Thug
Python low-interaction honeyclient
Install / Use
/learn @buffer/ThugREADME
Thug
|version badge| |github badge| |codefactor badge| |codecov badge| |bandit badge|
The number of client-side attacks has grown significantly in the past few years shifting focus on poorly protected vulnerable clients. Just as the most known honeypot technologies enable research into server-side attacks, honeyclients allow the study of client-side attacks.
A complement to honeypots, a honeyclient is a tool designed to mimic the behavior of a user-driven network client application, such as a web browser, and be exploited by an attacker's content.
Thug is a Python low-interaction honeyclient aimed at mimicking the behavior of a web browser in order to detect and emulate malicious contents.
Documentation
|docs badge|
Documentation about Thug installation and usage can be found at http://thug-honeyclient.readthedocs.io/.
Contributions
|donate badge|
Thug is open source and we welcome contributions in all forms!
Thug is free to use for any purpose (even commercial ones). If you use and appreciate Thug, please consider supporting the project with a donation using Paypal.
Testing
To run the full test suite using tox_, run the command:
.. code-block:: bash
tox
Since tox builds and installs dependencies from scratch, using pytest_ for faster testing is recommended:
.. code-block:: bash
pytest --cov thug
License information
Copyright (C) 2011-2026 Angelo Dell'Aera angelo.dellaera@honeynet.org
License: GNU General Public License, version 2
.. |version badge| image:: https://img.shields.io/pypi/v/thug.svg
:target: https://pypi.python.org/pypi/thug/
.. |github badge| image:: https://github.com/buffer/thug/workflows/Build/badge.svg
:target: https://github.com/buffer/thug
.. |codefactor badge| image:: https://www.codefactor.io/repository/github/buffer/thug/badge
:target: https://www.codefactor.io/repository/github/buffer/thug
.. |codecov badge| image:: https://codecov.io/gh/buffer/thug/branch/master/graph/badge.svg
:target: https://codecov.io/gh/buffer/thug
.. |bandit badge| image:: https://img.shields.io/badge/security-bandit-yellow.svg
:target: https://github.com/PyCQA/bandit
.. |docs badge| image:: https://readthedocs.com/projects/thug-honeyclient-thug/badge/?version=latest
:target: https://thug-honeyclient-thug.readthedocs-hosted.com/en/latest/?badge=latest
.. |donate badge| image:: https://img.shields.io/badge/Donate-PayPal-green.svg
:target: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=XTDF8AHJ28CXY
.. _virtualenv: https://virtualenv.pypa.io/
.. _tox: https://tox.readthedocs.io/
.. _pytest: http://pytest.org/
Related Skills
node-connect
341.0kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
claude-opus-4-5-migration
84.4kMigrate prompts and code from Claude Sonnet 4.0, Sonnet 4.5, or Opus 4.1 to Opus 4.5
frontend-design
84.4kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
model-usage
341.0kUse CodexBar CLI local cost usage to summarize per-model usage for Codex or Claude, including the current (most recent) model or a full model breakdown. Trigger when asked for model-level usage/cost data from codexbar, or when you need a scriptable per-model summary from codexbar cost JSON.
