PythonThreat DetectionNetwork SecurityMulti-threading

What It Does

This honeypot simulates common network services on FTP (21), SSH (22), HTTP (80), and HTTPS (443) with realistic service banners designed to look like genuine servers. When an attacker connects, it captures their IP, port, timestamp, and any data they send, all logged in structured JSON format.

The goal is not just logging. It is deception and intelligence gathering. By keeping connections open and mimicking real service behaviour, the honeypot wastes attacker time while collecting actionable data about their techniques and tools.


Features

Sample Output
[*] Listening on 0.0.0.0:22 (SSH)
[*] Listening on 0.0.0.0:80 (HTTP)
[+] Connection from 203.0.113.47:54812 on port 22
[+] Data received: SSH-2.0-OpenSSH_7.4
[!] Logged to honeypot_logs/2026-04-30.json