diff --git a/README.md b/README.md
index ae2a947..c8e6c22 100644
--- a/README.md
+++ b/README.md
@@ -4,6 +4,8 @@ A curated list of awesome honeypots, tools, components and much more. The list i
A related list for many of us is [awesome-pcaptools](https://github.com/caesar0301/awesome-pcaptools), useful in network traffic analysis.
+## Honeypots
+
- Database Honeypots
- [Elastic honey](https://github.com/jordan-wright/elastichoney)
- [mysql](https://github.com/schmalle/MysqlPot)
@@ -20,6 +22,9 @@ A related list for many of us is [awesome-pcaptools](https://github.com/caesar03
- [Servletpot](http://github.com/schmalle/servletpot)
- [Nodepot](http://github.com/schmalle/Nodepot)
- [Google Hack Honeypot](http://ghh.sourceforge.net)
+ - [smart-honeypot](https://github.com/freak3dot/smart-honeypot)
+ - [PHPHop](http://rstack.org/phphop/)
+ - [wp-smart-honeypot](https://github.com/freak3dot/wp-smart-honeypot)
- Service Honeypots
- [Kippo](https://github.com/desaster/kippo) - Medium interaction SSH honeypot
@@ -33,103 +38,131 @@ A related list for many of us is [awesome-pcaptools](https://github.com/caesar03
- [Conpot](https://github.com/glastopf/conpot)
- [scada-honeynet](http://www.digitalbond.com/tools/scada-honeynet/)
- [SCADA honeynet](http://scadahoneynet.sourceforge.net)
+
- Deployment
- [Dionaea and EC2 in 20 Minutes](http://andrewmichaelsmith.com/2012/03/dionaea-honeypot-on-ec2-in-20-minutes/)
-- Visualization
- - [HoneyMap](https://github.com/fw42/honeymap)
- - [HoneyMalt](https://github.com/SneakersInc/HoneyMalt)
+
- Data Analysis
- [Kippo-Graph](http://bruteforce.gr/kippo-graph)
- [Kippo stats](https://github.com/mfontani/kippo-stats)
+
- Other/random
- [NOVA](https://github.com/DataSoft/Nova) uses honeypots as detectors, looks like a complete system
- [Mantrap / Symantec Decoy Server](http://www.systemhouse.com/symantec/sds.htm)
- [BigEye](http://violating.us/projects/bigeye/)
- [BackOfficer Friendly](http://www.nfr.com/resource/backOfficer.php)
+
- Proxy honeypot
- [Proxypot](http://proxypot.spamteam.nl)
+
- Open Relay Spam Honeypot
- [SpamHAT](https://github.com/miguelraulb/spamhat)
+
- Botnet C2 monitor
- [Hale](http://github.com/pjlantz/Hale)
+
- IPv6 attack detection tool
- [ipv6-guard](https://www.honeynet.org/gsoc2012/slot8)
- [ipv6-attack-detector](https://github.com/mzweilin/ipv6-attack-detector/)
-- PHP honeypot
- - [smart-honeypot](https://github.com/freak3dot/smart-honeypot)
- - [PHPHop](http://rstack.org/phphop/)
+
- Honeypot Database
- [Manuka](https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&ved=0CCgQFjAB&url=https%3A%2F%2Fstaff.washington.edu%2Fdittrich%2Ftalks%2Fieee-ia-manuka.ppt&ei=nS1fVdDjJeL9ywP5soG4Cg&usg=AFQjCNGTVLU6WQe04DdUd1jzVx3Fmwi6Xg&bvm=bv.93990622,d.bGQ)
+
- Research Paper
- [vEYE](http://link.springer.com/article/10.1007%2Fs10115-008-0137-3)
+
- Honeynet statistics
- [HoneyStats](http://sourceforge.net/projects/honeystats/)
+
- Visual analsysis for network traffic
- [Picviz](http://www.wallinfire.net/picviz)
+
- dynamic code instrumentation toolkit
- [Frida](http://www.frida.re)
+
- Front-end for dionaea
- [DionaeaFR](https://github.com/rubenespadas/DionaeaFR)
