| Alkasis Software: Manufacturer of the PatriotBox HoneyPot server. |
| An Evening with Berferd: A hacker is lured, endured, and studied. One of the first examples of a honeypot. First published in 1992. |
| Anton Chuvakin Honeynet Reseach and Live Stats: Live honeynet data, papers produced as a result of the honeynet research and other honeypot and honeynet related resources. |
| B.A.S.T.E.D.: A program that acts as a honeypot for spammers who use spambots to harvest email addresses from Web sites. |
| Back Officer Friendly: Created to detect when anyone attempts a Back Orifice scan against your computer. Also detects attempted connections to other services, such as Telnet, FTP, SMTP, POP3 and IMAP2. |
| Bubblegum proxypot: An open proxy honeypot (proxypot) that pretends to be an open proxy. Designed primarily to catch the mail spammer. |
| Building a GenII Honeynet Gateway: This is a short guide to build a GenII Honeynet Gateway, also called a Honeywall, under Linux, broaching the most common problems and providing several solutions and tips. |
| Chinese Honeynet Project: The Artemis Project (Chinese Honeynet Project). |
| Deception ToolKit (DTK): A toolkit designed to make it appear to attackers as if the system running DTK has a large number of widely known vulnerabilities. |
| Deploying and Using Sinkholes: Configuring and deploying Sink Hole Routers, which are the network equivalent of a honey pot. |
| EruditeAegis.net - Papers on Honeypot technology: Connection Redirection Applied to Production Honeypot. |
| fakeAP: Generates thousands of counterfeit 802.11b access points for use as part of a honeypot or to confuse Wardrivers, NetStumblers, Script Kiddies, and other undesirables. |
| GHH - The "Google Hack" Honeypot: GHH emulates a vulnerable web application by allowing itself to be indexed by search engines. It is hidden from casual page viewers, but is found through the use of a crawler or search engine. |
| Honey Web: An Active Server Pages (ASP) compliant web server honey pot, that detects common attacks against web servers and logs the requests in a real-time viewer . It can recognize Buffer Overflows , Denial of Service attacks, Directory Transversal attacks, SQL Injection attacks , XSS attacks , Session hijacking attacks. |
| Honeybee: A tool for semi-automatically creating emulators of network server applications. |
| HoneyC Low-Interaction Client Honeypot: A platform independent low interaction client honeypot that allows identify rogue servers on the web. |
| Honeycomb: A system for automated generation of signatures for network intrusion detection systems (NIDSs). |
| Honeyd: Small daemon that creates virtual hosts on a network (honeypot). Can be used as a virtual honeynet, for network monitoring, or as a spam trap. For *BSD, GNU/Linux, and Solaris. |
| Honeyd Control Center: Honeyd configuration wizard, a SQL Interface, and reports. |
| HoneyNet Project: A community of organizations actively researching, developing and deploying Honeynets and sharing the lessons learned. |
| Honeynet Security Console (HSC): HSC is an analysis tool to view events on your personal honeynet. View and correlate events from Snort, TCPDump, Firewall, Syslog and Sebek logs. |
| Honeynet.BR: Brazilian Honeypots Alliance. Includes tools to summaries honeyd logs, mydoom.pl (A perl script which emulates the backdoor installed by the Mydoom virus), and an OpenBSD LiveCD Honeypot. |
| Honeynet.org: Tracking Botnets: Paper on the use of honeynets to learn more about botnets. Covers uses of botnets, how they work and how to track them. |
| Honeypot + Honeypot = Honeynet: Article discussing the creation of the Honeynet Project. |
| Honeypots: Information covering intrusion detection and prevention systems, research and production honeypots, and incident handling. Also provides general overview of network security issues. |
| Honeypots: A weblog about with IT-security, honeypots, and honeynets. |
| Honeypots: Monitoring and Forensics Project: Techniques, tools and resources for conducting Honeypot Research and Forensic Investigation. White papers include monitoring VMware honeypots, apache web server honeypots, and VMware honeypot forensics. |
| Honeypots: Tracking Hackers: White papers, mailing list and other resources related to honeypots. |
| Honeypotting with VMware: An article about how to use VMware to produce honeypots to catch system intruders. |
| Honeypotting: The Complete Documentation: Index of over 75 papers on Honeypots. |
| Honeywall CDROM: A honeynet gateway on a bootable CDROM. |
| Impost: Impost can either act as a honey pot and take orders from a Perl script controlling how it responds and communicates with connecting clients; or it can operate as a packet sniffer and monitor incoming data to specified destination port supplied by the command-line arguments (pre-release version available). |
| Installing a Virtual Honeywall using VMware: This paper explains how to go about configuring VMware to deploy a Honeywall, combining the advantages offered by the Honeywall CDROM and the virtual environments. |
| KeyFocus - KF Sensor - Honey pot IDS: A Windows honeypot designed to attract and detect hackers by simulating vulnerable system services and trojans. |
| Know Your Enemy: GenII Honeynets: An Introduction to second generation honeynets (honeywalls). |
| Know Your Enemy: Learning more about phishing: A detailed analysis of phishing through compromised web servers. |
| Know your Enemy: Phishing: This white paper aims to provide practical information on the practice of phishing and draws on data collected by the German Honeynet Project and UK Honeynet Project. |
| LaBrea Tarpit: A program that creates a tarpit or, as some have called it, a "sticky honeypot". |
| mwcollect: A solution to collect worms and other autonomous spreading malware in a non-native environment like FreeBSD or Linux. Some people consider it a next generation honeypot, however computers running mwcollect cannot actually be infected with the malware. |
| Nepenthes: A low interaction honeypot designed to emulate vulnerabilties worms use to spread, and to capture these worms. |
| Netbait: Netbait Commercial Honeypot. |
| New Zealand Honeynet project: Papers and information on honeypots, especially application layer, e.g. PHP applications, from the New Zealand branch of the Honeynet project (http://www.honeynet.org/). |
| Philippine Honeynet Project, Philippines: Philippine Honeynet Project. Includes transcript of a VMWare Honeynet using Windows XP / Windows 2000 as the base OS. |
| Project Honey Pot: Distributed Spam Harvester Tracking Network: A free, distributed, open-source project to help website administrators track, stop, and prosecute spam harvesters stealing email addresses from their sites. |
| RedHat Linux 6.2 Honeypot Analysis: Incident analysis for a compromised default honeypot installation of RedHat Linux 6.2. Includes design, configuration and log details for the compromised machine. |
| SécurIT: LogIDS, LogAgent, SécurIT Intrusion Detection Toolkit, and ComLog (a cmd.exe wrapper) |
| SCADA HoneyNet Project: SCADA HoneyNet Project: Building Honeypots for Industrial Networks (SCADA, DCS, and PLC architectures). |
| SecurityDocs - Honeypots: Directory of articles, white papers, and documents on honeypots and other security topics. |
| SecurityFocus: Problems and Challenges with Honeypots: Article discussing issues with Honeypot technology, focusing on dealing with the possibility of your Honeypot being detected (and potentially abused) by an attacker. |
| SecurityFocus: Defeating Honeypots - Network issues, Part 1: Article discussing methods hackers use to detect honeypots. |
| SecurityFocus: Defeating Honeypots: System Issues, Part 1: This two-part paper discusses how hackers discover, interact with, and sometimes disable honeypots at the system level and the application layer. |
| SecurityFocus: Dynamic Honeypots: Honeypots that dynamically learn your network then deploy virtual honeypots that adapt to your network. |
| SecurityFocus: Fighting Internet Worms With Honeypots: This paper evaluates the usefulness of using honeypots to fight Internet worms and perform counterattacks. |
| Securityfocus: Fighting Spammers With Honeypots: This paper evaluates the usefulness of using honeypots to fight spammers. |
| SecurityFocus: Honeypot Farms: This article is about deploying and managing honeypots in large, distributed environments through the use of Honeypot Farms. |
| SecurityFocus: Honeytokens -The Other Honeypot: This paper discusses honeytokens, honeypots that are not computers, but rather digital entities that are stored in a restricted part of the network. |
| SecurityFocus: Microsoft looks to "monkeys" to find Web threats: Article discussing how Microsoft have developed a series of Windows XP clients, dubbed "honeymonkeys", that crawl the Web finding sites that use unreported vulnerabilities to compromise unsuspecting users. |
| SecurityFocus: Wireless Honeypots: Article discussing the use of honeypot technology to combat attacks on wireless networks. |
| Sombria Honeypot System: A honeypot system and "Honeypot Exchange Program." |
| SourceForge.net: Project - HoneyView: A tool to analyze honeyd-logfiles of the honeyd-daemon. Generates graphical and textual results from queries against the logfile data. |
| Southern California Honeynet Research Project: Member site of Honeynet Project's Honeynet Research Alliance |
| Spampoison: Website set up to deliver almost infinite numbers of bogus email addresses to email harvesting bots. |
| Spanish Honeynet Project: Independent non-profit research organization of security professionals dedicated to information security focused on honeynet technologies. |
| spank: A collection of programs to deploy, run and analyse network and host simulations in IP networks. |
| Talisker Security Wizardry: Honeypots: Describes different commercial and freeware honeypots. |
| The Bait and Switch Honeypot System: A system that redirects all hostile traffic from your production systems to a honeypot that is a partial mirror of your production system. Once switched, the would-be hacker is unknowingly attacking your honeypot instead of the real data. |
| The Distributed Honeypot Project: The goal of this project is to organize dispersed honeypots across the Internet and share findings with the security community. |
| The Portuguese Honeynet Project: Information on their honeypot farm using HoneyMole. |
| The Strider HoneyMonkey Project: Microsoft Research project to detect and analyze Web sites hosting malicious code using client-side honeypots. |
| The Team Cymru Darknet Project: A Darknet is a portion of routed, allocated IP space in which no active services or servers seemingly reside. However, there is in fact include at least one server for real-time analysis or post-event network forensics. |
| thp - Tiny Honeypot: A simple honey pot program based on iptables redirects and an xinetd listener. |
| UK Honeynet Project: Provides information surrounding security threats and vulnerabilities active in the wild on UK networks. Home of Honeysnap, tool to analyse Honeywall pcap files and extract summary information. |
| Virutal Honeynet: Deploying Honeywall using VMware: Information on deploying a Virtual Honeynet based on Honeywall using VMware. |
| WebMaven (Buggy Bank): WebMaven is an intentionally broken web application. It is intended to be used in a safe legal environment (your own host) as a training tool, as a basic benchmark platform to test web application security scanners and as a Honeypot. |
Classical
