A low-interaction network honeypot with real-time attack visualization.
Check out the Live Demo.
<img alt="Live Demo" src="https://github.com/Shmakov/Honeypot/raw/main/static/demo_dark.png">
# Clone and build
git clone https://github.com/Shmakov/Honeypot.git
cd Honeypot
cargo build --release
# Optional: Download GeoIP database from MaxMind and place in data/GeoLite2-City.mmdb
# Run (requires elevated permissions for low ports)
sudo ./target/release/honeypot
Edit config.toml or use environment variables (prefix: HONEYPOT_, nested: __):
See .env.example for all environment variable options.
| Endpoint | Description |
|---|---|
GET / |
Dashboard |
GET /stats |
Statistics page |
GET /events |
SSE event stream |
GET /api/recent |
Recent events + credentials |
GET /api/stats?hours=24 |
Attack statistics |
GET /api/countries?hours=24 |
Country breakdown |
docker-compose up -d
cargo build --release
sudo setcap 'cap_net_bind_service=+ep' ./target/release/honeypot
./target/release/honeypot
sudo cp deploy/honeypot.service /etc/systemd/system/
sudo systemctl enable --now honeypot
For HTTPS with automatic certificates, see deploy/CADDY.md.
$ claude mcp add Honeypot \
-- python -m otcore.mcp_server <graph>