+
- Tool to convert website to server honeypots
- [HIHAT](http://hihat.sourceforge.net/)
+
- Malware collector
- [Kippo-Malware](http://bruteforce.gr/kippo-malware)
+
- Sebek in QEMU
- [Qebek](https://projects.honeynet.org/sebek/wiki/Qebek)
+
- Malware Simulator
- [imalse](https://github.com/hbhzwj/imalse)
+
- Distributed sensor deployment
- [Sombria](http://www.lac.co.jp/business/sns/intelligence/sombria_e.html)
- [Smarthoneypot](http://smarthoneypot.com)
+
- Network Analysis Tool
- [Tracexploit](https://code.google.com/p/tracexploit/)
+
- Log anonymizer
- [LogAnon](http://code.google.com/p/loganon/)
+
- server
- [Honeysink](http://www.honeynet.org/node/773)
+
- Botnet traffic detection
- [dnsMole](https://code.google.com/p/dns-mole/)
+
- Low interaction honeypot (router back door)
- [Honeypot-32764](https://github.com/knalli/honeypot-for-tcp-32764)
+
- honeynet farm traffic redirector
- [Honeymole](https://web.archive.org/web/20120122130150/http://www.honeynet.org.pt/index.php/HoneyMole)
+
- IDS signature generator
- [Nebula](http://nebula.carnivore.it/)
+
- Fake wireless access point
- [FakeAP](http://www.blackalchemy.to/project/fakeap/)
+
- HTTPS Proxy
- [mitmproxy](http://mitmproxy.org/)
+
- spamtrap
- [Jackpot Mailswerver](http://jackpot.uk.net/)
+
- System instrumentation
- [Sysdig](http://www.sysdig.org)
+
- Honeypot for USB-spreading malware
- [Ghost-usb](https://code.google.com/p/ghost-usb-honeypot/)
+
- Data Collection
- [Kippo2MySQL](http://bruteforce.gr/kippo2mysql)
- [Kippo2ElasticSearch](http://bruteforce.gr/kippo2elasticsearch)
-- Honeyd viewer
- - [Honeyview](http://honeyview.sourceforge.net/)
+
- Passive network audit framework parser
- [pnaf](https://github.com/jusafing/pnaf)
-- Honeyd to MySQL connector
- - [Honeyd2MySQL](http://bruteforce.gr/honeyd2mysql)
+
- VM Introspection
- [VIX virtual machine introspection toolkit](http://assert.uaf.edu/research/vmi.html)
- [xenaccess](https://code.google.com/p/xenaccess/)
- [vmscope](http://cs.gmu.edu/~xwangc/Publications/RAID07-VMscope.pdf)
- [vmitools](http://libvmi.com/)
+
- Binary debugger
- [Hexgolems - Schem Debugger Frontend](https://github.com/hexgolems/schem)
- [Hexgolems - Pint Debugger Backend](https://github.com/hexgolems/pint)
+
- Mobile Analysis Tool
- [APKinspector](https://github.com/honeynet/apkinspector/)
- [Androguard](https://code.google.com/p/androguard/)
+
- Low interaction honeypot
- [Honeypoint](http://microsolved.com/?page_id=69)
- [Honeyperl](http://sourceforge.net/projects/honeyperl/)
+
- Honeynet data fusion
- [HFlow2](https://projects.honeynet.org/hflow)
+
- Server
- [Tiny Honeypot](http://www.alpinista.org/thp/ -> http://web.archive.org/web/20090606073121/http://www.alpinista.org/files/thp/)
- [Nephenthes](http://nepenthes.carnivore.it//)
@@ -137,9 +170,7 @@ A related list for many of us is [awesome-pcaptools](https://github.com/caesar03
- [Kippo](https://github.com/desaster/kippo)
- [KFSensor](http://www.keyfocus.net/kfsensor/)
- [Honeytrap](http://honeytrap.carnivore.it/)
- - [Honeyd](https://github.com/provos/honeyd)
- - Bootable honeyd
- - [HOACD](http://www.honeynet.org.br/tools/)
