HoneyDrive is the premier honeypot Linux distro. It is a virtual appliance (OVA) with Xubuntu Desktop 12.04.4 LTS edition installed. It contains over 10 pre-installed and pre-configured honeypot software packages such as Kippo SSH honeypot, Dionaea and Amun malware honeypots, Honeyd low-interaction honeypot, Glastopf web honeypot and Wordpot, Conpot SCADA/ICS honeypot, Thug and PhoneyC honeyclients and more. Additionally it includes many useful pre-configured scripts and utilities to analyze, visualize and process the data it can capture, such as Kippo-Graph, Honeyd-Viz, DionaeaFR, an ELK stack and much more. Lastly, almost 90 well-known malware analysis, forensics and network monitoring related tools are also present in the distribution.


Please take a look at the README.txt file on SourceForge (also included inside the virtual disk) to see where everything is located.


After downloading the file, you simply have to import the virtual appliance to your virtual machine manager. The recommended virtualization software is Oracle VM VirtualBox; a simple double click on the OVA file is enough. If you want to use HoneyDrive with VMware products (Workstation, Fusion, ESXi, etc) start here for VMware Fusion: Easy Importing of HoneyDrive to VMware Fusion. If that doesn’t work then read this: HoneyDrive 3 VMware guide and perhaps (the older but not outdated): Setup HoneyDrive on VMware (Workstation, ESXi, etc) and for Hyper-V server this: Run HoneyDrive 3 on Hyper-V server.


  • Virtual appliance based on Xubuntu 12.04.4 LTS Desktop.
  • Distributed as a single OVA file, ready to be imported.
  • Full LAMP stack installed (Apache 2, MySQL 5), plus tools such as phpMyAdmin.
  • Kippo SSH honeypot, plus Kippo-Graph, Kippo-Malware, Kippo2MySQL and other helpful scripts.
  • Dionaea malware honeypot, plus DionaeaFR and other helpful scripts.
  • Amun malware honeypot, plus helpful scripts.
  • Glastopf web honeypot, along with Wordpot WordPress honeypot.
  • Conpot SCADA/ICS honeypot.
  • Honeyd low-interaction honeypot, plus Honeyd2MySQL, Honeyd-Viz and other helpful scripts.
  • LaBrea sticky honeypot, Tiny Honeypot, IIS Emulator and INetSim.
  • Thug and PhoneyC honeyclients for client-side attacks analysis, along with Maltrieve malware collector.
  • ELK stack: ElasticSearch, Logstash, Kibana for log analysis and visualization.
  • A full suite of security, forensics and anti-malware tools for network monitoring, malicious shellcode and PDF analysis, such as ntop, p0f, EtherApe, nmap, DFF, Wireshark, Recon-ng, ClamAV, ettercap, MASTIFF, Automater, UPX, pdftk, Flasm, Yara, Viper, pdf-parser, Pyew, Radare2, dex2jar and more.
  • Firefox add-ons pre-installed, plus extra helpful software such as GParted, Terminator, Adminer, VYM, Xpdf and more.


1) HoneyDrive 3 has been created entirely from scratch. It is based on Xubuntu Desktop 12.04.4 LTS edition and it is distributed as a standalone OVA file that can be easily imported as a virtual machine using virtualization software such as VirtualBox and VMware.

2) All the honeypot programs from the previous version of HoneyDrive are included, while they have also been upgraded to their latest versions and converted almost entirely to cloned git repos for easier maintenance and updating. This latter fact on its own could be considered reason enough to release the new version.

3) Many new honeypot programs have been installed that really make HoneyDrive 3 “complete” in terms of honeypot technology, plus around 50(!) new security related tools in the fields of malware analysis, forensics and network monitoring.

4) The main honeypot software packages and BruteForce Lab’s projects reside in /honeydrive. The rest of the programs reside in /opt. The location of all software can be found inside the README.txt file on the desktop.

5) HoneyDrive 3 doesn’t make itself as known to the outside world as the previous version. There are no descriptive messages and apart from Kippo-Graph and Honeyd-Viz every other piece of software is not accessible from the outside (unless if you configure them otherwise, or even lock down Kippo-Graph and Honeyd-Viz as well).

A note on versioning: previous versions of HoneyDrive started with a zero (0.1 and 0.2) which seemed confusing to some. I didn’t like it either and in the end I decided to “renumber” those as versions 1 and 2, essentially making this new version HoneyDrive 3, .i.e the third official release.


  1. Why use HoneyDrive?
    HoneyDrive saves you time! It has all the major honeypot-related software pre-installed and pre-configured to work out of the box (or with some configuration options of your liking). As I have seen many times in comments or support requests I get, setting up a honeypot system is not always something easy. This is especially true for new infosec enthusiasts or sysadmins and “hard” to set up software like Dionaea for example.
  2. What utilities and software are included in HoneyDrive?
    HoneyDrive contains all the major honeypot-related software and a ton more useful tools. For a complete list you’ll have to take a look at the README.txt file included in the virtual appliance (you’ll find it on the desktop) or online at the downloads section of SourceForge (link above).
  3. Why isn’t [insert-name-here] included in HoneyDrive?
    Unfortunately I can’t keep track of every different piece of software. But, I’m very open to suggestions about HoneyDrive! If you know a tool that could be of benefit please let me know by leaving a comment on this page and it will be included in the next release of HoneyDrive.
  4. What is the password for [insert-name-here]?
    Again, your best bet is reading the README.txt file included in the virtual appliance or found online at the downloads section of SourceForge (link above). Every password you will need is included in its appropriate section.



HoneyDrive 3

  • Upgraded ALL existing honeypot software to the corresponding latest versions.
  • Converted ALL existing honeypot software to cloned git repos for easier maintenance.
  • Removed distinguishable HoneyDrive artifacts and secured access to web tools.
  • Added Kippo-Malware and Kippo2ElasticSearch.
  • Added Conpot SCADA/ICS honeypot.
  • Added PhoneyC honeyclient.
  • Added maltrieve malware downloader.
  • Added the ELK stack (ElasticSearch, Logstash, Kibana).
  • Added the following security tools: dnstop, MINI DNS Server, dnschef, The Sleuth Kit + Autopsy, TekCollect, hashMonitor, corkscrew, cryptcat, socat, hexdiff, pdfid, disitool, exiftool, Radare2, chaosreader, netexpect, tcpslice, mitmproxy, mitmdump, Yara, Recon-ng, SET (Social-Engineer Toolkit), MASTIFF + MASTIFF2HTML, Viper, Minibis, Nebula, Burp Suite, xxxswf, extract_swf, Java Decompiler (JD-GUI), JSDetox, extractscripts, AnalyzePDF, peepdf, officeparser, DensityScout, YaraGenerator, IOCExtractor, sysdig, Bytehist, PackerID, RATDecoders, androwarn, passivedns, BPF Tools, SpiderFoot, hashdata, LORG.
  • Added the following extra software: 7zip, Sagasu.
  • Added the following Firefox add-ons: Disconnect, Undo Closed Tabs Button, PassiveRecon.
  • Removed the following software: Kojoney, mwcrawler, Vidalia, ircd-hybrid, DNS Query Tool, DNSpenTest, VLC, Parcellite, Open Penetration Testing Bookmarks Collection (Firefox).



Skip to comment form

  1. Thanks for putting this out. Been playing with the distro for the last few hours, and I am impressed with the package. This will be perfect for some honeypot training I plan to put out soon.

    Thank you,

      • Ion on October 5, 2012 at 10:05 AM
      • Reply

      Hello Normus, thanks for your comment!

      I plan to include more software to it soon (so be sure to check from time to time) and perhaps create a lightweight desktop version (think Xubuntu/Lubuntu) with some GUI tools as well.

      The current version includes everything that has to do with Kippo SSH honeypot. It’s a good start in the domain of honeypots and you’ll get some interesting results. I’d be happy to see some of them.


        • letrath on March 12, 2013 at 3:05 PM

        Hello. i tried to contact you via contact form but its not working i guess? could u send me your mail address to ask a question pls. i wanted you to show it on my private ip if you have time.thanx.

