Tool and Usage

Dockpot uses Docker containers and HonSSH to create on-demand SSH honeypots. It forwards traffic for analysis and learning about attack patterns.

Why this tool?

Using an SSH honeypot is a good way to learn about common attacks on the SSH service. It can provide insights on the number of scans and probes on the network.

How it works

Dockpot created a Docker container and uses NAT to send SSH connections to it. When the container is no longer used, it destroys the container. When new traffic is coming in, a fresh container is created. Dockpot uses HonSSH, which is its turn is based on the work of the Kippo honeypot.

Usage and audience

This tool is categorized as a honeypot and SSH honeypot.

Dockpot is commonly used for learning or threat discovery. Target users for this tool are security professionals and system administrators.

Tool review

The review and analysis of this project resulted in the following remarks for this security tool:


  • + The source code of this software is available


  • - No releases on GitHub available

Author and Maintainers

Dockpot is under development by Ahmad Aabed.


Support operating systems

Dockpot is known to work on Linux.


Several dependencies are required to use Dockpot.

  • docker-py
  • MySQL
  • PAM
  • pillow
  • pyasn1
  • pycrypto
  • Twisted
This tool page was recently updated. Found an improvement? Become an influencer and submit an update.
Project details
Latest releaseNo release found
Last updatedSept. 30, 2017

Project health

This score is calculated by different factors, like project age, last release date, etc.


GitHub iconGitHub project

Related terms