Elastic honey - A Simple Elasticsearch Honeypot
mysql - A mysql honeypot, still very very early stage
A framework for nosql databases ( only redis for now) - The NoSQL Honeypot Framework
ESPot - ElasticSearch Honeypot
Web honeypots
Glastopf - Web Application Honeypot
phpmyadmin_honeypot - - A simple and effective phpMyAdmin honeypot
servlet - Web application Honeypot
Nodepot - A nodejs web application honeypot
basic-auth-pot bap - http Basic Authentication honeyPot
Shadow Daemon - A modular Web Application Firewall / High-Interaction Honeypot for PHP, Perl & Python apps
Servletpot - Web application Honeypot
Google Hack Honeypot - designed to provide reconnaissance against attackers that use search engines as a hacking tool against your resources.
smart-honeypot - PHP Script demonstrating a smart honey pot
HonnyPotter - A WordPress login honeypot for collection and analysis of failed login attempts.
wp-smart-honeypot - WordPress plugin to reduce comment spam with a smarter honeypot
wordpot - A WordPress Honeypot
Bukkit Honeypot Honeypot - A honeypot plugin for Bukkit
Laravel Application Honeypot - Honeypot - Simple spam prevention package for Laravel applications
stack-honeypot - Inserts a trap for spam bots into responses
EoHoneypotBundle - Honeypot type for Symfony2 forms
shockpot - WebApp Honeypot for detecting Shell Shock exploit attempts
Service Honeypots
Kippo - Medium interaction SSH honeypot
honeyntp - NTP logger/honeypot
honeypot-camera - observation camera honeypot
troje - a honeypot built around lxc containers. It will run each connection with the service within a seperate lxc container.
slipm-honeypot - A simple low-interaction port monitoring honeypot
HoneyPy - A low interaction honeypot
Ensnare - Easy to deploy Ruby honeypot
RDPy - A Microsoft Remote Desktop Protocol (RDP) honeypot in python
Anti-honeypot stuff
kippo_detect - This is not a honeypot, but it detects kippo. (This guy has lots of more interesting stuff)
ICS/SCADA honeypots
Conpot - ICS/SCADA honeypot
scada-honeynet - mimics many of the services from a popular PLC and better helps SCADA researchers understand potential risks of exposed control system devices
SCADA honeynet - Building Honeypots for Industrial Networks
Deployment
Dionaea and EC2 in 20 Minutes - a tutorial on setting up Dionaea on an EC2 instance
honeypotpi - Script for turning a Raspberry Pi into a Honey Pot Pi
Data Analysis
Kippo-Graph - a full featured script to visualize statistics from a Kippo SSH honeypot
Kippo stats - Mojolicious app to display statistics for your kippo SSH honeypot
Other/random
NOVA uses honeypots as detectors, looks like a complete system.
Open Canary - A low interaction honeypot intended to be run on internal networks.
libemu - Shellcode emulation library, useful for shellcode detection.
Open Relay Spam Honeypot
SpamHAT - Spam Honeypot Tool
Botnet C2 monitor
Hale - Botnet command & control monitor
IPv6 attack detection tool
ipv6-attack-detector - Google Summer of Code 2012 project, supported by The Honeynet Project organization
Research Paper
vEYE - behavioral footprinting for self-propagating worm detection and profiling
Honeynet statistics
HoneyStats - A statistical view of the recorded activity on a Honeynet
Dynamic code instrumentation toolkit
Frida - Inject JavaScript to explore native apps on Windows, Mac, Linux, iOS and Android
Front-end for dionaea
DionaeaFR - Front Web to Dionaea low-interaction honeypot
Tool to convert website to server honeypots
HIHAT - ransform arbitrary PHP applications into web-based high-interaction Honeypots
Malware collector
Kippo-Malware - Python script that will download all malicious files stored as URLs in a Kippo SSH honeypot database
Sebek in QEMU
Qebek - QEMU based Sebek. As Sebek, it is data capture tool for high interaction honeypot
Malware Simulator
imalse - Integrated MALware Simulator and Emulator
Distributed sensor deployment
Smarthoneypot - custom honeypot intelligence system that is simple to deploy and easy to manage
