Top 50 Awesome List

Higher Education

Higher Education


Security  53 years ago  6.2k
an awesome list of honeypot resources
View on Github

Jan 11th

Honeyd Tools

  • A script to visualize statistics from honeyd

  • Honeyd stats
  • Jul 31st, 2018

    Related Lists

  • awesome-pcaptoolsstars2.5k - Useful in network traffic analysis.
  • awesome-malware-analysisstars8.9k - Some overlap here for artifact analysis.
  • Honeypots

  • Central management tool

    • PHARM - Manage, report, and analyze your distributed Nepenthes instances.
  • Jun 4th, 2018


  • Research Papers
  • Nov 29th, 2017


  • Behavioral analysis tool for win32

  • Apr 6th, 2017


  • Honeytokens
    • CanaryTokensstars1k - Self-hostable honeytoken generator and reporting dashboard; demo version available at
    • Honeybitsstars239 - Simple tool designed to enhance the effectiveness of your traps by spreading breadcrumbs and honeytokens across your production servers and workstations to lure the attacker toward your honeypots.
    • Honeyλ (HoneyLambda)stars481 - Simple, serverless application designed to create and monitor URL honeytokens, on top of AWS Lambda and Amazon API Gateway.
    • dceptstars479 - Tool for deploying and detecting use of Active Directory honeytokens.
    • honeykustars55 - Heroku-based web honeypot that can be used to create and monitor fake HTTP endpoints (i.e. honeytokens).
  • Mar 30th, 2017


  • Botnet C2 tools

    • Halestars166 - Botnet command and control monitor.
    • dnsMole - Analyses DNS traffic and potentionaly detect botnet command and control server activity, along with infected hosts.
  • VM monitoring and tools

    • Antivmdetectstars622 - Script to create templates to use with VirtualBox to make VM detection harder.
    • VMCloakstars399 - Automated Virtual Machine Generation and Cloaking for Cuckoo Sandbox.
    • vmitools - C library with Python bindings that makes it easy to monitor the low-level details of a running virtual machine.
  • Jan 16th, 2017


  • Lookup service for AS-numbers and prefixes

    • CC2ASN - Simple lookup service for AS-numbers and prefixes belonging to any given country in the world.
  • Dec 1st, 2016


  • Deployment

  • Honeypots

  • SSH Honeypots

  • Nov 22nd, 2016


  • Distributed Honeypots

  • Jan 23rd, 2016


  • A pcap analyzer

  • Network traffic redirector

  • IOT Honeypot

  • Sep 17th, 2015


  • Dynamic code instrumentation toolkit

    • Frida - Inject JavaScript to explore native apps on Windows, Mac, Linux, iOS and Android.
  • Jun 19th, 2015

    Data Tools

  • Front Ends

  • Visualization
  • Honeyd Tools

  • Honeyd plugin

  • Honeyd viewer

  • Honeyd to MySQL connector

  • Network and Artifact Analysis

  • Sandbox

  • Sandbox-as-a-Service
    • Hybrid Analysis - Free malware analysis service powered by Payload Security that detects and analyzes unknown threats using a unique Hybrid Analysis technology.
    • Joebox Cloud - Analyzes the behavior of malicious files including PEs, PDFs, DOCs, PPTs, XLSs, APKs, URLs and MachOs on Windows, Android and Mac OS X for suspicious activities.
    • VirusTotal - Analyze suspicious files and URLs to detect types of malware, and automatically share them with the security community.
    • - Free malware analysis service and community.
  • Jun 18th, 2015


  • Other/random

    • Damn Simple Honeypot (DSHP)stars12 - Honeypot framework with pluggable handlers.
    • Masscannedstars41 - Let's be scanned. A low-interaction honeypot focused on network scanners and bots. It integrates very well with IVRE to build a self-hosted alternative to GreyNoise.
    • NOVAstars72 - Uses honeypots as detectors, looks like a complete system.
    • OpenFlow Honeypot (OFPot)stars21 - Redirects traffic for unused IPs to a honeypot, built on POX.
    • OpenCanarystars1.5k - Modular and decentralised honeypot daemon that runs several canary versions of services that alerts when a service is (ab)used.
    • ciscoasa_honeypotstars49 A low interaction honeypot for the Cisco ASA component capable of detecting CVE-2018-0101, a DoS and remote code execution vulnerability.
    • miniprintstars187 - A medium interaction printer honeypot.
  • IPv6 attack detection tool

  • Tool to convert website to server honeypots

    • HIHAT - Transform arbitrary PHP applications into web-based high-interaction Honeypots.
  • Malware collector

