HUGE List of the best Linux Unix Windows HoneyPots Available for Download

Honeypots

  • Database Honeypots
    • Delilah – Elasticsearch Honeypot written in Python (originally from Novetta).
    • ESPot – Elasticsearch honeypot written in NodeJS, to capture every attempts to exploit CVE-2014-3120.
    • Elastic honey – Simple Elasticsearch Honeypot.
    • HoneyMysql – Simple Mysql honeypot project.
    • MongoDB-HoneyProxy – MongoDB honeypot proxy.
    • MongoDB-HoneyProxyPy – MongoDB honeypot proxy by python3.
    • NoSQLpot – Honeypot framework built on a NoSQL-style database.
    • mysql-honeypotd – Low interaction MySQL honeypot written in C.
    • MysqlPot – MySQL honeypot, still very early stage.
    • pghoney – Low-interaction Postgres Honeypot.
    • sticky_elephant – Medium interaction postgresql honeypot.
  • Web honeypots
    • Bukkit Honeypot – Honeypot plugin for Bukkit.
    • EoHoneypotBundle – Honeypot type for Symfony2 forms.
    • Glastopf – Web Application Honeypot.
    • Google Hack Honeypot – Designed to provide reconnaissance against attackers that use search engines as a hacking tool against your resources.
    • Laravel Application Honeypot – Simple spam prevention package for Laravel applications.
    • Nodepot – NodeJS web application honeypot.
    • Servletpot – Web application Honeypot.
    • Shadow Daemon – Modular Web Application Firewall / High-Interaction Honeypot for PHP, Perl, and Python apps.
    • StrutsHoneypot – Struts Apache 2 based honeypot as well as a detection module for Apache 2 servers.
    • WebTrap – Designed to create deceptive webpages to deceive and redirect attackers away from real websites.
    • basic-auth-pot (bap) – HTTP Basic Authentication honeypot.
    • bwpot – Breakable Web applications honeyPot.
    • django-admin-honeypot – Fake Django admin login screen to notify admins of attempted unauthorized access.
    • drupo – Drupal Honeypot.
    • honeyhttpd – Python-based web server honeypot builder.
    • phpmyadmin_honeypot – Simple and effective phpMyAdmin honeypot.
    • shockpot – WebApp Honeypot for detecting Shell Shock exploit attempts.
    • smart-honeypot – PHP Script demonstrating a smart honey pot.
    • Snare/Tanner – successors to Glastopf
      • Snare – Super Next generation Advanced Reactive honeypot.
      • Tanner – Evaluating SNARE events.
    • stack-honeypot – Inserts a trap for spam bots into responses.
    • tomcat-manager-honeypot – Honeypot that mimics Tomcat manager endpoints. Logs requests and saves attacker’s WAR file for later study
    • WordPress honeypots
      • HonnyPotter – WordPress login honeypot for collection and analysis of failed login attempts.
      • HoneyPress – Python based WordPress honeypot in a Docker container.
      • wp-smart-honeypot – WordPress plugin to reduce comment spam with a smarter honeypot.
      • wordpot – WordPress Honeypot.
  • Service Honeypots
    • ADBHoney – Low interaction honeypot that simulates an Android device running Android Debug Bridge (ADB) server process.
    • AMTHoneypot – Honeypot for Intel’s AMT Firmware Vulnerability CVE-2017-5689.
    • Ensnare – Easy to deploy Ruby honeypot.
    • HoneyPy – Low interaction honeypot.
    • Honeygrove – Multi-purpose modular honeypot based on Twisted.
    • Honeyport – Simple honeyport written in Bash and Python.
    • Honeyprint – Printer honeypot.
    • Lyrebird – Modern high-interaction honeypot framework.
    • MICROS honeypot – Low interaction honeypot to detect CVE-2018-2636 in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (MICROS).
    • RDPy – Microsoft Remote Desktop Protocol (RDP) honeypot implemented in Python.
    • SMB Honeypot – High interaction SMB service honeypot capable of capturing wannacry-like Malware.
    • Tom’s Honeypot – Low interaction Python honeypot.
    • WebLogic honeypot – Low interaction honeypot to detect CVE-2017-10271 in the Oracle WebLogic Server component of Oracle Fusion Middleware.
    • WhiteFace Honeypot – Twisted based honeypot for WhiteFace.
    • honeycomb_plugins – Plugin repository for Honeycomb, the honeypot framework by Cymmetria.
