T-Pot framework

T-Pot is an All-In-One Multi Honeypot Platform, supporting 20+ honeypots and countless visualisation options using the Elastic Stack, animated live attack maps and lots of security tools to further improve the deception experience.


Honeypot dockers

T-Pot offers docker images for the following honeypots:


  • ElasticPot - A honeypot simulating a vulnerable Elasticsearch server opened to the Internet.

  • RedisHoneyPot - High Interaction Honeypot Solution for Redis protocol.


  • Mailoney - SMTP honeypot, Open Relay, Cred Harvester written in python.


  • Conpot - An ICS honeypot with the goal to collect intelligence about the motives and methods of adversaries targeting industrial control systems.


Network services

  • Dionaea - A nepenthes successor, embedding python as scripting language, using libemu to detect shellcodes, supporting ipv6 and tls.

  • Cisco ASA honeypot - A low interaction honeypot for the Cisco ASA component capable of detecting CVE-2018-0101, a DoS and remote code execution vulnerability.

  • DDoSPot - NTP, DNS, SSDP, Chargen and generic UDP-based amplification DDoS honeypot.


  • CitrixHoneypot - Detect and log CVE-2019-19781 scan and exploitation attempts.

  • Dicompot - DICOM Honeypot.

  • Log4Pot - A honeypot for the Log4Shell vulnerability (CVE-2021-44228).

  • medpot - HL7 / FHIR honeypot.



  • Honeypots - 25 different honeypots in a single pypi package! (dns, ftp, httpproxy, http, https, imap, mysql, pop3, postgres, redis, smb, smtp, socks5, ssh, telnet, vnc, mssql, elastic, ldap, ntp, memcache, snmp, oracle, sip and irc).

  • Honeytrap - Advanced Honeypot framework written in Go that can be connected with other honeypot software.

  • IPP Honey - A honeypot for the Internet Printing Protocol.


  • SentryPeer - A fraud detection tool which lets bad actors try to make phone calls and saves the IP address they came from and number they tried to call.


  • Cowrie - Cowrie SSH Honeypot (based on kippo).

  • Endlessh - An SSH tarpit.

  • Kippo - Medium interaction SSH honeypot.

Web applications

  • HellPot - Honeypot that tries to crash the bots and clients that visit it’s location.

  • Nodepot - NodeJS web application honeypot.

  • SNARE - A web application honeypot sensor, the successor of Glastopf.

  • TANNER - SNARES’ “brain”, allowing for changing the behaviour of sensors on the fly.