Honeypots

A curated list of open-source tools for capturing, analyzing, and processing network packet captures (PCAP files).

A curated list of awesome malware analysis tools, resources, and related information for security professionals.

A honeypot designed to detect and log attacks targeting Elasticsearch remote code execution vulnerabilities.

A honeypot proxy that logs all traffic to a dummy MongoDB server to detect and analyze attack attempts.

An open-source honeypot framework for NoSQL databases that simulates servers to detect and log attacks.

A high-performance HTTP honeypot that punishes unruly bots by serving them an infinite stream of deceptive content.

A Laravel package that prevents spam using honeypot fields and form submission timing validation.

Apache 2-based honeypot and detection module for detecting and blocking the Struts CVE-2017-5638 exploit.

An LLM-powered web honeypot that dynamically crafts realistic HTTP responses to mimic various applications and detect malicious traffic.

A Flask-based honeypot that mimics Outlook Web Access to detect and log authentication attempts.

A simple and effective honeypot that mimics phpMyAdmin to detect and log unauthorized access attempts.

A web application honeypot sensor that clones websites to attract and analyze malicious attacks.

A remote data analysis and classification service that evaluates HTTP requests and emulates vulnerabilities for honeypot systems.

A WordPress honeypot that detects probes for plugins, themes, and common files used to fingerprint WordPress installations.

An open-source Python framework for creating honeypots and honeynets to detect and analyze cyber attacks.

A low-interaction honeypot that mimics Android Debug Bridge (ADB) over TCP/IP to capture malware targeting exposed port 5555.

A honeypot platform for monitoring and analyzing UDP-based DDoS amplification attacks via DNS, NTP, SSDP, Chargen, and generic UDP services.

A low-interaction honeypot that emulates vulnerable services to capture malware and analyze attacks.

A Ruby on Rails gem plugin for deploying a malicious behavior detection and response honeypot in under ten minutes.

A Python package with 30 low-high level honeypots for monitoring network traffic, bots, and credential attacks.

An extensible open-source framework for running, monitoring, and managing honeypots to detect and analyze cyber threats.

A low to medium interaction honeypot written in Python, designed for easy deployment and extensibility.

A Python RDP man-in-the-middle tool and library for intercepting, monitoring, and analyzing Remote Desktop Protocol connections.

An RDP honeypot that captures attack telemetry by simulating Windows RDP sessions with virtual machines.

A pure Python implementation of Microsoft's Remote Desktop Protocol (RDP) and VNC client/server, built on Twisted.

A low-interaction honeypot that mimics network services and clones websites with AI-powered responses to detect intruders.

A signature-based, multi-threaded honeypot detection tool written in Go that identifies emulated services via crafted requests.

An open-source ICS/SCADA honeypot designed to emulate industrial control systems and collect adversary intelligence.

A honeypot that simulates Veeder Root Guardian AST tank gauges used in gas stations to detect and log cyber threats.

A honeypot that detects and logs exploitation attempts targeting the Log4Shell vulnerability (CVE-2021-44228).

A low-interaction honeypot that responds to network scanners and bots across multiple protocols, designed for self-hosted threat intelligence.

A modular, low-resource network honeypot that mimics services to detect breaches and alert on attacker interactions.

A medium interaction printer honeypot that mimics an exposed network printer to detect and log attacks.

A modular botnet command & control monitor for tracking and researching malware networks via IRC, HTTP, and XMPP.

A Windows security tool for real-time adversary tradecraft detection, memory scanning, and forensics via behavior-driven rules.

A honeypot that emulates USB storage devices to detect and capture malware that spreads via USB propagation.

A script that generates VirtualBox templates to harden Windows VMs against malware detection.

Automated tool for creating and preparing virtual machines for Cuckoo Sandbox malware analysis.

A backend-agnostic debugger frontend for reverse engineering and analyzing binaries without source code access.

A Python toolkit for reverse engineering, analyzing, and pentesting Android applications (APK, DEX, resources).

