Awesome Honeypots 
A curated list of awesome honeypots, plus related components and much more, divided into categories such as Web, services, and others, with a focus on free and open source projects.
There is no pre-established order of items in each category, the order is for contribution. If you want to contribute, please read the guide.
Discover more awesome lists at sindresorhus/awesome.
Contents
Related Lists
Commercial Honepots
- honerix - Honerix is a distributed system for capturing web-based attacks. Honerix works by simulating vulnerable applications, with the goal of pushing attackers into deploying their malicious payload.
Honeypots
Honeypots
-
Database Honeypots
- Acra - Effective SQL database protection suite: strong selective encryption, SQL injections prevention, intrusion detection system based on using honeypots/poison records in the database.
- Delilah - An Elasticsearch Honeypot written in Python.
- ESPot - An Elasticsearch honeypot written in NodeJS, to capture every attempts to exploit CVE-2014-3120.
- Elastic honey - A Simple Elasticsearch Honeypot.
- HoneyMysql - A simple Mysql honeypot project.
- MongoDB-HoneyProxy - A MongoDB honeypot proxy.
- NoSQLpot - The NoSQL Honeypot Framework.
- mysql-honeypotd - Low interaction MySQL honeypot written in C.
- MysqlPot - A mysql honeypot, still very very early stage.
- pghoney - Low-interaction Postgres Honeypot.
- sticky_elephant - medium interaction postgresql honeypot.
-
Delilah - Elasticsearch Honeypot written in Python (originally from Novetta).
- ESPot - Elasticsearch honeypot written in NodeJS, to capture every attempts to exploit CVE-2014-3120.
- ElasticPot - An Elasticsearch Honeypot.
- Elastic honey - Simple Elasticsearch Honeypot.
- MongoDB-HoneyProxy - MongoDB honeypot proxy.
- NoSQLpot - Honeypot framework built on a NoSQL-style database.
- mysql-honeypotd - Low interaction MySQL honeypot written in C.
- MysqlPot - MySQL honeypot, still very early stage.
- pghoney - Low-interaction Postgres Honeypot.
- sticky_elephant - Medium interaction postgresql honeypot.
-
RedisHoneyPot - High Interaction Honeypot Solution for Redis protocol.
-
Blockchain honeypots
-
Web honeypots
-
Krawl - Lightweight deception server and anti‑crawler that deploys realistic fake web applications with low‑hanging vulnerabilities and randomly generated decoy data.
- Cloud Active Defense - Cloud active defense lets you deploy decoys right into your cloud applications, putting adversaries into a dilemma: to hack or not to hack?
- Express honeypot - RFI & LFI honeypot using nodeJS and express.
- EoHoneypotBundle - Honeypot type for Symfony2 forms.
- FCaptcha - Self-hosted CAPTCHA that acts as an inline honeypot, detecting bots and vision AI agents through 40+ behavioral signals, headless browser fingerprinting, and SHA-256 proof of work.
- Glastopf - Web Application Honeypot.
- Google Hack Honeypot - Designed to provide reconnaissance against attackers that use search engines as a hacking tool against your resources.
- HellPot - Honeypot that tries to crash the bots and clients that visit it's location.
- Laravel Application Honeypot - Simple spam prevention package for Laravel applications.
- Lophiid - Distributed web application honeypot to interact with large scale exploitation attempts.
- Nodepot - NodeJS web application honeypot.
- PasitheaHoneypot - RestAPI honeypot.
- Servletpot - Web application Honeypot.
- Shadow Daemon - Modular Web Application Firewall / High-Interaction Honeypot for PHP, Perl, and Python apps.
- StrutsHoneypot - Struts Apache 2 based honeypot as well as a detection module for Apache 2 servers.
- WebTrap - Designed to create deceptive webpages to deceive and redirect attackers away from real websites.
- basic-auth-pot (bap) - HTTP Basic Authentication honeypot.
- bwpot - Breakable Web applications honeyPot.
- django-admin-honeypot - Fake Django admin login screen to notify admins of attempted unauthorized access.
- drupo - Drupal Honeypot.
- flux - Dynamic Web Honeypot with Canary Token Integration that is being actively maintained by LLMs.
- galah - an LLM-powered web honeypot using the OpenAI API.
- honeyhttpd - Python-based web server honeypot builder.
- honeyup - An uploader honeypot designed to look like poor website security.
- modpot - Modpot is a modular web application honeypot framework and management application written in Golang and making use of gin framework.
- nginx-honeypot - A simple honeypot based on NGINX configuration that logs and blocks bots scanning for vulnerabilities.
- owa-honeypot - A basic flask based Outlook Web Honey pot.
- phpmyadmin_honeypot - Simple and effective phpMyAdmin honeypot.
- shockpot - WebApp Honeypot for detecting Shell Shock exploit attempts.
- smart-honeypot - PHP Script demonstrating a smart honey pot.
- Snare/Tanner - successors to Glastopf
- Snare - Super Next generation Advanced Reactive honeypot.
- Tanner - Evaluating SNARE events.
- stack-honeypot - Inserts a trap for spam bots into responses.
- tomcat-manager-honeypot - Honeypot that mimics Tomcat manager endpoints. Logs requests and saves attacker's WAR file for later study.
- WordPress honeypots
- HonnyPotter - WordPress login honeypot for collection and analysis of failed login attempts.
- HoneyPress - Python based WordPress honeypot in a Docker container.
- wp-smart-honeypot - WordPress plugin to reduce comment spam with a smarter honeypot.
- WebDecoy - Zero-configuration WordPress plugin with invisible honeypot fields, behavioral analysis, and SHA-256 proof-of-work challenges to detect bots, headless browsers, and automation frameworks.
- wordpot - WordPress Honeypot.
-
Python-Honeypot - OWASP Honeypot, Automated Deception Framework.
-
Service Honeypots
- ADBHoney - Low interaction honeypot that simulates an Android device running Android Debug Bridge (ADB) server process.
- AMTHoneypot - Honeypot for Intel's AMT Firmware Vulnerability CVE-2017-5689.
- ddospot - NTP, DNS, SSDP, Chargen and generic UDP-based amplification DDoS honeypot.
- dionaea - Home of the dionaea honeypot.
- dhp - Simple Docker Honeypot server emulating small snippets of the Docker HTTP API.
- DolosHoneypot - SDN (software defined networking) honeypot.
- Ensnare - Easy to deploy Ruby honeypot.
- GenAIPot - The first A.I based open source honeypot. supports POP3 and SMTP protocols and generates content using A.I based on user description.
- Helix - K8s API Honeypot with Active Defense Capabilities.
- honeycomb_plugins - Plugin repository for Honeycomb, the honeypot framework by Cymmetria.
- [honeydb] (https://honeydb.io/downloads) - Multi-service honeypot that is easy to deploy and configure. Can be configured to send interaction data to to HoneyDB's centralized collectors for access via REST API.
- honeyntp - NTP logger/honeypot.
- honeypot-camera - Observation camera honeypot.
- honeypot-ftp - FTP Honeypot.
- honeypots - 25 different honeypots in a single pypi package! (dns, ftp, httpproxy, http, https, imap, mysql, pop3, postgres, redis, smb, smtp, socks5, ssh, telnet, vnc, mssql, elastic, ldap, ntp, memcache, snmp, oracle, sip and irc).
- honeytrap - Advanced Honeypot framework written in Go that can be connected with other honeypot software.
- HoneyPy - Low interaction honeypot.
- Honeygrove - Multi-purpose modular honeypot based on Twisted.
- Honeyport - Simple honeyport written in Bash and Python.
- Honeyprint - Printer honeypot.
- Lyrebird - Modern high-interaction honeypot framework.
- MICROS honeypot - Low interaction honeypot to detect CVE-2018-2636 in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (MICROS).
- node-ftp-honeypot - FTP server honeypot in JS.
- pyrdp - RDP man-in-the-middle and library for Python 3 with the ability to watch connections live or after the fact.
- rdppot - RDP honeypot
- RDPy - Microsoft Remote Desktop Protocol (RDP) honeypot implemented in Python.
- SMB Honeypot - High interaction SMB service honeypot capable of capturing wannacry-like Malware.
- Tom's Honeypot - Low interaction Python honeypot.
- Trapster Commmunity - Modural and easy to install Python Honeypot, with comprehensive alerting
- troje - Honeypot that runs each connection with the service within a separate LXC container.
- WebLogic honeypot - Low interaction honeypot to detect CVE-2017-10271 in the Oracle WebLogic Server component of Oracle Fusion Middleware.
-
WhiteFace Honeypot - Twisted based honeypot for WhiteFace.
-
Distributed Honey