A simple telnet honeypot ★ 0, pushed 229 days ago
    • Hontel - Telnet Honeypot
    • Heralding - A credentials catching honeypot
    • VNC-Pot - A low interaction VNC honeypot

  • VM cloaking script

    • Antivmdetect - Script to create templates to use with VirtualBox to make vm detection harder
    ★ 33, pushed 154 days ago

  • IDS signature generation

  • lookup service for AS-numbers and prefixes

  • Web interface (for Thug)

    • Rumal - Thug's Rumāl: a Thug's dress & weapon

  • Data Collection / Data Sharing

  • Distributed spam tracking

  • Python bindings for libemu

    ★ 65, pushed 299 days ago

  • Controlled-relay spam honeypot

    ★ 58, pushed 281 days ago

  • Visualization Tool

    ★ 15, pushed 266 days ago

  • central management tool

  • Network connection analyzer

  • Virtual Machine Cloaking

    ★ 104, pushed 132 days ago

  • Honeypot deployment

  • Automated malware analysis system

  • Low interaction

  • Low interaction honeypot on USB stick

  • Honeypot extensions to Wireshark

  • Data Analysis Tool

    ★ 7, pushed 1300 days ago

  • Telephony honeypot

  • Client

    ★ 12, pushed 1021 days ago

  • Visual analysis for network traffic

    ★ 41, pushed 1232 days ago

  • Binary Management and Analysis Framework

  • Honeypot

  • PDF document inspector

    ★ 121, pushed 126 days ago

  • Distribution system

  • HoneyClient Management

  • Network Analysis

  • Hybrid low/high interaction honeypot

  • Sebek on Xen

  • SSH Honeypot

    • Kojoney
    • Kojoney2 - low interaction SSH honeypot written in Python. Based on Kojoney by Jose Antonio Coret ★ 17, pushed 608 days ago
    • Cowrie - Cowrie SSH Honeypot (based on kippo) ★ 384, pushed 129 days ago
    • sshlowpot - Yet another no-frills low-interaction ssh honeypot in Go.
    • sshhipot - High-interaction MitM SSH honeypot
    • DShield docker - Docker container running cowrie with DShield output enabled. ★ 2, pushed 175 days ago

  • Glastopf data analysis

  • Distributed sensor project

  • A pcap analyzer

  • Client Web crawler

    ★ 13, pushed 129 days ago

  • Network traffic redirector

  • Honeypot Distribution with mixed content

  • Honeypot sensor

  • File carving

  • File and Network Threat Intelligence

  • Data capture

  • SSH proxy

    ★ 50, pushed 214 days ago

  • Anti-Cheat

  • behavioral analysis tool for win32

  • Live CD

  • Spamtrap

  • Commercial honeynet

  • Server (Bluetooth)

    ★ 7, pushed 222 days ago

  • Dynamic analysis of Android apps

  • Dockerized Low Interaction packaging

    ★ 6, pushed 534 days ago

  • Network analysis

  • Sebek data visualization

  • SIP Server

  • Botnet C2 monitoring

  • low interaction

    ★ 7, pushed 1422 days ago

  • Malware collection

  • IOT Honeypot

    ★ 24, pushed 173 days ago

  • Active Directory

    • dcept - A tool for deploying and detecting use of Active Directory honeytokens
    ★ 302, pushed 133 days ago

Honeyd Tools

Network and Artifact Analysis

  • Sandbox

  • Sandbox-as-a-Service

    • malwr.com - free malware analysis service and community
    • detux.org - Multiplatform Linux Sandbox
    • Joebox Cloud - analyzes the behavior of malicious files including PEs, PDFs, DOCs, PPTs, XLSs, APKs, URLs and MachOs on Windows, Android and Mac OS X for suspicious activities

Data Tools

  • Front Ends

    • Tango - Honeypot Intelligence with Splunk
    • Django-kippo - Django App for kippo SSH Honeypot ★ 10, pushed 1519 days ago
    • Wordpot-Frontend - a full featured script to visualize statistics from a Wordpot honeypot - Shockpot-Frontend - a full featured script to visualize statistics from a Shockpot honeypot ★ 0, pushed 270 days ago
    • honeypotDisplay - A flask website which displays data I've gathered with my SSH Honeypot ★ 1, pushed 213 days ago
    • honeyalarmg2 - Simplified UI for showing honeypot alarms ★ 2, pushed 181 days ago
    ★ 173, pushed 165 days ago

  • Visualization

    • HoneyMap - Real-time websocket stream of GPS events on a fancy SVG world map
    • HoneyMalt - Maltego tranforms for mapping Honeypot systems ★ 9, pushed 630 days ago
    ★ 137, pushed 154 days ago

Guides