- Conpot
- Wordpot
- Shockpot
- p0f
- Suricata
- Glastopf
- ElasticHoney
- Amun
- Snort
- Cowrie
- Dionaea
Conpot is an ICS honeypot with the goal to collect intelligence about the motives and methods of adversaries targeting industrial control systems.
Wordpot is a WordPress honeypot which detects probes for plugins, themes, timthumb and other common files used to fingerprint a wordpress installation.
Shockpot is a web app honeypot designed to find attackers attempting to exploit the Bash remote code vulnerability, CVE-2014-6271.
P0f is a tool that utilizes an array of sophisticated, purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications (often as little as a single normal SYN) without interfering in any way.
Suricata is capable of real time intrusion detection (IDS), inline intrusion prevention (IPS), network security monitoring (NSM) and offline pcap processing.
Glastopf is a Python web application honeypot, that collects information about web application-based attacks like for example remote file inclusion, SQL injection, and local file inclusion attacks.
Elastichoney is a simple elasticsearch honeypot designed to catch attackers exploiting RCE vulnerabilities in elasticsearch.
Amun was the first python-based low-interaction honeypot, following the concepts of Nepenthes but extending it with more sophisticated emulation and easier maintenance.
Snort is an open source intrusion prevention system capable of real-time traffic analysis and packet logging.
Cowrie is a medium interaction SSH and Telnet honeypot designed to log brute force attacks and the shell interaction performed by the attacker.
Dionaea is meant to be a nepenthes successor, embedding python as scripting language, using libemu to detect shellcodes, supporting ipv6 and tls.