mirror of
https://github.com/paralax/awesome-honeypots.git
synced 2024-10-01 10:35:45 +00:00
565a6d4d15
thanks @sindresorhus
500 lines
20 KiB
Markdown
500 lines
20 KiB
Markdown
# Awesome Honeypots
|
|
|
|
[![Awesome Honeypots](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome)
|
|
|
|
A curated list of awesome honeypots, tools, components and much more. The list is divided into categories such as web, services, and others, focusing on open source projects.
|
|
|
|
There is no pre-established order of items in each category, the order is for contribution. If you want to contribute, please read the [guide](CONTRIBUTING.md).
|
|
|
|
Discover more awesome lists at [sindresorhus/awesome](https://github.com/sindresorhus/awesome).
|
|
|
|
### Sections
|
|
|
|
- [Honeypots](#honeypots)
|
|
- [Honeyd Tools](#honeyd)
|
|
- [Network and Artifact Analysis](#analysis)
|
|
- [Data Tools](#visualizers)
|
|
- [Guides](#guides)
|
|
|
|
## Related Lists
|
|
- [awesome-pcaptools](https://github.com/caesar0301/awesome-pcaptools), useful in network traffic analysis
|
|
- [awesome-malware-analysis](https://github.com/rshipp/awesome-malware-analysis), with some overlap here for artifact analysis
|
|
|
|
## <a name="honeypots"></a> Honeypots
|
|
|
|
- Database Honeypots
|
|
- [Elastic honey](https://github.com/jordan-wright/elastichoney) - A Simple Elasticsearch Honeypot
|
|
- [mysql](https://github.com/schmalle/MysqlPot) - A mysql honeypot, still very very early stage
|
|
- [A framework for nosql databases ( only redis for now)](https://github.com/torque59/nosqlpot) - The NoSQL Honeypot Framework
|
|
- [ESPot](https://github.com/mycert/ESPot) - ElasticSearch Honeypot
|
|
|
|
- Web honeypots
|
|
- [Glastopf](https://github.com/glastopf/glastopf) - Web Application Honeypot
|
|
- [phpmyadmin_honeypot](https://github.com/gfoss/phpmyadmin_honeypot) - - A simple and effective phpmyadmin honeypot
|
|
- [servlet](https://github.com/schmalle/Servletpot) - Webapplication Honeypot
|
|
- [Nodepot](https://github.com/schmalle/Nodepot) - A nodejs web application honeypot
|
|
- [basic-auth-pot](https://github.com/bjeborn/basic-auth-pot) bap - http Basic Authentication honeyPot
|
|
- [Shadow Daemon](https://shadowd.zecure.org)
|
|
- [Servletpot](http://github.com/schmalle/servletpot) - Webapplication Honeypot
|
|
- [Google Hack Honeypot](http://ghh.sourceforge.net)
|
|
- [smart-honeypot](https://github.com/freak3dot/smart-honeypot) - PHP Script demonstrating a smart honey pot
|
|
- [PHPHop](http://rstack.org/phphop/)
|
|
- [wp-smart-honeypot](https://github.com/freak3dot/wp-smart-honeypot) - Wordpress plugin to reduce comment spam with a smarter honeypot
|
|
- [wordpot](https://github.com/gbrindisi/wordpot) A Wordpress Honeypot
|
|
- [Bukkit Honeypot](https://github.com/Argomirr/Honeypot) Honeypot - A honeypot plugin for Bukkit
|
|
- [Laravel Application Honeypot](https://github.com/msurguy/Honeypot) Honeypot - Simple spam prevention package for Laravel applications
|
|
- [stack-honeypot](https://github.com/CHH/stack-honeypot) Inserts a trap for spam bots into responses
|
|
- [EoHoneypotBundle](https://github.com/eymengunay/EoHoneypotBundle) Honeypot type for Symfony2 forms
|
|
- [shockpot](https://github.com/threatstream/shockpot) - WebApp Honeypot for detecting Shell Shock exploit attempts
|
|
|
|
- Service Honeypots
|
|
- [Kippo](https://github.com/desaster/kippo) - Medium interaction SSH honeypot
|
|
- [honeyntp](https://github.com/fygrave/honeyntp) 0 NTP logger/honeypot
|
|
- [honeypot-camera](https://github.com/alexbredo/honeypot-camera) 0 observation camera honeypot
|
|
- [troje](https://github.com/dutchcoders/troje/) - a honeypot built around lxc containers. It will run each connection with the service within a seperate lxc container.
