gitmyhub

HFish

★ 4.5k updated 3mo ago

安全、可靠、简单、免费的企业级蜜罐

A free enterprise honeypot platform that deploys 90+ types of fake services to detect attackers inside and outside a corporate network, with one-click deployment and multi-platform support.

LinuxWindowssetup: moderatecomplexity 3/5

HFish is a Chinese-built enterprise honeypot platform available free to the community. A honeypot is a decoy system set up to look like a real server or service, designed to attract attackers so their activity can be detected and logged before they reach actual systems. HFish packages this concept for corporate security teams and covers three scenarios: detecting threats that are already inside the internal network, sensing threats coming from outside, and generating threat intelligence from the activity recorded.

The platform supports over 90 types of fake services. These cover a broad range of what a typical corporate network runs, including web servers, email systems, OA office platforms, CRM systems, NAS storage, network equipment like switches and routers, wireless access points, IoT devices, and various security products. When an attacker interacts with any of these decoy services, HFish logs the contact and can send an alert. Users can also build custom web-based honeypots beyond the built-in list.

HFish runs as a management console connected to one or more honeypot nodes. The README notes that users deploy the management side first, then add nodes either from the built-in option or as separate installs. Deployment is described as one-click. The platform runs on Linux (x32, x64, ARM), Windows (x32, x64), and several Chinese domestic operating systems and processor architectures. Alerts go out via email, syslog, webhook, or popular Chinese messaging apps including WeChat Work, DingTalk, and Feishu.

Additional features include the ability to forward suspicious traffic to a cloud honeypot network at no extra cost, a full-port scan detection mode, and configurable decoy file placements. The README is primarily in Chinese.

Fields for this entry are based on the README content.

Where it fits