    • nexus on October 8, 2012 at 3:20 PM
    • Reply

    Hello, this is very nice,i am very new in this stuff, i downloaded the honeybox but now what ?
    from the several VMDK drives in the rar witch one i must use. Any info on how to install this in VB ?

    I am Sorry for my noobiness but i would love some assistance.

    Thank you very much

      • Ion on October 9, 2012 at 2:35 PM
      • Reply

      Hello Nexus, it’s quite simple really: you have to extract the files, create a new virtual machine and select the “HoneyBox.vmdk” file as its hard disk drive (ignore the other files but don’t delete them!). You can then start Kippo by executing the “start.sh” script residing inside the /home/honeybox/kippo dir.

      See the README file here: http://sourceforge.net/projects/honeybox/files/HoneyBox%20v0.1%20%5BKippo%20in%20a%20Box!%5D/ for more information.


    • nexus on October 9, 2012 at 3:01 PM
    • Reply

    Thank you very much Ion, i appreciate your assistance.I will test it ASAP 🙂


    • George on October 15, 2012 at 10:14 PM
    • Reply

    Hi Ion,

    I am George again!

    I have two questions about Honeybox.

    1) Honeybox, your function is similar to that of Dionaea? Simulates services to catch malware?

    2) Is it necessary to use a virtual machine? or I can install HoneyBox on a physical machine? You recommend me Debian or Ubuntu?


      • Ion on October 16, 2012 at 8:03 AM
      • Reply

      Hello again George.

      1) No yet. So far only Kippo is installed. Dionaea and other honeypots will be included in future versions.

      2) The format of the drive is VMDK which is used by virtual machines. I don’t fully recommended it but you can convert a virtual drive to a physical one. See this: https://www.vmware.com/support/v2p/index.html. Also, Debian and Ubuntu are both fine, but I tend to go with Ubuntu.


    • J.H. Speed on October 28, 2012 at 3:13 PM
    • Reply

    Hi Ion!

    Thanks for providing us with an excellent site! 🙂

    Was really looking forward to trying you this HoneyDrive, looks like the download link is broken.
    Hope you are able to remedy this soon.


      • Ion on October 28, 2012 at 7:54 PM
      • Reply

      Hello there.

      I have changed the name from HoneyBox to HoneyDrive for copyright/trademark reasons, and SourceForge has not yet completed the changes to the project. But, you can get the latest VMDK file by clicking on this link: http://sourceforge.net/projects/honeybox/files/latest/download


      Edit: Seems like the direct download link above does not work anymore. I guess we should wait some time for SourceForge to complete the changes.

        • J.H. Speed on October 29, 2012 at 6:07 PM

        Yes, you are correct, looks like sourceforge is experiencing problems with this download.

        Is there any other sites that can be used for download?

    • Black September on November 20, 2012 at 12:38 AM
    • Reply

    Hi Ion!

    I finally got to download Honeydrive after the project had to change its name and i´d like to give you some feedback.

    + Honeydrive is ridiculously easy to set up
    + The builtin Kippo-Graph looks great and is easy to use
    + Its an excellent tool for gathering statistics and malware analysis
    + It will save hours and hours of my spare time reading trough logs (yep, that made the wife happy too :))
    – The NIC would not start during, had to start it manually – not a big deal 🙂

    Even tho I only started scratching the surface, it has already exceeded my expectations – 10/10!

    I have some questions tho:

    1 – Honeydrive is running on a Ubuntu Server 11.10, would you recommend to stay with this version or will it survive and update?

    2 – Kippo has a pseudo file system, but there are two real directories as well – /etc and /proc. From your experience, would you add additional files/directories or leave it as it is?

    3 – Do you know of any other ready-to-use python scripts that can be added to the kippo/kippo/commands directory or will i have to build them myself?

    Again, great stuff, thanks a million!

      • Ion on November 21, 2012 at 11:18 PM
      • Reply

      Hello Black September 🙂

      Thanks very much for the feedback, I appreciate it! It’s nice to hear that it works as it is supposed to 🙂

      About your questions:
      1) I use 11.10 because it just “works”. You can upgrade it if you like, yes.
      2) You can either leave them as is, or you can add your own files. It’s entirely up to you. You can also modify the existing files to add more bogus info (these are called honeytokens), for example new accounts in the /etc/passwd file.
      3) No sorry, I guess you will have to code any further commands.


        • Black September on November 24, 2012 at 3:16 PM

        Thanks for your reply Ion.

        Yepp, i basically figured that much.

        Already started using the createfs.py and editing the current python scripts to mirror a OpenBSD filesystem and environment.

        Looking forward to 0.2 🙂


    • mike on November 20, 2012 at 11:09 PM
    • Reply

    excellent project, i might suggest releasing your next version in OVF template format.


    within VMware workstation is a simple File -> Export to OVF option, there is still a packaging issue.

    i much prefer to work with an OVF template, it facilitates the movement unto ESX so much more reliably.

    keep up the good work!

      • Ion on November 21, 2012 at 11:21 PM
      • Reply

      Hello mike 🙂
      Thanks for your comment and for the suggestion!

      Unfortunately I don’t use VMware but VirtualBox. Although, it has a similar export option that I will use in the future version 🙂


    • jim on November 21, 2012 at 12:55 AM
    • Reply

    so I have kippo started and listening on port 22. however, I cannot ssh to it with putty i just get connection refused. however, an nMap is actually showing open.

      • jim on November 21, 2012 at 1:01 AM
      • Reply

      nevermind. I realized the problem. for some reason, I am unable to connect directly from the same native machine hosting the VM itself. weird.

        • Ion on November 21, 2012 at 11:22 PM

        Hello jim.
        Glad to hear you have figured this out.
        Let me know how HoneyDrive works for you.

    • Alex on November 27, 2012 at 8:09 PM
    • Reply


    I’ve been running honeydrive for a few hours now, and trowed a few attacks with medusa, and hydra and it does not pick up the automated attacks, however when I try by hands there are no problems, any ideas of what could have gone wrong or is it simple an undefined behaviour ?


    • Wilhelm-Jan on November 30, 2012 at 3:21 PM
    • Reply


    As currently only Kippo is included, I think thats just normal behaviour.
    I run my own Kippo/Dinoeae bases honey pots, and for kippo it’s only SHH thats being logged.

    So depending on what kind of automatic attack you’re running; It might not be noticed since it might not be on the kippo port.

    I myself run a Snort inline logging firewall/gateway (basically Honeywall), with behind it a couple of honeypots. Kippo logs everything on port 22 (low interaction part), and the gateway logs everything else (high interaction part).

      • Ion on November 30, 2012 at 3:42 PM
      • Reply

      Thanks for stepping in Wilhelm 🙂
      PS. I had to rewrite your comment by myself after a wordpress hiccup.

    • ziplock on December 1, 2012 at 3:22 PM
    • Reply

    it doesn’t include Dionaea or Honeyd as advertized in the “update” section of this page. As far as I can see, it only has Kippo. Am I overlooking something? Also, sourceforge says it has Dionaea and Honeyd… ???

      • Ion on December 1, 2012 at 3:39 PM
      • Reply

      Hello ziplock, as mentioned here: http://bruteforcelab.com/announcing-honeydrive.html, “NOTE: The description is not very accurate for the current state of HoneyDrive. Right now only Kippo SSH honeypot and its related tools are included, but all of the above will be present in future releases.”

      Sorry about that, I guess. I will release a new HoneyDrive version based on Xubuntu (with GUI) including the missing tools plus some other honeypot/malware-related utilities.


      • Ion on December 30, 2012 at 8:02 PM
      • Reply

      If you are subscribed to new comments, just to let you know that HoneyDrive Desktop version was released and it includes Kippo, Honeyd, Dionaea and much more! 🙂

    • Jon on December 30, 2012 at 9:17 PM
    • Reply

    Anyone have any luck getting this running on ESXi 5?
    When I try to install the OVA via “Deploy OVF Template” I get an error regarding unsupported hardware (Virtualbox). When I extract the OVA into a VMDK, a custom VM creation does not even let me see or select the VMDK file.

      • Ion on December 31, 2012 at 2:54 AM
      • Reply

      Hello Jon, thanks for reporting this.

