Honeypots

Tools

Cowrie (SSH/telnet honeypot)

Cowrie is a honeypot to emulate SSH and telnet services. It can be used to learn attack methods and as an additional layer for security monitoring.

» Cowrie review and details

Dionaea (honeypot)

Dionaea is a honeypot that can emulate a range of services like FTP, HTTP, MySQL, and SMB. It can be used to see and learn how attackers work.

» Dionaea review and details

Dockpot (SSH honeypot based on Docker)

Dockpot uses Docker containers and HonSSH to create on-demand SSH honeypots. It forwards traffic for analysis and learning about attack patterns.

» Dockpot review and details

Glastopf (honeypot)

Glastopf is a honeypot for web applications. It is written in Python and collects all kind of attacks against it for further analysis.

» Glastopf review and details

HonSSH (SSH honeypot)

HonSSH is a high-interaction SSH honeypot to collect information about attackers that target the SSH service.

» HonSSH review and details

Kippo (SSH honeypot)

Kippo is a honeypot for SSH connections and written in Python. It can be used to learn about the scripts and attacks that are commonly used against SSH.

» Kippo review and details

Kojoney2 (SSH honeypot)

Kojoney2 is an SSH honeypot based on Kojoney by Jose Antonio Coret. It can be used to learn about threats by mimicking an SSH service.

» Kojoney2 review and details

mehrai (telnet honeypot)

Mehrai is a honeypot written in Python to simulate telnet traffic. Like most honeypots, it captures information about the actions taken by the attackers.

» Mehrai review and details

sshesame (SSH honeypot)

The sshesame tool provides an SSH honeypot. It accepts connections and then logs any commands that are tried to be executed on the host system.

» Sshesame review and details

SSHHiPot (high-interaction SSH honeypot)

SSHHiPot is a high-interaction SSH honeypot. It captures connections and commands that are to be performed, for the purpose of learning about possible threats.

» SSHHiPot review and details

SSH Honeypot (SSH honeypot)

SSH Honeypot is as the name implies a honeypot to emulate the SSH service. It can be used to learn about threats and commands used by attackers.

» SSH Honeypot review and details

TANNER (intelligence engine for SNARE tool)

TANNER is the 'brain' of the SNARE tool. It evaluates its events and alters the responses to incoming requests depending on the type of attacks.

» TANNER review and details

Thug (low-interaction honeyclient)

Thug is a low-interaction honeyclient to test for client-side attacks. It mimics a client application, like a web browser and sees if attack code is fired.

» Thug review and details