    • Kippo-Malware - Python script that will download all malicious files stored as URLs in a Kippo SSH honeypot database.
  • Distributed sensor deployment

    • Community Honey Network - CHN aims to make deployments honeypots and honeypot management tools easy and flexible. The default deployment method uses Docker Compose and Docker to deploy with a few simple commands.
    • Modern Honey Networkstars2.3k - Multi-snort and honeypot sensor management, uses a network of VMs, small footprint SNORT installations, stealthy dionaeas, and a centralized server for management.
  • Network Analysis Tool

  • Log anonymizer

    • LogAnon - Log anonymization library that helps having anonymous logs consistent between logs and network captures.
  • Low interaction honeypot (router back door)

  • honeynet farm traffic redirector

    • Honeymole - Deploy multiple sensors that redirect traffic to a centralized collection of honeypots.
  • HTTPS Proxy

    • mitmproxy - Allows traffic flows to be intercepted, inspected, modified, and replayed.
  • System instrumentation

    • Sysdig - Open source, system-level exploration allows one to capture system state and activity from a running GNU/Linux instance, then save, filter, and analyze the results.
    • Fibratusstars1.6k - Tool for exploration and tracing of the Windows kernel.
  • Honeypot for USB-spreading malware

    • Ghost-usbstars82 - Honeypot for malware that propagates via USB storage devices.
  • Data Collection

    • Kippo2MySQL - Extracts some very basic stats from Kippo’s text-based log files and inserts them in a MySQL database.
    • Kippo2ElasticSearch - Python script to transfer data from a Kippo SSH honeypot MySQL database to an ElasticSearch instance (server or cluster).
  • Passive network audit framework parser

  • Binary debugger

  • Mobile Analysis Tool

    • Androguardstars4k - Reverse engineering, Malware and goodware analysis of Android applications and more.
    • APKinspectorstars766 - Powerful GUI tool for analysts to analyze the Android applications.
  • Low interaction honeypot

    • Honeyperl - Honeypot software based in Perl with plugins developed for many functions like : wingates, telnet, squid, smtp, etc.
    • T-Potstars3.9k - All in one honeypot appliance from telecom provider T-Mobile
  • Honeynet data fusion

    • HFlow2 - Data coalesing tool for honeynet/network analysis.
  • Server

  • IDS signature generation

    • Honeycomb - Automated signature creation using honeypots.
  • Data Collection / Data Sharing

  • Network connection analyzer

    • Impost - Network security auditing tool designed to analyze the forensics behind compromised and/or vulnerable daemons.
  • Honeypot deployment

  • Honeypot extensions to Wireshark

    • Wireshark Extensions - Apply Snort IDS rules and signatures against packet capture files using Wireshark.
  • Client

  • Honeypot

  • PDF document inspector

  • Hybrid low/high interaction honeypot

  • Distributed sensor project

  • Honeypot Distribution with mixed content

  • Honeypot sensor

    • Honeeepi - Honeypot sensor on a Raspberry Pi based on a customized Raspbian OS.
  • File carving

  • Live CD

    • DAVIX - The DAVIX Live CD.
  • Spamtrap

  • Commercial honeynet

    • Cymmetria Mazerunner - Leads attackers away from real targets and creates a footprint of the attack.
  • Server (Bluetooth)

  • Dynamic analysis of Android apps

  • Dockerized Low Interaction packaging

  • Network analysis

  • SIP Server

  • ICS/SCADA honeypots

    • Conpotstars1k - ICS/SCADA honeypot.
    • GasPotstars107 - Veeder Root Gaurdian AST, common in the oil and gas industry.
    • SCADA honeynet - Building Honeypots for Industrial Networks.
    • gridpotstars43 - Open source tools for realistic-behaving electric grid honeynets.
    • scada-honeynet - Mimics many of the services from a popular PLC and better helps SCADA researchers understand potential risks of exposed control system devices.
  • Database Honeypots

  • Web honeypots

  • Service Honeypots

  • Anti-honeypot stuff

  • Last Checked At: 2022-08-03T13:19:40.821Z


    Track your favorite github awesome repo, not just star it. provides website, newsletter, RSS for tracking the popular awesome list by daily and weekly.
    Contact us: [email protected]
    Track Awesome List - Track your favorite Github awesome repos, not just star them | Product Hunt


    Subscribe to our weekly newsletter to receive the awesome updates! We never send spam and you can unsubscribe instantly with one click. Here's past issues.


    Follow us on TwitterSubscribe us on TelegramSubmit awesome list repoNewsletterDonateSitemap