      I have found some similar complaints online (not related to HoneyDrive). Perhaps it has to do with the pre-installed VirtualBox Guest Additions, I’m not sure. Take a look here: https://dev.uabgrid.uab.edu/wiki/VirtualboxToEsxi and perhaps here: https://forums.virtualbox.org/viewtopic.php?f=1&t=42311 to see if anything comes up and let me know please. I could try to upload the original VDI/VMDK file if this persists.


      • Ion on December 31, 2012 at 4:04 PM
      • Reply

      Jon, also take a look at this comment by Rob: http://bruteforcelab.com/honeydrive-desktop-released.html#comment-5167

    • Ken Pryor on December 31, 2012 at 3:51 AM
    • Reply

    Hello! I have imported and am successfully running HoneyDrive. However, I am having one problem with Dionaea and I was hoping you could suggest a solution. When I start the program, it is never able to bind port 80. I have put in the specific IP address of the HoneyDrive vm in the dionaea,conf instead of going with the default, but it is still unable to bind the port. No other ports are having this problem, only port 80. Do you have any suggestions on how I might fix this?

    Thank you very much for your hard work putting this great VM together!


    • Ken Pryor on December 31, 2012 at 5:51 AM
    • Reply

    Please disregard, I believe I have it figured out. Thanks!

      • Ion on December 31, 2012 at 4:01 PM
      • Reply

      Hello Ken. Glad you found the solution.
      Did it happen because of Apache was previously binding on that port? By the way, Dionaea mostly focuses on port 445 (SMB/CIFS), that’s the mechanism for capturing malware and the like. Ports 80 and 443 are mostly to log connections (if any).

      • shahrooz on September 20, 2013 at 6:29 AM
      • Reply

      Hi Ken

      I have the same problem with SMB. I got ports 80, 443, 1433 and 3306, but no SMB. How did you solve it?


    • Ken Pryor on December 31, 2012 at 10:57 PM
    • Reply

    Hi! Yes, Apache was the problem. I got it sorted now. So far, I’m getting lots of connections on ports 80, 443, 1433 and 3306, but no SMB unfortunately. Hoping that will change. I have my firewall set to forward all port 445 requests from the Internet to my HoneyDrive, so hope it will eventually get something.


    • Ken Pryor on December 31, 2012 at 11:20 PM
    • Reply

    I went to grc.com from my HoneyDrive and used the Shields Up page to scan my ports and see what’s showing as available. It reports port 445 is “stealth”, meaning it is not reporting itself as being in existence to the scanner. Any idea why the scan might not be able to see 445? This may be why I’m not getting any binaries or 445 connections.

    • Ken Pryor on January 1, 2013 at 1:00 AM
    • Reply

    Sorry to keep posting, but thought I’d update a little. I ran an nmap scan from the host computer to the HoneyDrive vm and found that port 445 on the HoneyDrive is open. I have it open on my firewall too, so I’m starting to wonder if the port is being blocked by my ISP. The ISP told me they don’t block ports, but I’m starting to wonder.

      • Ion on January 1, 2013 at 5:13 AM
      • Reply

      Hello Ken and happy new year. No problem, do keep us updated.

      I was about to suggest the same thing. My (Greek) ISP seemed to have been blocking port 445 as well on my home connection (I didn’t ask them about it though). The reality is, this might be a “good” move by them. I have set up Dionaea on a VPS and the amount of automated exploits by worms on 445 is just enormous! Microsoft themselves advocates filtering specific ports related to SMB/CIFS on public IP addresses. I guess this might be the case here. My advice would be to call your ISP support and speak with the technical office (not the first-line of staff) who will inform you correctly on this matter.


    • Ken Pryor on January 1, 2013 at 4:10 PM
    • Reply

    I think that must be the case. I made sure 445 was open here locally and then ran the online nmap scan against my public IP. It reported 445 among the ports being filtered. Many of my other ports are open, like 21, 22, 80, 443, so I’m still getting traffic, just not smb traffic. Having a vps would be nice, but can’t do that at the moment.

      • Ken Pryor on January 2, 2013 at 5:18 AM
      • Reply

      Since 445 seems to be filtered by my ISP, I decided to give Kippo a try. I haven’t received any “real” traffic on it yet, but I have tested it and am sure real traffic can get to it. Looking forward to giving Kippo a long run. Thanks again for HoneyDrive, it sure makes it easy to get started!

    • AdrianPas on January 18, 2013 at 9:01 AM
    • Reply

    Hello Ion,

    Nice job, I want to ask you is it possible to have and ovf compatible with Vmware Esxi 5. I have tried to imported and unfortunately I receive this error:
    “Error: OVF Package is not supported by target:
    – Line 265: Unsupported hardware family ‘virtualbox-2.2’.
    Completed with errors”

    I suppose it is because you have used VirtualBox and there may be a compatibility issue with Vmware.

      • Ion on January 18, 2013 at 9:05 AM
      • Reply

      Hello Adrian, thanks for your comment.

      I have seen this complaint before, so yeah I think I should release it in OVF and perhaps straight VMDK/VDI as well! In the meantime please see these and let me know if it worked: http://bruteforcelab.com/honeydrive-desktop-released.html#comment-5167 and https://dev.uabgrid.uab.edu/wiki/VirtualboxToEsxi


    • Mezzomix on February 4, 2013 at 10:43 AM
    • Reply

    hey ion,

    i tried the inetsim on the honeydrive and i had some trouble to get it running.

    the dns port is already in use by the dnsmasq small dns server which comes with ubuntu. i have to disable it with sudo gedit /etc/NetworkManager/NetworkManager.conf and #dns=dnsmasq.

    http port 80 is also in use by apache. sudo apachectl -k stopp and sudo service apache2 stop worked for me. the irc port is used by ircd-hybrid an can be stopped with sudo service ircd-hybrid stop.

    furthermroe i edited /etc/resolv.conf with #nameserver

    probably not the best way to get inetsim running.

      • Ion on February 4, 2013 at 11:59 AM
      • Reply

      Hello Mezzomix, thanks for your comment!

      Yeah, I guess this is not an efficient way and I should change the auto-start program list in the next version, or post your corrections just in case. Let me know of any other problems or comments in general!


        • Mezzomix on February 4, 2013 at 12:19 PM

        /etc/resolv.conf should not be edited. i was wrong the post before.

        i seems, that the inetsim.conf isn’t read by inetsim itself. only starting inetsim with sudo inetsim –bind-adress= works fine. but starting a dns query returns the default ip address and not the one i wrote in the inetsim.conf file.

        thats not a problem in your honeydrive, it is the same with a clean ubuntu 12.04 installation.

        • Mezzomix on February 4, 2013 at 12:30 PM

        okay for uncommenting the statements in the inetsim.conf file i had to delte the #. i didn’t thought about it, because everything is written with #.
        i am still learning^^ now everything is fine

        P.S.: cuckoo sandbox and volatility are interesting malware analyzing tools. maybe they are suiting your honeydrive.

        thx for your work so far

    • mfh17 on February 4, 2013 at 3:53 PM
    • Reply

    Hi … I’m having some installation issues; maybe you can help ? When i try to import into VirtualBox, i get issues with the VMDK being corrupt. So, I tried extracting the OVF so i access to the files inside, but half-way through, I get a 7-zip error of “… vmdk:file is broken”

    Have you seen either issue elsewhere, and what can I do to get past them. I am installing onto Windows 7

    1. Hello mfh17 and thanks for trying (to try) out HoneyDrive 🙂

      Importing the OVA into VirtualBox shouldn’t raise any problems. So I guess that the file might be truly corrupted after all, mostly due to a download error or something. Please try downloading it again and verify that the MD5 value is equal to: “f6aa9d7687eea635e79d42bc342a4563”. You can use a utility like this one: http://www.softoxi.com/md5–sha-1-checksum-utility.html to calculate the MD5.


      • m on January 10, 2014 at 6:06 PM
      • Reply

      honeydrive is very helpful,but the honeyD is giving me some problems,i wrote my own honeyd configuration file,,when i start the honeyd ,it responds,but when i check to see if the specified ports in the configuration file are opened using nmap,it shows they are closed,my log file shows logs of this scans,pls do any one have an idea of what is wrong.tried using the default configuration file on honeyd but that didnt work either

    • Drafter on March 17, 2013 at 1:47 AM
    • Reply

    hi, I’m having problems with the root account , any help please..

