github.com/Honeytrap/honeytrap ↗

About Honeytrap/honeytrap

Honeytrap is an extensible open-source framework for deploying, managing, and monitoring honeypots at scale. Built in Go, it allows security teams to run multiple services on a single honeypot instance, such as a simulated LAMP server, while maintaining centralized management through a server-agent architecture where agents automatically download configurations and report findings back to a central Honeytrap Server.

The framework supports both low and high interaction honeypots, with the ability to seamlessly upgrade connections to high interaction modes using LXC containers or remote hosts with man-in-the-middle proxying. It includes sophisticated payload detection that enables a single port to handle multiple protocols and can monitor lateral movement within networks through sensor listeners. The system integrates with existing honeypots like Cowrie and Glutton while providing its own advanced logging infrastructure that can output to Elasticsearch, Kafka, Splunk, Raven, files, or console.

Honeytrap is designed for organizations deploying large numbers of honeypot agents across their infrastructure, allowing them to maintain centralized logging and configuration management at scale. It extracts detailed information from captured interactions and provides extensive customization options for services and detection mechanisms, making it suitable for security teams ranging from small deployments to enterprise-wide threat monitoring operations.