这篇文章介绍了多种类型的蜜罐(honeypot),包括数据库蜜罐、网络蜜罐、工业控制系统蜜罐等,并提供了相关工具和资源链接。这些蜜罐适用于不同安全场景,从低交互到高交互,帮助检测和分析攻击行为。 2025-7-23 17:40:1 Author: www.blackmoreops.com(查看原文) 阅读量:17 收藏
Understanding the various types of honeypots available is crucial for implementing effective security deception strategies. This comprehensive guide explores different types of honeypots across multiple categories, from database honeypots to industrial control systems, providing direct download links and resources for each solution. Whether you’re securing web applications, monitoring SSH attacks, or protecting critical infrastructure, these types of honeypots offer specialised capabilities for every security scenario.
Guide on different types of honeypots across multiple categories, from database honeypots to industrial control systems, with direct download links
Modern threat detection requires diverse approaches, and different types of honeypots serve unique purposes in defense. From low-interaction traps that capture automated attacks to high-interaction systems that provide detailed forensic analysis, this directory covers all major types of honeypots with direct access to their official repositories and documentation.
Database Honeypots
Database honeypots represent one of the most critical types of honeypots for organisations running database infrastructure. These types of honeypots specialise in mimicking popular database systems to capture exploitation attempts and credential harvesting activities.
| Name | Description |
|---|---|
| Delilah | Elasticsearch Honeypot written in Python (originally from Novetta). |
| ESPot | Elasticsearch honeypot written in NodeJS, to capture every attempt to exploit CVE-2014-3120. |
| ElasticPot | An Elasticsearch Honeypot. |
| Elastic honey | Simple Elasticsearch Honeypot. |
| MongoDB-HoneyProxy | MongoDB honeypot proxy. |
| NoSQLpot | Honeypot framework built on a NoSQL-style database. |
| mysql-honeypotd | Low interaction MySQL honeypot written in C. |
| MysqlPot | MySQL honeypot, still very early stage. |
| pghoney | Low-interaction Postgres Honeypot. |
| sticky_elephant | Medium interaction postgresql honeypot. |
| RedisHoneyPot | High Interaction Honeypot Solution for Redis protocol. |
Web Honeypots
Web application types of honeypots focus on detecting attacks against web services, APIs, and content management systems. These sophisticated types of honeypots excel at capturing web-based exploitation attempts and automated scanning activities.
| Name | Description |
|---|---|
| Cloud Active Defense | Cloud active defense lets you deploy decoys right into your cloud applications, putting adversaries into a dilemma. |
| Express honeypot | RFI & LFI honeypot using nodeJS and express. |
| EoHoneypotBundle | Honeypot type for Symfony2 forms. |
| Glastopf | Web Application Honeypot. |
| Google Hack Honeypot | Designed to provide reconnaissance against attackers that use search engines as a hacking tool against your resources. |
| HellPot | Honeypot that tries to crash the bots and clients that visit its location. |
| Laravel Application Honeypot | Simple spam prevention package for Laravel applications. |
| Lophiid | Distributed web application honeypot to interact with large scale exploitation attempts. |
| Nodepot | NodeJS web application honeypot. |
| PasitheaHoneypot | RestAPI honeypot. |
| Servletpot | Web application Honeypot. |
| Shadow Daemon | Modular Web Application Firewall / High-Interaction Honeypot for PHP, Perl, and Python apps. |
| StrutsHoneypot | Struts Apache 2 based honeypot as well as a detection module for Apache 2 servers. |
| WebTrap | Designed to create deceptive webpages to deceive and redirect attackers away from real websites. |
| basic-auth-pot (bap) | HTTP Basic Authentication honeypot. |
| bwpot | Breakable Web applications honeyPot. |
| django-admin-honeypot | Fake Django admin login screen to notify admins of attempted unauthorised access. |
| drupo | Drupal Honeypot. |
| galah | An LLM-powered web honeypot using the OpenAI API. |
| honeyhttpd | Python-based web server honeypot builder. |
| honeyup | An uploader honeypot designed to look like poor website security. |
| modpot | Modpot is a modular web application honeypot framework and management application written in Golang and making use of gin framework. |
| owa-honeypot | A basic flask based Outlook Web Honey pot. |
| phpmyadmin_honeypot | Simple and effective phpMyAdmin honeypot. |
| shockpot | WebApp Honeypot for detecting Shell Shock exploit attempts. |
| smart-honeypot | PHP Script demonstrating a smart honey pot. |
| stack-honeypot | Inserts a trap for spam bots into responses. |
| tomcat-manager-honeypot | Honeypot that mimics Tomcat manager endpoints. Logs requests and saves attacker’s WAR file for later study. |
| Python-Honeypot | OWASP Honeypot, Automated Deception Framework. |
Snare/Tanner (Glastopf Successors)
Next-generation web types of honeypots that build upon the foundation established by Glastopf, offering advanced capabilities for modern web threat detection.