Modern Honey Network - Multi-snort and honeypot sensor management, uses a network of VMs, small footprint SNORT installations, stealthy dionaeas, and a centralized server for management
ADHD - Active Defense Harbinger Distribution (ADHD) is a Linux distro based on Ubuntu LTS. It comes with many tools aimed at active defense preinstalled and configured
Network Analysis Tool
Tracexploit - replay network packets
Log anonymizer
LogAnon - log anonymization library that helps having anonymous logs consistent between logs and network captures
server
Honeysink - open source network sinkhole that provides a mechanism for detection and prevention of malicious traffic on a given network
Botnet traffic detection
dnsMole - analyse dns traffic, and to potentionaly detect botnet C&C server and infected hosts
Low interaction honeypot (router back door)
Honeypot-32764 - Honeypot for router backdoor (TCP 32764)
honeynet farm traffic redirector
Honeymole - eploy multiple sensors that redirect traffic to a centralized collection of honeypots
HTTPS Proxy
mitmproxy - allows traffic flows to be intercepted, inspected, modified and replayed
spamtrap
SendMeSpamIDS.py Simple SMTP fetch all IDS and analyzer
System instrumentation
Sysdig - open source, system-level exploration: capture system state and activity from a running Linux instance, then save, filter and analyze
Honeypot for USB-spreading malware
Ghost-usb - honeypot for malware that propagates via USB storage devices
Data Collection
Kippo2MySQL - extracts some very basic stats from Kippo’s text-based log files (a mess to analyze!) and inserts them in a MySQL database
Kippo2ElasticSearch - Python script to transfer data from a Kippo SSH honeypot MySQL database to an ElasticSearch instance (server or cluster)
Passive network audit framework parser
pnaf - Passive Network Audit Framework
VM Introspection
VIX virtual machine introspection toolkit - VMI toolkit for Xen, called Virtual Introspection for Xen (VIX)
vmscope - Monitoring of VM-based High-Interaction Honeypots
vmitools - C library with Python bindings that makes it easy to monitor the low-level details of a running virtual machine
Binary debugger
Hexgolems - Schem Debugger Frontend - A debugger frontend
Hexgolems - Pint Debugger Backend - A debugger backend and LUA wrapper for PIN
Mobile Analysis Tool
APKinspector - APKinspector is a powerful GUI tool for analysts to analyze the Android applications
Androguard - Reverse engineering, Malware and goodware analysis of Android applications ... and more
Low interaction honeypot
Honeypoint - platform of distributed honeypot technologies
Honeyperl - Honeypot software based in Perl with plugins developed for many functions like : wingates, telnet, squid, smtp, etc
Honeynet data fusion
HFlow2 - data coalesing tool for honeynet/network analysis
Server
LaBrea - takes over unused IP addresses, and creates virtual servers that are attractive to worms, hackers, and other denizens of the Internet.
Kippo - SSH honeypot
KFSensor - Windows based honeypot Intrusion Detection System (IDS)
Honeyd Also see more honeyd tools
Glastopf - Honeypot which emulates thousands of vulnerabilities to gather data from attacks targeting web applications
DNS Honeypot - Simple UDP honeypot scripts
Conpot - ow interactive server side Industrial Control Systems honeypot
Bifrozt - High interaction honeypot solution for Linux based systems
Beeswarm - Honeypot deployment made easy
Bait and Switch - redirects all hostile traffic to a honeypot that is partially mirroring your production system
Artillery - open-source blue team tool designed to protect Linux and Windows operating systems through multiple methods
Amun - vulnerability emulation honeypot
VM cloaking script
Antivmdetect - Script to create templates to use with VirtualBox to make vm detection harder
IDS signature generation
Honeycomb
lookup service for AS-numbers and prefixes
CC2ASN
Web interface (for Thug)
Rumal - Thug's Rumāl: a Thug's dress & weapon
Data Collection / Data Sharing
