HoneyPi alternatives

Looking for a better tool, or simply want to learn about alternatives? There is typically more than one option.

Alternatives (by tag)

74

Alternative: Conpot

Conpot is an ICS honeypot to collect intelligence and information about attacks against industrial control systems. It is written in Python.

Project details

Conpot is written in Python.

Strengths

  • + More than 25 contributors
  • + The source code of this software is available

Typical usage

  • information gathering
  • intrusion detection
  • learning

Conpot project page

93

Alternative: Cowrie

Cowrie is a honeypot to emulate SSH and telnet services. It can be used to learn attack methods and as an additional layer for security monitoring.

Project details

Cowrie is written in Python.

Strengths

  • + More than 50 contributors
  • + More than 1000 GitHub stars

Typical usage

  • information gathering
  • learning
  • security monitoring

Cowrie project page

52

Alternative: Glastopf

Glastopf is a honeypot for web applications. It is written in Python and collects all kind of attacks against it for further analysis.

Glastopf emulates vulnerabilities in a generic way. Instead of emulating specific vulnerabilities, it mimics being vulnerable for more attacks within that area (e.g. Remote File Inclusion). The tool is modular and allows to be extended with different logging capabilities.

This project is replaced by SNARE.

56

Alternative: Honeyprint

A proof-of-concept honeypot to mimic a printer. May be used to detect attacks against printers and better understand the related risks or required defenses.

There is not much information available about this project, as it is a proof-of-concept on GitHub. It is written by Lukas Rist in 2013, and placed on GitHub early 2016.

85

Alternative: HoneyPy

HoneyPy is a low interaction honeypot written in Python, yet has additional capabilities. Plugins can be created to emulate services that run on UDP or TCP.

The honeypot can be extended by plugins and customization is possible as well. This may increase the interaction level that the honeypot can support. All activity is logged to a file, with the option to post activity to Twitter or a web server.

Project details

HoneyPy is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • security monitoring

HoneyPy project page

64

Alternative: HonTel

HonTel is a honeypot that emulates the telnet service within a chroot environment. It can be used to learn about enumeration activities or new attack methods.

Project details

HonTel is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • learning
  • security monitoring

HonTel project page

44

Alternative: Kippo

Kippo is a honeypot for SSH connections and written in Python. It can be used to learn about the scripts and attacks that are commonly used against SSH.

Project details

Kippo is written in Python.

Strengths

  • + More than 500 GitHub stars
  • + The source code of this software is available

Weaknesses

  • - No updates for a while
  • - Unknown project license

Typical usage

  • information gathering
  • intrusion detection
  • security monitoring

Kippo project page

64

Alternative: mehrai

Mehrai is a honeypot written in Python to simulate telnet traffic. Like most honeypots, it captures information about the actions taken by the attackers.

Project details

mehrai is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • learning
  • network security monitoring
  • security monitoring

mehrai project page

93

Alternative: SNARE

SNARE is a reactive honeypot for security research, detecting attacks, and respond to possible flaws within your environment. It is the successor of Glastopf.

SNARE is an abbreviation for Super Next generation Advanced Reactive honEypot.

Project details

SNARE is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • security monitoring

SNARE project page

85

Alternative: TANNER

TANNER is the 'brain' of the SNARE tool. It evaluates its events and alters the responses to incoming requests depending on the type of attacks.

TANNER and SNARE are used together to form one solution.