Welcome to the Cloud-Based Honeypot repository β a collection of Markdown guides that walk you through deploying and analyzing honeypots in a cloud environment using the T-Pot platform. This repo is ideal for cybersecurity students, SOC analysts, and researchers who want hands-on experience monitoring real-world attack attempts using cloud-hosted honeypots.
This guide series includes:
- An introduction to honeypots and their role in cybersecurity
- Deploying the T-Pot honeypot framework on a cloud server (Linode used in this guide)
- Hands-on analysis of honeypot data collected from popular sensors:
- Dionaea (malware and exploit collection)
- Cowrie (SSH/telnet honeypot)
- Heralding (credential theft and remote desktop)
- Command-line-based log analysis and best practices
All tutorials are provided as Markdown files with step-by-step instructions and screenshots where needed.
Linode was chosen as the cloud platform for this project due to its simplicity, transparent pricing, and developer-friendly environment. It also offers a free two-month trial, making it ideal for labs and experiments.
- Transparent Pricing: Easy to understand and predict billing
- Affordable: Budget-friendly for individuals and small teams
- High Performance: Reliable speeds for small to medium deployments
- SSD Storage: Fast read/write operations, ideal for log-heavy apps
- User-Friendly Interface: Clean and intuitive dashboard
- Extensive Documentation: Well-written guides for quick setup
- 24/7 Support: Fast and knowledgeable technical support
- Active Community: Helpful forums and user-generated content
- A cloud VPS (Linode or other provider)
- T-Pot ISO or install script (as per the official GitHub)
- SSH access to your server
- Local machine for log review and visualization (optional)
- Clone the repository:
git clone https://github.com/CodeLife01/Cloud-Based-HoneyPot.git cd Cloud-Based-HoneyPot
This project is for educational and research purposes only. Honeypots attract real attackers β never use them on production systems or networks without proper isolation. Use a cloud provider and region that complies with local laws and terms of service.