Directory
Honeypots
Honeypots are a highly flexible security tool with differing applications for security. They don't fix a single problem, instead they have multiple uses, such as prevention, detection, or information gathering. Honeypots all share the same concept, a security resource that should not have any production or authorized activity. This makes them very simple to use.
There are two general types of honeypots, production and research. Production honeypots are easy to use, capture only limited information, and used primarily by companies or corporations. Research honeypots are complex to deploy and maintain, capture extensive information, and used primarily by research, military, or government organizations. [Lance Spitzner]
If you are intending to play with honeypots I would strongly suggest visiting the HoneyNet Project site at http://www.honeynet.org Furthermore, I don't want to replicate their tools page which contains some additional cool products for handling HoneyNet data. Finally read their book Know Your Enemy 2 or Lance Spitzner's book Honeypots: Tracking Hackers
This page contains some tools that do not meet with The HoneyNet description.
pyprofjsploit
Visit the Product Sitepyprofjsploit is a library for low-interaction client honeypot creation based on libemu
Honeystick
Visit the Product Site
A HoneyStick is a portable honeynet demonstration and incident response tool - an complete OS platform, GenIII honeywall and one or more honeypots on a single bootable USB stick.
HoneyBow
Visit the Product SiteHoneyBow is a framework that builds around VMWare and also sits inside of the guest to create a high-interaction malware collection honeypot
DShield Web Honeypot
Visit the Product SiteThe Web Honeypot is a part of DShield project which aimed to collect quantitative data measuring the activity of automated or semi-automated probes against web applications. It collect logs for webapps to supplement the extensive data collection Dshield a ...
Bait n Switch
Visit the Product SiteThe Bait and Switch Honeypot is a multifaceted attempt to take honeypots out of the shadows of the network security model and to make them an active participant in system defense. To do this, we are creating a system that reacts to hostile intrusion attem ...
Deception Toolkit
Visit the Product SiteDTK, the deception is intended to make it appear to attackers as if the system running DTK has a large number of widely known vulnerabilities. DTK's deception is programmable, but it is typically limited to producing output in response to attacker input i ...
HOACD
Visit the Product SiteHOACD means Honeyd+OpenBSD+Arpd in a CD. It is the implementation of a low-interaction honeypot that runs directly from a CD and stores its logs and configuration files on a hard disk. The CD is bootable and uses the OpenBSD operating system, the low-int ...
Honeynet Security Console
Visit the Product SiteHoneynet Security Console is an analysis tool to view events on your personal honeynet. It gives you the power to view events from Snort, TCPDump, Firewall, Syslog and Sebek logs. It also allows you to correlate events from each of these data types to hav ...
HoneyD
Visit the Product SiteHoneyd is a small daemon that creates virtual hosts on a network. The hosts can be configured to run arbitrary services, and their personality can be adapted so that they appear to be running certain operating systems. Honeyd enables a single host to clai ...
HoneyComb
Visit the Product SiteHoneycomb is good at spotting worms. For example, Honeycomb creates detailed signatures for Slammer and Code Red (far more detailed than the typical web server request line) on a typical end-user DSL connection. But the system has lots of other potential ...
HoneyWall CDROM
Visit the Product SiteHoneywall CDROM is our primary high-interaction tool for capturing, controling and analyzing attacks. It creates an architecture that allows you to deploy both low-interaction and high-interaction honeypots, but is designed primarily for high-interaction.
KFSensor
Visit the Product SiteIt acts as a honey pot to attract and detect hackers by simulating vulnerable system services and trojans. The system is highly configurable and features detailed logging, analysis of attack and security alerts. This approach complements other forms of se ...
LaBrea Tarpit
Visit the Product SiteLaBrea is a program that creates a tarpit or, as some have called it a "sticky honeypot". LaBrea takes over unused IP addresses on a network and creates "virtual machines" that answer to connection attempts. LaBrea answers those connection attempts in a w ...
NetFacade
Visit the Product SiteThe Verizon NetFacade Intrusion Detection service creates a Honeynet that exists to alert network security or management personnel of an intrusion. In addition, it has a secondary effect of distracting intruders from probing and attacking the real targets ...
PatriotBox
Visit the Product SiteUse PatriotBox to help reduce spam on the Internet. PatriotBox simulates an Open Relay Mail server. Spammers think they are relaying mail, but no mail ever leaves PatriotBox and PatriotBox logs every move they make.
Sebek
Visit the Product SiteSebek is a data capture tool designed to capture the attackers activities on a honeypot, without the attacker (hopefully) knowing it. It has two components. The first is a client that runs on the honeypots, its purpose is to capture all of the attackers a ...
Sombria
Visit the Product SiteSombria is a honeypot system comprised of a web server, a firewall and an intrusion detection system that is intended for the sole purpose of network surveillance and research. This combination of surveillance technologies makes it possible to control and ...
Specter
Visit the Product SiteSPECTER is a smart honeypot or deception system. It simulates a complete machine, providing an interesting target to lure hackers away from the production machines. SPECTER offers common Internet services such as SMTP, FTP, POP3, HTTP and TELNET which app ...
Tiny Honeypot
Visit the Product SiteTiny Honeypot (thp) is a simple honey pot program based on iptables redirects and an xinetd listener. It listens on every TCP port not currently in use, logging all activity and providing some feedback to the attacker. The responders are entirely written ...
WormRadar
Visit the Product SiteWelcome to the home of WormRadar. The chart below is a summary of all worm and probe activity detected by WormRadar nodes around the world, and is refreshed about every 30 minutes. "Summarised" means that multiple hits from a single source IP to a single ...