SkillAgentSearch skills...

Honeypot

A vulnerable honeypot setup using Flask and SSH to capture and analyze malicious activities. Includes real-time logging and monitoring to study attack patterns and exploit attempts

GenerateConvertImprove

Install / Use

/learn @whxitte/Honeypot
About this skill

Quality Score

0/100

Category

Operations

Supported Platforms

Universal

README

Honeypot Project

"Buy Me A Coffee"

A simple honeypot implementation to capture and monitor malicious activity. This project uses Flask to create a vulnerable web application and sets up an SSH service for attackers to interact with. It includes logging and monitoring scripts to track and analyze the activity.

Project Ongoing...⌛

honeypotrun

Table of Contents

Features

  • Flask-based vulnerable web application
  • SSH service configured with weak credentials
  • Logging of commands executed via the web application
  • Real-time monitoring of honeypot logs
  • More features coming soon...⌛

  1. Pre Setup

    Create a new user on your system for making that account as the Honeypot.

    sudo useradd -m -s /bin/bash vulnerableuser # change vulnerable user to your desired username sudo passwd vulnerableuser # Set a weak password like 'password123 or admin or root'

Installation

  1. Clone the repository:

    git clone https://github.com/whxitte/Honeypot.git
cd Honeypot

  2. Create and activate a Python virtual environment:

    python -m venv honeypot-env
source honeypot-env/bin/activate  # For Windows use `honeypot-env\Scripts\activate`

  3. Install the required Python packages:

    pip install -r requirements.txt

  4. Install and configure SSH:

    sudo apt-get install openssh-server
sudo nano /etc/ssh/sshd_config

    Edit the SSH configuration file (/etc/ssh/sshd_config) to allow password authentication. Add or modify the following lines:

    PermitRootLogin yes
PasswordAuthentication yes
PermitEmptyPasswords yes  # Optional, but increases vulnerability

    Restart the SSH service:

    sudo systemctl restart ssh

Setup

  1. Run the Flask application and SSH service:

    sudo su
./run_honeypot.sh

  2. Monitor logs in real-time:

    >> tail -f /var/log/auth.log  # For SSH logs
or
>> sudo journalctl -u ssh -f (if above command for ssh not works)
or check ssh log in your system / monitor it live 

>> tail -f /var/log/honeypot.log  # For Flask app logs

Usage

  • Access the vulnerable web application at http://localhost

  • Use the /vulnerable endpoint to execute commands. For example:

    http://localhost/vulnerable?cmd=ls

  • The output of commands and any errors will be logged in /var/log/honeypot.log.

Monitoring

To monitor the honeypot activity, you can use the monitor_honeypot.py script:

```bash
python monitor_honeypot.py
```

This script will print new log entries in a formatted table in real-time.

Notes

  • Make sure to adjust permissions and configurations based on your security needs.
  • This setup is intentionally vulnerable for educational purposes and should not be used in a production environment.

Related Skills

tmux

351.4k

Remote-control tmux sessions for interactive CLIs by sending keystrokes and scraping pane output.

diffs

351.4k

Use the diffs tool to produce real, shareable diffs (viewer URL, file artifact, or both) instead of manual edit summaries.

blogwatcher

351.4k

Monitor blogs and RSS/Atom feeds for updates using the blogwatcher CLI.

github-trending

Multi-agent orchestration system for infrastructure monitoring, incident response, and load testing with autonomous AI agents

whxitte

View profile

View on GitHub
GitHub Stars14
CategoryOperations
Updated1mo ago
Forks4
whxitte/Honeypot

Languages

HTML

Security Score

80/100

Audited on Feb 20, 2026

No findings