SSH honeypots

Tools

Cowrie (SSH/telnet honeypot)

Cowrie is a honeypot to emulate SSH and telnet services. It can be used to learn attack methods and as an additional layer for security monitoring.

» Cowrie review and details

Dockpot (SSH honeypot based on Docker)

Dockpot uses Docker containers and HonSSH to create on-demand SSH honeypots. It forwards traffic for analysis and learning about attack patterns.

» Dockpot review and details

HonSSH (SSH honeypot)

HonSSH is a high-interaction SSH honeypot to collect information about attackers that target the SSH service.

» HonSSH review and details

Kippo (SSH honeypot)

Kippo is a honeypot for SSH connections and written in Python. It can be used to learn about the scripts and attacks that are commonly used against SSH.

» Kippo review and details

Kojoney2 (SSH honeypot)

Kojoney2 is an SSH honeypot based on Kojoney by Jose Antonio Coret. It can be used to learn about threats by mimicking an SSH service.

» Kojoney2 review and details

sshesame (SSH honeypot)

The sshesame tool provides an SSH honeypot. It accepts connections and then logs any commands that are tried to be executed on the host system.

» Sshesame review and details

SSHHiPot (high-interaction SSH honeypot)

SSHHiPot is a high-interaction SSH honeypot. It captures connections and commands that are to be performed, for the purpose of learning about possible threats.

» SSHHiPot review and details

SSH Honeypot (SSH honeypot)

SSH Honeypot is as the name implies a honeypot to emulate the SSH service. It can be used to learn about threats and commands used by attackers.

» SSH Honeypot review and details