19 KiB
Awesome Honeypots
A curated list of awesome honeypots, tools, components and much more. The list is divided into categories such as web, services, and others, focusing on open source projects.
There is no pre-established order of items in each category, the order is for contribution. If you want to contribute, please read the guide.
Discover more awesome lists at sindresorhus/awesome.
Related Lists
- awesome-pcaptools, useful in network traffic analysis
- awesome-malware-analysis, with some overlap here for artifact analysis
Honeypots
-
Database Honeypots
- Elastic honey - A Simple Elasticsearch Honeypot
- mysql - A mysql honeypot, still very very early stage
- A framework for nosql databases ( only redis for now) - The NoSQL Honeypot Framework
- ESPot - ElasticSearch Honeypot
-
Web honeypots
- Glastopf - Web Application Honeypot
- phpmyadmin_honeypot - - A simple and effective phpmyadmin honeypot
- servlet - Webapplication Honeypot
- Nodepot - A nodejs web application honeypot
- basic-auth-pot bap - http Basic Authentication honeyPot
- Shadow Daemon
- Servletpot - Webapplication Honeypot
- Google Hack Honeypot
- smart-honeypot - PHP Script demonstrating a smart honey pot
- PHPHop
- wp-smart-honeypot - Wordpress plugin to reduce comment spam with a smarter honeypot
- wordpot A Wordpress Honeypot
- Bukkit Honeypot Honeypot - A honeypot plugin for Bukkit
- Laravel Application Honeypot Honeypot - Simple spam prevention package for Laravel applications
- stack-honeypot Inserts a trap for spam bots into responses
- EoHoneypotBundle Honeypot type for Symfony2 forms
- shockpot - WebApp Honeypot for detecting Shell Shock exploit attempts
-
Service Honeypots
- Kippo - Medium interaction SSH honeypot
- honeyntp 0 NTP logger/honeypot
- honeypot-camera 0 observation camera honeypot
- troje - a honeypot built around lxc containers. It will run each connection with the service within a seperate lxc container.
- slipm-honeypot - A simple low-interaction port monitoring honeypot
-
Anti-honeypot stuff
- kippo_detect - This is not a honeypot, but it detects kippo. (This guy has lots of more interesting stuff)
-
ICS/SCADA honeypots
- Conpot - ICS/SCADA honeypot
- scada-honeynet
- SCADA honeynet
-
Deployment
- Dionaea and EC2 in 20 Minutes
- honeypotpi - Script for turning a Raspberry Pi into a Honey Pot Pi
-
Data Analysis
- Kippo-Graph
- Kippo stats - Mojolicious app to display statistics for your kippo SSH honeypot
-
Other/random
- NOVA uses honeypots as detectors, looks like a complete system
- Mantrap / Symantec Decoy Server
- BigEye
- BackOfficer Friendly
-
Proxy honeypot
-
Open Relay Spam Honeypot
- SpamHAT - Spam Honeypot Tool
-
Botnet C2 monitor
- Hale - Botnet command & control monitor
-
IPv6 attack detection tool
- ipv6-guard
- ipv6-attack-detector - Google Summer of Code 2012 project, supported by The Honeynet Project organization
-
Honeypot Database
-
Research Paper
-
Honeynet statistics
-
Visual analsysis for network traffic
-
dynamic code instrumentation toolkit
-
Front-end for dionaea
-
Tool to convert website to server honeypots
-
Malware collector
-
Sebek in QEMU
-
Malware Simulator
- imalse - Integrated MALware Simulator and Emulator
-
Distributed sensor deployment
-
Network Analysis Tool
-
Log anonymizer
-
server
-
Botnet traffic detection
-
Low interaction honeypot (router back door)
- Honeypot-32764 - Honeypot for router backdoor (TCP 32764)
-
honeynet farm traffic redirector
-
IDS signature generator
-
Fake wireless access point
-
HTTPS Proxy
-
spamtrap
-
System instrumentation
-
Honeypot for USB-spreading malware
-
Data Collection
-
Passive network audit framework parser
- pnaf - Passive Network Audit Framework
-
VM Introspection
-
Binary debugger
- Hexgolems - Schem Debugger Frontend - A debugger frontend
- Hexgolems - Pint Debugger Backend - A debugger backend and LUA wrapper for PIN
-
Mobile Analysis Tool
- APKinspector - APKinspector is a powerful GUI tool for analysts to analyze the Android applications
- Androguard
-
Low interaction honeypot
-
Honeynet data fusion
-
Server
- [Tiny Honeypot](http://www.alpinista.org/thp/ -> http://web.archive.org/web/20090606073121/http://www.alpinista.org/files/thp/)
- Nephenthes
- LaBrea
- Kippo - SSH honeypot
- KFSensor
- Honeytrap
- Honeyd Also see more honeyd tools
- Honeeebox
- Glastopf
- DNS Honeypot - Simple UDP honeypot scripts
- Dionaea
- Conpot
- Bifrozt
- Beeswarm - Honeypot deployment made easy
- Bait and Switch
- Artillery
- Amun
-
VM cloaking script
-
IDS signature generation
-
Multiple
-
Web interface to packet analyzer
-
lookup service for AS-numbers and prefixes
-
Data Collection / Analysis Tool
-
Web interface (for Thug)
-
Snort binary carving
-
Data Collection / Data Sharing
-
PE-executables analyses
-
Distributed spam tracking
-
Python bindings for libemu
-
Controlled-relay spam honeypot
-
Visualization Tool
- [Webviz](not working)
- Glastopf Analytics
- Afterglow Cloud
- Afterglow
-
central management tool
-
Network connection analyzer
-
Virtual Machine Cloaking
-
Honeypot deployment
-
Honeynet analysis tool
-
Automated malware analysis system
-
Low interaction
-
Low interaction honeypot on USB stick
-
Honeypot extensions to Wireshark
-
Data Analysis Tool
-
Telephony honeypot
-
Client
-
Commercial high interaction honeypot
-
Visual analysis for network traffic
-
Binary Management and Analysis Framework
-
Honeypot
-
PDF document inspector
-
Distribution system
-
HoneyClient Management
-
Network Analysis
-
Hybrid low/high interaction honeypot
-
Sebek on Xen
-
SSH Honeypot
-
Glastopf data analysis
-
Distributed sensor project
-
a pcap analyzer
-
Client Web crawler
-
network traffic redirector
-
Honeypot Distribution with mixed content
-
Honeypot sensor
-
File carving
-
File and Network Threat Intelligence
-
data capture
-
SSH proxy
-
Anti-Cheat
-
behavioral analysis tool for win32
-
Live CD
-
Spamtrap
-
Commercial honeynet
-
Server (Bluetooth)
-
Dynamic analysis of Android apps
-
Dockerized Low Interaction packaging
-
Network analysis
-
Sebek data visualization
-
Threat Intel feed aggregator / network grapher
-
SIP Server
-
Botnet C2 monitoring
-
low interaction
-
Malware collection
Honeyd Tools
-
Honeyd plugin
-
Honeyd viewer
-
Honeyd to MySQL connector
-
Bootable honeyd
-
Honeyd ported to Windows
-
A script to visualize statistics from honeyd
-
Honeyd UI
-
Honeyd stats
Network and Artifact Analysis
-
Sandbox
-
Sandbox
-
Sandbox-as-a-Service
Data Tools
-
Front Ends
- Tango Tango - Honeypot Intelligence with Splunk
- Django-kippo - Django App for kippo SSH Honeypot
-
Visualization