+ - [Honeyd](https://github.com/provos/honeyd) Also see [more honeyd tools](#honeyd)
- [Honeeebox](http://honeeebox.net)
- [Glastopf](http://glastopf.org/)
- [DNS Honeypot](https://github.com/jekil/UDPot)
@@ -151,74 +182,91 @@ A related list for many of us is [awesome-pcaptools](https://github.com/caesar03
- [Bait and Switch](http://baitnswitch.sourceforge.net)
- [Artillery](https://github.com/trustedsec/artillery/)
- [Amun](http://amunhoney.sourceforge.net)
+
- VM cloaking script
- [Antivmdetect](https://github.com/nsmfoo/antivmdetection)
-- Honeyd ported to Windows
- - [Winhoneyd](http://www2.netvigilance.com/winhoneyd)
+
- IDS signature generation
- [Honeycomb](http://www.cl.cam.ac.uk/~cpk25/honeycomb/)
+
- Multiple
- [Honeeepi](https://redmine.honeynet.org/projects/honeeepi/wiki)
+
- Web interface to packet analyzer
- [OpenWitness](https://github.com/oguzy/openwitness)
+
- lookup service for AS-numbers and prefixes
- [CC2ASN](http://www.cc2asn.com/)
+
- Data Collection / Analysis Tool
- [Carniwwwhore](http://carnivore.it/2010/11/27/carniwwwhore)
-- Wordpress spam honeypot
- - [wp-smart-honeypot](https://github.com/freak3dot/wp-smart-honeypot)
+
- Web interface (for Thug)
- [Rumal](https://github.com/pdelsante/rumal)
+
- Snort binary carving
- [Pehunter](http://src.carnivore.it/pehunter/)
+
- Data Collection / Data Sharing
- [HPfriends](http://hpfriends.honeycloud.net/#/home)
- [HPFeeds](https://github.com/rep/hpfeeds/)
+
- PE-executables analyses
- [Xandora](http://www.xandora.net/xangui/)
+
- Distributed spam tracking
- [Project Honeypot](https://www.projecthoneypot.org)
+
- Python bindings for libemu
- [Pylibemu](https://github.com/buffer/pylibemu)
-- Client honeypot
- - [Pwnypot](https://github.com/shjalayeri/pwnypot)
+
- Controlled-relay spam honeypot
- [Shiva](https://github.com/shiva-spampot/shiva)
+
- Visualization Tool
- [Webviz](not working)
- [Glastopf Analytics](https://github.com/vavkamil/Glastopf-Analytics)
- [Afterglow Cloud](http://afterglow.secviz.org/)
- [Afterglow](http://afterglow.sourceforge.net/)
+
- central management tool
- [PHARM](http://www.nepenthespharm.com/)
+
- Network connection analyzer
- [Impost](http://impost.sourceforge.net/)
+
- Virtual Machine Cloaking
- [VMCloak](https://github.com/jbremer/vmcloak)
-- A script to visualize statistics from honeyd
- - [Honeyd-Viz](http://bruteforce.gr/honeyd-viz)
+
- Honeypot deployment
- [Modern Honeynet Network](http://threatstream.github.io/mhn/)
- [SurfIDS](http://ids.surfnet.nl/)
-- Honeyd UI
- - [Honeyd configuration GUI](http://www.citi.umich.edu/u/provos/honeyd/ch01-results/1/)
+
- Honeynet analysis tool
- [Honeynet Security Console](http://www.activeworx.org/programs/hsc/index.htm)
+
- Automated malware analysis system
- [Cuckoo](http://www.cuckoosandbox.org/)
- [Anubis](https://anubis.iseclab.org/)
+
- Low interaction
- [mwcollectd](http//git.mwcollect.org/mwcollectd)
+
- Low interaction honeypot on USB stick
- [Honeystick](http://www.ukhoneynet.org/research/honeystick-howto/)
+
- Honeypot extensions to Wireshark
- [Whireshark Extensions](https://www.honeynet.org/project/WiresharkExtensions)
+
- Data Analysis Tool