HPfriends - data-sharing platform
HPFeeds - lightweight authenticated publish-subscribe protocol
Distributed spam tracking
Project Honeypot
Python bindings for libemu
Pylibemu - A Libemu Cython wrapper
Controlled-relay spam honeypot
Shiva - Spam Honeypot with Intelligent Virtual Analyzer
Shiva The Spam Honeypot Tips And Tricks For Getting It Up And Running
Visualization Tool
Glastopf Analytics
Afterglow Cloud
Afterglow
central management tool
PHARM
Network connection analyzer
Impost
Virtual Machine Cloaking
VMCloak
Honeypot deployment
Modern Honeynet Network
SurfIDS
Automated malware analysis system
Cuckoo
Anubis
Hybrid Analysis
Low interaction
mwcollectd
Low interaction honeypot on USB stick
Honeystick
Honeypot extensions to Wireshark
Whireshark Extensions
Data Analysis Tool
HpfeedsHoneyGraph
Acapulco
Telephony honeypot
Zapping Rachel
Client
Pwnypot
MonkeySpider
Capture-HPC-NG
Wepawet
URLQuery
Trigona
Thug
Shelia
PhoneyC
Jsunpack-n
HoneyC
HoneyBOT
CWSandbox / GFI Sandbox
Capture-HPC-Linux
Capture-HPC
Andrubis
Visual analysis for network traffic
ovizart
Binary Management and Analysis Framework
Viper
Honeypot
Single-honeypot
Honeyd For Windows
IMHoneypot
Deception Toolkit
PDF document inspector
peepdf
Distribution system
Thug Distributed Task Queuing
HoneyClient Management
HoneyWeb
Network Analysis
HoneyProxy
Hybrid low/high interaction honeypot
HoneyBrid
Sebek on Xen
xebek
SSH Honeypot
Kojoney
Cowrie
Glastopf data analysis
Glastopf Analytics
Distributed sensor project
DShield Web Honeypot Project
Distributed Web Honeypot Project
a pcap analyzer
Honeysnap
Client Web crawler
HoneySpider Network
network traffic redirector
Honeywall
Honeypot Distribution with mixed content
HoneyDrive
Honeypot sensor
Dragon Research Group Distro
Honeeepi - Honeeepi is a honeypot sensor on Raspberry Pi which based on customized Raspbian OS.
File carving
TestDisk & PhotoRec
File and Network Threat Intelligence
VirusTotal
data capture
Sebek
SSH proxy
HonSSH
Anti-Cheat
Minecraft honeypot
behavioral analysis tool for win32
Capture BAT
Live CD
DAVIX
Spamtrap
Spampot.py
Spamhole
spamd
Mail::SMTP::Honeypot - perl module that appears to provide the functionality of a standard SMTP server
Commercial honeynet
Specter
Netbait
Server (Bluetooth)
Bluepot
Dynamic analysis of Android apps
Droidbox
Dockerized Low Interaction packaging
Manuka
Dockerized Thug
Dockerpot A docker based honeypot.
Docker honeynet Several Honeynet tools set up for Docker containers
Network analysis
Quechua
Sebek data visualization
Sebek Dataviz
SIP Server
Artemnesia VoIP
Botnet C2 monitoring
botsnoopd
low interaction
mysqlpot
Malware collection
Honeybow
Honeyd Tools
Honeyd plugin
Honeycomb
Honeyd viewer
Honeyview
Honeyd to MySQL connector
Honeyd2MySQL
A script to visualize statistics from honeyd
Honeyd-Viz
Honeyd UI
Honeyd configuration GUI - application used to configure the honeyd daemon and generate configuration files
Honeyd stats
Honeydsum.pl
Network and Artifact Analysis
Sandbox
RFISandbox - a PHP 5.x script sandbox built on top of funcall
dorothy2 - A malware/botnet analysis framework written in Ruby
COMODO automated sandbox
Argos - An emulator for capturing zero-day attacks
Sandbox-as-a-Service
malwr.com - free malware analysis service and community
detux.org - Multiplatform Linux Sandbox
Joebox Cloud - analyzes the behavior of malicious files including PEs, PDFs, DOCs, PPTs, XLSs, APKs, URLs and MachOs on Windows, Android and Mac OS X for suspicious activities
Data Tools
Front Ends
Tango - Honeypot Intelligence with Splunk
Django-kippo - Django App for kippo SSH Honeypot
Wordpot-Frontend - a full featured script to visualize statistics from a Wordpot honeypot -Shockpot-Frontend - a full featured script to visualize statistics from a Shockpot honeypot
Visualization
HoneyMap - Real-time websocket stream of GPS events on a fancy SVG world map
HoneyMalt - Maltego tranforms for mapping Honeypot systems
Guides
T-Pot: A Multi-Honeypot Platform
Honeypot (Dionaea and kippo) setup script
