Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

Ghost USB honeypot

Ghost is a honeypot for malware that spreads via USB storage devices. It detects infections with such malware without the need of any further information. If you would like to see a video introduction to the project, have a look at this Youtube video.

The honeypot was first developed for a bachelor thesis at Bonn University in Germany. Now development is continued by the same developer within the Honeynet Project.

Ghost was one of the projects supported by Rapid7's Magnificent7 program (see the press release).

How does it work?

Basically, the honeypot emulates a USB storage device. If your machine is infected by malware that uses such devices for propagation, the honeypot will trick it into infecting the emulated device. See the wiki for details.

What do I need to run it?

Ghost supports Windows XP 32 bit and Windows 7 32 bit. You can either download a binary distribution from the old website or compile the code yourself. If you choose to build the code, you will need the Windows Driver Kit. For detailed instructions on how to do so, refer to the build and install guides in the wiki.


The project's logo was created by Mark Eibes. The project is supported by Rapid7 as a member of their Magnificent7 program.


A honeypot for malware that propagates via USB storage devices







No packages published