| Name | Description |
|---|---|
| Snare | Super Next generation Advanced Reactive honeypot. |
| Tanner | Evaluating SNARE events. |
WordPress Honeypots
Specialised types of honeypots designed specifically for WordPress installations, targeting the most common content management system attacks and brute force attempts.
| Name | Description |
|---|---|
| HonnyPotter | WordPress login honeypot for collection and analysis of failed login attempts. |
| HoneyPress | Python based WordPress honeypot in a Docker container. |
| wp-smart-honeypot | WordPress plugin to reduce comment spam with a smarter honeypot. |
| wordpot | WordPress Honeypot. |
Service Honeypots
Service types of honeypots emulate various network services and protocols to capture attacks targeting specific applications and infrastructure components. These comprehensive types of honeypots cover everything from SSH and FTP to modern container orchestration platforms.
| Name | Description |
|---|---|
| ADBHoney | Low interaction honeypot that simulates an Android device running Android Debug Bridge (ADB) server process. |
| AMTHoneypot | Honeypot for Intel’s AMT Firmware Vulnerability CVE-2017-5689. |
| ddospot | NTP, DNS, SSDP, Chargen and generic UDP-based amplification DDoS honeypot. |
| dionaea | Home of the dionaea honeypot. |
| dhp | Simple Docker Honeypot server emulating small snippets of the Docker HTTP API. |
| DolosHoneypot | SDN (software defined networking) honeypot. |
| Ensnare | Easy to deploy Ruby honeypot. |
| GenAIPot | The first A.I based open source honeypot. Supports POP3 and SMTP protocols and generates content using A.I based on user description. |
| Helix | K8s API Honeypot with Active Defence Capabilities. |
| honeycomb_plugins | Plugin repository for Honeycomb, the honeypot framework by Cymmetria. |
| honeydb | Multi-service honeypot that is easy to deploy and configure. Can be configured to send interaction data to to HoneyDB’s centralised collectors for access via REST API. |
| honeyntp | NTP logger/honeypot. |
| honeypot-camera | Observation camera honeypot. |
| honeypot-ftp | FTP Honeypot. |
| honeypots | 25 different honeypots in a single pypi package! (dns, ftp, httpproxy, http, https, imap, mysql, pop3, postgres, redis, smb, smtp, socks5, ssh, telnet, vnc, mssql, elastic, ldap, ntp, memcache, snmp, oracle, sip and irc). |
| honeytrap | Advanced Honeypot framework written in Go that can be connected with other honeypot software. |
| HoneyPy | Low interaction honeypot. |
| Honeygrove | Multi-purpose modular honeypot based on Twisted. |
| Honeyport | Simple honeyport written in Bash and Python. |
| Honeyprint | Printer honeypot. |
| Lyrebird | Modern high-interaction honeypot framework. |
| MICROS honeypot | Low interaction honeypot to detect CVE-2018-2636 in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (MICROS). |
| node-ftp-honeypot | FTP server honeypot in JS. |
| pyrdp | RDP man-in-the-middle and library for Python 3 with the ability to watch connections live or after the fact. |
| rdppot | RDP honeypot |
| RDPy | Microsoft Remote Desktop Protocol (RDP) honeypot implemented in Python. |
| SMB Honeypot | High interaction SMB service honeypot capable of capturing wannacry-like Malware. |
| Tom’s Honeypot | Low interaction Python honeypot. |
| Trapster Commmunity | Modular and easy to install Python Honeypot, with comprehensive alerting |
| troje | Honeypot that runs each connection with the service within a separate LXC container. |
| WebLogic honeypot | Low interaction honeypot to detect CVE-2017-10271 in the Oracle WebLogic Server component of Oracle Fusion Middleware. |
| WhiteFace Honeypot | Twisted based honeypot for WhiteFace. |
Distributed Honeypots
Distributed honeypot tools enable coordinated deployment and management across multiple locations, providing enhanced threat visibility and centralised monitoring capabilities for large-scale security operations.
| Name | Description |
|---|---|
| DemonHunter | Low interaction honeypot server. |
| Modern Honey Network | Multi-snort and honeypot sensor management, uses a network of VMs, small footprint SNORT installations, stealthy dionaeas, and a centralised server for management. |
| Community Honey Network | CHN aims to make deployments honeypots and honeypot management tools easy and flexible. Uses Docker Compose and Docker to deploy with a few simple commands. |
Anti-honeypot Tools
Understanding how attackers detect honeypot tools is crucial for improving deception effectiveness. These tools help security professionals evaluate and enhance their honeypot deployments.
| Name | Description |
|---|---|
| canarytokendetector | Tool for detection and nullification of Thinkst CanaryTokens |
| honeydet | Signature based honeypot detector tool written in Golang |
| kippo_detect | Offensive component that detects the presence of the kippo honeypot. |
ICS/SCADA Honeypots
Industrial control system honeypot tools specialise in emulating critical infrastructure components, providing insights into attacks targeting operational technology environments and industrial networks.
| Name | Description |
|---|---|
| Conpot | ICS/SCADA honeypot. |
| GasPot | Veeder Root Gaurdian AST, common in the oil and gas industry. |
| SCADA honeynet | Building Honeypots for Industrial Networks. |
| gridpot | Open source tools for realistic-behaving electric grid honeynets. |
| scada-honeynet | Mimics many of the services from a popular PLC and better helps SCADA researchers understand potential risks of exposed control system devices. |
SSH Honeypots
SSH types of honeypots represent one of the most popular categories, capturing brute force attacks, credential harvesting attempts, and post-compromise activities targeting secure shell services.
| Name | Description |
|---|---|
| Blacknet | Multi-head SSH honeypot system. |
| Cowrie | Cowrie SSH Honeypot (based on kippo). |
| DShield docker | Docker container running cowrie with DShield output enabled. |
| endlessh | SSH tarpit that slowly sends an endless banner. |
| HonSSH | Logs all SSH communications between a client and server. |
| HUDINX | Tiny interaction SSH honeypot engineered in Python to log brute force attacks and the entire shell interaction performed by the attacker. |
| Kippo | Medium interaction SSH honeypot. |
| Kippo_JunOS | Kippo configured to be a backdoored netscreen. |
| Kojoney2 | Low interaction SSH honeypot written in Python and based on Kojoney by Jose Antonio Coret. |
| Kojoney | Python-based Low interaction honeypot that emulates an SSH server implemented with Twisted Conch. |
| Longitudinal Analysis of SSH Cowrie Honeypot Logs | Python based command line tool to analyse cowrie logs over time. |
| LongTail Log Analysis @ Marist College | Analysed SSH honeypot logs. |
| Malbait | Simple TCP/UDP honeypot implemented in Perl. |
| MockSSH | Mock an SSH server and define all commands it supports (Python, Twisted). |
| cowrie2neo | Parse cowrie honeypot logs into a neo4j database. |
| go-sshoney | SSH Honeypot. |
| go0r | Simple ssh honeypot in Golang. |
| gohoney | SSH honeypot written in Go. |
| hived | Golang-based honeypot. |
| hnypots-agent) | SSH Server in Go that logs username and password combinations. |
| honeypot.go | SSH Honeypot written in Go. |
| honeyssh | Credential dumping SSH honeypot with statistics. |
| hornet | Medium interaction SSH honeypot that supports multiple virtual hosts. |
| ssh-auth-logger | Low/zero interaction SSH authentication logging honeypot. |
| ssh-honeypot | Fake sshd that logs IP addresses, usernames, and passwords. |
| ssh-honeypot | Modified version of the OpenSSH deamon that forwards commands to Cowrie where all commands are interpreted and returned. |
| ssh-honeypotd | Low-interaction SSH honeypot written in C. |
| sshForShits | Framework for a high interaction SSH honeypot. |
| sshesame | Fake SSH server that lets everyone in and logs their activity. |
| sshhipot | High-interaction MitM SSH honeypot. |
| sshlowpot | Yet another no-frills low-interaction SSH honeypot in Go. |
| sshsyrup | Simple SSH Honeypot with features to capture terminal activity and upload to asciinema.org. |
| twisted-honeypots | SSH, FTP and Telnet honeypots based on Twisted. |
Email/Spam Honeypots
Email honeypot tools focus on capturing spam campaigns, phishing attempts, and email-based attacks, providing valuable intelligence about malicious email infrastructure and tactics.
