The HoneyPoke logo

HoneyPoke

The simple honeypot

What is HoneyPoke?

HoneyPoke is a super simple, lightweight honeypot to see what people are poking around the internet for.

HoneyPoke simply records whatever is sent to it, nothing more.

What can HoneyPoke do?

With HoneyPoke, it's easy to setup numerous open "services" that collects:

This data can be sent to different places to be processed, allowing HoneyPoke to serve in intelligence gathering or as a sensor.

HoneyPoke is flexible, and can be easily made to send data anywhere! Send it to your favorite database or analytics engine!
Currently, sending data to Elasticsearch is supported out of the box.

How do I get HoneyPoke?

There are now two versions of HoneyPoke. The latest is written in Go, made to replace the original Python one.

Go Version (Supported)

HoneyPoke-Go is hosted on GitHub

Its written in Go and creates a portable binary. It doesn't require very many resources (You can run it easily on low-level cloud instances). Follow the instructions on the GitHub page to set it up.

Python Version (Old)

HoneyPoke-Python is hosted on GitHub

The Python version is now not supported, I was having memory leak issues that I couldn't figure out, so I moved to Go. This is here for posterity. HoneyPoke Python supports Python 2 and 3.

View Data

You can view some of the HoneyPoke data from my own instances:

The scripts I use to generate these pages daily (at 11:30pm/23:30) are available here.

Elasticsearch and Kibana

Elasticsearch is a powerful search and analytics engine. With its visualization frontend, Kibana, Elasticsearch is a perfect fit for HoneyPoke!

Here's some examples of the charts and dashboards I've made in Kibana: A picture of a few graphs, including a map of where connections came from A graph of connections over time

Python Library

I've made a Python library to interact with ElasticSearch and run different basic analyses. It can be installed with pip install honeypoke-extractor.

Honeypot Dataset

This dataset was from an older version of HoneyPoke I had running for two years. It contains ports, remote IP addresses, and non-binary sent to the HoneyPoke instances. It's in JSON format and about 1.2 GB when unzipped.
The dataset

Who's behind this?

HoneyPoke is project by Jacob Hartman.

Fork me on GitHub