OpenCanary
Thinkst low-interaction honeypot daemon emulating services (SSH, HTTP, SMB, etc.) to generate tamper-evident intrusion signals.
Why it is included
Minimal-footprint open honeypot widely deployed for lateral-movement and scanner noise detection.
Best for
Defenders planting believable decoys inside VLANs and DMZs with syslog/JSON hooks.
Strengths
- Simple deployment
- Many protocol modules
- Thinkst ecosystem
Limitations
- Low-interaction limits on attacker intelligence depth
Good alternatives
Cowrie · Honeyd · commercial deception
Related tools
Security & Privacy
Cowrie
Medium-interaction SSH and Telnet honeypot logging brute-force, shell commands, and file drops with JSON/SFTP export options.
Security & Privacy
Zeek
Network security monitor producing rich logs (conn, DNS, HTTP, SSL, files) for analytics—not a classic IDS signature engine.
Security & Privacy
Wazuh
Open security platform combining SIEM, XDR, file integrity monitoring, and compliance checks across endpoints and cloud.
Security & Privacy
Suricata
High-performance IDS/IPS and network security monitoring with multi-threading, TLS inspection options, and Lua scripting.
Security & Privacy
Wireshark
Network protocol analyzer for deep packet inspection and forensic debugging.
Security & Privacy
bettercap
Network attack framework: Wi-Fi, BLE, LAN recon, ARP/DNS spoofing, proxy, and modular caplets.