- [HpfeedsHoneyGraph](https://github.com/yuchincheng/HpfeedsHoneyGraph)
- [Acapulco](https://github.com/hgascon/Acapulco4HNP)
+
- Telephony honeypot
- [Zapping Rachel](https://seanmckaybeck.com/2014/08/17/zapping-rachel/)
+
- Client
+ - [Pwnypot](https://github.com/shjalayeri/pwnypot)
- [MonkeySpider](http://monkeyspider.sourceforge.net)
- [Capture-HPC-NG](https://github.com/CERT-Polska/HSN-Capture-HPC-NG)
- [Wepawet](http://wepawet.cs.ucsb.edu/about.php)
@@ -235,13 +283,17 @@ A related list for many of us is [awesome-pcaptools](https://github.com/caesar03
- [Capture-HPC-Linux](https://redmine.honeynet.org/projects/linux-capture-hpc/wiki)
- [Capture-HPC](https://projects.honeynet.org/capture-hpc)
- [Andrubis](https://anubis.iseclab.org/)
+
- Commercial high interaction honeypot
- [Countertack Scout](http://www.countertack.com/countertack-scout)
+
- Visual analysis for network traffic
- [ovizart-ng](https://github.com/honeynet/ovizart-ng)
- [ovizart](https://github.com/honeynet/ovizart)
+
- Binary Management and Analysis Framework
- [Viper](http://viper.li/)
+
- Honeypot
- [Single-honeypot](http://sourceforge.net/projects/single-honeypot/)
- [Honeyd For Windows](http://www.securityprofiling.com/honeyd/honeyd.shtml)
@@ -249,54 +301,77 @@ A related list for many of us is [awesome-pcaptools](https://github.com/caesar03
- [IMHoneypot](https://github.com/glastopf/imhoneypot)
- [Deception Toolkit](http://www.all.net/dtk/dtk.html)
- [Cybercop Sting](http://www.nai.com/international/uk/asp_set/products/tns/ccsting_intro.asp)
+
- PDF document inspector
- [peepdf](https://code.google.com/p/peepdf/)
+
- Distribution system
- [Thug Distributed Task Queuing](https://thug-distributed.readthedocs.org/en/latest/index.html)
+
- HoneyClient Management
- [HoneyWeb](https://code.google.com/p/gsoc-honeyweb/)
+
- Network Analysis
- [HoneyProxy](http://honeyproxy.org/)
+
- Hybrid low/high interaction honeypot
- [HoneyBrid](http://honeybrid.sourceforge.net)
+
- Sebek on Xen
- [xebek](https://code.google.com/p/xebek/)
+
- SSH Honeypot
- [Kojoney](http://kojoney.sourceforge.net/)
+
- Glastopf data analysis
- [Glastopf Analytics](https://github.com/vavkamil/Glastopf-Analytics)
+
- Distributed sensor project
- [DShield Web Honeypot Project](https://sites.google.com/site/webhoneypotsite/)
- [Distributed Web Honeypot Project](http://projects.webappsec.org/w/page/29606603/Distributed%20Web%20Honeypots)
+
- a pcap analyzer
- [Honeysnap](https://projects.honeynet.org/honeysnap/)
+
- Client Web crawler
- [HoneySpider Network](https://github.com/CERT-Polska/hsn2-bundle)
+
- network traffic redirector
- [Honeywall](https://projects.honeynet.org/honeywall/)
+
- Honeypot Distribution with mixed content
- [HoneyDrive](http://bruteforce.gr/honeydrive)
+
- Honeypot sensor
- [Dragon Research Group Distro](https://www.dragonresearchgroup.org/drg-distro.html)
+
- File carving
- [TestDisk & PhotoRec](http://www.cgsecurity.org/)
+
- File and Network Threat Intelligence
- [VirusTotal](http://virustotal.com)
+
- data capture
- [Sebek](https://projects.honeynet.org/sebek/)
+
- SSH proxy
- [HonSSH](https://github.com/tnich/honssh)
+
- Anti-Cheat
- [Minecraft honeypot](http://www.curse.com/bukkit-plugins/minecraft/honeypot)
