The Honeynet Project - R&D for honeypot/honeynet technolgy and infosec research

Founded in 1999, The Honeynet Project is an international, non-profit (501c3) research organization dedicated to improving the security of the Internet at no cost to the public.

Our achievements are based on the principles of opensource and volunteer efforts, with all software or papers created being licensed as open source and made freely available to the community.

We help coordinate the development, deployment, advancement and research findings of honeypot and anti-malware related technologies. With over 45 international chapters, 350 members and 30 open source research projects around around the world, we are a mature, highly diverse and international organization.

Simply put, our goal is to make a difference. We accomplish this via:

Awareness - We raise awareness of the threats and vulnerabilities that exist in the Internet today. Many individuals & organizations do not realize they are a target, nor understand who is attacking them, how, or why. We provide this information, so people can better understand that they are a target, and understand the basic measures they can take to mitigate these threats. This is provided through our Know Your Enemy series of papers.

Tools - For organizations interested in continuing their own research about cyber threats, we provide the tools and techniques we have developed. All tools are specifically licensed open source. Organizations all over the world use our tools.

Information - In addition to raising awareness, we provide details to better secure assets. Historically, information about attackers has been limited to the tools they use. We provide critical additional information, such as their motives in attacking, how they communicate, when they attack systems and their actions after compromising a system. We provide this service through our Know Your Enemy whitepapers and our periodic Scan of the Month challenges.

The Honeynet Project uses GSoC as a incubator for new R&D projects, and to recruit active new members.

lightbulb_outline View ideas list


  • android
  • machine learning
  • honeypots
  • python
  • html/javascript


  • Security
  • honeynet
  • honeypot
  • security
  • web development
  • sandbox
comment IRC Channel
email Mailing list
mail_outline Contact email

The Honeynet Project 2016 Projects

  • Clemens Brunner
    [MITMProxy] Clemens Brunner
    MITMproxy is a console tool that allows interactive examination and modification of HTTP traffic. The aim of this project is to improve the...
  • Ma-Shell
    Centralized Service Configuration for Holmes
    Holmes Processing ( is a system used for automated malware analysis of huge volumes of malware samples, which...
  • Kacper
    Context based fuzzy clustering of malware
    CuckooML will deliver a mechanism to find similarities between malware through analysing reports about them. Additionally, the software will be able...
  • Sergej Proskurin
    Foundations for DRAKVUF on ARM
    Dynamic malware analysis techniques assist to fully understand the cause, intention, and extent of damage caused by malicious applications....
  • dufferZafar
    Improving mitmproxy
    Improve mitmproxy by adding features like SQLite based flow storage, TCPflows etc. and Port pathod & mitmproxy to Python 3.
  • lynnlyc
    Improving the coverage of DroidBot
    DroidBot is an Android application exerciser like Monkey. It is better than Monkey in malware detection because it is aware of the static information...
  • Tin Duong
    Integrate DroidBOT into Cuckoo Sandbox
    Cuckcoo Sandbox is an extensible automated malware analysis tool written in Python. Although Cuckcoo Sandbox begins supporting Android OS since v2.0,...
  • garou6666
    Rumal Dennis Parchkov
    Rumal's aim is to present visually the result from Thug, a tool for studying exploit kits. The currently available version requires some tweaks to...
  • afeena
    Vulnerability emulation for SNARE and TANNER
    SNARE is a web application honeypot sensor attracting all sort of maliciousness from the Internet. The web page is generated by cloning a real web...
  • cvp
    Web Interface and Generic API Development for Holmes Processing
    The Holmes Project is a modern, modular, and scalable environment for collaborative malware analysis and storage. Despite the relatively young age of...
  • system64
    Collect Passive DNS data from various sources; display, correlate and analyze them.