Tool and Usage
|Latest release||No release found|
Why this tool?
Using an SSH honeypot is a good way to learn about common attacks on the SSH service. It can provide insights on the number of scans and probes on the network.
How it works
Dockpot created a Docker container and uses NAT to send SSH connections to it. When the container is no longer used, it destroys the container. When new traffic is coming in, a fresh container is created. Dockpot uses HonSSH, which is its turn is based on the work of the Kippo honeypot.
Usage and audience
Dockpot is commonly used for learning or threat discovery. Target users for this tool are security professionals and system administrators.
Tool review and remarks
The review and analysis of this project resulted in the following remarks for this security tool:
- + The source code of this software is available
- - No releases on GitHub available
Supported operating systems
Dockpot is known to work on Linux.
Several dependencies are required to use Dockpot.
Similar tools to Dockpot:
Cowrie is a honeypot to emulate SSH and telnet services. It can be used to learn attack methods and as an additional layer for security monitoring.
HonSSH is a high-interaction SSH honeypot to collect information about attackers that target the SSH service.
SSH Honeypot is as the name implies a honeypot to emulate the SSH service. It can be used to learn about threats and commands used by attackers.
Found an improvement? Help the community by submitting an update.