|
|
- [slipm-honeypot](https://github.com/rshipp/slipm-honeypot) - A simple low-interaction port monitoring honeypot
|
|
|
|
- Anti-honeypot stuff
|
|
- [kippo_detect](https://github.com/andrew-morris/kippo_detect) - This is not a honeypot, but it detects kippo. (This guy has lots of more interesting stuff)
|
|
|
|
- ICS/SCADA honeypots
|
|
- [Conpot](https://github.com/glastopf/conpot) - ICS/SCADA honeypot
|
|
- [scada-honeynet](http://www.digitalbond.com/tools/scada-honeynet/)
|
|
- [SCADA honeynet](http://scadahoneynet.sourceforge.net)
|
|
|
|
- Deployment
|
|
- [Dionaea and EC2 in 20 Minutes](http://andrewmichaelsmith.com/2012/03/dionaea-honeypot-on-ec2-in-20-minutes/)
|
|
- [honeypotpi](https://github.com/free5ty1e/honeypotpi) - Script for turning a Raspberry Pi into a Honey Pot Pi
|
|
|
|
- Data Analysis
|
|
- [Kippo-Graph](http://bruteforce.gr/kippo-graph)
|
|
- [Kippo stats](https://github.com/mfontani/kippo-stats) - Mojolicious app to display statistics for your kippo SSH honeypot
|
|
|
|
- Other/random
|
|
- [NOVA](https://github.com/DataSoft/Nova) uses honeypots as detectors, looks like a complete system
|
|
- [Mantrap / Symantec Decoy Server](http://www.systemhouse.com/symantec/sds.htm)
|
|
- [BigEye](http://violating.us/projects/bigeye/)
|
|
- [BackOfficer Friendly](http://www.nfr.com/resource/backOfficer.php)
|
|
- [Open Canary](https://pypi.python.org/pypi/opencanary) A low interaction honeypot intended to be run on internal networks.
|
|
|
|
- Proxy honeypot
|
|
- [Proxypot](http://proxypot.spamteam.nl)
|
|
|
|
- Open Relay Spam Honeypot
|
|
- [SpamHAT](https://github.com/miguelraulb/spamhat) - Spam Honeypot Tool
|
|
|
|
- Botnet C2 monitor
|
|
- [Hale](http://github.com/pjlantz/Hale) - Botnet command & control monitor
|
|
|
|
- IPv6 attack detection tool
|
|
- [ipv6-guard](https://www.honeynet.org/gsoc2012/slot8)
|
|
- [ipv6-attack-detector](https://github.com/mzweilin/ipv6-attack-detector/) - Google Summer of Code 2012 project, supported by The Honeynet Project organization
|
|
|
|
- Honeypot Database
|
|
- [Manuka](https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&ved=0CCgQFjAB&url=https%3A%2F%2Fstaff.washington.edu%2Fdittrich%2Ftalks%2Fieee-ia-manuka.ppt&ei=nS1fVdDjJeL9ywP5soG4Cg&usg=AFQjCNGTVLU6WQe04DdUd1jzVx3Fmwi6Xg&bvm=bv.93990622,d.bGQ)
|
|
|
|
- Research Paper
|
|
- [vEYE](http://link.springer.com/article/10.1007%2Fs10115-008-0137-3)
|
|
|
|
- Honeynet statistics
|
|
- [HoneyStats](http://sourceforge.net/projects/honeystats/)
|
|
|
|
- Visual analsysis for network traffic
|
|
- [Picviz](http://www.wallinfire.net/picviz)
|
|
|
|
- dynamic code instrumentation toolkit
|
|
- [Frida](http://www.frida.re)
|
|
|
|
- Front-end for dionaea
|
|
- [DionaeaFR](https://github.com/rubenespadas/DionaeaFR)
|
|
|
|
- Tool to convert website to server honeypots
|
|
- [HIHAT](http://hihat.sourceforge.net/)
|
|
|
|
- Malware collector
|
|
- [Kippo-Malware](http://bruteforce.gr/kippo-malware)
|
|
|
|
- Sebek in QEMU
|
|
- [Qebek](https://projects.honeynet.org/sebek/wiki/Qebek)
|
|