    1. Hello, what kind of problem do you have? As per the instructions, the default username/password combination is: honeydrive/honeydrive. You can then “sudo” from inside the system. Regards.

        • Togr Lamht R Butarbutar on January 17, 2014 at 7:50 AM

        sir, how i can enter to root acount?
        when i login in honeydrive account, then i type su in terminal
        i use password honeydrive, but the result authentication failure

        • Ion on January 17, 2014 at 8:33 AM

        Hey Togar, try “sudo su” instead.

        Regards, Ion.

    • Krytical on April 24, 2013 at 3:29 AM
    • Reply

    When I attempt to import the VM, I get a message that I must accept some agreement before I can import… a window comes up but no agreement text… just an agree and disagree button… so I hit agree… the window closes and opens back up… rinse and repeat… any ideas?

    1. Hello Krytical. Which VM hypervizor are you using? I recommend VirtualBox (which I used for exporting the OVA file in the first place). If you use a VMware product please see this blog post: http://bruteforcelab.com/setup-honeydrive-on-vmware-workstation-esxi-etc.html (I suggest to try the last method). Regards, Ion.

  2. can you give me example of topology to do this honeypot

    • Mara on June 10, 2013 at 7:42 PM
    • Reply

    I cannot connect to HoneyDrive via ssh.. (putty)
    I get message “Network error: Connection Timed Out”..
    I have installed HoneyDrive on a vm on the cloud… https://okeanos.grnet.gr/home/
    (ova file was transformed to a .raw file and then by this .raw file an image was created.. by which I created a vm…)
    Do you have any idea??

    • Mara on June 10, 2013 at 7:42 PM
    • Reply

    I cannot connect to HoneyDrive via ssh.. (putty)
    I get message “Network error: Connection Timed Out”..
    I have installed HoneyDrive on a vm on the cloud… https://okeanos.grnet.gr/home/
    (ova file was transformed to a .raw file and then by this .raw file an image was created.. by which I created a vm…)
    Do you have any idea??

    • Mara on June 10, 2013 at 7:42 PM
    • Reply

    I cannot connect to HoneyDrive via ssh.. (putty)
    I get message “Network error: Connection Timed Out”..
    I have installed HoneyDrive on a vm on the cloud… https://okeanos.grnet.gr/home/
    (ova file was transformed to a .raw file and then by this .raw file an image was created.. by which I created a vm…)
    Do you have any idea??

    • Mara on June 10, 2013 at 7:42 PM
    • Reply

    I cannot connect to HoneyDrive via ssh.. (putty)
    I get message “Network error: Connection Timed Out”..
    I have installed HoneyDrive on a vm on the cloud… https://okeanos.grnet.gr/home/
    (ova file was transformed to a .raw file and then by this .raw file an image was created.. by which I created a vm…)
    Do you have any idea??

    • Mara on June 10, 2013 at 7:42 PM
    • Reply

    I cannot connect to HoneyDrive via ssh.. (putty)
    I get message “Network error: Connection Timed Out”..
    I have installed HoneyDrive on a vm on the cloud… https://okeanos.grnet.gr/home/
    (ova file was transformed to a .raw file and then by this .raw file an image was created.. by which I created a vm…)
    Do you have any idea??

    1. Hello Mara, not sure why this happens, but in any case HoneyDrive was not designed to be uploaded to the cloud. Okeanos is great by the way 🙂 Regards.

        • Mara on June 11, 2013 at 8:12 AM

        So, what would you suggest?
        I need to have HoneyDrive running continuously… maybe use OpenVZ??
        My thesis is about honeypots and I would like to include HoneyDrive results…
        your work has been very helpful by the way, thank you!!! 🙂
        …(I am waiting for Okeanos’ admin’s answer about why I can’t connect to HoneyDrive)…

        • Ion on June 12, 2013 at 6:48 AM

        Hm, I don’t know. I suggest you try again one more time before concluding it doesn’t work out of the box. Otherwise, you can always setup your own honeypots on the VPS. Is there a particular honeypot you need to test? (eg Kippo). Regards.

        • Mara on June 12, 2013 at 7:16 AM

        No, no particular honeypot..
        I have installed Kippo, Dionaea and Glastopf and played a little…
        and HoneyDrive has a lot more so I think it is worth a try… (and my supervisor thinks the same) 😛

        by the way, I think it might work on the cloud… 😉
        I still have some connection issues but Okeanos’ helpdesk has been very helpful and immediate… 🙂
        if it works, I will feedback…

        • Ion on June 12, 2013 at 7:20 AM

        That is nice! Let me know how it turns out because I want to try uploading it to Okeanos as well when i find some free time. By the way, you can directly contact me through the contact form on the menu with more info on your thesis. I have completed a similar thesis for my undergrad studies and also written two conference papers on the subject and I am always interested 🙂 Regards.

    • klokurdiladem on June 23, 2013 at 7:02 AM
    • Reply

    does anybody have checksum for this honeydrive??? doesn’t make sense you’ll get a corrupt file after download it

    1. Hello there. Here are the checksums:

      MD5: f6aa9d7687eea635e79d42bc342a4563
      SHA1: 4c8e04a1240c43cf553bafc1462aaa3dea6d275b

      If you get a corrupt file I suggest you download it again from SourceForge, perhaps selecting a different mirror.

      Regards, Ion.

        • klokurdiladem on June 24, 2013 at 9:57 PM

        thank u so much

    • plaastik on August 12, 2013 at 3:43 PM
    • Reply

    Would it be possible to get HoneyDrive as a torrent? My downloading of the VM keeps aborting halfway…

    1. Hello plaastik.

      Yeah that would be possible, BUT it need seeders :/ Some guy actually bothered to create a torrent file here: http://thepiratebay.sx/torrent/8062657/HoneyDrive_v._0.2_%28Nectar_Edition%29_Virtual_Appliance but I don’t think you’ll get anything.

      If your download keeps being aborted it’s a problem with SourceForge. The easiest solution is to select another mirror 🙂 I’ve just downloaded the OVA file a couple of hours ago with no problem. So it would work I guess.

      FYI, these are the checksums of the OVA file (HoneyDrive 2.0):
      MD5: f6aa9d7687eea635e79d42bc342a4563
      SHA1: 4c8e04a1240c43cf553bafc1462aaa3dea6d275b

      Let me know how it goes.


      • Black September on August 12, 2013 at 4:23 PM
      • Reply

      Hi Plaastik.

      We had a similar issue a while back, i dont know if you tested it, but using ‘wget’ we were able to get it to download without interuprions.

      wget http://surfnet.dl.sourceforge.net/project/honeydrive/HoneyDrive%200.2%20Nectar%20edition/HoneyDrive_0.2_Nectar_edition.ova

      Hope you are able to solve it:)

      //Black September

        • Ion on August 12, 2013 at 4:48 PM

        Hey Black September, thanks for your input! 🙂
        And FYI, in Windows I got it using jDownloader (http://jdownloader.org/).


        • plaastik on August 12, 2013 at 6:32 PM


    • Sahhid Uddin on August 21, 2013 at 2:28 PM
    • Reply

    Hi people connect to kippo and use the password 123456 why can they not get root access?

      • Sahhid Uddin on August 26, 2013 at 2:30 AM
      • Reply

      They need to use root as username in combination.

    • Sahhid Uddin on August 21, 2013 at 8:11 PM
    • Reply

    Hi i used the kippo it was brilliant thanks so much, but i was wondering about the honeyD.

    I want to use honeyd but have no idea where to start like kippo.sh started kippo for me and logged all activity it was simple but honeyD on this is already set up and configured, so i am wondering how do i start honeyD? Which file starts it and where is it?

    Is there a guide to honeyD? Or can you tell me here quickly. Thanks

    1. Hello Sahhid. Yeah, honeyd is not as easy as Kippo, but there are many guides online as it is one of the oldest and best low interaction honeypots around. Just Google for it and you will find some material.


        • Sahhid Uddin on August 26, 2013 at 2:30 AM

        Very well thank you very much for this awesomeness made my dissertation so much easier.

    2. Here is a report on Honeyd I stumbled upon at while browsing Packet Storm Security: http://packetstorm.foofus.com/papers/general/honeyd_report.pdf

      Enjoy 🙂

        • varsha on March 2, 2014 at 7:51 AM

        hey i’m working on honeyd but i’m stuck as in ping and nmap to my virtual honeypot works but not telnet…pls reply as soon as possible…

    • Josh on August 30, 2013 at 6:03 PM
    • Reply

    I’m trying to import the OVA using VMware 9 on Windows 8. I keep getting a License Agreement Nag screen that persists after clicking ‘Accept’.

      • Ion on September 1, 2013 at 3:46 PM
      • Reply

      Hello Josh, thanks for trying (to try) HoneyDrive!

      To make HoneyDrive work on VMware please see this post: http://bruteforcelab.com/setup-honeydrive-on-vmware-workstation-esxi-etc.html

      Let me know how it goes. Regards, Ion.

    • Sahhid Uddin on September 2, 2013 at 12:32 AM
    • Reply

    I have a question for my tty logs how do i veiw them? Gedit does not work obviously please respond 🙂

      • Ion on September 2, 2013 at 6:22 AM
      • Reply

      Hello. I think it’s working. It’s just that the attacker or whoever logged in the honeypot didn’t type any commands.Try it yourself, login using PuTTY/terminal, type some commands and then play it with playlog. But, the thing is, why bother with files? Just enable MySQL logging in the config file and then see the sessions in the database. Regards, Ion.

      • Black September on September 2, 2013 at 7:57 AM
      • Reply

      Hi Sahhid!

      You will see a lot of “empty” tty logs. When a bruteforce attacks succeeds it will generate a log from when the password was entered. These logs are all of the same size, 622b if i recall correctly.

      As for using playlog.py

      When standing in /opt/kippo/utils, this is the command i use

      $ python playlog.py -f -m 1 ../logs/tty/.log

      You can see more options about the playlog.py script by executing

      $ python playlog.log
      Usage: playlog.py [-bfhi] [-m secs] [-w file]
      -f keep trying to read the log until it’s closed
      -m maximum delay in seconds, to avoid boredom or fast-forward
      to the end. (default is 3.0)
      -i show the input stream instead of output
      -b show both input and output streams
      -c colorify the output stream based on what streams are being received
      -h display this help

      Hope this helps you out, if not, let me know.

      I appologise for any of this being incorrect, i dont have a honeypot in front of me right now.


      • Black September on September 2, 2013 at 8:51 AM
      • Reply

      wow…i see the message got a bit f***d up when i pasted it 😛

        • Ion on September 2, 2013 at 9:09 AM

        Great reply nonetheless! 🙂

    • /CS on September 12, 2013 at 3:09 PM
    • Reply

    I disabled the following services/applications running on boot: ntop, tor, apache2, ircd-hybrid. I think it’s better for the user to decide what he needs. I noticed that zeitgeist daemon is also included, is it needed somewhere or can possibly be removed???

      • Ion on September 13, 2013 at 10:27 AM
      • Reply

      Hello CS, thanks for trying out HoneyDrive! Your feedback is much appreciated, I already had in mind to disable some of these services on startup for the next version 🙂 Regards, Ion

    • JB on September 21, 2013 at 2:24 PM
    • Reply

    Hi all,

    I am running kippo (awesome bit of kit), I had a naughty guy try to connect to an FTP server but couldn’t get ftp to work, How do i enable the command so the bad guys can download from an ftp? any help wll be greatly appriciated


      • JB on September 21, 2013 at 2:25 PM
      • Reply

      BTW, the Kippo graph issue i had was sorted, i just re-installed a new image 🙂 thanks to ION for all your help 🙂


      • Ion on September 22, 2013 at 6:07 PM
      • Reply

      Hello JB.

      This is not easy, it has be done programatically by the developer of Kippo. Your only option right now is to enable some output for the “ftp” command, by adding a file in “txtcmds” folder. But that won’t help the attacker to actually connect or interact with an FTP server.

      Regards, Ion.

    • Agli Pançi on October 22, 2013 at 7:53 PM
    • Reply

    Hello everyone,
    can HoneyDrive configured to save all the data to a central server (to work as a sensor). I have many points where i need to have for each one a honeypot and then i need to collect all the data to a main server for analysing.

    What do you suggest?

      • BlackSeptember_ on October 22, 2013 at 8:58 PM
      • Reply

      Hi Agli!

      HoneyDrive is running of a Xubuntu base.

      I have never done this with HD myself, but i believe you would be able to make this work, saving/backing up all the data to a central server, using something like rsync (http://www.howtogeek.com/135533/how-to-use-rsync-to-backup-your-data-on-linux/) or rsyslog (http://www.freeklijten.nl/home/2011/08/16/A-tutorial-on-remote-logging-with-rsyslog).

      If you´r looking to consolidate multiple sql databases (I.E. KippoGraph) i beleive you might be able to do this as well, but sadly i have no idea how you would go about to setup remote logging of this.

    • DiBa on November 28, 2013 at 3:26 PM
    • Reply

    Hello everybody,

    I’m trying to setup my home honeypot but i’m having problems with my honeyd installation. No matter what configuration and settings i try,when trying to start honeyd i get the same error :” aborting dhclient on interface eth0 after 12 tries” .
    Has anybody encountered the same error?

    Any help appriciated.


      • Ion on November 29, 2013 at 8:33 AM
      • Reply

      Hello DiBa,

      it seems that honeyd tries to get an IP from a DHCP server but it’s not working. Please see the comments section here: http://travisaltman.com/honeypot-honeyd-tutorial-part-1-getting-started/ where your error is mentioned by some other people to see if anybody found a solution. Sorry if I can’t offer more help.


        • DiBa on November 29, 2013 at 2:13 PM

        Thanks for the quick reply.
        The strange thing is that after that honeyd gets an IP and it starts logging. Though i’m not sure about the quality of the logs.


        • Ion on November 30, 2013 at 2:17 PM

        Hi DiBa, if you want you can paste here a small segment of your log file and I can tell you if it looks normal 🙂 Regards, Ion.

        • DiBa on December 8, 2013 at 12:17 PM

        Hello Ion, thanks for your help.

        Here is a small sample

        2013-11-19-17:22:01.5238 honeyd log started ——
        2013-11-19-17:22:01.5239 udp(17) – 58847 51413: 48
        2013-11-19-17:22:01.5303 udp(17) – 37149 51413: 348
        2013-11-19-17:22:01.5381 tcp(6) – 24634 55434: 52 FA
        2013-11-19-17:22:01.5382 tcp(6) – 55434 24634: 52 A
        2013-11-19-17:22:01.5394 udp(17) – 37149 51413: 348
        2013-11-19-17:22:01.5539 udp(17) – 18231 51413: 58
        2013-11-19-17:22:01.5540 udp(17) – 51413 18231: 58
        2013-11-19-17:22:01.5649 udp(17) – 45682 51413: 1025
        2013-11-19-17:22:01.5650 udp(17) – 51413 45682: 48
        2013-11-19-17:22:01.5716 tcp(6) – 65348 29662: 40 A
        2013-11-19-17:22:01.5799 udp(17) – 37149 51413: 348
        2013-11-19-17:22:01.6055 tcp(6) – 51413 47084: 353 PA
        2013-11-19-17:22:01.6056 tcp(6) – 47084 51413: 52 A
        2013-11-19-17:22:01.6130 udp(17) – 36424 51413: 48
        2013-11-19-17:22:01.6180 udp(17) – 36424 51413: 48
        2013-11-19-17:22:01.6304 tcp(6) – 12831 36311: 60 SA
        2013-11-19-17:22:01.6305 tcp(6) – 36311 12831: 52 A
        2013-11-19-17:22:01.6305 tcp(6) – 36311 12831: 120 PA
        2013-11-19-17:22:01.6410 udp(17) – 61362 51413: 48
        2013-11-19-17:22:01.6422 udp(17) – 56419 51413: 58
        2013-11-19-17:22:01.6423 udp(17) – 51413 56419: 58
        2013-11-19-17:22:01.6424 udp(17) – 51413 56419: 48
        2013-11-19-17:22:01.6458 tcp(6) – 61992 53776: 69 PA
        2013-11-19-17:22:01.6459 tcp(6) – 53776 61992: 52 A
        2013-11-19-17:22:01.6549 udp(17) – 52539 51413: 48
        2013-11-19-17:22:01.6612 udp(17) – 51413 37149: 48
        2013-11-19-17:22:01.6745 udp(17) – 7777 51413: 48
        2013-11-19-17:22:01.6775 udp(17) – 7777 51413: 48

        • Ion on December 8, 2013 at 2:24 PM

        Hi DiBa, it seems fine to me! Why don’t you try Honeyd2MySQL and then Honeyd-Viz to see some stats/graphs from you log? Let us know how it goes. Regards, Ion.

    • wysegy66 on December 3, 2013 at 3:54 AM
    • Reply

    Just installed HoneyDrive and it’s telling me there are 400+ updates available. Is it safe to upgrade without breaking anything?

    1. Hi wysegy66, I am not sure about this, I suggest that you keep a snapshot of the imported VM just in case, upgrade it to see if something breaks and then let us know! 🙂 Regards, Ion.

    • Hawkie on December 26, 2013 at 6:40 PM
    • Reply

    I am making a vmware converted version of the honeydrive. Will post it as a torrent, but expect help seeding it in the longterm. Will post link in a short while

      • Hawkie on December 26, 2013 at 7:33 PM
      • Reply


      This is the link to the ready made vmware image of honeydrive

    • Nick on January 27, 2014 at 5:34 PM
    • Reply

    Hey. Is there any way to setup the services to run on startup? I’d like to have kippo, dionaea and glastopf startup when I boot the VM.

    • ckaspar on February 7, 2014 at 5:53 PM
    • Reply

    Is there a LiveCD or bootable ISO for Honeydrive? I am running HD from a VM but I have an empty box that could work as a standalone machine.

    Thanks in advance.

    1. Hi ckaspar, no unfortunately there is no LiveCD or ISO version of HoneyDrive.

      If you box is good enough, one suggestion is to install a Linux server version, headless version of VirtualBox with phpVirtualBox [1] for frontend and then install HoneyDrive there.

      [1] http://sourceforge.net/projects/phpvirtualbox/


    • RichM on April 18, 2014 at 3:14 PM
    • Reply

    I have kippo running fine but I can’t seem to get TinyHoneypot to work. When I run ./thpot I see the process running, but nothing new is listening when I nmap the box. I tried shutting down apache and nmapping again, but I don’t see port 80 open for IIS like I expected (since I have http configured to be IIS in the tinyhoneypot config). I see some articles online about setting up thpot but some of the directories are different from the Honeydrive version of thpot. I feel like I’m missing a step. Can someone help with instructions on how to start tinyhoneypot in Honeydrive specifically?

    1. Hi RichM, sorry for late replying.

      TinyHoneypot is pretty old I would say. But you can start here if you want to give it a try: http://edgis-security.org/honeypot/tiny-honeypot/. Also, tinyhoneypot has been installed via the package manager AFAIR.


    • asda on May 7, 2014 at 4:15 PM
    • Reply

    How to change passwords?

    1. Hi, change passwords for what exactly?

    • help on May 7, 2014 at 5:38 PM
    • Reply

    I´d like to have a littel beginners guide that says how to start. How to use honeydrive for productive purpose: e.g enable mail notification; what has to be observed manuelly; what services shell I ran?


    1. Hi,
      this depends on: a) what you are trying to accomplish, b) which specific honeypot software you will use. For example, there is no universal notification system, you’ll have to set up the existing notification system for each honeypot software (if any) to alert you.

      I would start by using Kippo. You can find a number of articles about it in this blog. But it’s ready to be used. Just “./start.sh” and enjoy (details about it can be found in the text file accompanying HoneyDrive. Then you might want to move on to Dionaea.

      Regards, Ion

    • RobW on June 18, 2014 at 7:51 PM
    • Reply

    Hello Ion, really silly newbie question here. I’m trying to run kippo for the first time on honeydrive 0.2. Running the script I get a ‘no such file or directory’ error. If I type sudo and then run the script opt/kippo/start.sh it returns an unhandled error. I’ve looked in the file system and the path seems to be right, as you might expect. I don’t really know my way around linux at all so this is probably a really stupid question but would you be able to tell me, by any chance, what I’m doing wrong here?

    1. Hi Rob, can you copy-paste exactly what you type in the console?

        • RobW on June 18, 2014 at 9:12 PM

        Hi, sure I have: [email protected]:~$ /opt/kippo/start.sh

        • Ion on June 20, 2014 at 5:46 PM

        Hi RobW, yes, it could the case. Make sure you put the VM in a Host-only network or a Public network.

        • RobW on July 16, 2014 at 3:20 PM

        Hi Ion, I just went back to this problem today and it seems all that was wrong was that I was trying to run with root privileges. Boy do I feel like a idiot right now. Anyway it seems to work at least. 🙂

    • Niels on July 28, 2014 at 6:48 AM
    • Reply

    Is it possible to run this on the raspberry pi? or to create a separate distro for it? I would like to use Pi’s with honeyDrive in our corporate network as cheap honeypots for a.o. malware detection.

    1. Hi,
      it could be the case, if you can run a VirtualBox headless version on the RaspberryPi on a lightweight host distro and then import the OVA. But I don’t know how efficiently this might work. You have to try and give us feedback! If you succeed I can also do a blog post with you about it 🙂

      Another solution is to setup Kippo directly on the RaspberryPi, like for example: http://bob.k6rtm.net/kippo.html. For Dioanea you can use the “setupDionaea.sh” script from my Dionaea-Vagrant project (you can find the file on GitHub) to automate the setup.

      Anyway, best of luck and keep us updated 🙂

    • Jonathan on July 28, 2014 at 9:17 PM
    • Reply

    Is there any way that I can contribute with your project, besides downloading and testing the OS image?

    1. Hi Jonathan,
      very good question, I think I should even add the following to the FAQ:

      Generally, not to the actual development. I develop HoneyDrive on my own machine, so it doesn’t exist in any remote environment where we can collaborate while building it. And there ins’t any schedule for releases so even if we enabled remote collaboration, a new release will probably take *some* time before getting planned.

      But, here are all the ways you can help in general:

      1. Actually, testing is of great importance. There are a lot of things going on on HoneyDrive. Installing over 30 tools from source and managing their dependancies (which could be conflicting some times) isn’t the best deal. So it’s great if there are testers that can check that all the tools are actually working as they should by trying them out in real scenarios (and learning a lot in the process!).

      2. If you can code, then you can contribute to all the other projects around security visualization, etc or to the honeypots themselves. From my side, I am very open to this and have already accepted pull requests. If you know PHP and/or Python let me know. The code for all the projects is hosted on GitHub.

      3. Ideas/feedback. Again, this sounds trivial but it’s not. The tools need to be kept current and also become enhanced. Again, I am very open to this and some things like for example the Kippo-IP and Kippo-Playlog components of Kippo-Graph were added by some people who decided to contribute! This is relevant to the point above as well, but even if you can’t code the suggestions and requirements drafting for these are equally important.

      4. Information sharing. If you use it, share the results. Some of the honeypots have integrated a logging system called hpfeeds: http://heipei.github.io/2013/05/11/Using-hpfriends-the-social-data-sharing-platform/. You will find it in their configuration files with an option to enable it or not. Sharing data via hpfeeds helps the developers of the honeypot platforms and organizations like the Honeynet Project to gather much needed data about attacks. Even if you decide not to share via hpfeeds, you can help by letting us know what kind of stuff you capture, if you see any patterns, if from the logs you suspect that attackers found a new way to identify the honeypots etc.

      5. Lastly, there is a small donation button on the right side for people that appreciate this work 🙂

      Thanks again for your question and the willingness to help.

      Best regards,

    • Jonny on July 29, 2014 at 6:47 AM
    • Reply

    I’m trying to import the OVA but keep receiving the message seen here:
    Any advice?

