Cowrie (SSH/telnet honeypot)
Cowrie is a honeypot to emulate SSH and telnet services. It can be used to learn attack methods and as an additional layer for security monitoring.
Dionaea is a honeypot that can emulate a range of services like FTP, HTTP, MySQL, and SMB. It can be used to see and learn how attackers work.
Dockpot (SSH honeypot based on Docker)
Dockpot uses Docker containers and HonSSH to create on-demand SSH honeypots. It forwards traffic for analysis and learning about attack patterns.
Glastopf is a honeypot for web applications. It is written in Python and collects all kind of attacks against it for further analysis.
Heralding (honeypot to catch credentials)
Heralding is a simple honeypot to collect credentials. It supports common protocols like FTP, SSH, HTTP, etc.
HonSSH (SSH honeypot)
HonSSH is a high-interaction SSH honeypot to collect information about attackers that target the SSH service.
Kippo (SSH honeypot)
Kippo is a honeypot for SSH connections and written in Python. It can be used to learn about the scripts and attacks that are commonly used against SSH.
Kojoney2 (SSH honeypot)
Kojoney2 is an SSH honeypot based on Kojoney by Jose Antonio Coret. It can be used to learn about threats by mimicking an SSH service.
mehrai (telnet honeypot)
Mehrai is a honeypot written in Python to simulate telnet traffic. Like most honeypots, it captures information about the actions taken by the attackers.
sshesame (SSH honeypot)
The sshesame tool provides an SSH honeypot. It accepts connections and then logs any commands that are tried to be executed on the host system.
SSHHiPot (high-interaction SSH honeypot)
SSHHiPot is a high-interaction SSH honeypot. It captures connections and commands that are to be performed, for the purpose of learning about possible threats.
SSH Honeypot (SSH honeypot)
SSH Honeypot is as the name implies a honeypot to emulate the SSH service. It can be used to learn about threats and commands used by attackers.
TANNER (intelligence engine for SNARE tool)
TANNER is the 'brain' of the SNARE tool. It evaluates its events and alters the responses to incoming requests depending on the type of attacks.
Thug (low-interaction honeyclient)
Thug is a low-interaction honeyclient to test for client-side attacks. It mimics a client application, like a web browser and sees if attack code is fired.