An all-in-one, optionally distributed, multi-architecture honeypot platform with 20+ honeypots, visualization via Elastic Stack, and live attack maps.

A secure low-code honeypot framework that uses AI to create high-interaction decoy systems for cyber attack detection and analysis.

An open-source blue team tool that protects Linux and Windows operating systems through multiple security methods.

A Python-based Telnet honeypot that emulates a Telnet service inside a chroot environment to capture malicious activity.

An open-source telnet honeypot designed to detect and fingerprint IoT botnets like Mirai by simulating vulnerable devices.

A free, cross-platform, single-file fake protocol server simulator that can start or stop multiple network services.

A protocol-agnostic, low-interaction honeypot that intercepts and logs network traffic to analyze malicious activities.

A low-interaction honeypot that catches attacks against TCP and UDP services by emulating protocols, mirroring, or proxying connections.

A Python telnet honeypot that emulates a shell environment to catch IoT botnet binaries and analyze malware networks.

A Telnet honeypot that logs failed login attempts to track botnet activity like Mirai.

A lightweight authenticated publish-subscribe protocol for binary data feeds, commonly used in security monitoring.

A browser emulation tool that detects exploits targeting browser and browser plugin vulnerabilities by analyzing various file types.

A low-interaction client honeypot that detects malicious websites using signature, anomaly, and pattern matching techniques.

A Python tool for analyzing PDF files to detect malicious content and perform security research.

An SSH tarpit that slowly sends an endless banner to trap and waste attackers' time.

A medium interaction SSH honeypot that logs brute force attacks and attacker shell interactions.

A Python library to mock SSH servers and define custom commands for testing automation scripts.

A low-interaction SSH honeypot that logs attacker IPs, usernames, and passwords for security intelligence.

A lightweight SSH honeypot that logs all connection attempts and activity without executing commands.

A high-interaction SSH honeypot that logs and proxies attacker connections to a real SSH server.

A low-to-medium interaction SSH honeypot written in Go that captures terminal sessions and logs attacker activity.

A Python-based honeypot suite for SSH, FTP, and Telnet that captures credentials to build attack dictionaries.

A modern SMTP honeypot that simulates a vulnerable mail server to capture and log email-based attacks with database integration.

A Python-based spam honeypot that acts as an SMTP server to collect, analyze, and track spam campaigns for threat intelligence.

A Java-based Bluetooth honeypot for Linux that detects and analyzes Bluetooth-based attacks like BlueBugging and BlueSnarfing.

A Docker-based honeypot that creates disposable containers to capture and analyze attack attempts.

A peer-to-peer SIP honeypot and fraud detection tool that collects and shares malicious IP addresses and phone numbers.

A honeypot that emulates vulnerable TR-069 (CWMP) devices to detect and analyze attacks targeting IoT modems/routers.

Deploy honeytokens across your network to detect unauthorized access and data exfiltration attempts.

A proof-of-concept tool that spreads deceptive breadcrumbs and honeytokens across systems to lure attackers toward honeypots.

A serverless application to create and monitor fake HTTP endpoints (URL honeytokens) on AWS Lambda and API Gateway.

A honeytoken-based tripwire for detecting Active Directory credential theft and privilege escalation attempts.

A Heroku-based web honeypot for creating and monitoring fake HTTP endpoints (honeytokens) to detect attackers and malicious activity.

A Ruby framework for automated malware and botnet analysis using sandboxed virtual machines and network traffic dissection.

A Django-based web frontend for visualizing and analyzing data from the Dionaea low-interaction honeypot.

A Splunk-based platform for deploying honeypots and analyzing attacker sessions with intelligence dashboards and threat feeds.

Real-time visualization of GPS events on an interactive SVG world map using websockets.

A self-hosted network reconnaissance framework for building alternatives to Shodan, ZoomEye, Censys, and GreyNoise.

A honeynet system that deploys multiple honeypots, processes attack data with threat intelligence, and provides a web dashboard for analysis.