    1. Yeah, as the error said it was probably a corrupted file.

      • shan molly on March 23, 2015 at 7:30 AM
      • Reply

      if any body need ovf that work on vmware please emaile me at

      [email protected]

    • Petro on July 29, 2014 at 4:35 PM
    • Reply

    I’m a big fan of this blog and kippo that I have used in the past. Does this updated version include the SFTP patch/fix in kippo?

    1. Hi Petro, thanks for your message.

      Regarding your question, no, I used the official Kippo version, that is actually being actively developed again: https://github.com/desaster/kippo

    • Panix on July 31, 2014 at 2:23 AM
    • Reply

    I’m having problems in HoneyDrive v3. Apparently, something is up with the key exchange. When I try to connect to Kippo, nothing happens. Once I press ‘Enter’, it starts the key exchange. My log file shows tons of connections but 0 login attempts.

    Any idea with what could be wrong?

    1. Hi Panix, thanks for your message. I’ve just tried it (VirtualBox VM with HoneyDrive 3 in bridged mode and SSH login from my OS X Mavericks) and it worked fine. My SSH client asked me to verify the fingerprint and then Kippo correctly asked me for passwords. From what kind of machine are you trying to login into Kippo?

    2. Ah, I re-read your post once more. So, you’re having Kippo in “production” but noone seems to be able to connect. Let me get back to you on this after I get some feedback from other people.

        • Panix on August 2, 2014 at 1:47 AM

        They can connect but once the connection is accepted, the key exchange doesn’t take place til I hit ‘Enter’ on the keyboard.

        If you want, I can provide you with my hostname so you can see what I’m saying. I haven’t made any changes since I downloaded the VM on the day it came out.

    • Raina on August 7, 2014 at 5:46 PM
    • Reply

    I am trying to run honeyd in honydrive3. I am getting a error in log file i.e permission denied in /var/log/honeypot/ directory. I already tried chmod and chown command but nothing works out. PFB screenshot for your reference. Plz guide…. thnx in advance ..

    1. Hi Raina, thanks for your messages.

      It seems that you need to run `sudo touch /var/log/honeypot/honeyd.log && sudo chmod -R /var/log/honeypot` for it to work. Of course it’s better to run honeyd as a “service” using the /etc/init.d script. See my latest blog post for more info (posting it in seconds).


        • Raina on August 9, 2014 at 3:08 PM

        I tried the same but nothing work out for me.I tried the instruction that you give in your new blog but it still gives the same error. Plz find the below screenshot.
        Thanks and Regards

        • Ion on August 9, 2014 at 3:13 PM

        Hi Raina, whoops, I forgot to write the actual mode (number 777) in the command I wrote in the previous message. I edited the comment, please re-run the command and let me know.

        • Raina on August 18, 2014 at 6:27 PM

        thanks it works..:)

    • mark_orion on August 12, 2014 at 8:35 PM
    • Reply

    Would it be possible to distribute honeydrive via bittorrent instead or in addition to Sourceforge ? I have a fairly unstable rural broadband connection and while SF downloads usually break with even short interruptions, bittorrent is much mure resilient (and faster).

    1. Hi mark_orion, thanks for your suggestion.

      That would be possible, but then I’d have to pay for a seedbox or something just for this since the file is a big one and I doubt many seeders would be available at any given time. Unless of course someone “sponsors” his bandwidth specifically for this. Until then, SF provides a good service I think.


        • mark_orion on August 14, 2014 at 2:14 PM

        Hi Ion, I understand that problem – had it once myself and helped me with someone who “colocated” a Raspberry PI as seedbox in a datacentre. And its no more a problem as I pulled the file overnight with wget. Thanks for this great piece of work ! Mark

    • Tomato- on August 21, 2014 at 7:10 AM
    • Reply

    a) i want the honeydrive installed directly on my server instead of virtual machine. is there any tutorial about how to install it step by step?
    b) i have many servers to install honeydrive. i want to realize the entralized management over all of them. how should i do? is there any application like DionaeaFR for Dionaea ?

    1. Hi Tomato,

      a) HoneyDrive is distributed as an OVA file, so this is not possible. Although I have seen that AWS and Linode for example have some resources to transfer a VM to their infrastructure, I haven’t tried it. Perhaps you can try and let us know? That would be fantastic!

      b) HoneyDrive is self-contained and self-managed, so no. But I am thinking of creating something to facilitate that in the future. You can “manage” the individual honeypots centrally though. For example, if you have 5 Kippo honeypots, just make all of them write to the same MySQL database so you can have an overall visibility. Also see this project as an alternative: http://threatstream.github.io/mhn/. Regarding the last question (DionaeaFR for Dionaea), it seems that you’ve made a mistake? Let me know again.


        • Tomato- on August 25, 2014 at 4:07 AM

        a) what i mean is that i want to know how you integrate all the modules you mentioned above ( Full LAMP stack, Kippo SSH honeypot, ELK stack, etc.) together to your VM work station, if you have notes during your development, then i could follow yours to install directly on my sever.

        b) yeah, the last question (DionaeaFR for Dionaea) is my misunderstanding and i got it now. your answer will help me a lot .

        Thanks very much for your apply. (˘❥˘)

        • Ion on August 25, 2014 at 12:07 PM

        Hi Tomato,
        unfortunately I don’t have notes (I should have kept some but I got carried away). So I guess you can just follow the official guides of the software you want to use or the tutorials I have written in the past.


        • Tomato- on August 26, 2014 at 5:00 AM

        Ok, i will search for other tutorials then.
        thank you lon 🙂

    • Beso on August 28, 2014 at 3:21 PM
    • Reply

    Hi guys

    how i can generate kippo graphs on honeyDrive 3 ?!! can you answer me ASAP pleeeeeease.

    • Jon Gerdes on August 29, 2014 at 10:34 AM
    • Reply

    Great work, thanks. Works nicely on a VMware 5.5 ESXi cluster. Someone may find this Upstart script handy for Kippo, put this in /etc/init/kippo and it will start on boot:
    description "Simple Kippo upstart script for honeydrive3"

    start on started networking

    setuid honeydrive
    setgid honeydrive

    exec start-stop-daemon –start
    –chdir /honeydrive/kippo
    –exec /usr/bin/twistd — -y kippo.tac -l log/kippo.log
    end script

    • sbilly on September 13, 2014 at 9:25 AM
    • Reply

    Great job!

    • oxygen on October 19, 2014 at 10:39 AM
    • Reply

    Hey! I have some PCAP files I want to process and analyse (determine what sites have been visited, how often, etc) – Would Honeydrive be able to do this with ease? If so, can you please walk me through it (I will donate some money if it works)!

    1. Hi oxygen,
      of course you can do it with HoneyDrive. Here is a nice guide with instructions: http://www.sans.org/reading-room/whitepapers/protocols/analyzing-network-traffic-basic-linux-tools-34037


        • oxygen on October 20, 2014 at 4:46 AM

        I was hoping to do it with Bro then make use of the ELK stack to review the data generated from the bro logs? If this is possible, can you guide me through it? Cheers!

        • Ion on October 21, 2014 at 6:57 PM

        Hi again,
        I haven’t played around with Bro but I think it’s possible (loading the pcap files). Other than that, many people have created Logstash config files to parse Bro IDS logs, e.g.: http://www.appliednsm.com/parsing-bro-logs-with-logstash/


    • scott sattler on November 11, 2014 at 6:27 PM
    • Reply

    Any plans for amazon AMI?

      • Ion on November 11, 2014 at 11:34 PM
      • Reply


      Yes, it’s in the TODO list. I’ll also try to make it usable as part of the free tier by resizing the volume.


    • Todd on November 14, 2014 at 7:56 PM
    • Reply

    If anyone is interested I wrote a little guide on how to convert and run HoneyDrive in Hyper-V. http://www.compnetsec.com/blog

      • Ion on November 19, 2014 at 7:18 PM
      • Reply

      Hi Todd,
      that was a wonderfully informative blog post. I took the liberty of reposting it here on the main site. A great contribution, thanks!


