awesome-honeypots/README.md

341 lines
16 KiB
Markdown
Raw Normal View History

2015-06-18 08:58:09 -04:00
# Awesome Honeypots
2015-06-18 09:29:43 -04:00
A curated list of awesome honeypots, tools, components and much more. The list is divided into categories such as web, services, and others, focusing on open source projects. There is no pre-established order of items in each category, the order is for contribution. If you want to contribute, please read the [guide](https://github.com/paralax/awesome-honeypots/blob/master/CONTRIBUTING.md).
2015-06-18 09:15:51 -04:00
2015-06-18 09:29:43 -04:00
A related list for many of us is [awesome-pcaptools](https://github.com/caesar0301/awesome-pcaptools), useful in network traffic analysis.
2015-06-18 08:58:09 -04:00
- Database Honeypots
- [Elastic honey](https://github.com/jordan-wright/elastichoney)
- [mysql](https://github.com/schmalle/MysqlPot)
- [A framework for nosql databases ( only redis for now)](https://github.com/torque59/nosqlpot)
2015-06-18 12:21:10 -04:00
- [ESPot - ElasticSearch Honeypot](https://github.com/mycert/ESPot)
2015-06-18 08:58:09 -04:00
- Web honeypots
2015-06-18 09:13:48 -04:00
- [Glastopf](https://github.com/glastopf/glastopf)
2015-06-18 08:58:09 -04:00
- [Interactive phpmyadmin](https://github.com/gfoss/phpmyadmin_honeypot)
- [servlet](https://github.com/schmalle/Servletpot)
- [web honeypot in nodejs](https://github.com/schmalle/Nodepot)
- [basic auth - for web protected pages](https://github.com/bjeborn/basic-auth-pot)
2015-06-18 09:34:52 -04:00
- [Shadow Daemon](https://shadowd.zecure.org)
- [Servletpot](http://github.com/schmalle/servletpot)
2015-06-18 09:34:52 -04:00
- [Nodepot](http://github.com/schmalle/Nodepot)
- [Google Hack Honeypot](http://ghh.sourceforge.net)
2015-06-18 08:58:09 -04:00
- Service Honeypots
2015-06-18 09:13:48 -04:00
- [Kippo](https://github.com/desaster/kippo) - Medium interaction SSH honeypot
2015-06-18 08:58:09 -04:00
- [for NTP](https://github.com/fygrave/honeyntp)
- [Camera pot *](https://github.com/alexbredo/honeypot-camera)
- Anti-honeypot stuff
- [kippo_detect](https://github.com/andrew-morris/kippo_detect) This is not a honeypot, but it detects kippo. (This guy has lots of more interesting stuff)
2015-06-18 09:13:48 -04:00
- ICS/SCADA honeypots
- [Conpot](https://github.com/glastopf/conpot)
2015-06-18 10:27:14 -04:00
- [scada-honeynet](http://www.digitalbond.com/tools/scada-honeynet/)
- [SCADA honeynet](http://scadahoneynet.sourceforge.net)
2015-06-18 09:34:52 -04:00
- Deployment
- [Dionaea and EC2 in 20 Minutes](http://andrewmichaelsmith.com/2012/03/dionaea-honeypot-on-ec2-in-20-minutes/)
- Visualization
- [HoneyMap](https://github.com/fw42/honeymap)
- [HoneyMalt](https://github.com/SneakersInc/HoneyMalt)
- Data Analysis
- [Kippo-Graph](http://bruteforce.gr/kippo-graph)
- [Kippo stats](https://github.com/mfontani/kippo-stats)
2015-06-18 09:34:52 -04:00
- Other/random
- [NOVA](https://github.com/DataSoft/Nova) uses honeypots as detectors, looks like a complete system
- [Mantrap / Symantec Decoy Server](http://www.systemhouse.com/symantec/sds.htm)
- [BigEye](http://violating.us/projects/bigeye/)
- [BackOfficer Friendly](http://www.nfr.com/resource/backOfficer.php)
- Proxy honeypot
