The Honeynet Project - R&D for Honeypot/Honeynet Technology and InfoSec Research

Founded in 1999, The Honeynet Project is an international, non-profit (501c3) research organization dedicated to improving the security of the Internet at no cost to the public.

Our achievements are based on the principles of open source and volunteer efforts, with all software or papers created being licensed as open source and made freely available to the community.

We help coordinate the development, deployment, advancement and research findings of honeypot and anti-malware related technologies. With over 45 international chapters, 350 members and 30 open source research projects around around the world, we are a mature, highly diverse and international organization.

Simply put, our goal is to make a difference. We accomplish this via:

Awareness - We raise awareness of the threats and vulnerabilities that exist in the Internet today. Many individuals & organizations do not realize they are a target, nor understand who is attacking them, how, or why. We provide this information, so people can better understand that they are a target, and understand the basic measures they can take to mitigate these threats. This is provided through our Know Your Enemy series of papers.

Tools - For organizations interested in continuing their own research about cyber threats, we provide the tools and techniques we have developed. All tools are specifically licensed open source. Organizations all over the world use our tools.

Information - In addition to raising awareness, we provide details to better secure assets. Historically, information about attackers has been limited to the tools they use. We provide critical additional information, such as their motives in attacking, how they communicate, when they attack systems and their actions after compromising a system. We provide this service through our Know Your Enemy whitepapers and our periodic Scan of the Month challenges.

The Honeynet Project uses GSoC as a incubator for new R&D projects, and to recruit active new members.

lightbulb_outline View ideas list


  • python 3
  • python
  • golang
  • c/c++
  • machine learning


  • Security
  • honeypots
  • malware
  • sandbox
  • deception
  • networking
comment IRC Channel
mail_outline Contact email

The Honeynet Project 2018 Projects

  • Abhinav Saxena
    #15 - CONPOT: Protocols Wave #2
    Conpot is an ICS/SCADA honeypot that supports a number of industrial protocols and environments. For Conpot to emulate industrial devices better,...
  • Ulrich Fourier
    #9 - DRAKVUF: Support for Dynamic Malware Analysis on ARM
    The relevance of ARM processors is rising. Especially since ARM recently started targeting the servers and desktop market, thus going beyond the...
  • ctsung
    Automated Malware Relationship Mining
    Since last year, Holmes-Processing has acquired a large dataset of labeled malware samples, which can be used for deep learning based malware...
  • Stewart Sentanoe
    DRAKVUF - Stealthiness Improvement
    DRAKVUF ( is an agent-less and virtualization based black-box binary analysis system. It allows users to analyze any binaries and...
  • Mathieu Dolmen
    DRAKVUF : Process Injector Enhancement
    DRAKVUF allows to inject a binary directly into a running virtual machine. The current implementation uses either CreateProcessA() or ShellExecuteA()...
  • Saumo Pal
    Droidbot with AI
    The major task to be tackled in this project is to increase the code coverage using AI. Currently droidbot performs black box testing using the GUI...
  • Pietro Tirenna
    Google Protocol Buffers Serialization
    The basic idea behind the project is to shift mitmproxy serialization process to a new, clean standard format. Using Google Protocol Buffers will...
  • Vlad Florea
    Honeypot Detection Tool
    The goal of this project is to create a tool that can scan a system for features which would let an attacker know prematurely it is a honeypot. This...
  • CapacitorSet
    Implementing Yara rules in Honeytrap
    Yara is a pattern-matching DSL developed to describe malware families; in this project, it is used to describe malicious actors interacting with a...
  • Boddu Manohar Reddy
    LibVMI extensions: Bareflank hypervisor support
    Hypervisor (Virtual Machine Monitor) is a software that runs one or more virtual machines. Other than virtualization in cloud, they are also used in...
  • Roman Samoilenko
    Mitmproxy improvements
    There is one big and very interesting task. I need to Implement DSL for commands. Current implementation of Mitmproxy commands fulfills its duties,...
  • Vakaris
    New exploiters in Infection Monkey
    New non-destructive vulnerabilites Oracle WebLogic vulnerability (CVE-2017-10271) and Struts RCE vulnerability (S2-045) will be added to Infection...
  • Lele Ma
    Port LibVMI to Xen MiniOS
    In this project, the core functionalities of the LibVMI will be ported to Xen MiniOS. After ported, Xen MiniOS will have the basic capabilities of...
  • Anant Joshi
    Semi-automated DroidBot: Semi-automated Android UI testing
    The solution will consist of an Android app, that will read the input provided by the user, and generate an interaction model, which can be read by...
  • Viswak Hanumanth G K
    SNARE is a web application honeypot sensor attracting all sort of maliciousness from the Internet. The web page is generated by cloning a real web...
  • Arushit Mudgal
    Thug: Python 3 Port and PyV8 Replacement
    Thug is a Python low-interaction honeyclient aimed at mimicking the behavior of a web browser in order to detect and emulate malicious contents. This...
  • Harikrishnan R
    Trusted Execution Environment Based Dynamic Analysis on ARM
    The purpose of this project is to constructure a monitor (like eBPF in the latest version linux kernel) in the “secure world” which can collect...