honeytrap

README

Honeytrap

Honeytrap is an extensible and opensource system for running, monitoring and managing honeypots.

Features

• Combine multiple services to one honeypot, eg a LAMP server
• Honeytrap Agent will download the configuration from the Honeytrap Server
• Use the Honeytrap Agent to redirect traffic out of the network to a seperate network
• Deploy a large amount agents while having one Honeytrap Server, configuration will be downloaded automatically and logging centralized
• Payload detection to determine which service should handle the request, one port can handle multiple protocols
• Monitor lateral movement within your network with the Sensor listener. The sensor will complete the handshake (in case of tcp), and store the payload
• Create high interaction honeypots using the LXC or remote hosts directors, traffic will be man-in-the-middle proxied, while information will be extracted
• Extend honeytrap with existing honeypots (like cowrie or glutton), while using the logging and listening framework of Honeytrap
• Advanced logging system with filtering and logging to Elasticsearch, Kafka, Splunk, Raven, File or Console
• Services are easily extensible and will extract as much information as possible
• Low- to high interaction Honeypots, where connections will be upgraded seamless to high interaction

To start using Honeytrap

See our documentation on docs.honeytrap.io.

Community

Join the honeytrap-users mailing list to discuss all things Honeytrap.

Creators

DutchSec’s mission is to safeguard the evolution of technology and therewith humanity. By delivering groundbreaking and solid, yet affordable security solutions we make sure no people, companies or institutes are harmed while using technology. We aim to make cyber security available for everyone.

Our team consists of boundary pushing cyber crime experts, grey hat hackers and developers specialized in big data, machine learning, data- and context driven security. By building open source and custom-made security tooling we protect and defend data, both offensively and proactively.

We work on the front line of security development and explore undiscovered grounds to fulfill our social (and corporate) responsibility. We are driven by the power of shared knowledge and constant learning, and hope to instigate critical thinking in all who use technology in order to increase worldwide safety. We therefore stimulate an open culture, without competition or rivalry, for our own team, as well as our clients. Security is what we do, safety is what you get.

Copyright and license

Code and documentation copyright 2016-2019 DutchSec B.V..

Code released under Apache License, Version 2.0.

Documentation

Overview

Copyright 2016-2019 DutchSec (https://dutchsec.com/)

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.