HASH : Harnessing HTTP Agnostic Software Honeypots For Enhanced Cybersecurity

The main philosophy of HASH is to be easy to configure and flexible to mimic any software running on HTTP/HTTPs. With the minimum footprint possible to avoid being detected as honeypot.

Features

Single framework to deploy HTTP/HTTPs based honeypots
Easily configurable via YAML files
Built-in honeytraps
Powerful randomization based on fakerjs to avoid honeypot detection
Optionally, integration with Datadog to ingest and analyze honeypots logs and HTTP requests through APM

Getting Started

HASH is built using Node.js but it can mimic any web-based language / server based on the configuration. Read the full docs below.

Installation

You can Install it via NPM

npm install -g hash-honeypot

Or you can use it directly from docker

docker run --rm ghcr.io/datadog/hash help

Usage

Generate Honeypot Profile

HASH uses YAML files to configure how it simulate the desired software, The typical structure for the profile folder is the following

|____templates
|     |____resources
|     |     |____index.html
|     |     |____style.css
|     |     |____favicon.ico
|     |____404.yaml
|     |____default.yaml
|____init.yaml

For more information click here.

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.