A high scalable low to medium interactive SSH/TCP honeypot using Linux Namespaces, capabilities, seccomp, cgroups designed for OpenWrt and IoT devices.
Clone or download
Latest commit 9baf4a5 Sep 19, 2018


Build Status Coverity Status Codacy Badge GitHub issues GitHub license Gitter chat


This project is part of a BA thesis. It is currently in a pre-alpha state.


Kernel/libc requirements: Cgroups, Namespaces (UTS, IPC, PID, NET, CGROUPS)

Required: libssh, pthread

Optional: libseccomp

A chroot'able directory that contains an executable named '/bin/sh'.



  • ./autogen.sh
  • ./configure
  • make


  • Example:

        ./src/potd --redirect

    This will process, filter and redirect all traffic incoming from to the protocol handler at and if the protocol accepts it, it will forward all traffic to the jail/sandbox at

    (clunky atm, will be simplified in the future)

  • see ./src/potd --help


The ssh server currently supports only shell channels. But exec and direct-tcp channels are coming soon!

Supported protocols (at the moment):

  • ssh with libssh

Protocols to implement:

  • HTTP
  • ssh with openssh
  • MySQL

Suits perfect for your favoured Desktop/Server/OpenWrt Linux system.


  • RESTful listener for output sampled data from different processes (send (real-time)statistics about protocols/jails/etc to higher level apps)
  • ptrace support for jailed processes (trace syscalls)
  • improved event handling (maybe libevent?)