A modular, low-resource network honeypot that mimics services to detect breaches and alert on attacker interactions.
OpenCanary is a modular, decentralized network honeypot that simulates multiple network services to detect and alert on malicious activity within internal networks. It helps security teams identify attackers who have breached perimeter defenses by luring them into interacting with fake services. The project is designed to be lightweight, extensible, and easy to deploy on various hardware.
Security engineers, system administrators, and DevOps teams responsible for monitoring and securing internal networks, especially those needing low-cost, customizable intrusion detection.
Developers choose OpenCanary for its open-source nature, low resource requirements, and flexibility compared to commercial alternatives. It offers a modular, Python-based architecture that can be easily extended and deployed on everything from Raspberry Pis to cloud VMs.
Modular and decentralised honeypot
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.
Can deploy on minimal hardware like Raspberry Pis or small VMs, as stated in the README, making it cost-effective for resource-constrained environments.
Mimics multiple services such as SMB, SNMP, and others, enabling detection of various intrusion attempts across different attack vectors.
Built in Python, allowing easy tweaking and extension of protocol modules, as highlighted, supporting customization for specific security needs.
Sends immediate notifications via configurable mechanisms with details like source IP, aiding quick response to breaches.
Critical modules like portscan require Linux and iptables, and Samba setup is not available on macOS, limiting cross-platform flexibility.
Setup involves multiple steps, especially on macOS with OpenSSL compilation, and requires manual configuration via JSON files, as detailed in the README.
While alerting is basic, integrations with modern SIEM tools or cloud services may require additional custom development beyond the provided modules.
OpenCanary is an open-source alternative to the following products: