HFish is a community free honeypot that focuses on enterprise security scenarios. It provides users with independently operable and practical functions from three scenarios: intranet loss detection, internet threat awareness, and threat intelligence production. It increases users' capabilities in the field of loss awareness and threat intelligence through a secure, agile, and reliable middle and low level interactive honeypot.
HFish has more than 40 honeypot environments, free cloud honeynet, highly customizable honeybait capability, one click deployment, cross platform multi architecture, domestic operating system and CPU support, extremely low performance requirements, email/syslog/webhook/enterprise WeChat/nail/fly book alarm and other features to help users reduce operation and maintenance costs and improve operational efficiency.
Honeypot is usually defined as a detection product with lightweight detection capability and low false alarm rate. At the same time, it is also one of the high-quality sources for enterprises to produce local threat intelligence. HFish can help users of small and medium-sized enterprises avoid warning floods in their daily security operations, and increase their threat perception and intelligence production capabilities at a low cost. At present, the strength of the community is constantly helping HFish improve itself and jointly explore the best practice of deception defense.
HFish is widely used to sense the horizontal movement of lost hosts in office intranet, production environment, cloud intranet and other environments, employee account leakage, scanning and detection behavior, private intelligence production and even internal drills and security awareness training. Various alarm output forms of HFish are combined with state, NDR, XDR or log platforms to greatly expand the detection vision.
HFish adopts B/S architecture, and the system consists of a management end and a node end. The management end is used to generate and manage the node end, and receive, analyze and display the data returned from the node end. The node end receives the control of the management end and is responsible for building the honeypot service.
In the case of minimizing testing, you can directly test the honeypot service by installing the management side and through the built-in nodes in the management side.
[Linux Download](https://hfish.net/#/en/2 -2-linux)
[Windows Download]( https://hfish.net/#/en/2 -3-windows)
[docker Download]( https://hfish.net/#/en/2 -1-docker)
If there is an enterprise download requirement, you can also go to [HFish Document Area](https://hfish.net/#/docs)Download the deployment document scheme.
On August 7, 2019, we released our first open-source honeypot, HFish. In the next 16 months, HFish gained 2.6k star on Github and became a GVP project in the TOP5 security category of 5 on Gitee.
On February 9, 2021, integrating community feedback and thinking over the past two years, we launched a new concept of the threat capture and deception system HFish V2, and announced that all users will be authorized to use it free of charge through closed source sharing.
Address: Floor 4, Yingzhi Building, No. 49, Suzhou Street, Haidian District, Beijing
Tel.: 400-030-1051