SSH honeypots
Tools
Popular SSH honeypots
Cowrie (SSH/telnet honeypot)
information gathering, learning, security monitoring, threat discovery
Cowrie is a honeypot to emulate SSH and telnet services. It can be used to learn attack methods and as an additional layer for security monitoring.
Dockpot (SSH honeypot based on Docker)
learning, threat discovery
Using an SSH honeypot is a good way to learn about common attacks on the SSH service. It can provide insights on the number of scans and probes on the network.
HonSSH (SSH honeypot)
learning, threat discovery
HonSSH is a high-interaction SSH honeypot to collect information about attackers that target the SSH service.
Kippo (SSH honeypot)
information gathering, intrusion detection, security monitoring
Kippo is a honeypot for SSH connections and written in Python. It can be used to learn about the scripts and attacks that are commonly used against SSH.
Kojoney2 (SSH honeypot)
learning, threat discovery
Kojoney2 is an SSH honeypot based on Kojoney by Jose Antonio Coret. It can be used to learn about threats by mimicking an SSH service.
SSH Honeypot (SSH honeypot)
learning, threat discovery
SSH Honeypot is as the name implies a honeypot to emulate the SSH service. It can be used to learn about threats and commands used by attackers.
SSHHiPot (high-interaction SSH honeypot)
learning, threat discovery
SSHHiPot is a high-interaction SSH honeypot. It captures connections and commands that are to be performed, for the purpose of learning about possible threats.
sshesame (SSH honeypot)
learning, threat discovery
A honeypot can provide valuable insights on commands that automated scripts perform or attackers. By running a honeypot like sshesame, connection details and commands are stored for later analysis. The system itself won't execute the actual commands, to prevent any damage to it.
Missing a favorite tool in this list? Share a tool suggestion and we will review it.