- [Proxypot](http://proxypot.spamteam.nl)
- Open Relay Spam Honeypot
- [SpamHAT](https://github.com/miguelraulb/spamhat)
- Botnet C2 monitor
- [Hale](http://github.com/pjlantz/Hale)
- IPv6 attack detection tool
- [ipv6-guard](https://www.honeynet.org/gsoc2012/slot8)
- [ipv6-attack-detector](https://github.com/mzweilin/ipv6-attack-detector/)
- PHP honeypot
- [smart-honeypot](https://github.com/freak3dot/smart-honeypot)
- [PHPHop](http://rstack.org/phphop/)
- Honeypot Database
- [Manuka](https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&ved=0CCgQFjAB&url=https%3A%2F%2Fstaff.washington.edu%2Fdittrich%2Ftalks%2Fieee-ia-manuka.ppt&ei=nS1fVdDjJeL9ywP5soG4Cg&usg=AFQjCNGTVLU6WQe04DdUd1jzVx3Fmwi6Xg&bvm=bv.93990622,d.bGQ)
- Research Paper
- [vEYE](http://link.springer.com/article/10.1007%2Fs10115-008-0137-3)
- Honeynet statistics
- [HoneyStats](http://sourceforge.net/projects/honeystats/)
- Visual analsysis for network traffic
- [Picviz](http://www.wallinfire.net/picviz)
- dynamic code instrumentation toolkit
- [Frida](http://www.frida.re)
- Front-end for dionaea
- [DionaeaFR](https://github.com/rubenespadas/DionaeaFR)
- Tool to convert website to server honeypots
- [HIHAT](http://hihat.sourceforge.net/)
- Malware collector
- [Kippo-Malware](http://bruteforce.gr/kippo-malware)
- Sebek in QEMU
- [Qebek](https://projects.honeynet.org/sebek/wiki/Qebek)
- Malware Simulator
- [imalse](https://github.com/hbhzwj/imalse)
- Distributed sensor deployment
- [Sombria](http://www.lac.co.jp/business/sns/intelligence/sombria_e.html)
- [Smarthoneypot](http://smarthoneypot.com)
- Network Analysis Tool
- [Tracexploit](https://code.google.com/p/tracexploit/)
- Log anonymizer
- [LogAnon](http://code.google.com/p/loganon/)
- server
- [Honeysink](http://www.honeynet.org/node/773)
- Botnet traffic detection
- [dnsMole](https://code.google.com/p/dns-mole/)
- Low interaction honeypot (router back door)
- [Honeypot-32764](https://github.com/knalli/honeypot-for-tcp-32764)
- honeynet farm traffic redirector
- [Honeymole](https://web.archive.org/web/20120122130150/http://www.honeynet.org.pt/index.php/HoneyMole)
- IDS signature generator
- [Nebula](http://nebula.carnivore.it/)
- Fake wireless access point
- [FakeAP](http://www.blackalchemy.to/project/fakeap/)
- HTTPS Proxy
- [mitmproxy](http://mitmproxy.org/)
- spamtrap
- [Jackpot Mailswerver](http://jackpot.uk.net/)
- System instrumentation
- [Sysdig](http://www.sysdig.org)
- Honeypot for USB-spreading malware
- [Ghost-usb](https://code.google.com/p/ghost-usb-honeypot/)
- Data Collection
- [Kippo2MySQL](http://bruteforce.gr/kippo2mysql)
- [Kippo2ElasticSearch](http://bruteforce.gr/kippo2elasticsearch)
- Honeyd viewer
- [Honeyview](http://honeyview.sourceforge.net/)
- Passive network audit framework parser
- [pnaf](https://github.com/jusafing/pnaf)
- Honeyd to MySQL connector
- [Honeyd2MySQL](http://bruteforce.gr/honeyd2mysql)
- VM Introspection
- [VIX virtual machine introspection toolkit](http://assert.uaf.edu/research/vmi.html)
- [xenaccess](https://code.google.com/p/xenaccess/)
- [vmscope](http://cs.gmu.edu/~xwangc/Publications/RAID07-VMscope.pdf)
- [vmitools](http://libvmi.com/)
- Binary debugger
- [Hexgolems - Schem Debugger Frontend](https://github.com/hexgolems/schem)
