Cowrie
Medium-interaction SSH and Telnet honeypot logging brute-force, shell commands, and file drops with JSON/SFTP export options.
Why it is included
De facto open honeypot for credential-spray telemetry and malware URL collection from botnets.
Best for
Researchers and SOCs capturing attacker TTPs on fake shells without full VM sandboxes.
Strengths
- Rich session logs
- File capture
- Large user base
Limitations
- Expose only isolated networks; legal notice and monitoring policy required
Good alternatives
OpenCanary · Kippo forks · commercial honeypots
Related tools
Security & Privacy
OpenCanary
Thinkst low-interaction honeypot daemon emulating services (SSH, HTTP, SMB, etc.) to generate tamper-evident intrusion signals.
Security & Privacy
Zeek
Network security monitor producing rich logs (conn, DNS, HTTP, SSL, files) for analytics—not a classic IDS signature engine.
Security & Privacy
Arkime
Large-scale full packet capture, indexing, and search (SPIE) with a web UI—successor to the Moloch lineage for NSM teams.
Security & Privacy
Responder
LLMNR/NBT-NS/mDNS poisoner and rogue server suite for credential capture in internal test networks.
Security & Privacy
Fail2ban
Daemon that watches logs and updates firewall rules to ban brute-force sources (SSH, mail, web, etc.).
Security & Privacy
TruffleHog
Secret scanner for git history, CI, and filesystems with verified credential checks against live APIs where safe.