// project
Python Honeypot
A multi-threaded deception system that simulates real network services to trap, fingerprint, and log attacker behaviour in real time.
What It Does
This honeypot simulates common network services on FTP (21), SSH (22), HTTP (80), and HTTPS (443) with realistic service banners designed to look like genuine servers. When an attacker connects, it captures their IP, port, timestamp, and any data they send, all logged in structured JSON format.
The goal is not just logging. It is deception and intelligence gathering. By keeping connections open and mimicking real service behaviour, the honeypot wastes attacker time while collecting actionable data about their techniques and tools.
Features
- ► Listens on FTP/21, SSH/22, HTTP/80, HTTPS/443 simultaneously
- ► Emits realistic service banners per protocol
- ► Multi-threaded, handles concurrent connections without blocking
- ► JSON structured logs with IP, port, timestamp, and payload
- ► Keeps connections open to gather more attacker data
- ► Clean shutdown with log flushing
Sample Output
[*] Listening on 0.0.0.0:22 (SSH)
[*] Listening on 0.0.0.0:80 (HTTP)
[+] Connection from 203.0.113.47:54812 on port 22
[+] Data received: SSH-2.0-OpenSSH_7.4
[!] Logged to honeypot_logs/2026-04-30.json
[*] Listening on 0.0.0.0:80 (HTTP)
[+] Connection from 203.0.113.47:54812 on port 22
[+] Data received: SSH-2.0-OpenSSH_7.4
[!] Logged to honeypot_logs/2026-04-30.json