Security Tools

HonSSH – Log all SSH communications between a client and server

HonSSH is a high-interaction Honey Pot solution.

HonSSH will sit between an attacker and a honey pot, creating two separate SSH connections between them.

  • Captures all connection attempts to a text file, database or email alerts.
  • When an attacker sends a password guess, HonSSH can automatically replace their attempt with the correct password (spoof_login option). This allows them to login with any password but confuses them when they try to sudo with the same password.
  • All interaction is captured into a TTY log (thanks to Kippo) that can be replayed using the playlog utility included from Kippo.
  • A text based summary of an attackers session is captured in a text file.
  • Sessions can be viewed or hijacked in real time (again thanks to Kippo) using the management telnet interface.
  • Downloads a copy of all files transferred through wget or scp.
  • Can use docker to spin up new honeypots and reuse them on ip basis.
  • Saves all modifications made to the docker container by using filesystem watcher.
  • Advanced networking feature to spoof attackers IP addresses between HonSSH and the honeypot.
  • Application hooks to integrate your own output scripts.
Setup and Configuration
Useful links


Inspiration and Usage

Kippo Kippo is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker.
This project was inspired by Kippo and has made use of it’s logging and interaction mechanisms.
Bifrozt An awesome project using Honssh by Are Hansen –

  • An all-in-one Honeypot Ubuntu Server ISO.
  • Uses iptables to provide some cool firewall mitigation rules.