SSH honeypots

Tools

Cowrie (SSH/telnet honeypot)

information gathering, learning, security monitoring, threat discovery

Cowrie is a honeypot to emulate SSH and telnet services. It can be used to learn attack methods and as an additional layer for security monitoring.

Dockpot (SSH honeypot based on Docker)

learning, threat discovery

Using an SSH honeypot is a good way to learn about common attacks on the SSH service. It can provide insights on the number of scans and probes on the network.

HonSSH (SSH honeypot)

learning, threat discovery

HonSSH is a high-interaction SSH honeypot to collect information about attackers that target the SSH service.

Kippo (SSH honeypot)

information gathering, intrusion detection, security monitoring

Kippo is a honeypot for SSH connections and written in Python. It can be used to learn about the scripts and attacks that are commonly used against SSH.

Kojoney2 (SSH honeypot)

learning, threat discovery

Kojoney2 is an SSH honeypot based on Kojoney by Jose Antonio Coret. It can be used to learn about threats by mimicking an SSH service.

sshesame (SSH honeypot)

learning, threat discovery

A honeypot can provide valuable insights on commands that automated scripts perform or attackers. By running a honeypot like sshesame, connection details and commands are stored for later analysis. The system itself won't execute the actual commands, to prevent any damage to it.

SSHHiPot (high-interaction SSH honeypot)

learning, threat discovery

SSHHiPot is a high-interaction SSH honeypot. It captures connections and commands that are to be performed, for the purpose of learning about possible threats.

SSH Honeypot (SSH honeypot)

learning, threat discovery

SSH Honeypot is as the name implies a honeypot to emulate the SSH service. It can be used to learn about threats and commands used by attackers.

Missing a favorite tool in this list? Share a tool suggestion and we will review it.