| Name | Description |
|---|---|
| Mail::SMTP::Honeypot | Perl module that appears to provide the functionality of a standard SMTP server. |
| Mailoney | SMTP honeypot written in python. |
| SendMeSpamIDS.py | Simple SMTP fetch all IDS and analyser. |
| Shiva | Spam Honeypot with Intelligent Virtual Analyser. |
| SMTPLLMPot | A super simple SMTP Honeypot built using GPT3.5 |
| SpamHAT | Spam Honeypot Tool. |
| Spamhole | Spam honeypot. |
| honeypot | The Project Honey Pot un-official PHP SDK. |
| spamd | OpenBSD spam deferral daemon. |
Special Purpose Honeypots
Specialised honeypot tools address unique security scenarios, vulnerability research, and emerging threat vectors that require targeted deception capabilities.
| Name | Description |
|---|---|
| CitrixHoneypot | Detect and log CVE-2019-19781 scan and exploitation attempts. |
| Damn Simple Honeypot (DSHP) | Honeypot framework with pluggable handlers. |
| dicompot | DICOM Honeypot. |
| IPP Honey | A honeypot for the Internet Printing Protocol. |
| Log4Pot | A honeypot for the Log4Shell vulnerability (CVE-2021-44228). |
| Masscanned | Let’s be scanned. A low-interaction honeypot focused on network scanners and bots. It integrates very well with IVRE to build a self-hosted alternative to GreyNoise. |
| medpot | HL7 / FHIR honeypot. |
| NOVA | Uses honeypots as detectors, looks like a complete system. |
| OpenFlow Honeypot (OFPot) | Redirects traffic for unused IPs to a honeypot, built on POX. |
| OpenCanary | Modular and decentralised honeypot daemon that runs several canary versions of services that alerts when a service is (ab)used. |
| ciscoasa_honeypot | A low interaction honeypot for the Cisco ASA component capable of detecting CVE-2018-0101, a DoS and remote code execution vulnerability. |
| miniprint | A medium interaction printer honeypot. |
| Honeypot-32764 | Honeypot for router backdoor (TCP 32764). |
| WAPot | Honeypot that can be used to observe traffic directed at home routers. |
| Ghost-usb | Honeypot for malware that propagates via USB storage devices. |
| HoneyThing | TR-069 Honeypot. |
| Kako | Honeypots for a number of well known and deployed embedded device vulnerabilities. |
Honeytokens
Honeytoken technologies extend honeypot tools by embedding deceptive elements directly within production environments, triggering alerts when accessed by unauthorised parties.
| Name | Description |
|---|---|
| CanaryTokens | Self-hostable honeytoken generator and reporting dashboard; demo version available at CanaryTokens.org. |
| Honeybits | Simple tool designed to enhance the effectiveness of your traps by spreading breadcrumbs and honeytokens across your production servers and workstations to lure the attacker toward your honeypots. |
| Honeyλ (HoneyLambda) | Simple, serverless application designed to create and monitor URL honeytokens, on top of AWS Lambda and Amazon API Gateway. |
| dcept | Tool for deploying and detecting use of Active Directory honeytokens. |
| honeyku | Heroku-based web honeypot that can be used to create and monitor fake HTTP endpoints (i.e. honeytokens). |
Analysis Tools
Effective honeypot tools require sophisticated analysis capabilities to process captured data and extract actionable threat intelligence from attacker interactions.