    • honeyntp – NTP logger/honeypot.
    • honeypot-camera – Observation camera honeypot.
    • honeypot-ftp – FTP Honeypot.
    • honeytrap – Advanced Honeypot framework written in Go that can be connected with other honeypot software.
    • pyrdp – RDP man-in-the-middle and library for Python 3 with the ability to watch connections live or after the fact.
    • troje – Honeypot that runs each connection with the service within a seperate LXC container.
  • Distributed Honeypots
  • Anti-honeypot stuff
    • kippo_detect – Offensive component that detects the presence of the kippo honeypot.
  • ICS/SCADA honeypots
    • Conpot – ICS/SCADA honeypot.
    • GasPot – Veeder Root Gaurdian AST, common in the oil and gas industry.
    • SCADA honeynet – Building Honeypots for Industrial Networks.
    • gridpot – Open source tools for realistic-behaving electric grid honeynets.
    • scada-honeynet – Mimics many of the services from a popular PLC and better helps SCADA researchers understand potential risks of exposed control system devices.
  • Other/random
    • Damn Simple Honeypot (DSHP) – Honeypot framework with pluggable handlers.
    • NOVA – Uses honeypots as detectors, looks like a complete system.
    • OpenFlow Honeypot (OFPot) – Redirects traffic for unused IPs to a honeypot, built on POX.
    • OpenCanary – Modular and decentralised honeypot daemon that runs several canary versions of services that alerts when a service is (ab)used.
    • ciscoasa_honeypot A low interaction honeypot for the Cisco ASA component capable of detecting CVE-2018-0101, a DoS and remote code execution vulnerability.
    • miniprint – A medium interaction printer honeypot.
  • Botnet C2 tools
    • Hale – Botnet command and control monitor.
    • dnsMole – Analyses DNS traffic and potentionaly detect botnet command and control server activity, along with infected hosts.
  • IPv6 attack detection tool
    • ipv6-attack-detector – Google Summer of Code 2012 project, supported by The Honeynet Project organization.
  • Dynamic code instrumentation toolkit
    • Frida – Inject JavaScript to explore native apps on Windows, Mac, Linux, iOS and Android.
  • Tool to convert website to server honeypots
    • HIHAT – Transform arbitrary PHP applications into web-based high-interaction Honeypots.
  • Malware collector
    • Kippo-Malware – Python script that will download all malicious files stored as URLs in a Kippo SSH honeypot database.
  • Distributed sensor deployment
    • Modern Honey Network – Multi-snort and honeypot sensor management, uses a network of VMs, small footprint SNORT installations, stealthy dionaeas, and a centralized server for management.
  • Network Analysis Tool
  • Log anonymizer
    • LogAnon – Log anonymization library that helps having anonymous logs consistent between logs and network captures.
  • Low interaction honeypot (router back door)
    • Honeypot-32764 – Honeypot for router backdoor (TCP 32764).
    • WAPot – Honeypot that can be used to observe traffic directed at home routers.
  • honeynet farm traffic redirector
    • Honeymole – Deploy multiple sensors that redirect traffic to a centralized collection of honeypots.
  • HTTPS Proxy
    • mitmproxy – Allows traffic flows to be intercepted, inspected, modified, and replayed.
  • System instrumentation
    • Sysdig – Open source, system-level exploration allows one to capture system state and activity from a running GNU/Linux instance, then save, filter, and analyze the results.
    • Fibratus – Tool for exploration and tracing of the Windows kernel.
  • Honeypot for USB-spreading malware
    • Ghost-usb – Honeypot for malware that propagates via USB storage devices.
  • Data Collection
    • Kippo2MySQL – Extracts some very basic stats from Kippo’s text-based log files and inserts them in a MySQL database.
    • Kippo2ElasticSearch – Python script to transfer data from a Kippo SSH honeypot MySQL database to an ElasticSearch instance (server or cluster).
  • Passive network audit framework parser
  • VM monitoring and tools
    • Antivmdetect – Script to create templates to use with VirtualBox to make VM detection harder.
    • VMCloak – Automated Virtual Machine Generation and Cloaking for Cuckoo Sandbox.
    • vmitools – C library with Python bindings that makes it easy to monitor the low-level details of a running virtual machine.
  • Binary debugger
  • Mobile Analysis Tool
    • Androguard – Reverse engineering, Malware and goodware analysis of Android applications and more.
    • APKinspector – Powerful GUI tool for analysts to analyze the Android applications.
  • Low interaction honeypot
    • Honeyperl – Honeypot software based in Perl with plugins developed for many functions like : wingates, telnet, squid, smtp, etc.
    • T-Pot – All in one honeypot appliance from telecom provider T-Mobile
  • Honeynet data fusion
    • HFlow2 – Data coalesing tool for honeynet/network analysis.
  • Server
    • Amun – Vulnerability emulation honeypot.
    • Artillery – Open-source blue team tool designed to protect Linux and Windows operating systems through multiple methods.
    • Bait and Switch – Redirects all hostile traffic to a honeypot that is partially mirroring your production system.
    • Bifrozt – Automatic deploy bifrozt with ansible.
    • Conpot – Low interactive server side Industrial Control Systems honeypot.
    • Heralding – Credentials catching honeypot.
    • HoneyWRT – Low interaction Python honeypot designed to mimic services or ports that might get targeted by attackers.
    • Honeyd – See honeyd tools.
    • Honeysink – Open source network sinkhole that provides a mechanism for detection and prevention of malicious traffic on a given network.
    • Hontel – Telnet Honeypot.
    • KFSensor – Windows based honeypot Intrusion Detection System (IDS).
    • LaBrea – Takes over unused IP addresses, and creates virtual servers that are attractive to worms, hackers, and other denizens of the Internet.
    • MTPot – Open Source Telnet Honeypot, focused on Mirai malware.
    • SIREN – Semi-Intelligent HoneyPot Network – HoneyNet Intelligent Virtual Environment.
    • TelnetHoney – Simple telnet honeypot.
    • UDPot Honeypot – Simple UDP/DNS honeypot scripts.
    • Yet Another Fake Honeypot (YAFH) – Simple honeypot written in Go.
    • arctic-swallow – Low interaction honeypot.
    • glutton – All eating honeypot.
    • go-HoneyPot – Honeypot server written in Go.
    • go-emulators – Honeypot Golang emulators.
    • honeymail – SMTP honeypot written in Golang.
    • honeytrap – Low-interaction honeypot and network security tool written to catch attacks against TCP and UDP services.
    • imap-honey – IMAP honeypot written in Golang.
    • mwcollectd – Versatile malware collection daemon, uniting the best features of nepenthes and honeytrap.
    • potd – Highly scalable low- to medium-interaction SSH/TCP honeypot designed for OpenWrt/IoT devices leveraging several Linux kernel features, such as namespaces, seccomp and thread capabilities.
    • portlurker – Port listener in Rust with protocol guessing and safe string display.
    • slipm-honeypot – Simple low-interaction port monitoring honeypot.
    • telnet-iot-honeypot – Python telnet honeypot for catching botnet binaries.
    • telnetlogger – Telnet honeypot designed to track the Mirai botnet.
    • vnclowpot – Low interaction VNC honeypot.
  • IDS signature generation
    • Honeycomb – Automated signature creation using honeypots.
  • Lookup service for AS-numbers and prefixes
    • CC2ASN – Simple lookup service for AS-numbers and prefixes belonging to any given country in the world.
  • Data Collection / Data Sharing
  • Central management tool
    • PHARM – Manage, report, and analyze your distributed Nepenthes instances.
  • Network connection analyzer
    • Impost – Network security auditing tool designed to analyze the forensics behind compromised and/or vulnerable daemons.
  • Honeypot deployment
  • Honeypot extensions to Wireshark
    • Whireshark Extensions – Apply Snort IDS rules and signatures against packet capture files using Wireshark.
  • Client
  • Honeypot
  • PDF document inspector
    • peepdf – Powerful Python tool to analyze PDF documents.
  • Hybrid low/high interaction honeypot
  • SSH Honeypots
    • Blacknet – Multi-head SSH honeypot system.
    • Cowrie – Cowrie SSH Honeypot (based on kippo).
    • DShield docker – Docker container running cowrie with DShield output enabled.
    • HonSSH – Logs all SSH communications between a client and server.
    • HUDINX – Tiny interaction SSH honeypot engineered in Python to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker.
    • Kippo – Medium interaction SSH honeypot.
    • Kippo_JunOS – Kippo configured to be a backdoored netscreen.
    • Kojoney2 – Low interaction SSH honeypot written in Python and based on Kojoney by Jose Antonio Coret.
    • Kojoney – Python-based Low interaction honeypot that emulates an SSH server implemented with Twisted Conch.
    • LongTail Log Analysis @ Marist College – Analyzed SSH honeypot logs.
    • Malbait – Simple TCP/UDP honeypot implemented in Perl.
    • MockSSH – Mock an SSH server and define all commands it supports (Python, Twisted).
    • cowrie2neo – Parse cowrie honeypot logs into a neo4j database.
    • go-sshoney – SSH Honeypot.
    • go0r – Simple ssh honeypot in Golang.
    • gohoney – SSH honeypot written in Go.
    • hived – Golang-based honeypot.
    • hnypots-agent) – SSH Server in Go that logs username and password combinations.
    • honeypot.go – SSH Honeypot written in Go.
    • honeyssh – Credential dumping SSH honeypot with statistics.
    • hornet – Medium interaction SSH honeypot that supports multiple virtual hosts.
    • ssh-auth-logger – Low/zero interaction SSH authentication logging honeypot.
    • ssh-honeypot – Fake sshd that logs IP addresses, usernames, and passwords.
    • ssh-honeypot – Modified version of the OpenSSH deamon that forwards commands to Cowrie where all commands are interpreted and returned.
    • ssh-honeypotd – Low-interaction SSH honeypot written in C.
    • sshForShits – Framework for a high interaction SSH honeypot.
    • sshesame – Fake SSH server that lets everyone in and logs their activity.
    • sshhipot – High-interaction MitM SSH honeypot.
    • sshlowpot – Yet another no-frills low-interaction SSH honeypot in Go.
    • sshsyrup – Simple SSH Honeypot with features to capture terminal activity and upload to asciinema.org.
    • twisted-honeypots – SSH, FTP and Telnet honeypots based on Twisted.
  • Distributed sensor project
  • A pcap analyzer
  • Network traffic redirector
  • Honeypot Distribution with mixed content
  • Honeypot sensor
    • Honeeepi – Honeypot sensor on a Raspberry Pi based on a customized Raspbian OS.
  • File carving
  • Behavioral analysis tool for win32
  • Live CD
    • DAVIX – The DAVIX Live CD.
  • Spamtrap
  • Commercial honeynet
    • Cymmetria Mazerunner – Leads attackers away from real targets and creates a footprint of the attack.
  • Server (Bluetooth)
  • Dynamic analysis of Android apps
  • Dockerized Low Interaction packaging
    • Docker honeynet – Several Honeynet tools set up for Docker containers.
    • Dockerized Thug – Dockerized Thug to analyze malicious web content.
    • Dockerpot – Docker based honeypot.
    • Manuka – Docker based honeypot (Dionaea and Kippo).
    • mhn-core-docker – Core elements of the Modern Honey Network implemented in Docker.
  • Network analysis
  • SIP Server
  • IOT Honeypot
    • HoneyThing – TR-069 Honeypot.
    • Kako – Honeypots for a number of well known and deployed embedded device vulnerabilities.
  • Honeytokens
    • CanaryTokens – Self-hostable honeytoken generator and reporting dashboard; demo version available at CanaryTokens.org.
    • Honeybits – Simple tool designed to enhance the effectiveness of your traps by spreading breadcrumbs and honeytokens across your production servers and workstations to lure the attacker toward your honeypots.
    • Honeyλ (HoneyLambda) – Simple, serverless application designed to create and monitor URL honeytokens, on top of AWS Lambda and Amazon API Gateway.
    • dcept – Tool for deploying and detecting use of Active Directory honeytokens.
    • honeyku – Heroku-based web honeypot that can be used to create and monitor fake HTTP endpoints (i.e. honeytokens).

Honeyd Tools

Network and Artifact Analysis

  • Sandbox
    • Argos – Emulator for capturing zero-day attacks.
    • COMODO automated sandbox
    • Cuckoo – Leading open source automated malware analysis system.
    • Pylibemu – Libemu Cython wrapper.
    • RFISandbox – PHP 5.x script sandbox built on top of funcall.
    • dorothy2 – Malware/botnet analysis framework written in Ruby.
    • imalse – Integrated MALware Simulator and Emulator.
    • libemu – Shellcode emulation library, useful for shellcode detection.
  • Sandbox-as-a-Service
    • Hybrid Analysis – Free malware analysis service powered by Payload Security that detects and analyzes unknown threats using a unique Hybrid Analysis technology.
    • Joebox Cloud – Analyzes the behavior of malicious files including PEs, PDFs, DOCs, PPTs, XLSs, APKs, URLs and MachOs on Windows, Android and Mac OS X for suspicious activities.
    • VirusTotal – Analyze suspicious files and URLs to detect types of malware, and automatically share them with the security community.
    • malwr.com – Free malware analysis service and community.

Data Tools

  • Front Ends
    • DionaeaFR – Front Web to Dionaea low-interaction honeypot.
    • Django-kippo – Django App for kippo SSH Honeypot.
    • Shockpot-Frontend – Full featured script to visualize statistics from a Shockpot honeypot.
    • Tango – Honeypot Intelligence with Splunk.
    • Wordpot-Frontend – Full featured script to visualize statistics from a Wordpot honeypot.
    • honeyalarmg2 – Simplified UI for showing honeypot alarms.
    • honeypotDisplay – Flask website which displays data gathered from an SSH Honeypot.
  • Visualization

Guides

 

SSH honeypots

  • Kippo: This SSH honeypot written in Python has been designed to detect and log brute force attacks and, most importantly, the complete shell history performed by the attacker.
    It’s available for most modern Linux distros, and offers both cli-command management and configuration, as well as web-based interface.
    Kippo offers a fake file system and the ability to offer fake content to attackers (such as user password files, etc.), as well as a powerful statistics system called Kippo Graph.
  • Cowrite: This medium interaction SSH honeypot works by emulating a shell. It offers a fake file system based on Debian 5.0, letting you add and remove files as you wish.
    This application also saves all the downloaded and uploaded files in a secure and quarantined area, so you can perform later analysis if needed.
    Apart from the SSH emulated shell, it can be used as an SSH and Telnet proxy, and allows you to forward SMTP connections to another SMTP honeypot.

HTTP honeypots

  • Glastopf: This HTTP-based honeypot lets you detect web-application attacks effectively. Written in Python, Glastopf can emulate several types of vulnerabilities, including local and remote file insertion as well as SQL Injection (SQLi) and using a centralized logging system with HPFeeds.
  • Nodepot: This web-app honeypot is focused on Node.js, and even lets you run it in limited hardware such as Raspberry Pi / Cubietruck. If you’re running a Node.js app and are lookingto get valuable information about incoming attacks and discover how vulnerable you are, then this is one of the most relevant honeypots for you. Available on most modern Linux distros, running it depends on only a few requirements.
  • Google Hack Honeypot: Commonly known as GHH, this honeypot emulates a vulnerable web app that can be indexed by web crawlers but remains hidden from direct browser requests. The transparent link used for this purpose reduces false positives and prevents the honeypot from being detected. This lets you test your app against ever-so-popular Google dorks.
    GHH offers an easy configuration file, as well some nice logging capabilities for getting critical attacker information such as IP, user agent and other header details.

WordPress honeypots

  • Formidable Honeypot: This is one of the most popular honeypots used with WordPress. It’s literally invisible to humans; only bots can fall into its trap, so once an automated attack comes into your form, it will be effectively detected and avoided. It’s a non-intrusive way to defend WordPress against spam.
    Conveniently, it doesn’t require any configuration. Simply activate the plugin and it will be added to all the forms you use in WordPress, in both free and pro versions.
  • Blackhole for Bad Bots: This one created to avoid automated bots from using unnecessary bandwidth and other server resources from your site infrastructure. By setting up this plugin, you can detect and block bad bots, from automated malware attacks to spam and several types of adware attacks.
    This WordPress honeypot works by adding a hidden link in the footer of all your pages. This way it isn’t detected by humans, and catches only bad bots that are not following the robots.txt rules.
    Once a bad bot is caught, it will be blocked from accessing your website.
  • Wordpot: This is one of the most effective WordPress honeypots you can use to enhance WordPress security. It helps you detect malicious signs for plugins, themes and other common files used to fingerprint a wordpress installation.
    Written in Python, it’s easy to install, can be handled from the command line smoothly, and includes a wordpot.conf file for easy honeypot configuration. It also allows you to install custom Wordpot plugins so you can emulate popular WordPress vulnerabilities.

Database honeypots

  • ElasticHoney: With Elasticsearch so frequently exploited in the wild, it’s never a bad idea to invest in a honeypot specifically created for this type of database. This is a simple yet effective honeypot that will let you catch malicious requests attempting to exploit RCE vulnerabilities.
    It works by receiving attack requests on several popular endpoints such as /, /_search and /_nodes, and then responds serving a JSON response that is identical to the vulnerable Elasticsearch instance. All logs are saved in a file called elastichoney.log. One of the best things about it is that this honeypot tool is available for both Windows and Linux operating systems.
  • HoneyMysql: This simple MySQL honeypot is created to protect your SQL-based databases. Written in Python, it works on most platforms and can be installed easily by cloning its GitHub repo.
  • MongoDB-HoneyProxy: One of the most popular MongoDB honeypots, this is specifically a honeypot proxy that can run and log all malicious traffic into a 3rd party MongoDB server.
    Node.js, npm, GCC, g++ and a MongoDB server are required to get this MongoDB honeypot working properly. It can be run inside a Docker container or any other VM environment.

Email honeypots

  • Honeymail: If you’re looking for a way to stop SMTP-based attacks, this is the perfect solution. Written in Golang, this honeypot for email will let you set up numerous features to detect and prevent attacks against your SMTP servers.
    Its main features include: configuring custom response messages, enabling StartSSL/TLS encryption, storing emails in a BoltDB file and extracting attacker information such as source domain, country, attachments and email parts (HTML or TXT). It also provides simple yet powerful DDoS protection against massive connections.
  • Mailoney: This is a great email honeypot written in Python. It can be run in different modes such as open_relay (logging all emails attempted to be sent), postfix_creds (used to log credentials from login attempts) and schizo_open_relay (which allows you to log everything).
  • SpamHAT: This trap is designed to catch and prevent spam from attacking any of your email boxes. To get this working, make sure you have Perl 5.10 or higher installed, as well as some CPAN modules such as IO::Socket, Mail::MboxParser, LWP::Simple, LWP::UserAgent, DBD::mysql, Digest::MD5::File, as well as having a running MySQL server with a database called ‘spampot’.

IOT honeypots

  • HoneyThing: Created for the Internet of TR-069 enabled services, this honeypot works by acting as a full modem/router running the RomPager web server and supports TR-069 (CWMP) protocol.
    This IOT honeypot is capable of emulating popular vulnerabilities for Rom-0, Misfortune Cookie, RomPager and more. It offers support for TR-069 protocol, including most of its popular CPE commands such as GetRPCMethods, Get/Set parameter values, Download, etc. Unlike others, this honeypot offers an easy and polished web-based interface. Finally, all the critical data is logged in a file called honeything.log
  • Kako: The default config will run a number of service simulations in order to capture attacking information from all incoming requests, including the full body. It includes Telnet, HTTP and HTTPS servers. Kako requires the following Python packages to work properly: Click, Boto3, Requests and Cerberus. Once you’re covered with the required packages, you can configure this IOT honeypot by using a simple YAML file called kako.yaml. All the data is recorded and is exported into AWS SNS, and flat-file JSON format.

Other honeypots

  • Dionaea: This low-interaction honeypot written in C and Python uses the Libemu library to emulate the execution of Intel x86 instructions and detect shellcodes.
    In addition, we can say it’s a multi-protocol honeypot that offers support for protocols such as FTP, HTTP, Memcache, MSSQL, MySQL, SMB, TFTP, etc.
    Its logging capabilities offer compatibility with Fail2Ban, hpfeeds, log_json and log_sqlite.
  • Miniprint: With printers being some of the most overlooked devices within computer networks, Miniprint is the perfect ally when you need to detect and collect printer-based attacks. It works by exposing the printer to the Internet using a virtual file system where attackers can read and write simulated data.
    Miniprint offers a very deep logging mechanism, and saves any postscript or plain text print jobs in an upload directory for later analysis.
  • Honeypot-ftp: Written in Python, this FTP honeypot offers full support for plain FTP and FTPS so you can perform a deep track of user and password credentials used in illegal login attempts, as well as uploaded files for every FTP/FTPS session.
  • HoneyNTP: NTP is one of the most overlooked protocols on the Internet, and that’s why it’s a good idea to run an NTP Honeypot. This is a Python simulated NTP server that runs without a hitch on both Windows and Linux operating systems. It works by logging all the NTP packs and port numbers into a Redis database so you can perform later analysis.
Please follow and like us: