├── img
    ├── What-Is-Honeypot.png
    ├── honeypot-categorized.png
    ├── Honeypot-Security-implementation.png
    └── How-to-Get-Most-Out-of-Honeypot-and-Deception-Technology.png
├── .gitignore
├── cyber-check.py
├── LICENSE
├── contributing.md
├── code-of-conduct.md
└── README.md


/img/What-Is-Honeypot.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/paulveillard/cybersecurity-honeypots/HEAD/img/What-Is-Honeypot.png


--------------------------------------------------------------------------------
/img/honeypot-categorized.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/paulveillard/cybersecurity-honeypots/HEAD/img/honeypot-categorized.png


--------------------------------------------------------------------------------
/img/Honeypot-Security-implementation.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/paulveillard/cybersecurity-honeypots/HEAD/img/Honeypot-Security-implementation.png


--------------------------------------------------------------------------------
/img/How-to-Get-Most-Out-of-Honeypot-and-Deception-Technology.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/paulveillard/cybersecurity-honeypots/HEAD/img/How-to-Get-Most-Out-of-Honeypot-and-Deception-Technology.png


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
 1 | # Prerequisites
 2 | *.d
 3 | 
 4 | # Compiled Object files
 5 | *.slo
 6 | *.lo
 7 | *.o
 8 | *.obj
 9 | 
10 | # Precompiled Headers
11 | *.gch
12 | *.pch
13 | 
14 | # Compiled Dynamic libraries
15 | *.so
16 | *.dylib
17 | *.dll
18 | 
19 | # Fortran module files
20 | *.mod
21 | *.smod
22 | 
23 | # Compiled Static libraries
24 | *.lai
25 | *.la
26 | *.a
27 | *.lib
28 | 
29 | # Executables
30 | *.exe
31 | *.out
32 | *.app
33 | 


--------------------------------------------------------------------------------
/cyber-check.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | 
 3 | import re
 4 | import sys
 5 | import urllib2
 6 | 
 7 | with open(sys.argv[1], 'r') as f:
 8 |     for line in f.readlines():
 9 |         if '](http' in line:
10 |             for url in re.findall("(http[s?]://[^)]+)", line):
11 |                 # print url
12 |                 try:
13 |                     request = urllib2.Request(url)
14 |                     request.get_method = lambda : 'HEAD'
15 |                     resp = urllib2.urlopen(request)
16 |                     if resp.getcode() != 200:
17 |                         print 'ERROR - ', line
18 |                 except urllib2.URLError, e:
19 |                     print e, line


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2022 Paul Veillard, P. Eng
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/contributing.md:
--------------------------------------------------------------------------------
 1 | # Contribution 
 2 | 
 3 | This project welcomes contributions from the community.  All contributions to this repository must be
 4 | signed as described on that page. Your signature certifies that you wrote the patch or have the right to pass it on
 5 | as an open-source patch.
 6 | 
 7 | ## Contribution Flow
 8 | 
 9 | This is a rough outline of what a contributor's workflow looks like:
10 | 
11 | - Create a topic branch from where you want to base your work
12 | - Make commits of logical units
13 | - Make sure your commit messages are in the proper format (see below)
14 | - Push your changes to a topic branch in your fork of the repository
15 | - Submit a pull request
16 | 
17 | Example:
18 | 
19 | ``` shell
20 | git remote add upstream https://github.com/paulveillard/<repos-name>
21 | git checkout -b my-new-feature master
22 | git commit -a
23 | git push origin my-new-feature
24 | ```
25 | 
26 | ### Staying In Sync With Upstream
27 | 
28 | When your branch gets out of sync with the paulveillard/master branch, use the following to update:
29 | 
30 | ``` shell
31 | git checkout my-new-feature
32 | git fetch -a
33 | git pull --rebase upstream master
34 | git push --force-with-lease origin my-new-feature
35 | ```
36 | 
37 | ### Updating pull requests
38 | 
39 | If your PR fails to pass CI or needs changes based on code review, you'll most likely want to squash these changes into
40 | existing commits.
41 | 
42 | If your pull request contains a single commit or your changes are related to the most recent commit, you can simply
43 | amend the commit.
44 | 
45 | ``` shell
46 | git add .
47 | git commit --amend
48 | git push --force-with-lease origin my-new-feature
49 | ```
50 | 
51 | If you need to squash changes into an earlier commit, you can use:
52 | 
53 | ``` shell
54 | git add .
55 | git commit --fixup <commit>
56 | git rebase -i --autosquash master
57 | git push --force-with-lease origin my-new-feature
58 | ```
59 | 
60 | Be sure to add a comment to the PR indicating your new changes are ready to review, as GitHub does not generate a
61 | notification when you git push.
62 | 
63 | ### Code Style
64 | 
65 | ### Formatting Commit Messages
66 | 
67 | We follow the conventions on [How to Write a Git Commit Message](http://chris.beams.io/posts/git-commit/).
68 | 
69 | Be sure to include any related GitHub issue references in the commit message.  See
70 | [GFM syntax](https://guides.github.com/features/mastering-markdown/#GitHub-flavored-markdown) for referencing issues
71 | and commits.
72 | 
73 | ## Reporting Bugs and Creating Issues
74 | 
75 | When opening a new issue, try to roughly follow the commit message format conventions above.
76 | 


--------------------------------------------------------------------------------
/code-of-conduct.md:
--------------------------------------------------------------------------------
  1 | # Contributor Covenant Code of Conduct
  2 | 
  3 | ## Our Pledge
  4 | 
  5 | We as members, contributors, and leaders pledge to make participation in 
  6 | ansible-security-hardening project and our community a harassment-free 
  7 | experience for everyone, regardless of age, body size, visible or invisible 
  8 | disability, ethnicity, sex characteristics, gender identity and expression, 
  9 | level of experience, education, socio-economic status, nationality, personal 
 10 | appearance, race, religion, or sexual identity and orientation.
 11 | 
 12 | We pledge to act and interact in ways that contribute to an open, welcoming,
 13 | diverse, inclusive, and healthy community.
 14 | 
 15 | ## Our Standards
 16 | 
 17 | Examples of behavior that contributes to a positive environment for our
 18 | community include:
 19 | 
 20 | * Demonstrating empathy and kindness toward other people
 21 | * Being respectful of differing opinions, viewpoints, and experiences
 22 | * Giving and gracefully accepting constructive feedback
 23 | * Accepting responsibility and apologizing to those affected by our mistakes,
 24 |   and learning from the experience
 25 | * Focusing on what is best not just for us as individuals, but for the
 26 |   overall community
 27 | 
 28 | Examples of unacceptable behavior include:
 29 | 
 30 | * The use of sexualized language or imagery, and sexual attention or
 31 |   advances of any kind
 32 | * Trolling, insulting or derogatory comments, and personal or political attacks
 33 | * Public or private harassment
 34 | * Publishing others' private information, such as a physical or email
 35 |   address, without their explicit permission
 36 | * Other conduct which could reasonably be considered inappropriate in a
 37 |   professional setting
 38 | 
 39 | ## Enforcement Responsibilities
 40 | 
 41 | Community leaders are responsible for clarifying and enforcing our standards of
 42 | acceptable behavior and will take appropriate and fair corrective action in
 43 | response to any behavior that they deem inappropriate, threatening, offensive,
 44 | or harmful.
 45 | 
 46 | Community leaders have the right and responsibility to remove, edit, or reject
 47 | comments, commits, code, wiki edits, issues, and other contributions that are
 48 | not aligned to this Code of Conduct, and will communicate reasons for moderation
 49 | decisions when appropriate.
 50 | 
 51 | ## Scope
 52 | 
 53 | This Code of Conduct applies within all community spaces, and also applies when
 54 | an individual is officially representing the community in public spaces.
 55 | Examples of representing our community include using an official e-mail address,
 56 | posting via an official social media account, or acting as an appointed
 57 | representative at an online or offline event.
 58 | 
 59 | ## Enforcement
 60 | 
 61 | Instances of abusive, harassing, or otherwise unacceptable behavior may be
 62 | reported to the community leaders responsible for enforcement at info@paulveillard.com.
 63 | All complaints will be reviewed and investigated promptly and fairly.
 64 | 
 65 | All community leaders are obligated to respect the privacy and security of the
 66 | reporter of any incident.
 67 | 
 68 | ## Enforcement Guidelines
 69 | 
 70 | Community leaders will follow these Community Impact Guidelines in determining
 71 | the consequences for any action they deem in violation of this Code of Conduct:
 72 | 
 73 | ### 1. Correction
 74 | 
 75 | **Community Impact**: Use of inappropriate language or other behavior deemed
 76 | unprofessional or unwelcome in the community.
 77 | 
 78 | **Consequence**: A private, written warning from community leaders, providing
 79 | clarity around the nature of the violation and an explanation of why the
 80 | behavior was inappropriate. A public apology may be requested.
 81 | 
 82 | ### 2. Warning
 83 | 
 84 | **Community Impact**: A violation through a single incident or series
 85 | of actions.
 86 | 
 87 | **Consequence**: A warning with consequences for continued behavior. No
 88 | interaction with the people involved, including unsolicited interaction with
 89 | those enforcing the Code of Conduct, for a specified period of time. This
 90 | includes avoiding interactions in community spaces as well as external channels
 91 | like social media. Violating these terms may lead to a temporary or
 92 | permanent ban.
 93 | 
 94 | ### 3. Temporary Ban
 95 | 
 96 | **Community Impact**: A serious violation of community standards, including
 97 | sustained inappropriate behavior.
 98 | 
 99 | **Consequence**: A temporary ban from any sort of interaction or public
100 | communication with the community for a specified period of time. No public or
101 | private interaction with the people involved, including unsolicited interaction
102 | with those enforcing the Code of Conduct, is allowed during this period.
103 | Violating these terms may lead to a permanent ban.
104 | 
105 | ### 4. Permanent Ban
106 | 
107 | **Community Impact**: Demonstrating a pattern of violation of community
108 | standards, including sustained inappropriate behavior,  harassment of an
109 | individual, or aggression toward or disparagement of classes of individuals.
110 | 
111 | **Consequence**: A permanent ban from any sort of public interaction within
112 | the community.
113 | 
114 | ## Attribution
115 | 
116 | This Code of Conduct is adapted from the [Contributor Covenant][homepage],
117 | version 2.0, available at
118 | https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.
119 | 
120 | Community Impact Guidelines were inspired by [Mozilla's code of conduct
121 | enforcement ladder](https://github.com/mozilla/diversity).
122 | 
123 | [homepage]: https://www.contributor-covenant.org
124 | 
125 | For answers to common questions about this code of conduct, see the FAQ at
126 | https://www.contributor-covenant.org/faq. Translations are available at
127 | https://www.contributor-covenant.org/translations.
128 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # Honeypots
  2 | 
  3 | An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about Honey Pots in Cybersecurity.
  4 | > Thanks to all contributors, you're awesome and wouldn't be possible without you! Our goal is to build a categorized community-driven collection of very well-known resources.
  5 | 
  6 | ## `What is Honeypot?`
  7 | > In computer security terms, a cyber honeypot works in a similar way, baiting a trap for hackers. It's a sacrificial computer system that’s intended to attract cyberattacks, like a decoy. 
  8 | - It mimics a target for hackers, and uses their intrusion attempts to gain information about cybercriminals and the way they are operating or to distract them from other targets.
  9 | 
 10 | ![honeypot architecture](https://github.com/paulveillard/cybersecurity-honeypots/blob/main/img/How-to-Get-Most-Out-of-Honeypot-and-Deception-Technology.png)
 11 | 
 12 | 
 13 | ## `How honeypots work`
 14 | - The honeypot looks like a real computer system, with applications and data, fooling cybercriminals into thinking it's a legitimate target. For example, a honeypot could mimic a company's customer billing system - a frequent target of attack for criminals who want to find credit card numbers. Once the hackers are in, they can be tracked, and their behavior assessed for clues on how to make the real network more secure.
 15 | 
 16 | Honeypots are made attractive to attackers by building in deliberate security vulnerabilities. For instance, a honeypot might have ports that respond to a port scan or weak passwords. Vulnerable ports might be left open to entice attackers into the honeypot environment, rather than the more secure live network.
 17 | ![honeypot](https://github.com/paulveillard/cybersecurity-honeypots/blob/main/img/Honeypot-Security-implementation.png)
 18 | A honeypot isn't set up to address a specific problem, like a firewall or anti-virus. Instead, it's an information tool that can help you understand existing threats to your business and spot the emergence of new threats. With the intelligence obtained from a honeypot, security efforts can be prioritized and focused.
 19 | 
 20 | ## `Different types of honeypot and how they work`
 21 | Different types of honeypot can be used to identify different types of threats. Various honeypot definitions are based on the threat type that's addressed. All of them have a place in a thorough and effective cybersecurity strategy.
 22 | ![honeypot categorize](https://github.com/paulveillard/cybersecurity-honeypots/blob/main/img/honeypot-categorized.png)
 23 | 
 24 | #### `Email Traps`
 25 | - Email traps or spam traps place a fake email address in a hidden location where only an automated address harvester will be able to find it. Since the address isn't used for any purpose other than the spam trap, it's 100% certain that any mail coming to it is spam. All messages which contain the same content as those sent to the spam trap can be automatically blocked, and the source IP of the senders can be added to a denylist.
 26 | 
 27 | #### `Decoy Database`
 28 | - A decoy database can be set up to monitor software vulnerabilities and spot attacks exploiting insecure system architecture or using SQL injection, SQL services exploitation, or privilege abuse.
 29 | 
 30 | #### `Malware Honeypot`
 31 | - A malware honeypot mimics software apps and APIs to invite malware attacks. The characteristics of the malware can then be analyzed to develop anti-malware software or to close vulnerabilities in the API.
 32 | 
 33 | #### `Spider Honeypot`
 34 | - A spider honeypot is intended to trap webcrawlers ('spiders') by creating web pages and links only accessible to crawlers. Detecting crawlers can help you learn how to block malicious bots, as well as ad-network crawlers.
 35 | 
 36 | ## By monitoring traffic coming into the honeypot system, you can assess:
 37 | 
 38 | - where the cybercriminals are coming from
 39 | - the level of threat
 40 | - what modus operandi they are using
 41 | - what data or applications they are interested in
 42 | - how well your security measures are working to stop cyberattacks
 43 | 
 44 | ## `Table of Contents`
 45 | 
 46 |   - [Related Lists](#related-lists)
 47 |   - [Honeypots](#honeypots)
 48 |   - [Honeyd Tools](#honeyd-tools)
 49 |   - [Network and Artifact Analysis](#network-and-artifact-analysis)
 50 |   - [Data Tools](#data-tools)
 51 |   - [Guides](#guides)
 52 | 
 53 | ##  `Related Lists `
 54 | 
 55 | - [cybersecurity-pcaptools](https://github.com/paulveillard/cybersecurity-pcap-tools) - Useful in network traffic analysis.
