Leading Honeypot Products

Some leading honeypot products are


Honeyd is a small daemon that creates virtual hosts on a network. The hosts can be configured to run arbitrary services, and their personality can be adapted so that they appear to be running certain operating systems. Honeyd enables a single host to claim multiple addresses - I have tested up to 65536 - on a LAN for network simulation. Honeyd improves cyber security by providing mechanisms for threat detection and assessment. It also deters adversaries by hiding real systems in the middle of virtual systems. Honeyd is created for Unix Operating Systems and Honeyd is open source software released under GNU General Public License.


HoneyBOT is a windows based low interaction honeypot solution. HoneyBOT works by opening a large range of listening sockets on your computer from which a selection of these sockets are designed to mimic vulnerable services. When an attacker connects to these services they are fooled into thinking they are attacking a real server. The honeypot safely captures all communications with the attacker and logs these results for future analysis. Should an attacker attempt an exploit or upload a rootkit or trojan to the server the honeypot environment can safely store these files on your computer for malware collection and analysis purposes.


Multipot is a emulation based honeypot designed to capture malicious code which spreads through various exploits across the net. Design specifications for this project mandated that the captures be done in such a way so that the host machine would require only minimal supervision and would not itself risk getting infected. Multipot was designed to emulate exploitable services to safely collect malicious code.

Glastopf Project

Many of today's most advanced attacks now happen at the web application layer. This solution is designed to capture information on the latest web application attacks using scalable and easy to deploy low-interaction server honeypots. Glastopf is a minimalistic web server emulator written in Python. The honeypot tool collects information about web application-based attacks like for example remote file inclusion, SQL injection, and local file inclusion attacks. Glastopf scans the incoming request for strings like "=http://" or "=ftp://". If this matches, we try to download and analyze the file and respond as close as possible to the attacker's expectations. If we fulfill them, the attacker sends us for example a bot, shell or spreader. Those files could for example be analyzed for IRC information to infiltrate the botnet behind this kind of attacks. The collected data is stored in a MySQL database that can be browsed via a web interface.


Argos is a full and secure system emulator designed for use in honeypots. It is based on Qemu, an open source emulator that uses dynamic translation to achieve a fairly good emulation speed.

Argos extends Qemu to enable it to detect remote attempts to compromise the emulated guest operating system. Using dynamic taint analysis it tracks network data throughtout execution and detects any attempts to use them in an illegal way. When an attack is detected the memory footprint of the attack is logged.


KFSensor is a Commercial Windows based honeypot Intrusion Detection System (IDS).

It acts as a honeypot to attract and detect hackers and worms by simulating vulnerable system services and trojans.
By acting as a decoy server it can divert attacks from critical systems and provide a higher level of information than can be achieved by using firewalls and NIDS alone.


NetBait is a proprietary technology developed by NetBait, Inc. to prevent, detect and analyze intruders' attacks on companies' networks. NetBait is based on the concept of a "Honeypot," which means that it is a decoy which lures intruders away from actual network data and instead gives them "bait" with false information.

GHH - The "Google Hack" Honeypot

Google Hack Honeypot is the reaction to a new type of malicious web traffic: search engine hackers. GHH is a “Google Hack” honeypot. It is designed to provide reconaissance against attackers that use search engines as a hacking tool against your resources. GHH implements honeypot theory to provide additional security to your web presence.

Related Tutorials