Skip to content
/ lophiid Public

A distributed honeypot for monitoring large scale web attacks

License

GPL-2.0 license
10 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mrheinen/lophiid

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

785 Commits
.github/workflows
.github/workflows
 
 
backend_service
backend_service
 
 
cmd
cmd
 
 
config
config
 
 
images
images
 
 
pkg
pkg
 
 
rules
rules
 
 
scripts
scripts
 
 
ui
ui
 
 
.bazelversion
.bazelversion
 
 
.dockerignore
.dockerignore
 
 
.gitignore
.gitignore
 
 
.pr_agent.toml
.pr_agent.toml
 
 
AI.md
AI.md
 
 
API_CLIENT.md
API_CLIENT.md
 
 
BUILD
BUILD
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
DETAILED_DESCRIPTION.md
DETAILED_DESCRIPTION.md
 
 
LICENSE
LICENSE
 
 
MODULE.bazel
MODULE.bazel
 
 
PAYLOAD_FETCHING.md
PAYLOAD_FETCHING.md
 
 
README.md
README.md
 
 
SCREENSHOTS.md
SCREENSHOTS.md
 
 
SCRIPTING.md
SCRIPTING.md
 
 
SEARCH.md
SEARCH.md
 
 
SEARCH_KEYWORDS.md
SEARCH_KEYWORDS.md
 
 
SETUP.md
SETUP.md
 
 
TEMPLATING.md
TEMPLATING.md
 
 
WORKSPACE
WORKSPACE
 
 
backend_service.proto
backend_service.proto
 
 
compile_proto.sh
compile_proto.sh
 
 
deps.bzl
deps.bzl
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 

Repository files navigation

lophiid

Lophiid build workflow

Introduction

Lophiid is a distributed honeypot for detecting and interacting with mass web application exploitation attempts.

The design of lophiid is that one backend controls multiple honeypot sensors agents across the web. Each honeypot can be configured individually but the backend is able to track interactions with attackers across all of them.

Say an attacker scans for / across the internet and it hits 50 lophiid honeypots. The backend can make sure that during each individual interaction with a honeypot a different response is send to the attacker and with that increases the chance that the attacker gets something they are looking for which can result in further interaction.

Similarly lophiid can respond differently to multiple command injections against the same endpoint.

Key features:

  • A distributed honeypot approach
  • Rule based interactions with attacks
  • Static, scripted (Javascript) and AI supported response handling
  • Alerting possible (Telegram, extensible)
  • UI with comprehensive search
  • AI analysis of attacks
  • Automatic tagging of requests and attacks to help triage
  • Automatically malware collection and storage
  • Yara (yara-x) integration
  • Direct integration with VirusTotal
  • Ratelimiting / DoS protection
  • Exporting of rules for sharing with the community
  • Extensive metrics for prometheus/grafana
  • Highly customizable

Running lophiid is already very interesting and you'll collect a lot of threat information. The project is still in an early phase of development though and large changes are still to be expected in the near future.

For more information check out the Detailed Description document and get started with the Setup guide.

Don't hesitate to reach out to niels.heinen{at}gmail.com for any assistance.

Screenshots

Requests page overview which shows all the requests that honeypots are getting. Requests overview

The downloads page shows information about all the downloaded payloads which were obtained via attacks. The payloads themselves are also stored locally in the malware directory (configurable via the backend config). Downloads page

Contributing

Contributions are super welcome! Just fork the repo and send us a PR. Please regularly check the CONTRIBUTING.md for general guidelines

Documentation

About

A distributed honeypot for monitoring large scale web attacks

Topics

security honeypot intrusion-detection threat-hunting threat-intelligence grpc-go threat-detection

Resources

Readme

License

GPL-2.0 license
Activity

Stars

10 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases 11

0.40.0-alpha Latest
Feb 2, 2025
+ 10 releases

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages