An awesome collection of articles, papers, conferences, guides, and tools relating to deception in cybersecurity.
-
Updated
Jun 10, 2026
An awesome collection of articles, papers, conferences, guides, and tools relating to deception in cybersecurity.
Signature based honeypot detector tool written in Golang
Automation tool for Windows Deception Host Burn-In
HoneyWire: The Open-Source, Unlimited Deception Platform. Turn any Linux machine into an enterprise-grade canary in 60 seconds.
A simple SSH gateway for deception deployments
Deceptive Operations: Lure, Observe, and Secure Tool
A portable active cyber defense tool that uses decoy-based delaying tactics to mislead and restrain attackers in untrusted networks.
A distributed, AI-powered honeypot system for Kubernetes. Uses OpenRouter to access 100+ LLMs (GPT-4o, Claude, Gemini) for generating realistic, context-aware vulnerable server responses. Features advanced scanner detection, session memory, and detailed artifact logging to trick attackers and capture threat intelligence.
Behavioral User-driven Deceptive Activities Framework
Deploys 14 Honeypot services (SSH, Telnet, ADB, MongoDB, VNC, MySQL, etc). Real-time dashboard with live WebSocket updates, attack geolocation, automated alerts + IP blocking, and payload/IOC analysis.
HTTP honeypot on autopilot
Adversarial Cognitive Portal Trap Architecture — A multi-layered defensive system that contains, degrades, disrupts, and commandeers autonomous offensive AI agents via a reverse kill chain (L0-L4).
A deceptive web application designed to lure and monitor potential attackers by simulating a real, sensitive environment. It logs IPs, geolocation, user-agents, and suspicious interactions, and runs on a Dockerized Flask app deployed via AWS EC2 for scalable cybersecurity analysis.
ML-powered deception-based banking honeypot system using React, FastAPI, and behavioral biometrics.
New and improved ESP32-P4 based PoE honeypot
🛡️ Zero-config hardware honeypot on a single ESP32-S3 — fake RTSP/HTTP/Telnet/SSH/FTP traps that capture attacker credentials, MAC/vendor & User-Agent, with Telegram alerts and a dark-mode dashboard. Pure ESP-IDF / C, no cloud, no Raspberry Pi.
A fork of the original mailhoney SMTP honeypot rewritten due to library deprecation
Defensive Active Directory hardening & deception dashboard
A Python/Flask-based web honeypot that simulates real-world vulnerabilities (RCE, brute-force, webshell uploads, JNDI injection) to capture attacker behavior and practice Red/Blue/Purple Team security workflows.
Multi-protocol authentication honeypot framework with advanced evasion, fake success responses, and Docker deployment. Captures SSH, FTP, Telnet, HTTP/HTTPS, MySQL, RDP, and SMB attacks.
Add a description, image, and links to the deception-technology topic page so that developers can more easily learn about it.
To associate your repository with the deception-technology topic, visit your repo's landing page and select "manage topics."