The simple honeypot
What is HoneyPoke?
HoneyPoke is a super simple, lightweight honeypot to see what people are poking around the internet for.
HoneyPoke simply records whatever is sent to it, nothing more.
What can HoneyPoke do?
With HoneyPoke, it's easy to setup many open "services" that collects:
- Who sent it
- What they sent
- When they sent it
This data can be sent to different places to be processed, allowing HoneyPoke to serve in intelligence gathering or as a sensor.
HoneyPoke is flexible, and can be easily made to send data anywhere! Send it to your favorite database or analytics engine!
Currently, sending data to Elasticsearch is supported out of the box.
How do I get HoneyPoke?
There are now two versions of HoneyPoke. The latest is written in Go, and made to replace the original Python one.
Go Version (Supported)
HoneyPoke-Go is hosted on GitHub
Its written in Go and creates a portable binary. It doesn't require very many resources (You can run it easily on low-level cloud instances). Follow the instructions on the GitHub page to set it up.
Python Version (Old)
HoneyPoke-Python is hosted on GitHub
The Python version is now not supported, I was having memory leak issues that I couldn't figure out, so I moved to Go. This is here for posterity. HoneyPoke Python supports Python 2 and 3.
Elasticsearch is a powerful search and analytics engine. With its visualization frontend, Kibana, Elasticsearch is a perfect fit for HoneyPoke!
Here's some examples of the charts and dashboards I've made in Kibana:
This dataset was from an older version of HoneyPoke I had running for two years. It contains ports, remote IP addresses, and non-binary sent to the HoneyPoke instances. It's in JSON format and about 1.2 GB when unzipped.
Who's behind this?
HoneyPoke is project by Jacob Hartman.