Flask-based open directory honeypot that serves configurable payloads and logs every download attempt for threat analysis and security monitoring.
- Serve custom payload files on directory listings
- Log every download request with timestamp, client IP, user agent, and file requested
- Simple, configurable, and lightweight
- Ideal for deceptive directories, threat intelligence, and security research
- Python 3.7+
- Flask web framework
-
Clone the repository:
git clone https://github.com/clienthold/OpenDirectory.git cd OpenDirectory -
Install dependencies:
pip install -r requirements.txt
Edit the config.py file to customize your honeypot:
# List of filenames to present in the directory
HONEYPOT_LIST = [
"chrome.exe",
"firefox.exe",
# add more as needed
]
# Absolute or relative path to the payload executable
PAYLOAD_PATH = "payload.exe"
# Path to the log file
LOG_FILE = "honeypot.log"Run the Flask development server (for testing):
export FLASK_APP=honeypot.py # or set FLASK_APP=honeypot.py on Windows
flask run --host=0.0.0.0 --port=8080Navigate to http://localhost:8080/ to see the directory listing.
pip install gunicorn
gunicorn --bind 0.0.0.0:8080 honeypot:apppip install waitress
waitress-serve --listen=*:8080 honeypot:appAll download attempts are recorded in honeypot.log with the following format:
[2025-06-28 12:34:56] 192.0.2.1 "Mozilla/5.0..." chrome.exe
Use this data for forensic analysis or to feed into your SIEM.