+
- behavioral analysis tool for win32
- [Capture BAT](https://www.honeynet.org/node/315)
+
- Live CD
- [DAVIX](http://davix.secviz.org)
+
- Spamtrap
- [Spampot.py](http://woozle.org/%7Eneale/src/python/spampot.py)
- [Spamhole](http://www.spamhole.net/)
- [spamd](http://www.openbsd.org/cgi-bin/man.cgi?query=spamd&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html)
- [SMTPot.py](http://llama.whoi.edu/smtpot.py)
+
- Commercial honeynet
- [Specter](http://www.specter.com/default50.htm)
- [Smoke Detector](http://palisadesys.com/products/smokedetector/)
@@ -305,36 +380,79 @@ A related list for many of us is [awesome-pcaptools](https://github.com/caesar03
- [PacketDecoy](http://palisadesys.com/products/packetdecoy/)
- [NetFacade](http://www22.verizon.com/fns/solutions/netsec/netsec_netfacade.html)
- [Netbait](http://www.netbaitinc.com)
+
- Server (Bluetooth)
- [Bluepot](http://code.google.com/p/bluepot/)
-- Honeyd stats
- - [Honeydsum.pl](http://www.honeynet.org.br/)
+
- Dynamic analysis of Android apps
- [Droidbox](https://code.google.com/p/droidbox/)
+
- Dockerized Low Interaction packaging
- [Manuka](https://github.com/andrewmichaelsmith/manuka)
+
- Network analysis
- [Quechua](https://bitbucket.org/zaccone/quechua)
+
- Sebek data visualization
- [Sebek Dataviz](http://www.honeynet.org/gsoc/project4)
+
- Threat Intel feed aggregator / network grapher
- [Malcom](http://malcom.io)
-- Sandbox
- - [Argos](http://www.few.vu.nl/argos/)
+
- SIP Server
- [Artemnesia VoIP](http://artemisa.sourceforge.net)
-- Honeyd plugin
- - [Honeycomb](http://www.honeyd.org/tools.php)
-- Sandbox-as-a-Service
- - [malwr.com](http://malwr.com)
+
- Botnet C2 monitoring
- [botsnoopd](http://botsnoopd.mwcollect.org)
+
- low interaction
- [mysqlpot](https://github.com/schmalle/mysqlpot)
+
- Malware collection
- [Honeybow](http://honeybow.mwcollect.org/)
-- sandbox
+
+## Honeyd Tools
+
+- Honeyd plugin
+ - [Honeycomb](http://www.honeyd.org/tools.php)
+
+- Honeyd viewer
+ - [Honeyview](http://honeyview.sourceforge.net/)
+
+- Honeyd to MySQL connector
+ - [Honeyd2MySQL](http://bruteforce.gr/honeyd2mysql)
+
+- Bootable honeyd
+ - [HOACD](http://www.honeynet.org.br/tools/)
+
+- Honeyd ported to Windows
+ - [Winhoneyd](http://www2.netvigilance.com/winhoneyd)
+
+- A script to visualize statistics from honeyd
+ - [Honeyd-Viz](http://bruteforce.gr/honeyd-viz)
+
+- Honeyd UI
+ - [Honeyd configuration GUI](http://www.citi.umich.edu/u/provos/honeyd/ch01-results/1/)
+
+- Honeyd stats
+ - [Honeydsum.pl](http://www.honeynet.org.br/)
+
+## Network and Artifact Analysis
+
+- Sandbox
- [PHPSandbox](http://www.fieryprophet.com/phpsandbox)
- [RFISandbox](http://monkey.org/~jose/software/rfi-sandbox/)
- [dorothy2](https://github.com/m4rco-/dorothy2)
- [COMODO automated sandbox](https://help.comodo.com/topic-72-1-451-4768-.html)
+
+- Sandbox
+ - [Argos](http://www.few.vu.nl/argos/)
+
+- Sandbox-as-a-Service
+ - [malwr.com](http://malwr.com)
+
+## Visualiation Tools
+
+- Visualization
+ - [HoneyMap](https://github.com/fw42/honeymap)
+ - [HoneyMalt](https://github.com/SneakersInc/HoneyMalt)
\ No newline at end of file