honeypot-templates — templates for honeypot deployments with logging and dashboards for monitoring attacks in educational networks.
- Honeypot templates: Cowrie (SSH/Telnet), Dionaea (multiple protocols)
- Logging: Loki + Promtail (Docker-based service discovery)
- Monitoring: Grafana with pre-provisioned data source and a starter dashboard
- Startup templates: simple scripts and
.envtemplates
- Install Docker and Docker Compose
- Copy
.env.exampleto.envand adjust values as needed - Bring up monitoring:
./scripts/up-monitoring.sh
- Bring up a honeypot template (e.g., Cowrie):
./scripts/up-cowrie.sh
- Open Grafana (
http://localhost:3000), sign in (defaultadmin/admin), and open the Honeypot Overview dashboard
docker-compose.monitoring.yml— Loki+Grafana+Promtail stackgrafana/— provisioning and dashboardsloki/— Loki configurationpromtail/— Promtail configuration (with Docker service discovery)templates/— honeypot templates:cowrie/,dionaea/scripts/— scripts to start/stop stacks
- These templates are intended for educational/lab networks. Do not run honeypots in production without additional isolation and safeguards.
- Promtail reads the Docker socket (read-only) — ensure you understand the risks.
- Restrict access to Grafana (change the default password) and avoid exposing unnecessary ports externally.
- This repository is for defensive, educational, and research purposes in controlled environments only.
- It does not include offensive tooling: exploits, payload builders, C2, etc.
- See
ETHICS.mdandDISCLAIMER.md.
- Stealth, obfuscation, persistence, and long-term footholds
- Scalable C2/botnet-style control and infection orchestration
- Automated propagation or defensive evasion mechanisms
- Decoy services collect attack telemetry
- Priority is visibility and explainability rather than stealth
- High discoverability of services and dashboards is an intentional tradeoff
MIT