A curated list of awesome honeypots, plus related components and much more, divided into categories such as Web, services, and others, with a focus on free and open source projects.

There is no pre-established order of items in each category, the order is for contribution. If you want to contribute, please read the guide.

Discover more awesome lists at sindresorhus/awesome.

Contents

  • Awesome Honeypots 
  • Contents
    • Related Lists
    • Honeypots
    • Honeyd Tools
    • Network and Artifact Analysis
    • Data Tools
    • Guides

Related Lists

Honeypots

  • Database Honeypots
    • Delilah – Elasticsearch Honeypot written in Python (originally from Novetta).
    • ESPot – Elasticsearch honeypot written in NodeJS, to capture every attempts to exploit CVE-2014-3120.
    • ElasticPot – An Elasticsearch Honeypot.
    • Elastic honey – Simple Elasticsearch Honeypot.
    • MongoDB-HoneyProxy – MongoDB honeypot proxy.
    • NoSQLpot – Honeypot framework built on a NoSQL-style database.
    • mysql-honeypotd – Low interaction MySQL honeypot written in C.
    • MysqlPot – MySQL honeypot, still very early stage.
    • pghoney – Low-interaction Postgres Honeypot.
    • sticky_elephant – Medium interaction postgresql honeypot.
    • RedisHoneyPot – High Interaction Honeypot Solution for Redis protocol.
  • Web honeypots
    • Express honeypot – RFI & LFI honeypot using nodeJS and express.
    • EoHoneypotBundle – Honeypot type for Symfony2 forms.
    • Glastopf – Web Application Honeypot.
    • Google Hack Honeypot – Designed to provide reconnaissance against attackers that use search engines as a hacking tool against your resources.
    • HellPot – Honeypot that tries to crash the bots and clients that visit it’s location.
    • Laravel Application Honeypot – Simple spam prevention package for Laravel applications.
    • Nodepot – NodeJS web application honeypot.
    • PasitheaHoneypot – RestAPI honeypot.
    • Servletpot – Web application Honeypot.
    • Shadow Daemon – Modular Web Application Firewall / High-Interaction Honeypot for PHP, Perl, and Python apps.
    • StrutsHoneypot – Struts Apache 2 based honeypot as well as a detection module for Apache 2 servers.
    • WebTrap – Designed to create deceptive webpages to deceive and redirect attackers away from real websites.
    • basic-auth-pot (bap) – HTTP Basic Authentication honeypot.
    • bwpot – Breakable Web applications honeyPot.
    • django-admin-honeypot – Fake Django admin login screen to notify admins of attempted unauthorized access.
    • drupo – Drupal Honeypot.
    • galah – an LLM-powered web honeypot using the OpenAI API.
    • honeyhttpd – Python-based web server honeypot builder.
    • honeyup – An uploader honeypot designed to look like poor website security.
    • modpot – Modpot is a modular web application honeypot framework and management application written in Golang and making use of gin framework.
    • owa-honeypot – A basic flask based Outlook Web Honey pot.
    • phpmyadmin_honeypot – Simple and effective phpMyAdmin honeypot.
    • shockpot – WebApp Honeypot for detecting Shell Shock exploit attempts.
    • smart-honeypot – PHP Script demonstrating a smart honey pot.
    • Snare/Tanner – successors to Glastopf
      • Snare – Super Next generation Advanced Reactive honeypot.
      • Tanner – Evaluating SNARE events.
    • stack-honeypot – Inserts a trap for spam bots into responses.
    • tomcat-manager-honeypot – Honeypot that mimics Tomcat manager endpoints. Logs requests and saves attacker’s WAR file for later study.
    • WordPress honeypots
      • HonnyPotter – WordPress login honeypot for collection and analysis of failed login attempts.
      • HoneyPress – Python based WordPress honeypot in a Docker container.
      • wp-smart-honeypot – WordPress plugin to reduce comment spam with a smarter honeypot.
      • wordpot – WordPress Honeypot.
    • Python-Honeypot – OWASP Honeypot, Automated Deception Framework.

Published by Tamil S

Tamil has a great interest in the fields of Cyber Security, OSINT, and CTF projects. Currently, he is deeply involved in researching and publishing various security tools with Kali Linux Tutorials, which is quite fascinating.

Leave a comment

Your email address will not be published. Required fields are marked *