A low-interaction network honeypot with real-time attack visualization.
Check out the Live Demo.
- Real-time Dashboard - Live attack feed with SSE streaming
- Protocol Emulation - SSH, FTP, Telnet banners and basic responses
- 120+ Port Monitoring - Listens on common attack targets
- GeoIP Integration - Attack origin mapping with MaxMind
- Credential Capture - Logs SSH/FTP/Telnet login attempts
- Statistics Page - Charts and tables for attack analysis
# Clone and build
git clone https://github.com/Shmakov/Honeypot.git
cd Honeypot
cargo build --release
# Optional: Download GeoIP database from MaxMind and place in data/GeoLite2-City.mmdb
# Run (requires elevated permissions for low ports)
sudo ./target/release/honeypotEdit config.toml or use environment variables (prefix: HONEYPOT_, nested: __):
See .env.example for all environment variable options.
| Endpoint | Description |
|---|---|
GET / |
Dashboard |
GET /stats |
Statistics page |
GET /events |
SSE event stream |
GET /api/recent |
Recent events + credentials |
GET /api/stats?hours=24 |
Attack statistics |
GET /api/countries?hours=24 |
Country breakdown |
docker-compose up -dcargo build --release
sudo setcap 'cap_net_bind_service=+ep' ./target/release/honeypot
./target/release/honeypotsudo cp deploy/honeypot.service /etc/systemd/system/
sudo systemctl enable --now honeypotFor HTTPS with automatic certificates, see deploy/CADDY.md.
- Backend: Rust, Axum, SQLite, tokio
- Frontend: Vanilla JS, CSS (glassmorphism)
- Real-time: Server-Sent Events (SSE)
- GeoIP: MaxMind GeoLite2