awesome-honeypots
an awesome list of honeypot resources
A curated list of honeypot tools, decoy systems that attract and log attackers, organized by the type of service they fake, including databases, web apps, SSH, FTP, and industrial control systems.
A honeypot is a decoy system or service that pretends to be a real target, designed to attract attackers and record what they do. This repository is a curated, community-maintained collection of honeypot software, organized into categories that cover databases, web applications, networking protocols, email, and more. If someone is researching how attackers behave or wants to add deceptive traps to their own infrastructure, this list is a starting point for finding existing tools rather than building from scratch.
The collection is divided by the type of service being faked. Database honeypots mimic MySQL, PostgreSQL, Redis, Elasticsearch, and MongoDB so that anyone probing those ports gets logged instead of finding real data. Web honeypots simulate vulnerable applications, login pages, upload forms, WordPress installs, and Django admin screens to catch common scanning and exploitation attempts. Service honeypots cover a wide range of protocols, including SSH, FTP, VoIP, Kubernetes APIs, Android Debug Bridge, and industrial control systems, giving researchers a broad palette for monitoring different attack surfaces.
Beyond the honeypots themselves, the list includes supporting tools: honeyd plugins for building more complex virtual networks, traffic analysis utilities, log visualization dashboards, and data pipelines for processing the events that honeypots generate. There are also guides and research papers included for those who want background reading on the topic before deploying anything.
Most entries are open source projects hosted on GitHub or GitLab, ranging from small proof-of-concept scripts to more mature frameworks maintained by security companies and academic research groups. The list is not ranked by quality or popularity; items appear in the order contributions were made. Anyone can add a new tool by following the contributing guide linked in the repository. The list itself does not contain ready-to-use software, it links out to each project's own repository where installation instructions live.
The full README is longer than what was shown.
Where it fits
- Find an existing honeypot tool that mimics a specific service like MySQL or SSH instead of building one from scratch
- Research attacker behavior by deploying a web honeypot that simulates a vulnerable WordPress or Django login page
- Add decoy database services to your network to detect unauthorized port scanning or credential stuffing attempts
- Explore log visualization and traffic analysis tools that process the events honeypots generate