Skip to content


Switch branches/tags

Latest commit


Failed to load latest commit information.
Latest commit message
Commit time


Documentation Status Build Status Coverage Status

Super Next generation Advanced Reactive honEypot


SNARE is a web application honeypot sensor attracting all sort of maliciousness from the Internet.


The documentation can be found here.

Basic Concepts

  • Surface first. Focus on the attack surface generation.
  • Sensors and masters. Lightweight collectors (SNARE) and central decision maker (tanner).

Getting started

  • You need Python3.6 to run SNARE
  • This was tested with a recent Ubuntu based Linux.

Steps to setup

  1. Get SNARE: git clone and cd snare
  2. [Optional] Make virtual environment: python3 -m venv venv
  3. [Optional] Activate virtual environment: . venv/bin/activate

Note: Do not use sudo with below commands if you're running snare in virtual environment.

  1. Install requirements: sudo pip3 install -r requirements.txt
  2. Setup snare: sudo python3 install
  3. Clone a page: sudo clone --target --path <path to base dir>
  4. Run SNARE: sudo snare --port 8080 --page-dir --path <path to base dir>
  5. Test: Visit http://localhost:8080/index.html
  6. (Optionally) Have your own tanner service running.

[Note : Cloner clones the whole website, to restrict to a desired depth of cloning add --max-depth parameter]

Docker build instructions

  1. Change current directory to snare project directory
  2. docker-compose build
  3. docker-compose up
  4. Snare will start on with port 80. More information about running docker-compose can be found here.

In case of an error while running docker-compose up, check the availability of port 80, if it is occupied then refer to Docker documentation to change the default port.

You obviously want to bind to and port 80 when running in production.


In order to run the tests and receive a test coverage report, we recommend running pytest:

    pip install pytest pytest-cov
    sudo pytest --cov-report term-missing --cov=snare snare/tests/

Sample Output

    # sudo snare --port 8080 --page-dir

       _____ _   _____    ____  ______
      / ___// | / /   |  / __ \/ ____/
      \__ \/  |/ / /| | / /_/ / __/
     ___/ / /|  / ___ |/ _, _/ /___
    /____/_/ |_/_/  |_/_/ |_/_____/

    privileges dropped, running as "nobody:nogroup"
    serving with uuid 9c10172f-7ce2-4fb4-b1c6-abc70141db56
    Debug logs will be stored in /opt/snare/snare.log
    Error logs will be stored in /opt/snare/snare.err
    ======== Running on ========
    (Press CTRL+C to quit)
    you are running the latest version