Tool and Usage
Dockpot uses Docker containers and HonSSH to create on-demand SSH honeypots. It forwards traffic for analysis and learning about attack patterns.
Why this tool?
Using an SSH honeypot is a good way to learn about common attacks on the SSH service. It can provide insights on the number of scans and probes on the network.
How it works
Dockpot created a Docker container and uses NAT to send SSH connections to it. When the container is no longer used, it destroys the container. When new traffic is coming in, a fresh container is created. Dockpot uses HonSSH, which is its turn is based on the work of the Kippo honeypot.
Usage and audience
Dockpot is commonly used for learning or threat discovery. Target users for this tool are security professionals and system administrators.
- + The source code of this software is available
- - No releases on GitHub available
Author and Maintainers
Dockpot is under development by Ahmad Aabed.
Support operating systems
Dockpot is known to work on Linux.
Several dependencies are required to use Dockpot.