22 Open Source Deception Software Projects

honeyλ - a simple, serverless application designed to create and monitor fake HTTP endpoints (i.e. URL honeytokens) automatically, on top of AWS Lambda and Amazon API Gateway

Credentials catching honeypot

DejaVU - Open Source Deception Framework

Deception based detection techniques mapped to the MITRE’s ATT&CK framework

A PoC tool designed to enhance the effectiveness of your traps by spreading breadcrumbs & honeytokens across your systems to lure the attacker toward your honeypots

A PowerShell module to deploy active directory decoy objects.

OWASP Honeypot, Automated Deception Framework.

Cowrie Docker GitHub repository

A Heroku-based web honeypot that can be used to create and monitor fake HTTP endpoints (i.e. honeytokens).

Distributed Honeypot

This project is designed to create deceptive webpages to deceive and redirect attackers away from real websites.

Designed to be installed on a fresh install of raspbian on a raspberry pi, by combining Respounder (Responder detection) and Artillery (port and service spoofing) for network deception, this tool allows you to detect an attacker on the network quickly by weeding out general noisy alerts with only those that matter.

A repository dedicated to terminal escape injections.

WebLogic Honeypot is a low interaction honeypot to detect CVE-2017-10271 in the Oracle WebLogic Server component of Oracle Fusion Middleware. This is a Remote Code Execution vulnerability.

Windows version of honeybits - a PoC tool to create breadcrumbs and honeytokens, to lead the attackers to your honeypots!

Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io

安全、快捷、高交互、企业级的蜜罐管理系统，支持多种协议蜜罐、蜜签、诱饵等功能。A safe, fast, highly interactive and enterprise level honeypot management system, supports multiple protocol honeypots, honeytokens, baits and other functions.

HellPot is a portal to endless suffering meant to punish unruly HTTP bots.

🐝 DecoyMini•智能仿真与攻击诱捕工具是基于商业化蜜罐产品积累而推出的免费蜜罐工具。工具支持主流操作系统，安装使用简单，通过一键式导入云端仿真模板库就可以在用户网络快速部署多样化的虚假服务和应用；同时支持采用可视化仿真编排引擎通过界面配置即可实现对自定义的网络协议、服务或应用的仿真能力。通过部署虚假的服务和应用，吸引攻击者进行攻击，在虚假环境中对攻击者行为进行抓取和存储，基于对攻击者的行为分析来实现攻击预警、威胁分析和溯源取证；工具加入了云情报分享激励计划，通过情报和仿真模板的分享用户还可以获得丰厚的奖励。

DICOM Honeypot

MITRE Shield website

MICROS Honeypot is a low interaction honeypot to detect CVE-2018-2636 in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (MICROS). This is a directory traversal vulnerability.