- [Hexgolems - Pint Debugger Backend](https://github.com/hexgolems/pint)
- Mobile Analysis Tool
- [APKinspector](https://github.com/honeynet/apkinspector/)
- [Androguard](https://code.google.com/p/androguard/)
- Low interaction honeypot
- [Honeypoint](http://microsolved.com/?page_id=69)
- [Honeyperl](http://sourceforge.net/projects/honeyperl/)
- Honeynet data fusion
- [HFlow2](https://projects.honeynet.org/hflow)
- Server
- [Tiny Honeypot](http://www.alpinista.org/thp/ -> http://web.archive.org/web/20090606073121/http://www.alpinista.org/files/thp/)
- [Nephenthes](http://nepenthes.carnivore.it//)
- [LaBrea](http://labrea.sourceforge.net/labrea-info.html)
- [Kippo](https://github.com/desaster/kippo)
- [KFSensor](http://www.keyfocus.net/kfsensor/)
- [Honeytrap](http://honeytrap.carnivore.it/)
- [Honeyd](https://github.com/provos/honeyd)
2015-06-18 10:00:01 -04:00
- Bootable honeyd
- [HOACD](http://www.honeynet.org.br/tools/)
- [Honeeebox](http://honeeebox.net)
- [Glastopf](http://glastopf.org/)
- [DNS Honeypot](https://github.com/jekil/UDPot)
- [Django-kippo](https://github.com/jedie/django-kippo)
- [Dionaea](http://dionaea.carnivore.it/)
- [Conpot](http://conpot.org/)
- [Bifrozt](http://sourceforge.net/projects/bifrozt/)
- [Beeswarm](http://www.beeswarm-ids.org/)
- [Bait and Switch](http://baitnswitch.sourceforge.net)
- [Artillery](https://github.com/trustedsec/artillery/)
- [Amun](http://amunhoney.sourceforge.net)
- VM cloaking script
- [Antivmdetect](https://github.com/nsmfoo/antivmdetection)
- Honeyd ported to Windows
- [Winhoneyd](http://www2.netvigilance.com/winhoneyd)
- IDS signature generation
- [Honeycomb](http://www.cl.cam.ac.uk/~cpk25/honeycomb/)
- Multiple
- [Honeeepi](https://redmine.honeynet.org/projects/honeeepi/wiki)
- Web interface to packet analyzer
- [OpenWitness](https://github.com/oguzy/openwitness)
- lookup service for AS-numbers and prefixes
- [CC2ASN](http://www.cc2asn.com/)
- Data Collection / Analysis Tool
- [Carniwwwhore](http://carnivore.it/2010/11/27/carniwwwhore)
- Wordpress spam honeypot
- [wp-smart-honeypot](https://github.com/freak3dot/wp-smart-honeypot)
- Web interface (for Thug)
- [Rumal](https://github.com/pdelsante/rumal)
- Snort binary carving
- [Pehunter](http://src.carnivore.it/pehunter/)
- Data Collection / Data Sharing
- [HPfriends](http://hpfriends.honeycloud.net/#/home)
- [HPFeeds](https://github.com/rep/hpfeeds/)
- PE-executables analyses
- [Xandora](http://www.xandora.net/xangui/)
- Distributed spam tracking
- [Project Honeypot](https://www.projecthoneypot.org)
- Python bindings for libemu
- [Pylibemu](https://github.com/buffer/pylibemu)
- Client honeypot
- [Pwnypot](https://github.com/shjalayeri/pwnypot)
- Controlled-relay spam honeypot
- [Shiva](https://github.com/shiva-spampot/shiva)
- Visualization Tool
- [Webviz](not working)
- [Glastopf Analytics](https://github.com/vavkamil/Glastopf-Analytics)
- [Afterglow Cloud](http://afterglow.secviz.org/)
- [Afterglow](http://afterglow.sourceforge.net/)
- central management tool
- [PHARM](http://www.nepenthespharm.com/)
- Network connection analyzer
- [Impost](http://impost.sourceforge.net/)
- Virtual Machine Cloaking
- [VMCloak](https://github.com/jbremer/vmcloak)