 56 | - [cybersecurity-malware-analysis](https://github.com/paulveillard/cybersecurity-malware-analysis) - Some overlap here for artifact analysis.
 57 | 
 58 | ##  `Honeypots `
 59 | 
 60 | - Database Honeypots
 61 | 
 62 |   - [Delilah](https://github.com/SecurityTW/delilah) - Elasticsearch Honeypot written in Python (originally from Novetta).
 63 |   - [ESPot](https://github.com/mycert/ESPot) - Elasticsearch honeypot written in NodeJS, to capture every attempts to exploit CVE-2014-3120.
 64 |   - [Elastic honey](https://github.com/jordan-wright/elastichoney) - Simple Elasticsearch Honeypot.
 65 |   - [MongoDB-HoneyProxy](https://github.com/Plazmaz/MongoDB-HoneyProxy) - MongoDB honeypot proxy.
 66 |   - [NoSQLpot](https://github.com/torque59/nosqlpot) - Honeypot framework built on a NoSQL-style database.
 67 |   - [mysql-honeypotd](https://github.com/sjinks/mysql-honeypotd) - Low interaction MySQL honeypot written in C.
 68 |   - [MysqlPot](https://github.com/schmalle/MysqlPot) - MySQL honeypot, still very early stage.
 69 |   - [pghoney](https://github.com/betheroot/pghoney) - Low-interaction Postgres Honeypot.
 70 |   - [sticky_elephant](https://github.com/betheroot/sticky_elephant) - Medium interaction postgresql honeypot.
 71 | 
 72 | - Web honeypots
 73 | 
 74 |   - [Express honeypot](https://github.com/christophe77/express-honeypot) - RFI & LFI honeypot using nodeJS and express.
 75 |   - [EoHoneypotBundle](https://github.com/eymengunay/EoHoneypotBundle) - Honeypot type for Symfony2 forms.
 76 |   - [Glastopf](https://github.com/mushorg/glastopf) - Web Application Honeypot.
 77 |   - [Google Hack Honeypot](http://ghh.sourceforge.net) - Designed to provide reconnaissance against attackers that use search engines as a hacking tool against your resources.
 78 |   - [HellPot](https://github.com/yunginnanet/HellPot) - Honeypot that tries to crash the bots and clients that visit it's location.
 79 |   - [Laravel Application Honeypot](https://github.com/msurguy/Honeypot) - Simple spam prevention package for Laravel applications.
 80 |   - [Nodepot](https://github.com/schmalle/Nodepot) - NodeJS web application honeypot.
 81 |   - [PasitheaHoneypot](https://github.com/Marist-Innovation-Lab/PasitheaHoneypot) - RestAPI honeypot.
 82 |   - [Servletpot](https://github.com/schmalle/servletpot) - Web application Honeypot.
 83 |   - [Shadow Daemon](https://shadowd.zecure.org/overview/introduction/) - Modular Web Application Firewall / High-Interaction Honeypot for PHP, Perl, and Python apps.
 84 |   - [StrutsHoneypot](https://github.com/Cymmetria/StrutsHoneypot) - Struts Apache 2 based honeypot as well as a detection module for Apache 2 servers.
 85 |   - [WebTrap](https://github.com/IllusiveNetworks-Labs/WebTrap) - Designed to create deceptive webpages to deceive and redirect attackers away from real websites.
 86 |   - [basic-auth-pot (bap)](https://github.com/bjeborn/basic-auth-pot) - HTTP Basic Authentication honeypot.
 87 |   - [bwpot](https://github.com/graneed/bwpot) - Breakable Web applications honeyPot.
 88 |   - [django-admin-honeypot](https://github.com/dmpayton/django-admin-honeypot) - Fake Django admin login screen to notify admins of attempted unauthorized access.
 89 |   - [drupo](https://github.com/d1str0/drupot) - Drupal Honeypot.
 90 |   - [honeyhttpd](https://github.com/bocajspear1/honeyhttpd) - Python-based web server honeypot builder.
 91 |   - [honeyup](https://github.com/LogoiLab/honeyup) - An uploader honeypot designed to look like poor website security.
 92 |   - [owa-honeypot](https://github.com/joda32/owa-honeypot) - A basic flask based Outlook Web Honey pot.
 93 |   - [phpmyadmin_honeypot](https://github.com/gfoss/phpmyadmin_honeypot) - Simple and effective phpMyAdmin honeypot.
 94 |   - [shockpot](https://github.com/threatstream/shockpot) - WebApp Honeypot for detecting Shell Shock exploit attempts.
 95 |   - [smart-honeypot](https://github.com/freak3dot/smart-honeypot) - PHP Script demonstrating a smart honey pot.
 96 |   - Snare/Tanner - successors to Glastopf
 97 |     - [Snare](https://github.com/mushorg/snare) - Super Next generation Advanced Reactive honeypot.
 98 |     - [Tanner](https://github.com/mushorg/tanner) - Evaluating SNARE events.
 99 |   - [stack-honeypot](https://github.com/CHH/stack-honeypot) - Inserts a trap for spam bots into responses.
100 |   - [tomcat-manager-honeypot](https://github.com/helospark/tomcat-manager-honeypot) - Honeypot that mimics Tomcat manager endpoints. Logs requests and saves attacker's WAR file for later study
101 |   - WordPress honeypots
102 |     - [HonnyPotter](https://github.com/MartinIngesen/HonnyPotter) - WordPress login honeypot for collection and analysis of failed login attempts.
103 |     - [HoneyPress](https://github.com/kungfuguapo/HoneyPress) - Python based WordPress honeypot in a Docker container.
104 |     - [wp-smart-honeypot](https://github.com/freak3dot/wp-smart-honeypot) - WordPress plugin to reduce comment spam with a smarter honeypot.
105 |     - [wordpot](https://github.com/gbrindisi/wordpot) - WordPress Honeypot.
106 | 
107 | - Service Honeypots
108 | 
109 |   - [ADBHoney](https://github.com/huuck/ADBHoney) - Low interaction honeypot that simulates an Android device running Android Debug Bridge (ADB) server process.
110 |   - [AMTHoneypot](https://github.com/packetflare/amthoneypot) - Honeypot for Intel's AMT Firmware Vulnerability CVE-2017-5689.
111 |   - [DolosHoneypot](https://github.com/Marist-Innovation-Lab/DolosHoneypot) - SDN (software defined networking) honeypot.
112 |   - [Ensnare](https://github.com/ahoernecke/ensnare) - Easy to deploy Ruby honeypot.
113 |   - [HoneyPy](https://github.com/foospidy/HoneyPy) - Low interaction honeypot.
114 |   - [Honeygrove](https://github.com/UHH-ISS/honeygrove) - Multi-purpose modular honeypot based on Twisted.
115 |   - [Honeyport](https://github.com/securitygeneration/Honeyport) - Simple honeyport written in Bash and Python.
116 |   - [Honeyprint](https://github.com/glaslos/honeyprint) - Printer honeypot.
117 |   - [Lyrebird](https://hub.docker.com/r/lyrebird/honeypot-base/) - Modern high-interaction honeypot framework.