|
|
- Malware Simulator
|
|
- [imalse](https://github.com/hbhzwj/imalse) - Integrated MALware Simulator and Emulator
|
|
|
|
- Distributed sensor deployment
|
|
- [Sombria](http://www.lac.co.jp/business/sns/intelligence/sombria_e.html)
|
|
- [Smarthoneypot](http://smarthoneypot.com)
|
|
|
|
- Network Analysis Tool
|
|
- [Tracexploit](https://code.google.com/p/tracexploit/)
|
|
|
|
- Log anonymizer
|
|
- [LogAnon](http://code.google.com/p/loganon/)
|
|
|
|
- server
|
|
- [Honeysink](http://www.honeynet.org/node/773)
|
|
|
|
- Botnet traffic detection
|
|
- [dnsMole](https://code.google.com/p/dns-mole/)
|
|
|
|
- Low interaction honeypot (router back door)
|
|
- [Honeypot-32764](https://github.com/knalli/honeypot-for-tcp-32764) - Honeypot for router backdoor (TCP 32764)
|
|
|
|
- honeynet farm traffic redirector
|
|
- [Honeymole](https://web.archive.org/web/20120122130150/http://www.honeynet.org.pt/index.php/HoneyMole)
|
|
|
|
- IDS signature generator
|
|
- [Nebula](http://nebula.carnivore.it/)
|
|
|
|
- Fake wireless access point
|
|
- [FakeAP](http://www.blackalchemy.to/project/fakeap/)
|
|
|
|
- HTTPS Proxy
|
|
- [mitmproxy](http://mitmproxy.org/)
|
|
|
|
- spamtrap
|
|
- [Jackpot Mailswerver](http://jackpot.uk.net/)
|
|
- [SendMeSpamIDS.py](https://github.com/johestephan/SendMeSpamIDS.py) Simple SMTP fetch all IDS and analyzer
|
|
|
|
- System instrumentation
|
|
- [Sysdig](http://www.sysdig.org)
|
|
|
|
- Honeypot for USB-spreading malware
|
|
- [Ghost-usb](https://code.google.com/p/ghost-usb-honeypot/)
|
|
|
|
- Data Collection
|
|
- [Kippo2MySQL](http://bruteforce.gr/kippo2mysql)
|
|
- [Kippo2ElasticSearch](http://bruteforce.gr/kippo2elasticsearch)
|
|
|
|
- Passive network audit framework parser
|
|
- [pnaf](https://github.com/jusafing/pnaf) - Passive Network Audit Framework
|
|
|
|
- VM Introspection
|
|
- [VIX virtual machine introspection toolkit](http://assert.uaf.edu/research/vmi.html)
|
|
- [xenaccess](https://code.google.com/p/xenaccess/)
|
|
- [vmscope](http://cs.gmu.edu/~xwangc/Publications/RAID07-VMscope.pdf)
|
|
- [vmitools](http://libvmi.com/)
|
|
|
|
- Binary debugger
|
|
- [Hexgolems - Schem Debugger Frontend](https://github.com/hexgolems/schem) - A debugger frontend
|
|
- [Hexgolems - Pint Debugger Backend](https://github.com/hexgolems/pint) - A debugger backend and LUA wrapper for PIN
|
|
|
|
- Mobile Analysis Tool
|
|
- [APKinspector](https://github.com/honeynet/apkinspector/) - APKinspector is a powerful GUI tool for analysts to analyze the Android applications
|
|
- [Androguard](https://code.google.com/p/androguard/)
|
|
|
|
- Low interaction honeypot
|
|
- [Honeypoint](http://microsolved.com/?page_id=69)
|
|
- [Honeyperl](http://sourceforge.net/projects/honeyperl/)
|
|
|
|
- Honeynet data fusion
|
|
- [HFlow2](https://projects.honeynet.org/hflow)
|
|
|
|
- Server
|
|
- [Tiny Honeypot](http://www.alpinista.org/thp/ -> http://web.archive.org/web/20090606073121/http://www.alpinista.org/files/thp/)
|
|
- [Nephenthes](http://nepenthes.carnivore.it//)
|
|
