honeypot
Multi-services Honeypot Solution with AI support and dynamic HTTP template.
Trapster Community is a low-interaction honeypot designed to be deployed on internal networks or to capture credentials. It is built to monitor and detect suspicious activities, providing a deceptive layer to network security.
Trapster Community Edition is a powerful open-source honeypot solution designed to enhance your network security. By acting as a decoy system within your infrastructure, Trapster helps detect and track potential threats, providing valuable insights into attacker behavior and network security posture.
Honeypot servers with an integrated threat feed.
Deceptifeed is a honeypot and threat feed server. It runs multiple deceptive network services (honeypots), while the threat feed lists IP addresses that have interacted with the honeypots. Additionally, Deceptifeed provides real-time visibility into honeypot activity, allowing you to monitor logs and interactions as they occur.
SSH tarpit that slowly sends an endless banner.
Endlessh is an SSH tarpit that very slowly sends an endless, random SSH banner. It keeps SSH clients locked up for hours or even days at a time. The purpose is to put your real SSH server on another port and then let the script kiddies get stuck in this tarpit instead of bothering a real server.
Related contents:
This is a tarpit intended to catch web crawlers. Specifically, it's targetting crawlers that scrape data for LLM's - but really, like the plants it is named after, it'll eat just about anything that finds it's way inside.
It works by generating an endless sequences of pages, each of which with dozens of links, that simply go back into a the tarpit. Pages are randomly generated, but in a deterministic way, causing them to appear to be flat files that never change. Intentional delay is added to prevent crawlers from bogging down your server, in addition to wasting their time. Lastly, optional Markov-babble can be added to the pages, to give the crawlers something to scrape up and train their LLMs on, hopefully accelerating model collapse.
Related contents:
Complete Honeypot Solution (Deceptive Security). They think they're attacking, but they're already trapped.
A honeypot acts like a trap: it detects threats without disrupting your operations and without generating false positives. Trapster - one alert, one threat.
Related contents:
🧸 fully isolated honeypot ssh server using thrussh.
A very simple SSH server using thrussh that exposes mocked versions of a bash shell, some commands and SSH subsystems to act as a honeypot for would-be crackers.
All actions undertaken on the connection by the client are recorded in JSON format in an audit log file.
The All In One Multi Honeypot Platform 🐝.
T-Pot is the all in one, optionally distributed, multiarch (amd64, arm64) honeypot plattform, supporting 20+ honeypots and countless visualization options using the Elastic Stack, animated live attack maps and lots of security tools to further improve the deception experience.
Most companies discover they've been breached way too late. Thinkst Canary fixes this: just 3 minutes of setup; no ongoing overhead; nearly 0 false positives, and you can detect attackers long before they dig in. Check out why our Hardware, VM and Cloud-based Canaries are deployed and loved on all 7 continents...
Phish-back your credentials to attackers using contextualized deceptive technology.
HellPot is a cross-platform portal to endless suffering meant to punish unruly HTTP bots. Notably it implements a toml configuration file, has JSON logging, and comes with significant performance gains.
Modular and decentralised honeypot.
OpenCanary is a daemon that runs canary services, which trigger alerts when (ab) is used. The alerts can be sent to a variety of sources, including Syslog, emails, and a companion daemon opencanary-correlator.
SSH Honeypot that gathers creds and attempted commands.
SSH Honeypot that gathers attempted creds, IP addresses and versions. The SSH server will either issue a warning, or drop the attacker into a fake shell.
RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact. PyRDP is a Python Remote Desktop Protocol (RDP) Monster-in-the-Middle (MITM) tool and library.
Cowrie is a medium to high interaction SSH and Telnet honeypot designed to log brute force attacks and the shell interaction performed by the attacker. In medium interaction mode (shell) it emulates a UNIX system in Python, in high interaction mode (proxy) it functions as an SSH and telnet proxy to observe attacker behavior to another system.