- A script to visualize statistics from honeyd
- [Honeyd-Viz](http://bruteforce.gr/honeyd-viz)
- Honeypot deployment
- [Modern Honeynet Network](http://threatstream.github.io/mhn/)
- [SurfIDS](http://ids.surfnet.nl/)
- Honeyd UI
- [Honeyd configuration GUI](http://www.citi.umich.edu/u/provos/honeyd/ch01-results/1/)
- Honeynet analysis tool
- [Honeynet Security Console](http://www.activeworx.org/programs/hsc/index.htm)
- Automated malware analysis system
- [Cuckoo](http://www.cuckoosandbox.org/)
- [Anubis](https://anubis.iseclab.org/)
- Low interaction
- [mwcollectd](http//git.mwcollect.org/mwcollectd)
- Low interaction honeypot on USB stick
- [Honeystick](http://www.ukhoneynet.org/research/honeystick-howto/)
- Honeypot extensions to Wireshark
- [Whireshark Extensions](https://www.honeynet.org/project/WiresharkExtensions)
- Data Analysis Tool
- [HpfeedsHoneyGraph](https://github.com/yuchincheng/HpfeedsHoneyGraph)
- [Acapulco](https://github.com/hgascon/Acapulco4HNP)
- Telephony honeypot
- [Zapping Rachel](https://seanmckaybeck.com/2014/08/17/zapping-rachel/)
- Client
2015-06-18 10:00:01 -04:00
- [MonkeySpider](http://monkeyspider.sourceforge.net)
- [Capture-HPC-NG](https://github.com/CERT-Polska/HSN-Capture-HPC-NG)
- [Wepawet](http://wepawet.cs.ucsb.edu/about.php)
- [URLQuery](https://urlquery.net/)
- [Trigona](https://www.honeynet.org/project/Trigona)
- [Thug](https://buffer.github.io/thug/)
- [Shelia](http://www.cs.vu.nl/~herbertb/misc/shelia/)
- [PhoneyC](https://github.com/honeynet/phoneyc)
- [Libemu](http://libemu.carnivore.it/)
- [Jsunpack-n](https://code.google.com/p/jsunpack-n/)
- [HoneyC](https://projects.honeynet.org/honeyc)
- [HoneyBOT](http://www.atomicsoftwaresolutions.com/honeybot.php)
- [CWSandbox / GFI Sandbox](http://www.gfi.com/malware-analysis-tool)
- [Capture-HPC-Linux](https://redmine.honeynet.org/projects/linux-capture-hpc/wiki)
- [Capture-HPC](https://projects.honeynet.org/capture-hpc)
- [Andrubis](https://anubis.iseclab.org/)
- Commercial high interaction honeypot
- [Countertack Scout](http://www.countertack.com/countertack-scout)
- Visual analysis for network traffic
- [ovizart-ng](https://github.com/honeynet/ovizart-ng)
- [ovizart](https://github.com/honeynet/ovizart)
- Binary Management and Analysis Framework
- [Viper](http://viper.li/)
- Honeypot
- [Single-honeypot](http://sourceforge.net/projects/single-honeypot/)
- [Honeyd For Windows](http://www.securityprofiling.com/honeyd/honeyd.shtml)
- [SWiSH](http://shat.net/swish/)
- [IMHoneypot](https://github.com/glastopf/imhoneypot)
- [Deception Toolkit](http://www.all.net/dtk/dtk.html)
- [Cybercop Sting](http://www.nai.com/international/uk/asp_set/products/tns/ccsting_intro.asp)
- PDF document inspector
- [peepdf](https://code.google.com/p/peepdf/)
- Distribution system
- [Thug Distributed Task Queuing](https://thug-distributed.readthedocs.org/en/latest/index.html)
- HoneyClient Management
- [HoneyWeb](https://code.google.com/p/gsoc-honeyweb/)
- Network Analysis
- [HoneyProxy](http://honeyproxy.org/)
- Hybrid low/high interaction honeypot
- [HoneyBrid](http://honeybrid.sourceforge.net)
- Sebek on Xen
- [xebek](https://code.google.com/p/xebek/)
- SSH Honeypot
- [Kojoney](http://kojoney.sourceforge.net/)
- Glastopf data analysis
- [Glastopf Analytics](https://github.com/vavkamil/Glastopf-Analytics)
- Distributed sensor project
- [DShield Web Honeypot Project](https://sites.google.com/site/webhoneypotsite/)
- [Distributed Web Honeypot Project](http://projects.webappsec.org/w/page/29606603/Distributed%20Web%20Honeypots)
- a pcap analyzer
- [Honeysnap](https://projects.honeynet.org/honeysnap/)
- Client Web crawler
- [HoneySpider Network](https://github.com/CERT-Polska/hsn2-bundle)
- network traffic redirector
- [Honeywall](https://projects.honeynet.org/honeywall/)
- Honeypot Distribution with mixed content
- [HoneyDrive](http://bruteforce.gr/honeydrive)
- Honeypot sensor
- [Dragon Research Group Distro](https://www.dragonresearchgroup.org/drg-distro.html)
- File carving
- [TestDisk & PhotoRec](http://www.cgsecurity.org/)
- File and Network Threat Intelligence
- [VirusTotal](http://virustotal.com)
- data capture
- [Sebek](https://projects.honeynet.org/sebek/)
- SSH proxy
- [HonSSH](https://github.com/tnich/honssh)
- Anti-Cheat
- [Minecraft honeypot](http://www.curse.com/bukkit-plugins/minecraft/honeypot)
- behavioral analysis tool for win32
- [Capture BAT](https://www.honeynet.org/node/315)
- Live CD
- [DAVIX](http://davix.secviz.org)
- Spamtrap
- [Spampot.py](http://woozle.org/%7Eneale/src/python/spampot.py)
- [Spamhole](http://www.spamhole.net/)
- [spamd](http://www.openbsd.org/cgi-bin/man.cgi?query=spamd&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html)
- [SMTPot.py](http://llama.whoi.edu/smtpot.py)
- Commercial honeynet
- [Specter](http://www.specter.com/default50.htm)
- [Smoke Detector](http://palisadesys.com/products/smokedetector/)
- [Sandtrap](http://www.sandstorm.net/products/sandtrap/)
- [PatriotBox](http://www.alkasis.com/?fuseaction=products.info&id=20)
- [PacketDecoy](http://palisadesys.com/products/packetdecoy/)
- [NetFacade](http://www22.verizon.com/fns/solutions/netsec/netsec_netfacade.html)
- [Netbait](http://www.netbaitinc.com)
- Server (Bluetooth)
- [Bluepot](http://code.google.com/p/bluepot/)
- Honeyd stats
- [Honeydsum.pl](http://www.honeynet.org.br/)
- Dynamic analysis of Android apps
- [Droidbox](https://code.google.com/p/droidbox/)
- Dockerized Low Interaction packaging
- [Manuka](https://github.com/andrewmichaelsmith/manuka)
- Network analysis
- [Quechua](https://bitbucket.org/zaccone/quechua)
- Sebek data visualization
- [Sebek Dataviz](http://www.honeynet.org/gsoc/project4)
- Threat Intel feed aggregator / network grapher
- [Malcom](http://malcom.io)
- Sandbox
- [Argos](http://www.few.vu.nl/argos/)
- SIP Server
- [Artemnesia VoIP](http://artemisa.sourceforge.net)
- Honeyd plugin
- [Honeycomb](http://www.honeyd.org/tools.php)
- Sandbox-as-a-Service
- [malwr.com](http://malwr.com)
- Botnet C2 monitoring
- [botsnoopd](http://botsnoopd.mwcollect.org)
- low interaction
- [mysqlpot](https://github.com/schmalle/mysqlpot)
- Malware collection
- [Honeybow](http://honeybow.mwcollect.org/)
- sandbox
- [PHPSandbox](http://www.fieryprophet.com/phpsandbox)
2015-06-18 10:00:01 -04:00
- [RFISandbox](http://monkey.org/~jose/software/rfi-sandbox/)
- [dorothy2](https://github.com/m4rco-/dorothy2)
- [COMODO automated sandbox](https://help.comodo.com/topic-72-1-451-4768-.html)