118 |   - [MICROS honeypot](https://github.com/Cymmetria/micros_honeypot) - Low interaction honeypot to detect CVE-2018-2636 in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (MICROS).
119 |   - [RDPy](https://github.com/citronneur/rdpy) - Microsoft Remote Desktop Protocol (RDP) honeypot implemented in Python.
120 |   - [SMB Honeypot](https://github.com/r0hi7/HoneySMB) - High interaction SMB service honeypot capable of capturing wannacry-like Malware.
121 |   - [Tom's Honeypot](https://github.com/inguardians/toms_honeypot) - Low interaction Python honeypot.
122 |   - [WebLogic honeypot](https://github.com/Cymmetria/weblogic_honeypot) - Low interaction honeypot to detect CVE-2017-10271 in the Oracle WebLogic Server component of Oracle Fusion Middleware.
123 |   - [WhiteFace Honeypot](https://github.com/csirtgadgets/csirtg-honeypot) - Twisted based honeypot for WhiteFace.
124 |   - [dhp](https://github.com/ciscocsirt/dhp) - Simple Docker Honeypot server emulating small snippets of the Docker HTTP API.
125 |   - [honeycomb_plugins](https://github.com/Cymmetria/honeycomb_plugins) - Plugin repository for Honeycomb, the honeypot framework by Cymmetria.
126 |   - [honeyntp](https://github.com/fygrave/honeyntp) - NTP logger/honeypot.
127 |   - [honeypot-camera](https://github.com/alexbredo/honeypot-camera) - Observation camera honeypot.
128 |   - [honeypot-ftp](https://github.com/alexbredo/honeypot-ftp) - FTP Honeypot.
129 |   - [honeytrap](https://github.com/honeytrap/honeytrap) - Advanced Honeypot framework written in Go that can be connected with other honeypot software.
130 |   - [pyrdp](https://github.com/gosecure/pyrdp) - RDP man-in-the-middle and library for Python 3 with the ability to watch connections live or after the fact.
131 |   - [troje](https://github.com/dutchcoders/troje/) - Honeypot that runs each connection with the service within a separate LXC container.
132 | 
133 | - Distributed Honeypots
134 | 
135 |   - [DemonHunter](https://github.com/RevengeComing/DemonHunter) - Low interaction honeypot server.
136 | 
137 | - Anti-honeypot stuff
138 | 
139 |   - [kippo_detect](https://github.com/andrew-morris/kippo_detect) - Offensive component that detects the presence of the kippo honeypot.
140 | 
141 | - ICS/SCADA honeypots
142 | 
143 |   - [Conpot](https://github.com/mushorg/conpot) - ICS/SCADA honeypot.
144 |   - [GasPot](https://github.com/sjhilt/GasPot) - Veeder Root Gaurdian AST, common in the oil and gas industry.
145 |   - [SCADA honeynet](http://scadahoneynet.sourceforge.net) - Building Honeypots for Industrial Networks.
146 |   - [gridpot](https://github.com/sk4ld/gridpot) - Open source tools for realistic-behaving electric grid honeynets.
147 |   - [scada-honeynet](http://www.digitalbond.com/blog/2007/07/24/scada-honeynet-article-in-infragard-publication/) - Mimics many of the services from a popular PLC and better helps SCADA researchers understand potential risks of exposed control system devices.
148 | 
149 | - Other/random
150 | 
151 |   - [Damn Simple Honeypot (DSHP)](https://github.com/naorlivne/dshp) - Honeypot framework with pluggable handlers.
152 |   - [Masscanned](https://github.com/ivre/masscanned) - Let's be scanned. A low-interaction honeypot focused on network scanners and bots. It integrates very well with IVRE to build a self-hosted alternative to GreyNoise.
153 |   - [NOVA](https://github.com/DataSoft/Nova) - Uses honeypots as detectors, looks like a complete system.
154 |   - [OpenFlow Honeypot (OFPot)](https://github.com/upa/ofpot) - Redirects traffic for unused IPs to a honeypot, built on POX.
155 |   - [OpenCanary](https://github.com/thinkst/opencanary) - Modular and decentralised honeypot daemon that runs several canary versions of services that alerts when a service is (ab)used.
156 |   - [ciscoasa_honeypot](https://github.com/cymmetria/ciscoasa_honeypot) A low interaction honeypot for the Cisco ASA component capable of detecting CVE-2018-0101, a DoS and remote code execution vulnerability.
157 |   - [miniprint](https://github.com/sa7mon/miniprint) - A medium interaction printer honeypot.
158 | 
159 | - Botnet C2 tools
160 | 
161 |   - [Hale](https://github.com/pjlantz/Hale) - Botnet command and control monitor.
162 |   - [dnsMole](https://code.google.com/archive/p/dns-mole/) - Analyses DNS traffic and potentionaly detect botnet command and control server activity, along with infected hosts.
163 | 
164 | - IPv6 attack detection tool
165 | 
166 |   - [ipv6-attack-detector](https://github.com/mzweilin/ipv6-attack-detector/) - Google Summer of Code 2012 project, supported by The Honeynet Project organization.
167 | 
168 | - Dynamic code instrumentation toolkit
169 | 
170 |   - [Frida](https://www.frida.re) - Inject JavaScript to explore native apps on Windows, Mac, Linux, iOS and Android.
171 | 
172 | - Tool to convert website to server honeypots
173 | 
174 |   - [HIHAT](http://hihat.sourceforge.net/) - Transform arbitrary PHP applications into web-based high-interaction Honeypots.
175 | 
176 | - Malware collector
177 | 
178 |   - [Kippo-Malware](https://bruteforcelab.com/kippo-malware) - Python script that will download all malicious files stored as URLs in a Kippo SSH honeypot database.
179 | 
180 | - Distributed sensor deployment
181 | 
182 |   - [Community Honey Network](https://communityhoneynetwork.readthedocs.io/en/stable/) - CHN aims to make deployments honeypots and honeypot management tools easy and flexible. The default deployment method uses Docker Compose and Docker to deploy with a few simple commands.
183 |   - [Modern Honey Network](https://github.com/threatstream/mhn) - Multi-snort and honeypot sensor management, uses a network of VMs, small footprint SNORT installations, stealthy dionaeas, and a centralized server for management.
184 | 
185 | - Network Analysis Tool
186 | 
187 |   - [Tracexploit](https://code.google.com/archive/p/tracexploit/) - Replay network packets.
188 | 
189 | - Log anonymizer
190 | 
191 |   - [LogAnon](http://code.google.com/archive/p/loganon/) - Log anonymization library that helps having anonymous logs consistent between logs and network captures.
192 | 
193 | - Low interaction honeypot (router back door)
194 | 
195 |   - [Honeypot-32764](https://github.com/knalli/honeypot-for-tcp-32764) - Honeypot for router backdoor (TCP 32764).
196 |   - [WAPot](https://github.com/lcashdol/WAPot) - Honeypot that can be used to observe traffic directed at home routers.
197 | 
198 | - honeynet farm traffic redirector
199 | 
200 |   - [Honeymole](https://web.archive.org/web/20100326040550/http://www.honeynet.org.pt:80/index.php/HoneyMole) - Deploy multiple sensors that redirect traffic to a centralized collection of honeypots.
201 | 
202 | - HTTPS Proxy
203 | 
204 |   - [mitmproxy](https://mitmproxy.org/) - Allows traffic flows to be intercepted, inspected, modified, and replayed.
205 | 
206 | - System instrumentation
207 | 
208 |   - [Sysdig](https://sysdig.com/opensource/) - Open source, system-level exploration allows one to capture system state and activity from a running GNU/Linux instance, then save, filter, and analyze the results.
209 |   - [Fibratus](https://github.com/rabbitstack/fibratus) - Tool for exploration and tracing of the Windows kernel.
210 | 
211 | - Honeypot for USB-spreading malware
212 | 
213 |   - [Ghost-usb](https://github.com/honeynet/ghost-usb-honeypot) - Honeypot for malware that propagates via USB storage devices.
214 | 
215 | - Data Collection
216 | 
217 |   - [Kippo2MySQL](https://bruteforcelab.com/kippo2mysql) - Extracts some very basic stats from Kippo’s text-based log files and inserts them in a MySQL database.
218 |   - [Kippo2ElasticSearch](https://bruteforcelab.com/kippo2elasticsearch) - Python script to transfer data from a Kippo SSH honeypot MySQL database to an ElasticSearch instance (server or cluster).
219 | 
220 | - Passive network audit framework parser
221 | 
222 |   - [Passive Network Audit Framework (pnaf)](https://github.com/jusafing/pnaf) - Framework that combines multiple passive and automated analysis techniques in order to provide a security assessment of network platforms.
223 | 
224 | - VM monitoring and tools
225 | 
226 |   - [Antivmdetect](https://github.com/nsmfoo/antivmdetection) - Script to create templates to use with VirtualBox to make VM detection harder.
227 |   - [VMCloak](https://github.com/hatching/vmcloak) - Automated Virtual Machine Generation and Cloaking for Cuckoo Sandbox.
228 |   - [vmitools](http://libvmi.com/) - C library with Python bindings that makes it easy to monitor the low-level details of a running virtual machine.
229 | 
230 | - Binary debugger
231 | 
232 |   - [Hexgolems - Pint Debugger Backend](https://github.com/hexgolems/pint) - Debugger backend and LUA wrapper for PIN.
233 |   - [Hexgolems - Schem Debugger Frontend](https://github.com/hexgolems/schem) - Debugger frontend.
234 | 
235 | - Mobile Analysis Tool
236 | 
237 |   - [Androguard](https://github.com/androguard/androguard) - Reverse engineering, Malware and goodware analysis of Android applications and more.
238 |   - [APKinspector](https://github.com/honeynet/apkinspector/) - Powerful GUI tool for analysts to analyze the Android applications.
239 | 
240 | - Low interaction honeypot
241 | 
242 |   - [Honeyperl](https://sourceforge.net/projects/honeyperl/) - Honeypot software based in Perl with plugins developed for many functions like : wingates, telnet, squid, smtp, etc.
243 |   - [T-Pot](https://github.com/dtag-dev-sec/tpotce) - All in one honeypot appliance from telecom provider T-Mobile
244 | 
245 | - Honeynet data fusion
246 | 
247 |   - [HFlow2](https://projects.honeynet.org/hflow) - Data coalesing tool for honeynet/network analysis.
248 | 
249 | - Server
250 | 
251 |   - [Amun](http://amunhoney.sourceforge.net) - Vulnerability emulation honeypot.
252 |   - [Artillery](https://github.com/trustedsec/artillery/) - Open-source blue team tool designed to protect Linux and Windows operating systems through multiple methods.
253 |   - [Bait and Switch](http://baitnswitch.sourceforge.net) - Redirects all hostile traffic to a honeypot that is partially mirroring your production system.
254 |   - [Bifrozt](https://github.com/Ziemeck/bifrozt-ansible) - Automatic deploy bifrozt with ansible.
255 |   - [Conpot](http://conpot.org/) - Low interactive server side Industrial Control Systems honeypot.
256 |   - [Heralding](https://github.com/johnnykv/heralding) - Credentials catching honeypot.
257 |   - [HoneyWRT](https://github.com/CanadianJeff/honeywrt) - Low interaction Python honeypot designed to mimic services or ports that might get targeted by attackers.
258 |   - [Honeyd](https://github.com/provos/honeyd) - See [honeyd tools](#honeyd-tools).
259 |   - [Honeysink](http://www.honeynet.org/node/773) - Open source network sinkhole that provides a mechanism for detection and prevention of malicious traffic on a given network.
260 |   - [Hontel](https://github.com/stamparm/hontel) - Telnet Honeypot.
261 |   - [KFSensor](http://www.keyfocus.net/kfsensor/) - Windows based honeypot Intrusion Detection System (IDS).
262 |   - [LaBrea](http://labrea.sourceforge.net/labrea-info.html) - Takes over unused IP addresses, and creates virtual servers that are attractive to worms, hackers, and other denizens of the Internet.
263 |   - [MTPot](https://github.com/Cymmetria/MTPot) - Open Source Telnet Honeypot, focused on Mirai malware.
264 |   - [SIREN](https://github.com/blaverick62/SIREN) - Semi-Intelligent HoneyPot Network - HoneyNet Intelligent Virtual Environment.
265 |   - [TelnetHoney](https://github.com/balte/TelnetHoney) - Simple telnet honeypot.
266 |   - [UDPot Honeypot](https://github.com/jekil/UDPot) - Simple UDP/DNS honeypot scripts.
267 |   - [Yet Another Fake Honeypot (YAFH)](https://github.com/fnzv/YAFH) - Simple honeypot written in Go.
268 |   - [arctic-swallow](https://github.com/ajackal/arctic-swallow) - Low interaction honeypot.
269 |   - [fapro](https://github.com/fofapro/fapro) - Fake Protocol Server.
270 |   - [glutton](https://github.com/mushorg/glutton) - All eating honeypot.
271 |   - [go-HoneyPot](https://github.com/Mojachieee/go-HoneyPot) - Honeypot server written in Go.
272 |   - [go-emulators](https://github.com/kingtuna/go-emulators) - Honeypot Golang emulators.
273 |   - [honeymail](https://github.com/sec51/honeymail) - SMTP honeypot written in Golang.
274 |   - [honeytrap](https://github.com/tillmannw/honeytrap) - Low-interaction honeypot and network security tool written to catch attacks against TCP and UDP services.
275 |   - [imap-honey](https://github.com/yvesago/imap-honey) - IMAP honeypot written in Golang.
276 |   - [mwcollectd](https://www.openhub.net/p/mwcollectd) - Versatile malware collection daemon, uniting the best features of nepenthes and honeytrap.
277 |   - [potd](https://github.com/lnslbrty/potd) - Highly scalable low- to medium-interaction SSH/TCP honeypot designed for OpenWrt/IoT devices leveraging several Linux kernel features, such as namespaces, seccomp and thread capabilities.
278 |   - [portlurker](https://github.com/bartnv/portlurker) - Port listener in Rust with protocol guessing and safe string display.
279 |   - [slipm-honeypot](https://github.com/rshipp/slipm-honeypot) - Simple low-interaction port monitoring honeypot.
280 |   - [telnet-iot-honeypot](https://github.com/Phype/telnet-iot-honeypot) - Python telnet honeypot for catching botnet binaries.
281 |   - [telnetlogger](https://github.com/robertdavidgraham/telnetlogger) - Telnet honeypot designed to track the Mirai botnet.
282 |   - [vnclowpot](https://github.com/magisterquis/vnclowpot) - Low interaction VNC honeypot.
283 | 
284 | - IDS signature generation
285 | 
286 |   - [Honeycomb](http://www.icir.org/christian/honeycomb/) - Automated signature creation using honeypots.
287 | 
288 | - Lookup service for AS-numbers and prefixes
289 | 
290 |   - [CC2ASN](http://www.cc2asn.com/) - Simple lookup service for AS-numbers and prefixes belonging to any given country in the world.
291 | 
292 | - Data Collection / Data Sharing
293 | 
294 |   - [HPfriends](http://hpfriends.honeycloud.net/#/home) - Honeypot data-sharing platform.
295 |     - [hpfriends - real-time social data-sharing](https://heipei.io/sigint-hpfriends/) - Presentation about HPFriends feed system
296 |   - [HPFeeds](https://github.com/rep/hpfeeds/) - Lightweight authenticated publish-subscribe protocol.
297 | 
298 | - Central management tool
299 | 
300 |   - [PHARM](http://www.nepenthespharm.com/) - Manage, report, and analyze your distributed Nepenthes instances.
301 | 
302 | - Network connection analyzer
303 | 
304 |   - [Impost](http://impost.sourceforge.net/) - Network security auditing tool designed to analyze the forensics behind compromised and/or vulnerable daemons.
305 | 
306 | - Honeypot deployment
307 | 
308 |   - [Modern Honeynet Network](http://threatstream.github.io/mhn/) - Streamlines deployment and management of secure honeypots.
309 | 
310 | - Honeypot extensions to Wireshark
311 | 
312 |   - [Wireshark Extensions](https://www.honeynet.org/project/WiresharkExtensions) - Apply Snort IDS rules and signatures against packet capture files using Wireshark.
313 | 
314 | - Client
315 | 
316 |   - [CWSandbox / GFI Sandbox](https://www.gfi.com/products-and-solutions/all-products)
317 |   - [Capture-HPC-Linux](https://redmine.honeynet.org/projects/linux-capture-hpc/wiki)
318 |   - [Capture-HPC-NG](https://github.com/CERT-Polska/HSN-Capture-HPC-NG)
319 |   - [Capture-HPC](https://projects.honeynet.org/capture-hpc) - High interaction client honeypot (also called honeyclient).
320 |   - [HoneyBOT](http://www.atomicsoftwaresolutions.com/)
321 |   - [HoneyC](https://projects.honeynet.org/honeyc)
322 |   - [HoneySpider Network](https://github.com/CERT-Polska/hsn2-bundle) - Highly-scalable system integrating multiple client honeypots to detect malicious websites.
323 |   - [HoneyWeb](https://code.google.com/archive/p/gsoc-honeyweb/) - Web interface created to manage and remotely share Honeyclients resources.
324 |   - [Jsunpack-n](https://github.com/urule99/jsunpack-n)
325 |   - [MonkeySpider](http://monkeyspider.sourceforge.net)
326 |   - [PhoneyC](https://github.com/honeynet/phoneyc) - Python honeyclient (later replaced by Thug).
327 |   - [Pwnypot](https://github.com/shjalayeri/pwnypot) - High Interaction Client Honeypot.
328 |   - [Rumal](https://github.com/thugs-rumal/) - Thug's Rumāl: a Thug's dress and weapon.
329 |   - [Shelia](https://www.cs.vu.nl/~herbertb/misc/shelia/) - Client-side honeypot for attack detection.
330 |   - [Thug](https://buffer.github.io/thug/) - Python-based low-interaction honeyclient.
331 |   - [Thug Distributed Task Queuing](https://thug-distributed.readthedocs.io/en/latest/index.html)
332 |   - [Trigona](https://www.honeynet.org/project/Trigona)
333 |   - [URLQuery](https://urlquery.net/)
334 |   - [YALIH (Yet Another Low Interaction Honeyclient)](https://github.com/Masood-M/yalih) - Low-interaction client honeypot designed to detect malicious websites through signature, anomaly, and pattern matching techniques.
335 | 
336 | - Honeypot
337 | 
338 |   - [Deception Toolkit](http://www.all.net/dtk/dtk.html)
339 |   - [IMHoneypot](https://github.com/mushorg/imhoneypot)
340 | 
341 | - PDF document inspector
342 | 
343 |   - [peepdf](https://github.com/jesparza/peepdf) - Powerful Python tool to analyze PDF documents.
344 | 
345 | - Hybrid low/high interaction honeypot
346 | 
347 |   - [HoneyBrid](http://honeybrid.sourceforge.net)
348 | 
349 | - SSH Honeypots
350 | 
351 |   - [Blacknet](https://github.com/morian/blacknet) - Multi-head SSH honeypot system.
352 |   - [Cowrie](https://github.com/cowrie/cowrie) - Cowrie SSH Honeypot (based on kippo).
353 |   - [DShield docker](https://github.com/xme/dshield-docker) - Docker container running cowrie with DShield output enabled.
354 |   - [HonSSH](https://github.com/tnich/honssh) - Logs all SSH communications between a client and server.
355 |   - [HUDINX](https://github.com/Cryptix720/HUDINX) - Tiny interaction SSH honeypot engineered in Python to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker.
356 |   - [Kippo](https://github.com/desaster/kippo) - Medium interaction SSH honeypot.
357 |   - [Kippo_JunOS](https://github.com/gregcmartin/Kippo_JunOS) - Kippo configured to be a backdoored netscreen.
358 |   - [Kojoney2](https://github.com/madirish/kojoney2) - Low interaction SSH honeypot written in Python and based on Kojoney by Jose Antonio Coret.
359 |   - [Kojoney](http://kojoney.sourceforge.net/) - Python-based Low interaction honeypot that emulates an SSH server implemented with Twisted Conch.
360 |   - [Longitudinal Analysis of SSH Cowrie Honeypot Logs](https://github.com/deroux/longitudinal-analysis-cowrie) - Python based command line tool to analyze cowrie logs over time.
361 |   - [LongTail Log Analysis @ Marist College](http://longtail.it.marist.edu/honey/) - Analyzed SSH honeypot logs.
362 |   - [Malbait](https://github.com/batchmcnulty/Malbait) - Simple TCP/UDP honeypot implemented in Perl.
363 |   - [MockSSH](https://github.com/ncouture/MockSSH) - Mock an SSH server and define all commands it supports (Python, Twisted).
364 |   - [cowrie2neo](https://github.com/xlfe/cowrie2neo) - Parse cowrie honeypot logs into a neo4j database.
365 |   - [go-sshoney](https://github.com/ashmckenzie/go-sshoney) - SSH Honeypot.
366 |   - [go0r](https://github.com/fzerorubigd/go0r) - Simple ssh honeypot in Golang.
367 |   - [gohoney](https://github.com/PaulMaddox/gohoney) - SSH honeypot written in Go.
368 |   - [hived](https://github.com/sahilm/hived) - Golang-based honeypot.
369 |   - [hnypots-agent)](https://github.com/joshrendek/hnypots-agent) - SSH Server in Go that logs username and password combinations.
370 |   - [honeypot.go](https://github.com/mdp/honeypot.go) - SSH Honeypot written in Go.
371 |   - [honeyssh](https://github.com/ppacher/honeyssh) - Credential dumping SSH honeypot with statistics.
372 |   - [hornet](https://github.com/czardoz/hornet) - Medium interaction SSH honeypot that supports multiple virtual hosts.
373 |   - [ssh-auth-logger](https://github.com/JustinAzoff/ssh-auth-logger) - Low/zero interaction SSH authentication logging honeypot.
374 |   - [ssh-honeypot](https://github.com/droberson/ssh-honeypot) - Fake sshd that logs IP addresses, usernames, and passwords.
375 |   - [ssh-honeypot](https://github.com/amv42/sshd-honeypot) - Modified version of the OpenSSH deamon that forwards commands to Cowrie where all commands are interpreted and returned.
376 |   - [ssh-honeypotd](https://github.com/sjinks/ssh-honeypotd) - Low-interaction SSH honeypot written in C.
377 |   - [sshForShits](https://github.com/traetox/sshForShits) - Framework for a high interaction SSH honeypot.
378 |   - [sshesame](https://github.com/jaksi/sshesame) - Fake SSH server that lets everyone in and logs their activity.
379 |   - [sshhipot](https://github.com/magisterquis/sshhipot) - High-interaction MitM SSH honeypot.
380 |   - [sshlowpot](https://github.com/magisterquis/sshlowpot) - Yet another no-frills low-interaction SSH honeypot in Go.
381 |   - [sshsyrup](https://github.com/mkishere/sshsyrup) - Simple SSH Honeypot with features to capture terminal activity and upload to asciinema.org.
382 |   - [twisted-honeypots](https://github.com/lanjelot/twisted-honeypots) - SSH, FTP and Telnet honeypots based on Twisted.
383 | 
384 | - Distributed sensor project
385 | 
386 |   - [DShield Web Honeypot Project](https://sites.google.com/site/webhoneypotsite/)
387 | 
388 | - A pcap analyzer
389 | 
390 |   - [Honeysnap](https://projects.honeynet.org/honeysnap/)
391 | 
392 | - Network traffic redirector
393 | 
394 |   - [Honeywall](https://projects.honeynet.org/honeywall/)
395 | 
396 | - Honeypot Distribution with mixed content
397 | 
398 |   - [HoneyDrive](https://bruteforcelab.com/honeydrive)
399 | 
400 | - Honeypot sensor
401 | 
402 |   - [Honeeepi](https://redmine.honeynet.org/projects/honeeepi/wiki) - Honeypot sensor on a Raspberry Pi based on a customized Raspbian OS.
403 | 
404 | - File carving
405 | 
406 |   - [TestDisk & PhotoRec](https://www.cgsecurity.org/)
407 | 
408 | - Behavioral analysis tool for win32
409 | 
410 |   - [Capture BAT](https://www.honeynet.org/node/315)
411 | 
412 | - Live CD
413 | 
414 |   - [DAVIX](https://www.secviz.org/node/89) - The DAVIX Live CD.
415 | 
416 | - Spamtrap
417 | 
418 |   - [Mail::SMTP::Honeypot](https://metacpan.org/pod/release/MIKER/Mail-SMTP-Honeypot-0.11/Honeypot.pm) - Perl module that appears to provide the functionality of a standard SMTP server.
419 |   - [Mailoney](https://github.com/awhitehatter/mailoney) - SMTP honeypot, Open Relay, Cred Harvester written in python.
420 |   - [SendMeSpamIDS.py](https://github.com/johestephan/VerySimpleHoneypot) - Simple SMTP fetch all IDS and analyzer.
421 |   - [Shiva](https://github.com/shiva-spampot/shiva) - Spam Honeypot with Intelligent Virtual Analyzer.
422 |     - [Shiva The Spam Honeypot Tips And Tricks For Getting It Up And Running](https://www.pentestpartners.com/security-blog/shiva-the-spam-honeypot-tips-and-tricks-for-getting-it-up-and-running/)
423 |   - [SpamHAT](https://github.com/miguelraulb/spamhat) - Spam Honeypot Tool.
424 |   - [Spamhole](http://www.spamhole.net/)
425 |   - [honeypot](https://github.com/jadb/honeypot) - The Project Honey Pot un-official PHP SDK.
426 |   - [spamd](http://man.openbsd.org/cgi-bin/man.cgi?query=spamd%26apropos=0%26sektion=0%26manpath=OpenBSD+Current%26arch=i386%26format=html)
427 | 
428 | - Commercial honeynet
429 | 
430 |   - [Cymmetria Mazerunner](ttps://cymmetria.com/products/mazerunner/) - Leads attackers away from real targets and creates a footprint of the attack.
431 | 
432 | - Server (Bluetooth)
433 | 
434 |   - [Bluepot](https://github.com/andrewmichaelsmith/bluepot)
435 | 
436 | - Dynamic analysis of Android apps
437 | 
438 |   - [Droidbox](https://code.google.com/archive/p/droidbox/)
439 | 
440 | - Dockerized Low Interaction packaging
441 | 
442 |   - [Docker honeynet](https://github.com/sreinhardt/Docker-Honeynet) - Several Honeynet tools set up for Docker containers.
443 |   - [Dockerized Thug](https://hub.docker.com/r/honeynet/thug/) - Dockerized [Thug](https://github.com/buffer/thug) to analyze malicious web content.
444 |   - [Dockerpot](https://github.com/mrschyte/dockerpot) - Docker based honeypot.
445 |   - [Manuka](https://github.com/andrewmichaelsmith/manuka) - Docker based honeypot (Dionaea and Kippo).
446 |   - [honey_ports](https://github.com/run41/honey_ports) - Very simple but effective docker deployed honeypot to detect port scanning in your environment.
447 |   - [mhn-core-docker](https://github.com/MattCarothers/mhn-core-docker) - Core elements of the Modern Honey Network implemented in Docker.
448 | 
449 | - Network analysis
450 | 
451 |   - [Quechua](https://bitbucket.org/zaccone/quechua)
452 | 
453 | - SIP Server
454 | 
455 |   - [Artemnesia VoIP](http://artemisa.sourceforge.net)
456 | 
457 | - IOT Honeypot
458 | 
459 |   - [HoneyThing](https://github.com/omererdem/honeything) - TR-069 Honeypot.
460 |   - [Kako](https://github.com/darkarnium/kako) - Honeypots for a number of well known and deployed embedded device vulnerabilities.
461 | 
462 | - Honeytokens
463 |   - [CanaryTokens](https://github.com/thinkst/canarytokens) - Self-hostable honeytoken generator and reporting dashboard; demo version available at [CanaryTokens.org](https://canarytokens.org/generate).
464 |   - [Honeybits](https://github.com/0x4D31/honeybits) - Simple tool designed to enhance the effectiveness of your traps by spreading breadcrumbs and honeytokens across your production servers and workstations to lure the attacker toward your honeypots.
465 |   - [Honeyλ (HoneyLambda)](https://github.com/0x4D31/honeylambda) - Simple, serverless application designed to create and monitor URL honeytokens, on top of AWS Lambda and Amazon API Gateway.
466 |   - [dcept](https://github.com/secureworks/dcept) - Tool for deploying and detecting use of Active Directory honeytokens.
467 |   - [honeyku](https://github.com/0x4D31/honeyku) - Heroku-based web honeypot that can be used to create and monitor fake HTTP endpoints (i.e. honeytokens).
468 | 
469 | ## Honeyd Tools
470 | 
471 | - Honeyd plugin
472 | 
473 |   - [Honeycomb](http://www.honeyd.org/tools.php)
474 | 
475 | - Honeyd viewer
476 | 
477 |   - [Honeyview](http://honeyview.sourceforge.net/)
478 | 
479 | - Honeyd to MySQL connector
480 | 
481 |   - [Honeyd2MySQL](https://bruteforcelab.com/honeyd2mysql)
482 | 
483 | - A script to visualize statistics from honeyd
484 | 
485 |   - [Honeyd-Viz](https://bruteforcelab.com/honeyd-viz)
486 | 
487 | - Honeyd stats
488 |   - [Honeydsum.pl](https://github.com/DataSoft/Honeyd/blob/master/scripts/misc/honeydsum-v0.3/honeydsum.pl)
489 | 
490 | ## `Network and Artifact Analysis`
491 | 
492 | - Sandbox
493 | 
494 |   - [Argos](http://www.few.vu.nl/argos/) - Emulator for capturing zero-day attacks.
495 |   - [COMODO automated sandbox](https://help.comodo.com/topic-72-1-451-4768-.html)
496 |   - [Cuckoo](https://cuckoosandbox.org/) - Leading open source automated malware analysis system.
497 |   - [Pylibemu](https://github.com/buffer/pylibemu) - Libemu Cython wrapper.
498 |   - [RFISandbox](https://monkey.org/~jose/software/rfi-sandbox/) - PHP 5.x script sandbox built on top of [funcall](https://pecl.php.net/package/funcall).
499 |   - [dorothy2](https://github.com/m4rco-/dorothy2) - Malware/botnet analysis framework written in Ruby.
500 |   - [imalse](https://github.com/hbhzwj/imalse) - Integrated MALware Simulator and Emulator.
501 |   - [libemu](https://github.com/buffer/libemu) - Shellcode emulation library, useful for shellcode detection.
502 | 
503 | - Sandbox-as-a-Service
504 |   - [Hybrid Analysis](https://www.hybrid-analysis.com) - Free malware analysis service powered by Payload Security that detects and analyzes unknown threats using a unique Hybrid Analysis technology.
505 |   - [Joebox Cloud](https://jbxcloud.joesecurity.org/login) - Analyzes the behavior of malicious files including PEs, PDFs, DOCs, PPTs, XLSs, APKs, URLs and MachOs on Windows, Android and Mac OS X for suspicious activities.
506 |   - [VirusTotal](https://www.virustotal.com/) - Analyze suspicious files and URLs to detect types of malware, and automatically share them with the security community.
507 |   - [malwr.com](https://malwr.com/) - Free malware analysis service and community.
508 | 
509 | ##  `Data Tools `
510 | 
511 | - Front Ends
512 | 
513 |   - [DionaeaFR](https://github.com/rubenespadas/DionaeaFR) - Front Web to Dionaea low-interaction honeypot.
514 |   - [Django-kippo](https://github.com/jedie/django-kippo) - Django App for kippo SSH Honeypot.
515 |   - [Shockpot-Frontend](https://github.com/GovCERT-CZ/Shockpot-Frontend) - Full featured script to visualize statistics from a Shockpot honeypot.
516 |   - [Tango](https://github.com/aplura/Tango) - Honeypot Intelligence with Splunk.
517 |   - [Wordpot-Frontend](https://github.com/GovCERT-CZ/Wordpot-Frontend) - Full featured script to visualize statistics from a Wordpot honeypot.
518 |   - [honeyalarmg2](https://github.com/schmalle/honeyalarmg2) - Simplified UI for showing honeypot alarms.
519 |   - [honeypotDisplay](https://github.com/Joss-Steward/honeypotDisplay) - Flask website which displays data gathered from an SSH Honeypot.
520 | 
521 | - Visualization
522 |   - [Acapulco](https://github.com/hgascon/acapulco) - Automated Attack Community Graph Construction.
523 |   - [Afterglow Cloud](https://github.com/ayrus/afterglow-cloud)
524 |   - [Afterglow](http://afterglow.sourceforge.net/)
525 |   - [Glastopf Analytics](https://github.com/katkad/Glastopf-Analytics) - Easy honeypot statistics.
526 |   - [HoneyMalt](https://github.com/SneakersInc/HoneyMalt) - Maltego tranforms for mapping Honeypot systems.
527 |   - [HoneyMap](https://github.com/fw42/honeymap) - Real-time websocket stream of GPS events on a fancy SVG world map.
528 |   - [HoneyStats](https://sourceforge.net/projects/honeystats/) - Statistical view of the recorded activity on a Honeynet.
529 |   - [HpfeedsHoneyGraph](https://github.com/yuchincheng/HpfeedsHoneyGraph) - Visualization app to visualize hpfeeds logs.
530 |   - [IVRE](https://github.com/ivre/ivre) - Network recon framework, published by @cea-sec & @ANSSI-FR. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, collect and analyse network intelligence from your sensors, and much more!
531 |   - [Kippo stats](https://github.com/mfontani/kippo-stats) - Mojolicious app to display statistics for your kippo SSH honeypot.
532 |   - [Kippo-Graph](https://bruteforcelab.com/kippo-graph) - Full featured script to visualize statistics from a Kippo SSH honeypot.
533 |   - [The Intelligent HoneyNet](https://github.com/jpyorre/IntelligentHoneyNet) - Create actionable information from honeypots.
534 |   - [ovizart](https://github.com/oguzy/ovizart) - Visual analysis for network traffic.
535 | 
536 | ##  `Guides `
537 | 
538 | - [T-Pot: A Multi-Honeypot Platform](https://dtag-dev-sec.github.io/mediator/feature/2015/03/17/concept.html)
539 | - [Honeypot (Dionaea and kippo) setup script](https://github.com/andrewmichaelsmith/honeypot-setup-script/)
540 | 
541 | - Deployment
542 | 
543 |   - [Dionaea and EC2 in 20 Minutes](http://andrewmichaelsmith.com/2012/03/dionaea-honeypot-on-ec2-in-20-minutes/) - Tutorial on setting up Dionaea on an EC2 instance.
544 |   - [Using a Raspberry Pi honeypot to contribute data to DShield/ISC](https://isc.sans.edu/diary/22680) - The Raspberry Pi based system will allow us to maintain one code base that will make it easier to collect rich logs beyond firewall logs.
545 |   - [honeypotpi](https://github.com/free5ty1e/honeypotpi) - Script for turning a Raspberry Pi into a HoneyPot Pi.
546 | 
547 | - Research Papers
548 |   - [Honeypot research papers](https://github.com/shbhmsingh72/Honeypot-Research-Papers) - PDFs of research papers on honeypots.
549 |   - [vEYE](https://link.springer.com/article/10.1007%2Fs10115-008-0137-3) - Behavioral footprinting for self-propagating worm detection and profiling.
550 | 
551 | **[`^        back to top        ^`](#)**
552 | 
553 | ## `License`
554 | MIT License & [cc](https://creativecommons.org/licenses/by/4.0/) license
555 | 
556 | <a rel="license" href="http://creativecommons.org/licenses/by/4.0/"><img alt="Creative Commons License" style="border-width:0" src="https://i.creativecommons.org/l/by/4.0/88x31.png" /></a><br />This work is licensed under a <a rel="license" href="http://creativecommons.org/licenses/by/4.0/">Creative Commons Attribution 4.0 International License</a>.
557 | 
558 | To the extent possible under law, [Paul Veillard](https://github.com/paulveillard/) has waived all copyright and related or neighboring rights to this work.
559 | 


--------------------------------------------------------------------------------