honeydet

honeydet is a signature-based, multi-step, high-interaction, multi-threaded honeypot detection tool that is developed using Golang.

It can detect honeypots based on the principle that, when presented with a specific set of crafted requests, they will produce a unique and identifiable response.

It can be operated as a web server, a command line tool, or as a web API. The signatures feature supports multi-step detection, as well as hex, string, and regex detection on both TCP and UDP.

Features a SQL backend for persistent scans that can be easily managed through the web interface. It includes Shodan API integration for non-private IPs, which automatically adds Shodan host information when the flag is set (currently available via CLI only). Signatures: The signature list is expanding as I explore various fuzzing techniques, reverse engineering methods, and by comparing real protocols and servers with their emulated counterparts. I am continually enhancing the signature format as necessary and will broaden the application's support for protocols by incorporating additional libraries when required, such as for DICOM and Modbus. Frontend Features: The application is multi-threaded and now operates at super-fast speeds, completing a /24 single port scan in around 1 second. It supports both single and multiple targets.