- [LaBrea](http://labrea.sourceforge.net/labrea-info.html)
|
|
- [Kippo](https://github.com/desaster/kippo) - SSH honeypot
|
|
- [KFSensor](http://www.keyfocus.net/kfsensor/)
|
|
- [Honeytrap](http://honeytrap.carnivore.it/)
|
|
- [Honeyd](https://github.com/provos/honeyd) Also see [more honeyd tools](#honeyd)
|
|
- [Honeeebox](http://honeeebox.net)
|
|
- [Glastopf](http://glastopf.org/)
|
|
- [DNS Honeypot](https://github.com/jekil/UDPot) - Simple UDP honeypot scripts
|
|
- [Dionaea](http://dionaea.carnivore.it/)
|
|
- [Conpot](http://conpot.org/)
|
|
- [Bifrozt](http://sourceforge.net/projects/bifrozt/)
|
|
- [Beeswarm](http://www.beeswarm-ids.org/) - Honeypot deployment made easy
|
|
- [Bait and Switch](http://baitnswitch.sourceforge.net)
|
|
- [Artillery](https://github.com/trustedsec/artillery/)
|
|
- [Amun](http://amunhoney.sourceforge.net)
|
|
|
|
- VM cloaking script
|
|
- [Antivmdetect](https://github.com/nsmfoo/antivmdetection)
|
|
|
|
- IDS signature generation
|
|
- [Honeycomb](http://www.cl.cam.ac.uk/~cpk25/honeycomb/)
|
|
|
|
- Multiple
|
|
- [Honeeepi](https://redmine.honeynet.org/projects/honeeepi/wiki)
|
|
|
|
- Web interface to packet analyzer
|
|
- [OpenWitness](https://github.com/oguzy/openwitness)
|
|
|
|
- lookup service for AS-numbers and prefixes
|
|
- [CC2ASN](http://www.cc2asn.com/)
|
|
|
|
- Data Collection / Analysis Tool
|
|
- [Carniwwwhore](http://carnivore.it/2010/11/27/carniwwwhore)
|
|
|
|
- Web interface (for Thug)
|
|
- [Rumal](https://github.com/pdelsante/rumal)
|
|
|
|
- Snort binary carving
|
|
- [Pehunter](http://src.carnivore.it/pehunter/)
|
|
|
|
- Data Collection / Data Sharing
|
|
- [HPfriends](http://hpfriends.honeycloud.net/#/home) - data-sharing platform
|
|
- [HPFeeds](https://github.com/rep/hpfeeds/) - lightweight authenticated publish-subscribe protocol
|
|
|
|
- PE-executables analyses
|
|
- [Xandora](http://www.xandora.net/xangui/)
|
|
|
|
- Distributed spam tracking
|
|
- [Project Honeypot](https://www.projecthoneypot.org)
|
|
|
|
- Python bindings for libemu
|
|
- [Pylibemu](https://github.com/buffer/pylibemu)
|
|
|
|
- Controlled-relay spam honeypot
|
|
- [Shiva](https://github.com/shiva-spampot/shiva)
|
|
- [Shiva The Spam Honeypot Tips And Tricks For Getting It Up And Running](https://www.pentestpartners.com/blog/shiva-the-spam-honeypot-tips-and-tricks-for-getting-it-up-and-running/)
|
|
|
|
- Visualization Tool
|
|
- [Webviz](not working)
|
|
- [Glastopf Analytics](https://github.com/vavkamil/Glastopf-Analytics)
|
|
- [Afterglow Cloud](http://afterglow.secviz.org/)
|
|
- [Afterglow](http://afterglow.sourceforge.net/)
|
|
|
|
- central management tool
|
|
- [PHARM](http://www.nepenthespharm.com/)
|
|
|
|
- Network connection analyzer
|
|
- [Impost](http://impost.sourceforge.net/)
|
|
|
|
- Virtual Machine Cloaking
|
|
- [VMCloak](https://github.com/jbremer/vmcloak)
|
|
|
|
- Honeypot deployment
|
|
- [Modern Honeynet Network](http://threatstream.github.io/mhn/)
|
|
- [SurfIDS](http://ids.surfnet.nl/)
|
|
|
|
- Honeynet analysis tool
|
|
- [Honeynet Security Console](http://www.activeworx.org/programs/hsc/index.htm)
|
|
|
|
- Automated malware analysis system
|
|
- [Cuckoo](http://www.cuckoosandbox.org/)
|
|
- [Anubis](https://anubis.iseclab.org/)
|
|
|
|
- Low interaction
|
|
- [mwcollectd](http//git.mwcollect.org/mwcollectd)
|
|
|
|
- Low interaction honeypot on USB stick
|
|
- [Honeystick](http://www.ukhoneynet.org/research/honeystick-howto/)
|
|
|
|
- Honeypot extensions to Wireshark
|
|
- [Whireshark Extensions](https://www.honeynet.org/project/WiresharkExtensions)
|
|
|
|
- Data Analysis Tool
|
|
- [HpfeedsHoneyGraph](https://github.com/yuchincheng/HpfeedsHoneyGraph)
|
|
- [Acapulco](https://github.com/hgascon/Acapulco4HNP)
|
|
|
|
- Telephony honeypot
|
|
- [Zapping Rachel](https://seanmckaybeck.com/2014/08/17/zapping-rachel/)
|
|
|
|
- Client
|
|
- [Pwnypot](https://github.com/shjalayeri/pwnypot)
|
|
- [MonkeySpider](http://monkeyspider.sourceforge.net)
|
|
- [Capture-HPC-NG](https://github.com/CERT-Polska/HSN-Capture-HPC-NG)
|
|
- [Wepawet](http://wepawet.cs.ucsb.edu/about.php)
|
|
- [URLQuery](https://urlquery.net/)
|
|
- [Trigona](https://www.honeynet.org/project/Trigona)
|
|
- [Thug](https://buffer.github.io/thug/)
|
|
- [Shelia](http://www.cs.vu.nl/~herbertb/misc/shelia/)
|
|
- [PhoneyC](https://github.com/honeynet/phoneyc)
|
|
- [Libemu](http://libemu.carnivore.it/)
|
|
- [Jsunpack-n](https://code.google.com/p/jsunpack-n/)
|
|
- [HoneyC](https://projects.honeynet.org/honeyc)
|
|
- [HoneyBOT](http://www.atomicsoftwaresolutions.com/honeybot.php)
|
|
- [CWSandbox / GFI Sandbox](http://www.gfi.com/malware-analysis-tool)
|
|
- [Capture-HPC-Linux](https://redmine.honeynet.org/projects/linux-capture-hpc/wiki)
|
|
- [Capture-HPC](https://projects.honeynet.org/capture-hpc)
|
|
- [Andrubis](https://anubis.iseclab.org/)
|
|
|
|
- Commercial high interaction honeypot
|
|
- [Countertack Scout](http://www.countertack.com/countertack-scout)
|
|
|
|
- Visual analysis for network traffic
|
|
- [ovizart-ng](https://github.com/honeynet/ovizart-ng)
|
|
- [ovizart](https://github.com/honeynet/ovizart)
|
|
|
|
- Binary Management and Analysis Framework
|
|
- [Viper](http://viper.li/)
|
|
|
|
- Honeypot
|
|
- [Single-honeypot](http://sourceforge.net/projects/single-honeypot/)
|
|
- [Honeyd For Windows](http://www.securityprofiling.com/honeyd/honeyd.shtml)
|
|
- [SWiSH](http://shat.net/swish/)
|
|
- [IMHoneypot](https://github.com/glastopf/imhoneypot)
|
|
- [Deception Toolkit](http://www.all.net/dtk/dtk.html)
|
|
- [Cybercop Sting](http://www.nai.com/international/uk/asp_set/products/tns/ccsting_intro.asp)
|
|
|
|
- PDF document inspector
|
|
- [peepdf](https://github.com/jesparza/peepdf)
|
|
|
|
- Distribution system
|
|
- [Thug Distributed Task Queuing](https://thug-distributed.readthedocs.org/en/latest/index.html)
|
|
|
|
- HoneyClient Management
|
|
- [HoneyWeb](https://code.google.com/p/gsoc-honeyweb/)
|
|
|
|
- Network Analysis
|
|
- [HoneyProxy](http://honeyproxy.org/)
|
|
|
|
- Hybrid low/high interaction honeypot
|
|
- [HoneyBrid](http://honeybrid.sourceforge.net)
