Deploy fake servers to detect attackers who have already breached your corporate network
Monitor attempts to access decoy services and receive alerts via email or messaging apps
Set up a honeypot grid covering 90+ service types to detect port scans and brute force attempts
Forward suspicious inbound traffic to a cloud honeypot network for additional analysis
| hacklcx/hfish | code52/carnac | locuslab/tcn | |
|---|---|---|---|
| Stars | 4,513 | 4,513 | 4,513 |
| Language | — | C# | Python |
| Setup difficulty | moderate | easy | moderate |
| Complexity | 3/5 | 1/5 | 3/5 |
| Audience | ops devops | general | researcher |
Figures from each repo's GitHub metadata at analysis time.
Deploy the management node first, then add honeypot nodes, one-click install on Linux or Windows.
HFish is a Chinese-built enterprise honeypot platform available free to the community. A honeypot is a decoy system set up to look like a real server or service, designed to attract attackers so their activity can be detected and logged before they reach actual systems. HFish packages this concept for corporate security teams and covers three scenarios: detecting threats that are already inside the internal network, sensing threats coming from outside, and generating threat intelligence from the activity recorded. The platform supports over 90 types of fake services. These cover a broad range of what a typical corporate network runs, including web servers, email systems, OA office platforms, CRM systems, NAS storage, network equipment like switches and routers, wireless access points, IoT devices, and various security products. When an attacker interacts with any of these decoy services, HFish logs the contact and can send an alert. Users can also build custom web-based honeypots beyond the built-in list. HFish runs as a management console connected to one or more honeypot nodes. The README notes that users deploy the management side first, then add nodes either from the built-in option or as separate installs. Deployment is described as one-click. The platform runs on Linux (x32, x64, ARM), Windows (x32, x64), and several Chinese domestic operating systems and processor architectures. Alerts go out via email, syslog, webhook, or popular Chinese messaging apps including WeChat Work, DingTalk, and Feishu. Additional features include the ability to forward suspicious traffic to a cloud honeypot network at no extra cost, a full-port scan detection mode, and configurable decoy file placements. The README is primarily in Chinese. Fields for this entry are based on the README content.
A free enterprise honeypot platform that deploys 90+ types of fake services to detect attackers inside and outside a corporate network, with one-click deployment and multi-platform support.
Free community product, specific license terms are not stated in the README.
Setup difficulty is rated moderate, with roughly 30min to a first successful run.
Mainly ops devops.
This repo across BitVibe Labs
Verify against the repo before relying on details.