| Name | Description |
|---|---|
| Argos | Emulator for capturing zero-day attacks. |
| Cuckoo | Leading open source automated malware analysis system. |
| Hybrid Analysis | Free malware analysis service powered by Payload Security that detects and analyses unknown threats using a unique Hybrid Analysis technology. |
| Joebox Cloud | Analyses the behaviour of malicious files including PEs, PDFs, DOCs, PPTs, XLSs, APKs, URLs and MachOs on Windows, Android and Mac OS X for suspicious activities. |
| VirusTotal | Analyse suspicious files and URLs to detect types of malware, and automatically share them with the security community. |
| IVRE | Network recon framework, published by @cea-sec & @ANSSI-FR. Build your own, self-hosted and fully-controlled alternatives to Criminalip / Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, collect and analyse network intelligence from your sensors, and much more! |
Visualisation Tools
Honeypot tools generate substantial data volumes requiring effective visualisation and reporting capabilities to identify patterns, trends, and actionable security insights.
| Name | Description |
|---|---|
| DionaeaFR | Front Web to Dionaea low-interaction honeypot. |
| Django-kippo | Django App for kippo SSH Honeypot. |
| Kippo-Graph | Full featured script to visualise statistics from a Kippo SSH honeypot. |
| HoneyMap | Real-time websocket stream of GPS events on a fancy SVG world map. |
| Tango | Honeypot Intelligence with Splunk. |
| Acapulco | Automated Attack Community Graph Construction. |
| Glastopf Analytics | Easy honeypot statistics. |
| HoneyMalt | Maltego transforms for mapping Honeypot systems. |
Docker-based Honeypots
Container-based honeypot tools offer simplified deployment, enhanced portability, and standardised configuration management for modern infrastructure environments.
| Name | Description |
|---|---|
| Docker honeynet | Several Honeynet tools set up for Docker containers. |
| Dockerized Thug | Dockerized Thug to analyse malicious web content. |
| Dockerpot | Docker based honeypot. |
| Manuka | Docker based honeypot (Dionaea and Kippo). |
| honey_ports | Very simple but effective docker deployed honeypot to detect port scanning in your environment. |
| mhn-core-docker | Core elements of the Modern Honey Network implemented in Docker. |
| T-Pot | All in one honeypot appliance from telecom provider T-Mobile |
Complete Honeypot Projects
Comprehensive honeypot tools that provide end-to-end deception platforms, combining multiple honeypot technologies with centralised management and advanced analytics capabilities.
| Name | Description |
|---|---|
| beelzebub | A secure honeypot framework, extremely easy to configure by yaml |
| Bifrozt | Automatic deploy bifrozt with ansible. |
| SIREN | Semi-Intelligent HoneyPot Network – HoneyNet Intelligent Virtual Environment. |
| Cymmetria Mazerunner | Leads attackers away from real targets and creates a footprint of the attack. |
| Honeeepi | Honeypot sensor on a Raspberry Pi based on a customised Raspbian OS. |
| honeypotpi | Script for turning a Raspberry Pi into a HoneyPot Pi. |
Implementation
Successfully deploying honeypot tools requires careful planning and consideration of legal, technical, and operational factors. Security professionals should ensure proper network segmentation, implement robust logging mechanisms, and establish clear incident response procedures. Regular maintenance and monitoring of honeypot tools ensures optimal performance and threat detection capabilities.
When selecting appropriate honeypot tools for your environment, consider factors such as interaction level requirements, resource constraints, and specific threat scenarios you wish to monitor. Low-interaction honeypots offer resource efficiency and reduced risk, while high-interaction variants provide detailed attack analysis capabilities. Legal considerations surrounding honeypot tools vary by jurisdiction and deployment context.
Conclusion
This comprehensive guide to different types of honeypots represents an extensive collection of deception technologies available to modern security professionals. From database-specific traps to industrial control system emulators, these various types of honeypots provide invaluable insights into attacker methodologies and emerging threat vectors.
The evolution of different types of honeypots continues alongside advancing cyber threats, with artificial intelligence integration, cloud-native deployments, and enhanced automation capabilities driving innovation in deception technology. Security teams implementing these diverse types of honeypots gain significant advantages in threat detection, intelligence gathering, and proactive defence capabilities.
Regular evaluation and updates of different types of honeypots ensure continued effectiveness against evolving attack techniques. The combination of multiple types of honeypots, comprehensive monitoring, and proper analysis creates robust security architectures capable of detecting and analysing sophisticated threats across diverse network environments.
如有侵权请联系:admin#unsafe.sh