The goal of this project is to create a tool that can scan a system for features which would let an attacker know prematurely it is a honeypot. This way he could avoid attacking it and thus avoid getting caught, making the honeypot useless. Security researchers could use it to scan their honeypot systems for such features before deploying them online or in production, in order to avoid mistakes. The tool should be able to generate a report with its findings and their severity so that appropriate action can be taken by the developer.

These features may include: bugs, configuration mistakes or default configurations left unchanged, unimplemented services, service combinations that wouldn’t make sense on the same machine or on the current operating system, unusual response times, etc.

The finished project is available at:



Vlad Florea


  • Marcin Szymankiewicz
  • Adel Karimi