|
|
|
|
- Sebek on Xen
|
|
- [xebek](https://code.google.com/p/xebek/)
|
|
|
|
- SSH Honeypot
|
|
- [Kojoney](http://kojoney.sourceforge.net/)
|
|
- [Cowrie](https://github.com/micheloosterhof/cowrie)
|
|
|
|
- Glastopf data analysis
|
|
- [Glastopf Analytics](https://github.com/vavkamil/Glastopf-Analytics)
|
|
|
|
- Distributed sensor project
|
|
- [DShield Web Honeypot Project](https://sites.google.com/site/webhoneypotsite/)
|
|
- [Distributed Web Honeypot Project](http://projects.webappsec.org/w/page/29606603/Distributed%20Web%20Honeypots)
|
|
|
|
- a pcap analyzer
|
|
- [Honeysnap](https://projects.honeynet.org/honeysnap/)
|
|
|
|
- Client Web crawler
|
|
- [HoneySpider Network](https://github.com/CERT-Polska/hsn2-bundle)
|
|
|
|
- network traffic redirector
|
|
- [Honeywall](https://projects.honeynet.org/honeywall/)
|
|
|
|
- Honeypot Distribution with mixed content
|
|
- [HoneyDrive](http://bruteforce.gr/honeydrive)
|
|
|
|
- Honeypot sensor
|
|
- [Dragon Research Group Distro](https://www.dragonresearchgroup.org/drg-distro.html)
|
|
|
|
- File carving
|
|
- [TestDisk & PhotoRec](http://www.cgsecurity.org/)
|
|
|
|
- File and Network Threat Intelligence
|
|
- [VirusTotal](http://virustotal.com)
|
|
|
|
- data capture
|
|
- [Sebek](https://projects.honeynet.org/sebek/)
|
|
|
|
- SSH proxy
|
|
- [HonSSH](https://github.com/tnich/honssh)
|
|
|
|
- Anti-Cheat
|
|
- [Minecraft honeypot](http://www.curse.com/bukkit-plugins/minecraft/honeypot)
|
|
|
|
- behavioral analysis tool for win32
|
|
- [Capture BAT](https://www.honeynet.org/node/315)
|
|
|
|
- Live CD
|
|
- [DAVIX](http://davix.secviz.org)
|
|
|
|
- Spamtrap
|
|
- [Spampot.py](http://woozle.org/%7Eneale/src/python/spampot.py)
|
|
- [Spamhole](http://www.spamhole.net/)
|
|
- [spamd](http://www.openbsd.org/cgi-bin/man.cgi?query=spamd&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html)
|
|
- [SMTPot.py](http://llama.whoi.edu/smtpot.py)
|
|
- [Mail::SMTP::Honeypot](http://search.cpan.org/~miker/Mail-SMTP-Honeypot-0.11/Honeypot.pm) - perl module that appears to provide the functionality of a standard SMTP server
|
|
|
|
- Commercial honeynet
|
|
- [Specter](http://www.specter.com/default50.htm)
|
|
- [Smoke Detector](http://palisadesys.com/products/smokedetector/)
|
|
- [Sandtrap](http://www.sandstorm.net/products/sandtrap/)
|
|
- [PatriotBox](http://www.alkasis.com/?fuseaction=products.info&id=20)
|
|
- [PacketDecoy](http://palisadesys.com/products/packetdecoy/)
|
|
- [NetFacade](http://www22.verizon.com/fns/solutions/netsec/netsec_netfacade.html)
|
|
- [Netbait](http://www.netbaitinc.com)
|
|
|
|
- Server (Bluetooth)
|
|
- [Bluepot](http://code.google.com/p/bluepot/)
|
|
|
|
- Dynamic analysis of Android apps
|
|
- [Droidbox](https://code.google.com/p/droidbox/)
|
|
|
|
- Dockerized Low Interaction packaging
|
|
- [Manuka](https://github.com/andrewmichaelsmith/manuka)
|
|
- [Dockerized Thug](https://registry.hub.docker.com/u/honeynet/thug/)
|
|
- [Dockerpot](https://github.com/mrschyte/dockerpot) A docker based honeypot.
|
|
- [Docker honeynet](https://github.com/sreinhardt/Docker-Honeynet) Several Honeynet tools set up for Docker containers
|
|
|
|
- Network analysis
|
|
- [Quechua](https://bitbucket.org/zaccone/quechua)
|
|
|
|
- Sebek data visualization
|
|
- [Sebek Dataviz](http://www.honeynet.org/gsoc/project4)
|
|
|
|
- Threat Intel feed aggregator / network grapher
|
|
- [Malcom](http://malcom.io)
|
|
|
|
- SIP Server
|
|
- [Artemnesia VoIP](http://artemisa.sourceforge.net)
|
|
|
|
- Botnet C2 monitoring
|
|
- [botsnoopd](http://botsnoopd.mwcollect.org)
|
|
|
|
- low interaction
|
|
- [mysqlpot](https://github.com/schmalle/mysqlpot)
|
|
|
|
- Malware collection
|
|
- [Honeybow](http://honeybow.mwcollect.org/)
|
|
|
|
## <a name="honeyd"></a> Honeyd Tools
|
|
|
|
- Honeyd plugin
|
|
- [Honeycomb](http://www.honeyd.org/tools.php)
|
|
|
|
- Honeyd viewer
|
|
- [Honeyview](http://honeyview.sourceforge.net/)
|
|
|
|
- Honeyd to MySQL connector
|
|
- [Honeyd2MySQL](http://bruteforce.gr/honeyd2mysql)
|
|
|
|
- Bootable honeyd
|
|
- [HOACD](http://www.honeynet.org.br/tools/)
|
|
|
|
- Honeyd ported to Windows
|
|
- [Winhoneyd](http://www2.netvigilance.com/winhoneyd)
|
|
|
|
- A script to visualize statistics from honeyd
|
|
- [Honeyd-Viz](http://bruteforce.gr/honeyd-viz)
|
|
|
|
- Honeyd UI
|
|
- [Honeyd configuration GUI](http://www.citi.umich.edu/u/provos/honeyd/ch01-results/1/)
|
|
|
|
- Honeyd stats
|
|
- [Honeydsum.pl](http://www.honeynet.org.br/)
|
|
|
|
## <a name="analysis"></a> Network and Artifact Analysis
|
|
|
|
- Sandbox
|
|
- [PHPSandbox](http://www.fieryprophet.com/phpsandbox)
|
|
- [RFISandbox](http://monkey.org/~jose/software/rfi-sandbox/)
|
|
- [dorothy2](https://github.com/m4rco-/dorothy2)
|
|
- [COMODO automated sandbox](https://help.comodo.com/topic-72-1-451-4768-.html)
|
|
|
|
- Sandbox
|
|
- [Argos](http://www.few.vu.nl/argos/)
|
|
|
|
- Sandbox-as-a-Service
|
|
- [malwr.com](http://malwr.com) - free malware analysis service and community
|
|
- [detux.org](http://detux.org) - Multiplatform Linux Sandbox
|
|
|
|
## <a name="visualizers"></a> Data Tools
|
|
|
|
- Front Ends
|
|
- [Tango](https://github.com/aplura/Tango) Tango - Honeypot Intelligence with Splunk
|
|
- [Django-kippo](https://github.com/jedie/django-kippo) - Django App for kippo SSH Honeypot
|
|
|
|
- Visualization
|
|
- [HoneyMap](https://github.com/fw42/honeymap)
|
|
- [HoneyMalt](https://github.com/SneakersInc/HoneyMalt)
|
|
|
|
## <a name="guides"></a>Guides
|
|
|
|
- [T-Pot: A Multi-Honeypot Platform](https://dtag-dev-sec.github.io/mediator/feature/2015/03/17/concept.html)
|
|
- [Honeypot (Dionaea and kippo) setup script](https://github.com/andrewmichaelsmith/honeypot-setup-script/)
|