0bf5a36 
tanhiowyatt
tanhiowyatt
π Cyanide Framework v1.0.0
The first stable release of Cyanide β a medium-interaction SSH/Telnet honeypot with ML-driven attack classification and deep SOC integration.
What is Cyanide?
Cyanide is an open-source honeypot framework built to deceive, observe, and analyze real-world attackers. It emulates a full Linux environment β complete with a virtual filesystem, realistic command responses, hardware fingerprints, and human-like timing β making it exceptionally hard to fingerprint as a honeypot.
Highlights
π§ ML-Powered Attack Classification
Automatically categorizes sessions into attack patterns β brute-force, credential stuffing, reconnaissance, exploit attempts β and extracts actionable IOCs (IPs, credentials, commands, URLs, hashes) in real time.
π Anti-Detection Engine
Dynamic OS profiles (banners, kernel versions, hardware fingerprints via /proc/cpuinfo, /proc/meminfo) and realistic response variability defeat automated honeypot scanners.
π‘ SOC & Alerting Integrations
Native webhook support for Slack, Discord, and Telegram. Structured JSON event logs compatible with ELK, Splunk, and any SIEM. IOC export in STIX 2.1 and MISP formats on demand via /report bot command.
π₯οΈ Realistic Linux Emulation
Full VFS with 80+ emulated commands including pipes, redirections, sudo, su, doas, editors, package managers, and network utilities. Sessions feel indistinguishable from a real shell.
π Pluggable Output Layer
Route events to PostgreSQL, MySQL, MongoDB, Elasticsearch, RethinkDB, or hpfeeds β or chain multiple outputs simultaneously.
π¦ Libvirt Backend (Optional)
High-fidelity VM-based emulation with automated clone pools, NAT networking, and per-session snapshot rollback.
Getting Started
# Docker
git clone https://github.com/tanhiowyatt/cyanide-framework.git
cd cyanide-framework
docker-compose up -d
# PyPI
pip install cyanide-framework
cyanide-frameworkFull Changelog: https://github.com/tanhiowyatt/cyanide-framework/commits/v1.0.0