honeypots: 30 honeypots in a single pypi package

by ddos · Published April 25, 2025 · Updated April 24, 2025

honeypots

30 low-high level honeypots in a single PyPI package for monitoring network traffic, bots activities, and username \ password credentials.

The honeypots respond back, non-blocking, can be used as objects, or called directly with the in-built auto-configure scripts! Also, they are easy to set up and customize; it takes 1-2 seconds to spin a honeypot up. You can spin up multiple instances with the same type. For easy integration, the output can be logged to a Postgres database, file[s], terminal, or Syslog.

This honeypots package is the only package that contains all the following: dhcp, dns, elastic, ftp, http proxy, https proxy, http, https, imap, ipp, irc, ldap, memcache, mssql, mysql, ntp, oracle, pjl, pop3, postgres, rdp, redis, sip, smb, smtp, snmp, socks5, ssh, telnet, vnc.

Current Servers/Emulators

QDNSServer
- Server: DNS
- Port: 53/udp
- Lib: Twisted.dns
- Logs: ip, port

QFTPServer
- Server: FTP
- Port: 21/tcp
- Lib: Twisted.ftp
- Logs: ip, port, username and password (default)
- Options: Capture all threat actor commands and data (available)

QHTTPProxyServer
- Server: HTTP Proxy
- Port: 8080/tcp
- Lib: Twisted (low level emulation)
- Logs: ip, port and data
- Options: Capture all threat actor commands and data (available)
- Returns a dummy template by default
  - A custom template can be provided by setting "template" for this server in config.json (should be an absolute path)
QHTTPServer
- Server: HTTP
- Port: 80/tcp
- Lib: Twisted.http
- Logs: ip, port, username and password
- Options: Capture all threat actor commands and data (available)
QHTTPSServer
- Server: HTTPS
- Port: 443/tcp
- Lib: Twisted.https
- Logs: ip, port, username and password
QIMAPServer
- Server: IMAP
- Port: 143/tcp
- Lib: Twisted.imap
- Logs: ip, port, username and password (default)
- Options: Capture all threat actor commands and data (available)
QMysqlServer
- Emulator: Mysql
- Port: 3306/tcp
- Lib: Twisted (low level emulation)
- Logs: ip, port, username and password

QPOP3Server
- Server: POP3
- Port: 110/tcp
- Lib: Twisted.pop3
- Logs: ip, port, username and password (default)
- Options: Capture all threat actor commands and data (available)

QPostgresServer
- Emulator: Postgres
- Port: 5432/tcp
- Lib: Twisted (low level emulation)
- Logs: ip, port, username and password
QRedisServer
- Emulator: Redis
- Port: 6379/tcp
- Lib: Twisted (low level emulation)
- Logs: ip, port, username and password
QSMBServer
- Server: Redis
- Port: 445/tcp
- Lib: impacket
- Logs: ip, port and username

QSMTPServer
- Server: SMTP
- Port: 25/tcp
- Lib: Twisted
- Logs: ip, port, username and password (default)
- Options: Capture all threat actor commands and data (available)

QSOCKS5Server
- Server: SOCK5
- Port: 1080/tcp
- Lib: socketserver
- Logs: ip, port, username and password
QSSHServer
- Server: SSH
- Port: 22/tcp
- Lib: paramiko
- Logs: ip, port, username and password
- Options: Capture all threat actor commands and data (available)
QTelnetServer
- Server: Telnet
- Port: 23/tcp
- Lib: Twisted
- Logs: ip, port, username and password
QVNCServer
- Emulator: VNC
- Port: 5900/tcp
- Lib: Twisted (low level emulation)
- Logs: ip, port, username and password

QMSSQLServer
- Emulator: MSSQL
- Port: 1433/tcp
- Lib: Twisted (low level emulation)
- Logs: ip, port, username and password or hash
QElasticServer
- Emulator: Elastic
- Port: 9200/tcp
- Lib: http.server
- Logs: ip, port and data
QLDAPServer
- Emulator: LDAP
- Port: 389/tcp
- Lib: Twisted (low level emulation)
- Logs: ip, port, username and password

QNTPServer
- Emulator: NTP
- Port: 123/udp
- Lib: Twisted (low level emulation)
- Logs: ip, port and data
QMemcacheServer
- Emulator: Memcache
- Port: 11211/tcp
- Lib: Twisted (low level emulation)
- Logs: ip, port and data
QOracleServer
- Emulator: Oracle
- Port: 1521/tcp
- Lib: Twisted (low level emulation)
- Logs: ip, port and connect data

QSNMPServer
- Emulator: SNMP
- Port: 161/udp
- Lib: Twisted (low level emulation)
- Logs: ip, port and data
QSIPServer
- Emulator: SIP
- Port: 5060/udp
- Lib: Twisted.sip
- Logs: ip, port and data
- Options: Capture all threat actor commands and data (available)
QIRCServer
- Emulator: IRC
- Port: 6667/tcp
- Lib: Twisted.irc
- Logs: ip, port, username and password
- Options: Capture all threat actor commands and data (available)
QPJLServer
- Emulator: PJL
- Port: 9100/tcp
- Lib: Twisted
- Logs: ip, port
- Options: Capture all threat actor commands and data (available)
QIPPServer
- Emulator: IPP
- Port: 631/tcp
- Lib: Twisted
- Logs: ip, port
- Options: Capture all threat actor commands and data (available)
QRDPServer
- Emulator: RDP
- Port: 3389/tcp
- Lib: Sockets
- Logs: ip, port, username and password
- Options: Capture all threat actor commands and data (available)
QDHCPServer
- Emulator: DHCP
- Port: 67/udp
- Lib: Sockets
- Logs: ip, port

Install

pip3 install honeypots

Usage Example – Auto configure

honeypot, or multiple honeypots separated by comma or word all

python3 -m honeypots ssh

Usage Example – Auto configure with specific ports

Use as honeypot:port or multiple honeypots as honeypot:port,honeypot:port

python3 -m honeypots imap:143,mysql:3306,redis:6379

Usage Example – Import as object and auto test

ip= String E.g. 0.0.0.0
port= Int E.g. 9999
username= String E.g. Test
password= String E.g. Test
mocking= Boolean or String E.g OpenSSH 7.0
logs= String E.g db, terminal or all
always remember to add process=true to run_server() for non-blocking

Usage Example – Import as object and test with external ssh command

from honeypots import QSSHServer
qsshserver = QSSHServer(port=9999)
qsshserver.run_server(process=True)

ssh test@127.0.0.1

INFO:chameleonlogger:['servers', {'status': 'success', 'username': 'test', 'ip': '127.0.0.1', 'server': 'ssh_server', 'action': 'login', 'password': 'test', 'port': 38696}]
qsshserver.kill_server()

Source: https://github.com/qeeqbox/