Question 1

What's the best SSH honeypot to use?

Accepted Answer

Based on the list, popular options include Cowrie (a modern fork of Kippo) for medium interaction and Kippo for foundational setups. Cowrie offers more features and active development, but Kippo is well-documented for beginners. Check their GitHub pages for specific capabilities and community support.

Question 2

How to set up a web application honeypot?

Accepted Answer

Start with tools like Glastopf for low-interaction web honeypots or Snare/Tanner for more advanced, reactive setups. Refer to their respective GitHub repositories for installation guides, and consider using Dockerized versions (e.g., from the Docker honeynet section) for easier deployment in isolated environments.

Question 3

Awesome Honeypots vs other security tool lists like awesome-security?

Accepted Answer

Awesome Honeypots is specialized for honeypot and deception technology tools, offering deep categorization in this niche. In contrast, awesome-security covers broader topics like malware analysis and network security. For honeypot-specific resources, this list is more focused, but cross-referencing with others can provide complementary tools.

Question 4

Are there honeypots for IoT devices?

Accepted Answer

Yes, the list includes IoT honeypots like HoneyThing for TR-069 protocols and Kako for embedded device vulnerabilities. These tools simulate IoT services to detect attacks targeting smart devices, often listed under the IOT Honeypot or service categories for easy discovery.

Question 5

How to contribute to Awesome Honeypots?

Accepted Answer

Contributions are welcome via pull requests on GitHub. Follow the CONTRIBUTING.md guide to add new tools, update existing entries, or suggest categories, ensuring they fit the open-source focus and logical groupings. This helps keep the list relevant and comprehensive.

Question 6

What are the risks of running a honeypot?

Accepted Answer

Running honeypots can attract malicious traffic, posing security risks if not properly isolated (e.g., using VMs or containers). Legal concerns may arise if honeypots interact with attackers in regulated environments. Always deploy in controlled, monitored networks and review logs carefully to avoid unintended exposure.

Question 7

Comparison: Dionaea vs Honeytrap for service emulation?

Accepted Answer

Dionaea is a low-interaction honeypot emulating multiple services like SMB and HTTP, known for ease of use and integration with tools like MHN. Honeytrap is a Go-based framework supporting both low and high interaction with more customization. Dionaea is better for quick deployment, while Honeytrap suits complex, scalable setups.

awesome-honeypots

What is awesome-honeypots?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions