Track Awesome Honeypots Updates Weekly
an awesome list of honeypot resources
🏠 Home · 🔍 Search · 🔥 Feed · 📮 Subscribe · ❤️ Sponsor · 😺 paralax/awesome-honeypots · ⭐ 8.3K · 🏷️ Security
Dec 25 - Dec 31, 2023
Honeypots
Anti-honeypot stuff
- canarytokendetector (⭐13) - Tool for detection and nullification of Thinkst CanaryTokens
- honeydet (⭐68) - Signature based honeypot detector tool written in Golang
- kippo_detect (⭐56) - Offensive component that detects the presence of the kippo honeypot.
Honeypot deployment
- honeyfs (⭐2) - Tool to create artificial file systems for medium/high interaction honeypots.
- Modern Honeynet Network - Streamlines deployment and management of secure honeypots.
Aug 22 - Aug 28, 2022
Honeypots
Database Honeypots
- Delilah (⭐20) - Elasticsearch Honeypot written in Python (originally from Novetta).
- ESPot (⭐25) - Elasticsearch honeypot written in NodeJS, to capture every attempts to exploit CVE-2014-3120.
- ElasticPot - An Elasticsearch Honeypot.
- Elastic honey (⭐182) - Simple Elasticsearch Honeypot.
- MongoDB-HoneyProxy (⭐88) - MongoDB honeypot proxy.
- NoSQLpot (⭐102) - Honeypot framework built on a NoSQL-style database.
- mysql-honeypotd (⭐29) - Low interaction MySQL honeypot written in C.
- MysqlPot (⭐20) - MySQL honeypot, still very early stage.
- pghoney (⭐17) - Low-interaction Postgres Honeypot.
- sticky_elephant (⭐9) - Medium interaction postgresql honeypot.
- RedisHoneyPot (⭐16) - High Interaction Honeypot Solution for Redis protocol.
SIP
- SentryPeer (⭐153) - Protect your SIP Servers from bad actors.
Aug 08 - Aug 14, 2022
Honeypots
Low interaction honeypot
- Honeyperl - Honeypot software based in Perl with plugins developed for many functions like : wingates, telnet, squid, smtp, etc.
- T-Pot (⭐6.4k) - All in one honeypot appliance from telecom provider T-Mobile
- beelzebub (⭐634) - A secure honeypot framework, extremely easy to configure by yaml 🚀
Jan 10 - Jan 16, 2022
Honeypots
Web honeypots
- Express honeypot (⭐14) - RFI & LFI honeypot using nodeJS and express.
- EoHoneypotBundle (⭐33) - Honeypot type for Symfony2 forms.
- Glastopf (⭐547) - Web Application Honeypot.
- Google Hack Honeypot - Designed to provide reconnaissance against attackers that use search engines as a hacking tool against your resources.
- HellPot (⭐616) - Honeypot that tries to crash the bots and clients that visit it's location.
- Laravel Application Honeypot (⭐430) - Simple spam prevention package for Laravel applications.
- Nodepot (⭐43) - NodeJS web application honeypot.
- PasitheaHoneypot (⭐1) - RestAPI honeypot.
- Servletpot (⭐12) - Web application Honeypot.
- Shadow Daemon - Modular Web Application Firewall / High-Interaction Honeypot for PHP, Perl, and Python apps.
- StrutsHoneypot (⭐71) - Struts Apache 2 based honeypot as well as a detection module for Apache 2 servers.
- WebTrap (⭐58) - Designed to create deceptive webpages to deceive and redirect attackers away from real websites.
- basic-auth-pot (bap) (⭐45) - HTTP Basic Authentication honeypot.
- bwpot (⭐25) - Breakable Web applications honeyPot.
- django-admin-honeypot (⭐1k) - Fake Django admin login screen to notify admins of attempted unauthorized access.
- drupo (⭐57) - Drupal Honeypot.
- galah (⭐353) - an LLM-powered web honeypot using the OpenAI API.
- honeyhttpd (⭐41) - Python-based web server honeypot builder.
- honeyup (⭐25) - An uploader honeypot designed to look like poor website security.
- modpot (⭐52) - Modpot is a modular web application honeypot framework and management application written in Golang and making use of gin framework.
- owa-honeypot (⭐63) - A basic flask based Outlook Web Honey pot.
- phpmyadmin_honeypot (⭐64) - Simple and effective phpMyAdmin honeypot.
- shockpot - WebApp Honeypot for detecting Shell Shock exploit attempts.
- smart-honeypot (⭐16) - PHP Script demonstrating a smart honey pot.
- Snare/Tanner - successors to Glastopf
- Snare (⭐438) - Super Next generation Advanced Reactive honeypot.
- Tanner (⭐217) - Evaluating SNARE events.
- stack-honeypot (⭐22) - Inserts a trap for spam bots into responses.
- tomcat-manager-honeypot (⭐10) - Honeypot that mimics Tomcat manager endpoints. Logs requests and saves attacker's WAR file for later study.
- WordPress honeypots
- HonnyPotter (⭐28) - WordPress login honeypot for collection and analysis of failed login attempts.
- HoneyPress (⭐3) - Python based WordPress honeypot in a Docker container.
- wp-smart-honeypot (⭐26) - WordPress plugin to reduce comment spam with a smarter honeypot.
- wordpot (⭐175) - WordPress Honeypot.
- Python-Honeypot (⭐420) - OWASP Honeypot, Automated Deception Framework.
- Service Honeypots
- ADBHoney (⭐160) - Low interaction honeypot that simulates an Android device running Android Debug Bridge (ADB) server process.
- AMTHoneypot (⭐16) - Honeypot for Intel's AMT Firmware Vulnerability CVE-2017-5689.
- ddospot (⭐40) - NTP, DNS, SSDP, Chargen and generic UDP-based amplification DDoS honeypot.
- dionaea (⭐689) - Home of the dionaea honeypot.
- dhp (⭐27) - Simple Docker Honeypot server emulating small snippets of the Docker HTTP API.
- DolosHoneypot (⭐1) - SDN (software defined networking) honeypot.
- Ensnare (⭐65) - Easy to deploy Ruby honeypot.
- Helix (⭐35) - K8s API Honeypot with Active Defense Capabilities.
- honeycomb_plugins (⭐26) - Plugin repository for Honeycomb, the honeypot framework by Cymmetria.
- [honeydb] (https://honeydb.io/downloads) - Multi-service honeypot that is easy to deploy and configure. Can be configured to send interaction data to to HoneyDB's centralized collectors for access via REST API.
- honeyntp (⭐52) - NTP logger/honeypot.
- honeypot-camera (⭐51) - Observation camera honeypot.
- honeypot-ftp (⭐27) - FTP Honeypot.
- honeypots (⭐638) - 25 different honeypots in a single pypi package! (dns, ftp, httpproxy, http, https, imap, mysql, pop3, postgres, redis, smb, smtp, socks5, ssh, telnet, vnc, mssql, elastic, ldap, ntp, memcache, snmp, oracle, sip and irc).
- honeytrap (⭐1.2k) - Advanced Honeypot framework written in Go that can be connected with other honeypot software.
- HoneyPy (⭐457) - Low interaction honeypot.
- Honeygrove (⭐19) - Multi-purpose modular honeypot based on Twisted.
- Honeyport (⭐41) - Simple honeyport written in Bash and Python.
- Honeyprint (⭐19) - Printer honeypot.
- Lyrebird - Modern high-interaction honeypot framework.
- MICROS honeypot (⭐14) - Low interaction honeypot to detect CVE-2018-2636 in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (MICROS).
- node-ftp-honeypot (⭐4) - FTP server honeypot in JS.
- pyrdp (⭐1.5k) - RDP man-in-the-middle and library for Python 3 with the ability to watch connections live or after the fact.
- rdppot (⭐62) - RDP honeypot
- RDPy (⭐1.7k) - Microsoft Remote Desktop Protocol (RDP) honeypot implemented in Python.
- SMB Honeypot (⭐45) - High interaction SMB service honeypot capable of capturing wannacry-like Malware.
- Tom's Honeypot (⭐25) - Low interaction Python honeypot.
- Trapster Commmunity (⭐17) - Modural and easy to install Python Honeypot, with comprehensive alerting
- troje (⭐44) - Honeypot that runs each connection with the service within a separate LXC container.
- WebLogic honeypot (⭐31) - Low interaction honeypot to detect CVE-2017-10271 in the Oracle WebLogic Server component of Oracle Fusion Middleware.
- WhiteFace Honeypot (⭐4) - Twisted based honeypot for WhiteFace.
Distributed Honeypots
- DemonHunter (⭐58) - Low interaction honeypot server.
ICS/SCADA honeypots
- Conpot (⭐1.2k) - ICS/SCADA honeypot.
- GasPot (⭐130) - Veeder Root Gaurdian AST, common in the oil and gas industry.
- SCADA honeynet - Building Honeypots for Industrial Networks.
- gridpot (⭐53) - Open source tools for realistic-behaving electric grid honeynets.
- scada-honeynet - Mimics many of the services from a popular PLC and better helps SCADA researchers understand potential risks of exposed control system devices.
Other/random
- CitrixHoneypot (⭐114) - Detect and log CVE-2019-19781 scan and exploitation attempts.
- Damn Simple Honeypot (DSHP) (⭐15) - Honeypot framework with pluggable handlers.
- dicompot (⭐22) - DICOM Honeypot.
- IPP Honey - A honeypot for the Internet Printing Protocol.
- Log4Pot (⭐89) - A honeypot for the Log4Shell vulnerability (CVE-2021-44228).
- Masscanned (⭐96) - Let's be scanned. A low-interaction honeypot focused on network scanners and bots. It integrates very well with IVRE to build a self-hosted alternative to GreyNoise.
- medpot (⭐21) - HL7 / FHIR honeypot.
- NOVA (⭐73) - Uses honeypots as detectors, looks like a complete system.
- OpenFlow Honeypot (OFPot) (⭐22) - Redirects traffic for unused IPs to a honeypot, built on POX.
- OpenCanary (⭐2.2k) - Modular and decentralised honeypot daemon that runs several canary versions of services that alerts when a service is (ab)used.
- ciscoasa_honeypot (⭐51) A low interaction honeypot for the Cisco ASA component capable of detecting CVE-2018-0101, a DoS and remote code execution vulnerability.
- miniprint (⭐198) - A medium interaction printer honeypot.
Botnet C2 tools
- Hale (⭐184) - Botnet command and control monitor.
- dnsMole - Analyses DNS traffic and potentionaly detect botnet command and control server activity, along with infected hosts.
IPv6 attack detection tool
- ipv6-attack-detector (⭐38) - Google Summer of Code 2012 project, supported by The Honeynet Project organization.
Dynamic code instrumentation toolkit
- Frida - Inject JavaScript to explore native apps on Windows, Mac, Linux, iOS and Android.
Tool to convert website to server honeypots
- HIHAT - Transform arbitrary PHP applications into web-based high-interaction Honeypots.
Malware collector
- Kippo-Malware - Python script that will download all malicious files stored as URLs in a Kippo SSH honeypot database.
Distributed sensor deployment
- Community Honey Network - CHN aims to make deployments honeypots and honeypot management tools easy and flexible. The default deployment method uses Docker Compose and Docker to deploy with a few simple commands.
- Modern Honey Network - Multi-snort and honeypot sensor management, uses a network of VMs, small footprint SNORT installations, stealthy dionaeas, and a centralized server for management.
Network Analysis Tool
- Tracexploit - Replay network packets.
Log anonymizer
- LogAnon - Log anonymization library that helps having anonymous logs consistent between logs and network captures.
Low interaction honeypot (router back door)
- Honeypot-32764 (⭐15) - Honeypot for router backdoor (TCP 32764).
- WAPot (⭐17) - Honeypot that can be used to observe traffic directed at home routers.
honeynet farm traffic redirector
- Honeymole - Deploy multiple sensors that redirect traffic to a centralized collection of honeypots.
HTTPS Proxy
- mitmproxy - Allows traffic flows to be intercepted, inspected, modified, and replayed.
System instrumentation
- Sysdig - Open source, system-level exploration allows one to capture system state and activity from a running GNU/Linux instance, then save, filter, and analyze the results.
- Fibratus (⭐2.1k) - Tool for exploration and tracing of the Windows kernel.
Honeypot for USB-spreading malware
- Ghost-usb (⭐93) - Honeypot for malware that propagates via USB storage devices.
Data Collection
- Kippo2MySQL - Extracts some very basic stats from Kippo’s text-based log files and inserts them in a MySQL database.
- Kippo2ElasticSearch - Python script to transfer data from a Kippo SSH honeypot MySQL database to an ElasticSearch instance (server or cluster).
Passive network audit framework parser
- Passive Network Audit Framework (pnaf) (⭐31) - Framework that combines multiple passive and automated analysis techniques in order to provide a security assessment of network platforms.
VM monitoring and tools
- Antivmdetect (⭐709) - Script to create templates to use with VirtualBox to make VM detection harder.
- VMCloak (⭐479) - Automated Virtual Machine Generation and Cloaking for Cuckoo Sandbox.
- vmitools - C library with Python bindings that makes it easy to monitor the low-level details of a running virtual machine.
Binary debugger
- Hexgolems - Pint Debugger Backend (⭐31) - Debugger backend and LUA wrapper for PIN.
- Hexgolems - Schem Debugger Frontend (⭐142) - Debugger frontend.
Mobile Analysis Tool
- Androguard (⭐5.1k) - Reverse engineering, Malware and goodware analysis of Android applications and more.
- APKinspector (⭐825) - Powerful GUI tool for analysts to analyze the Android applications.
Honeynet data fusion
- HFlow2 - Data coalesing tool for honeynet/network analysis.
Server
- Amun - Vulnerability emulation honeypot.
- Artillery (⭐326) - Open-source blue team tool designed to protect Linux and Windows operating systems through multiple methods.
- Bait and Switch - Redirects all hostile traffic to a honeypot that is partially mirroring your production system.
- Bifrozt (⭐4) - Automatic deploy bifrozt with ansible.
- Conpot - Low interactive server side Industrial Control Systems honeypot.
- Heralding (⭐370) - Credentials catching honeypot.
- HoneyWRT (⭐20) - Low interaction Python honeypot designed to mimic services or ports that might get targeted by attackers.
- Honeyd (⭐9) - See honeyd tools.
- Honeysink - Open source network sinkhole that provides a mechanism for detection and prevention of malicious traffic on a given network.
- Hontel (⭐158) - Telnet Honeypot.
- KFSensor - Windows based honeypot Intrusion Detection System (IDS).
- LaBrea - Takes over unused IP addresses, and creates virtual servers that are attractive to worms, hackers, and other denizens of the Internet.
- MTPot (⭐103) - Open Source Telnet Honeypot, focused on Mirai malware.
- SIREN (⭐12) - Semi-Intelligent HoneyPot Network - HoneyNet Intelligent Virtual Environment.
- TelnetHoney (⭐0) - Simple telnet honeypot.
- UDPot Honeypot (⭐47) - Simple UDP/DNS honeypot scripts.
- Yet Another Fake Honeypot (YAFH) (⭐8) - Simple honeypot written in Go.
- arctic-swallow (⭐1) - Low interaction honeypot.
- fapro (⭐1.5k) - Fake Protocol Server.
- glutton (⭐240) - All eating honeypot.
- go-HoneyPot (⭐42) - Honeypot server written in Go.
- go-emulators (⭐9) - Honeypot Golang emulators.
- honeymail (⭐27) - SMTP honeypot written in Golang.
- honeytrap (⭐93) - Low-interaction honeypot and network security tool written to catch attacks against TCP and UDP services.
- imap-honey (⭐24) - IMAP honeypot written in Golang.
- mwcollectd - Versatile malware collection daemon, uniting the best features of nepenthes and honeytrap.
- potd (⭐28) - Highly scalable low- to medium-interaction SSH/TCP honeypot designed for OpenWrt/IoT devices leveraging several Linux kernel features, such as namespaces, seccomp and thread capabilities.
- portlurker (⭐30) - Port listener in Rust with protocol guessing and safe string display.
- slipm-honeypot (⭐16) - Simple low-interaction port monitoring honeypot.
- telnet-iot-honeypot (⭐304) - Python telnet honeypot for catching botnet binaries.
- telnetlogger (⭐236) - Telnet honeypot designed to track the Mirai botnet.
- vnclowpot (⭐22) - Low interaction VNC honeypot.
IDS signature generation
- Honeycomb - Automated signature creation using honeypots.
Lookup service for AS-numbers and prefixes
- CC2ASN - Simple lookup service for AS-numbers and prefixes belonging to any given country in the world.
Data Collection / Data Sharing
- HPfriends - Honeypot data-sharing platform.
- hpfriends - real-time social data-sharing - Presentation about HPFriends feed system
- HPFeeds (⭐209) - Lightweight authenticated publish-subscribe protocol.
- HPfriends - Honeypot data-sharing platform.
Central management tool
- PHARM - Manage, report, and analyze your distributed Nepenthes instances.
Network connection analyzer
- Impost - Network security auditing tool designed to analyze the forensics behind compromised and/or vulnerable daemons.
Honeypot extensions to Wireshark
- Wireshark Extensions - Apply Snort IDS rules and signatures against packet capture files using Wireshark.
Client
- CWSandbox / GFI Sandbox
- Capture-HPC-Linux
- Capture-HPC-NG (⭐10)
- Capture-HPC - High interaction client honeypot (also called honeyclient).
- HoneyBOT
- HoneyC
- HoneySpider Network (⭐28) - Highly-scalable system integrating multiple client honeypots to detect malicious websites.
- HoneyWeb - Web interface created to manage and remotely share Honeyclients resources.
- Jsunpack-n (⭐159)
- MonkeySpider
- PhoneyC (⭐24) - Python honeyclient (later replaced by Thug).
- Pwnypot - High Interaction Client Honeypot.
- Rumal - Thug's Rumāl: a Thug's dress and weapon.
- Shelia - Client-side honeypot for attack detection.
- Thug - Python-based low-interaction honeyclient.
- Thug Distributed Task Queuing
- Trigona
- URLQuery
- YALIH (Yet Another Low Interaction Honeyclient) (⭐68) - Low-interaction client honeypot designed to detect malicious websites through signature, anomaly, and pattern matching techniques.
Honeypot
PDF document inspector
- peepdf (⭐1.3k) - Powerful Python tool to analyze PDF documents.
Hybrid low/high interaction honeypot
SSH Honeypots
- Blacknet (⭐18) - Multi-head SSH honeypot system.
- Cowrie (⭐5.1k) - Cowrie SSH Honeypot (based on kippo).
- DShield docker (⭐14) - Docker container running cowrie with DShield output enabled.
- endlessh (⭐7k) - SSH tarpit that slowly sends an endless banner. (docker image)
- HonSSH (⭐373) - Logs all SSH communications between a client and server.
- HUDINX (⭐3) - Tiny interaction SSH honeypot engineered in Python to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker.
- Kippo (⭐1.6k) - Medium interaction SSH honeypot.
- Kippo_JunOS (⭐9) - Kippo configured to be a backdoored netscreen.
- Kojoney2 (⭐37) - Low interaction SSH honeypot written in Python and based on Kojoney by Jose Antonio Coret.
- Kojoney - Python-based Low interaction honeypot that emulates an SSH server implemented with Twisted Conch.
- Longitudinal Analysis of SSH Cowrie Honeypot Logs (⭐17) - Python based command line tool to analyze cowrie logs over time.
- LongTail Log Analysis @ Marist College - Analyzed SSH honeypot logs.
- Malbait (⭐6) - Simple TCP/UDP honeypot implemented in Perl.
- MockSSH (⭐123) - Mock an SSH server and define all commands it supports (Python, Twisted).
- cowrie2neo (⭐6) - Parse cowrie honeypot logs into a neo4j database.
- go-sshoney (⭐31) - SSH Honeypot.
- go0r (⭐34) - Simple ssh honeypot in Golang.
- gohoney (⭐9) - SSH honeypot written in Go.
- hived (⭐2) - Golang-based honeypot.
- hnypots-agent) (⭐37) - SSH Server in Go that logs username and password combinations.
- honeypot.go (⭐27) - SSH Honeypot written in Go.
- honeyssh (⭐11) - Credential dumping SSH honeypot with statistics.
- hornet (⭐21) - Medium interaction SSH honeypot that supports multiple virtual hosts.
- ssh-auth-logger (⭐18) - Low/zero interaction SSH authentication logging honeypot.
- ssh-honeypot (⭐613) - Fake sshd that logs IP addresses, usernames, and passwords.
- ssh-honeypot (⭐24) - Modified version of the OpenSSH deamon that forwards commands to Cowrie where all commands are interpreted and returned.
- ssh-honeypotd (⭐13) - Low-interaction SSH honeypot written in C.
- sshForShits (⭐38) - Framework for a high interaction SSH honeypot.
- sshesame (⭐1.5k) - Fake SSH server that lets everyone in and logs their activity.
- sshhipot (⭐168) - High-interaction MitM SSH honeypot.
- sshlowpot (⭐12) - Yet another no-frills low-interaction SSH honeypot in Go.
- sshsyrup (⭐95) - Simple SSH Honeypot with features to capture terminal activity and upload to asciinema.org.
- twisted-honeypots (⭐84) - SSH, FTP and Telnet honeypots based on Twisted.
Distributed sensor project
A pcap analyzer
Network traffic redirector
Honeypot Distribution with mixed content
Honeypot sensor
- Honeeepi - Honeypot sensor on a Raspberry Pi based on a customized Raspbian OS.
File carving
Behavioral analysis tool for win32
Live CD
- DAVIX - The DAVIX Live CD.
Spamtrap
- Mail::SMTP::Honeypot - Perl module that appears to provide the functionality of a standard SMTP server.
- Mailoney (⭐248) - SMTP honeypot, Open Relay, Cred Harvester written in python.
- SendMeSpamIDS.py (⭐11) - Simple SMTP fetch all IDS and analyzer.
- Shiva (⭐131) - Spam Honeypot with Intelligent Virtual Analyzer.
- SMTPLLMPot (⭐3) - A super simple SMTP Honeypot built using GPT3.5
- SpamHAT (⭐25) - Spam Honeypot Tool.
- Spamhole
- honeypot (⭐2) - The Project Honey Pot un-official PHP SDK.
- spamd
Commercial honeynet
- Cymmetria Mazerunner - Leads attackers away from real targets and creates a footprint of the attack.
Server (Bluetooth)
Dynamic analysis of Android apps
Dockerized Low Interaction packaging
- Docker honeynet (⭐21) - Several Honeynet tools set up for Docker containers.
- Dockerized Thug - Dockerized Thug (⭐973) to analyze malicious web content.
- Dockerpot (⭐147) - Docker based honeypot.
- Manuka (⭐22) - Docker based honeypot (Dionaea and Kippo).
- honey_ports (⭐6) - Very simple but effective docker deployed honeypot to detect port scanning in your environment.
- mhn-core-docker (⭐32) - Core elements of the Modern Honey Network implemented in Docker.
Network analysis
SIP Server
IOT Honeypot
- HoneyThing (⭐122) - TR-069 Honeypot.
- Kako (⭐24) - Honeypots for a number of well known and deployed embedded device vulnerabilities.
- Honeytokens
- CanaryTokens (⭐1.7k) - Self-hostable honeytoken generator and reporting dashboard; demo version available at CanaryTokens.org.
- Honeybits (⭐273) - Simple tool designed to enhance the effectiveness of your traps by spreading breadcrumbs and honeytokens across your production servers and workstations to lure the attacker toward your honeypots.
- Honeyλ (HoneyLambda) (⭐509) - Simple, serverless application designed to create and monitor URL honeytokens, on top of AWS Lambda and Amazon API Gateway.
- dcept (⭐498) - Tool for deploying and detecting use of Active Directory honeytokens.
- honeyku (⭐58) - Heroku-based web honeypot that can be used to create and monitor fake HTTP endpoints (i.e. honeytokens).
Honeyd Tools
Honeyd plugin
Honeyd viewer
Honeyd to MySQL connector
A script to visualize statistics from honeyd
- Honeyd stats
Network and Artifact Analysis
Sandbox
- Argos - Emulator for capturing zero-day attacks.
- COMODO automated sandbox
- Cuckoo - Leading open source automated malware analysis system.
- Pylibemu (⭐125) - Libemu Cython wrapper.
- RFISandbox - PHP 5.x script sandbox built on top of funcall.
- dorothy2 (⭐197) - Malware/botnet analysis framework written in Ruby.
- imalse (⭐11) - Integrated MALware Simulator and Emulator.
- libemu (⭐140) - Shellcode emulation library, useful for shellcode detection.
Sandbox-as-a-Service
- Hybrid Analysis - Free malware analysis service powered by Payload Security that detects and analyzes unknown threats using a unique Hybrid Analysis technology.
- Joebox Cloud - Analyzes the behavior of malicious files including PEs, PDFs, DOCs, PPTs, XLSs, APKs, URLs and MachOs on Windows, Android and Mac OS X for suspicious activities.
- VirusTotal - Analyze suspicious files and URLs to detect types of malware, and automatically share them with the security community.
- malwr.com - Free malware analysis service and community.
Data Tools
Front Ends
- DionaeaFR (⭐66) - Front Web to Dionaea low-interaction honeypot.
- Django-kippo (⭐11) - Django App for kippo SSH Honeypot.
- Shockpot-Frontend (⭐2) - Full featured script to visualize statistics from a Shockpot honeypot.
- Tango (⭐252) - Honeypot Intelligence with Splunk.
- Wordpot-Frontend (⭐3) - Full featured script to visualize statistics from a Wordpot honeypot.
- honeyalarmg2 (⭐3) - Simplified UI for showing honeypot alarms.
- honeypotDisplay (⭐2) - Flask website which displays data gathered from an SSH Honeypot.
Visualization
- Acapulco (⭐9) - Automated Attack Community Graph Construction.
- Afterglow Cloud (⭐14)
- Afterglow
- Glastopf Analytics (⭐2) - Easy honeypot statistics.
- HoneyMalt (⭐13) - Maltego tranforms for mapping Honeypot systems.
- HoneyMap (⭐217) - Real-time websocket stream of GPS events on a fancy SVG world map.
- HoneyStats - Statistical view of the recorded activity on a Honeynet.
- HpfeedsHoneyGraph (⭐14) - Visualization app to visualize hpfeeds logs.
- IVRE (⭐3.4k) - Network recon framework, published by @cea-sec & @ANSSI-FR. Build your own, self-hosted and fully-controlled alternatives to Criminalip / Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, collect and analyse network intelligence from your sensors, and much more!
- Kippo stats (⭐17) - Mojolicious app to display statistics for your kippo SSH honeypot.
- Kippo-Graph - Full featured script to visualize statistics from a Kippo SSH honeypot.
- The Intelligent HoneyNet (⭐61) - Create actionable information from honeypots.
- ovizart (⭐47) - Visual analysis for network traffic.
Guides
Deployment
- Dionaea and EC2 in 20 Minutes - Tutorial on setting up Dionaea on an EC2 instance.
- Using a Raspberry Pi honeypot to contribute data to DShield/ISC - The Raspberry Pi based system will allow us to maintain one code base that will make it easier to collect rich logs beyond firewall logs.
- honeypotpi (⭐32) - Script for turning a Raspberry Pi into a HoneyPot Pi.
Research Papers
- Honeypot research papers (⭐25) - PDFs of research papers on honeypots.
- vEYE - Behavioral footprinting for self-propagating worm detection and profiling.
Jul 30 - Aug 05, 2018
Related Lists
- awesome-pcaptools (⭐3k) - Useful in network traffic analysis.
- awesome-malware-analysis (⭐11k) - Some overlap here for artifact analysis.
Aug 10 - Aug 16, 2015
Guides
Jul 06 - Jul 12, 2015
Guides