  3. Hi, guys can i to run honeyd low interaction honeypot for creating deceptiveness as xp, ubuntu and also can i run kippo honeypot simultaneously for tracking the hackers activities and getting them sql .can you please suggest which is the best honeyd or kippo, but honeyd can be deceptived as all kind of operating system but kippo as only ubuntu

      • Ion on December 22, 2014 at 7:04 PM
      • Reply

      Hi vivek,
      if you want to track and save activities inside the honeypot then Kippo is better. You can also make it emulate other Linux-based systems by feeding it data from your real filesystem.


    • NeoStryker on February 2, 2015 at 5:56 AM
    • Reply

    Can anyone give any suggestions for minimum system requirements to run this software suite? Or at least provide some sort of insight into hardware resource consumption. Thanks

    1. Hi NeoStryker, it’s a Xubuntu based virtual machine, with generally low requirements. 512+ RAM would be fine.

    • Yago on April 16, 2015 at 12:51 PM
    • Reply


    I’ve just installed HoneyDrive and try to config xmpp im kippo.cfg.

    I uncommented:
    server = sensors.carnivore.it
    user = [email protected]
    password = anonymous

    And had an error:
    [email protected]:/honeydrive/kippo$ ./start.sh
    Starting kippo in the background…
    Loading dblog engine: mysql
    Loading dblog engine: xmpp
    Failed to load application: No module named wokkel.xmppim

    What’s wrong?

    1. Hi Yago,
      unfortunately I haven’t tried setting up XMPP with Kippo ever. Not sure what’s the problem.

      Wokkel seems to be a library with enhancements to the Twisted framework that Kippo uses: https://pypi.python.org/pypi/wokkel. Maybe you can solve your problem simply with `pip install wokkel`.

      Let me know how it goes,

        • Yago on April 16, 2015 at 3:03 PM

        You were right! Please add “wokkel”to the next release of HoneyDrive! 🙂

    • Rendy Mahar on May 13, 2015 at 10:06 AM
    • Reply

    why the timestamp cannot list on graph? i use dionaea FR.
    please help me.

    • Rendy Mahar on May 13, 2015 at 10:15 AM
    • Reply

    why malware cannot download on dionaea.
    i use ip local ( not ip public on setting connection virtual honeydrive.
    may i use ip public?
    where i setting ip public? on virtual honeydrive or physical computer?
    i use windows xp on physical computer.

    please help me…

      • Tahir on May 30, 2016 at 8:21 PM
      • Reply

      I am having the same problem

      Can you help me if you have the solution

    • Lotte on June 3, 2015 at 11:44 PM
    • Reply

    Hello everyone,

    I’m currently working on setting up a honeypot using honeyd through the honeydrive distro and have been unsuccessful in getting the correct fingerprints to be matched when running an nmap scan of the targeted IP. I configured honeyd to create a Microsoft Windows Server 2003 Standard Edition as the fingerprint but have been unable to get that as a result of the nmap scans. The results of the scan gives me “No exact OS matched for the host”. I was wondering if anyone had any insight on how to solve this issue.


    • Alfred Gimigu on June 13, 2015 at 1:30 PM
    • Reply

    Hi, I tried to install the Honeydrive on my VMware but was unsuccessful due to compliance related issue, what can be the best version of VMware and how do I get a copy of that? Thanks

    1. Hey Alfred, in my case I was using VMware Fusion Professional Version 6.0.6 on OS X and it worked fine (the 2nd time, clicking Retry to lax the OVF conformance checks). Regards.

      • DenMiLu on July 14, 2015 at 3:41 AM
      • Reply

      Hi Alfred Gimigu, you can use vmware convert tool to convert honeydrive to VMware format and then use VMware 10 for running honeydrive3. Google for how to convert 🙂

    • newuser on June 23, 2015 at 11:38 AM
    • Reply

    Is there a way to have activity from a tool forwarded via syslog? In particular I am referencing Kippo, but if not Kippo then perhaps one of the other tools?

    1. Hi, I haven’t tried/seen this. It needs to be added to the codebase.

    • vikram on July 9, 2015 at 6:53 AM
    • Reply

    i am trying to run the MALTRIEVE tool in honeydrive 3 but it couldn’t
    run …….can anyone know about the how to install it run it properlly
    i am giving a error text of regarding issue with maltrive plz help me

    {[email protected]:/opt$ cd maltrieve
    [email protected]:/opt/maltrieve$ python maltrieve.py
    URL http://lifescience.sysu.edu.cn/filees/guuu16pesche.asp stored as 6061a2e39c9ecd5e9deef61175f183ab
    Traceback (most recent call last):
    File “maltrieve.py”, line 290, in
    File “maltrieve.py”, line 246, in main
    now.day), proxies=cfg[‘proxy’]).text
    File “/usr/local/lib/python2.7/dist-packages/requests/api.py”, line 55, in get
    return request(‘get’, url, **kwargs)
    File “/usr/local/lib/python2.7/dist-packages/requests/api.py”, line 44, in request
    return session.request(method=method, url=url, **kwargs)
    File “/usr/local/lib/python2.7/dist-packages/requests/sessions.py”, line 456, in request
    resp = self.send(prep, **send_kwargs)
    File “/usr/local/lib/python2.7/dist-packages/requests/sessions.py”, line 559, in send
    r = adapter.send(request, **kwargs)
    File “/usr/local/lib/python2.7/dist-packages/requests/adapters.py”, line 375, in send
    raise ConnectionError(e, request=request)
    HTTPConnectionPool(host=’www.sacour.cn’, port=80): Max retries exceeded
    with url: /list/2015-7/201579.htm (Caused by : [Errno 110] Connection timed out)
    [email protected]:/opt/maltrieve$ }

      • DenMiLu on July 14, 2015 at 4:13 AM
      • Reply

      Hi vikram,

      your problem is at the site http://lifescience.sysu.edu.cn/filees/guuu16pesche.asp and http://www.sacour.cn could not load. Please check 2 sites above before running python script.

    • DenMiLu on July 14, 2015 at 8:04 AM
    • Reply

    Hi Ion,
    I have a problem when drawing new chart on Kibana4.1.1 with pair of top 10 user/pass, how can I filter like you do on kippo2elasticsearch.json?

    • clown on August 21, 2015 at 7:22 AM
    • Reply

    can u tell me what is root‘s password

      • Ion on September 21, 2015 at 9:45 AM
      • Reply

      You should login with username/password: honeydrive/honeydrive. Then become root (if needed) with “sudo su”.

    • Pete Desfigies on October 12, 2015 at 12:23 AM
    • Reply

    I recently re-installed honeydrive3 again and noticed this time around that
    kippo seems to be constantly crashing.. anytime that a command is given that involves a “/”, it kills the connection. For exampled.. if the attacke changes directory to cd /etc. it crashes, or even cd /.. crashes.. anyone else have experience with this or know what is causing this?

    1. Hm, I haven’t heard that before. I’ll try to test it. But, please `git pull` in the Kippo directory to make sure you have the latest version. Let me know if that fixes it.

    • stevenchung63 on October 19, 2015 at 2:07 AM
    • Reply

    Is a license needed to use Honeydrive for a commercial purpose? And if yes, where can I find more information about it ? Thanks a lot!!

    1. Hi Steven, not really, you can use it as you would normally use an Ubuntu linux distro. Having said that, individual honeypot/other software inside HoneyDrive that you’d like to use might have different licenses (although I can’t think of any off the top of my head). Thanks.

    • morenike oniyide on November 2, 2015 at 11:45 PM
    • Reply

    Please i am seeing the following error on honeydrive after using the following command:

    python manage.py collectstatic #type yes when asked

    python manage.py runserver

    Then i try to open with http://SERVER-REMOTE-IP:8000, which is my honeydrive IP

    … Can anybody help with this please

    Request Method: GET

    Request URL:

    Django Version: 1.6.5

    Exception Type: DatabaseError

    Exception Value:

    database disk image is malformed

    Exception Location: /usr/local/lib/python2.7/dist-packages/django/db/backends/sqlite3/base.py in execute, line 451

    Python Executable: /usr/bin/python

    Python Version: 2.7.3

    • stevenchung63 on December 4, 2015 at 3:58 AM
    • Reply

    Is there a SHA 256 or MD5 checksum for the honeydrive download? Thanks a lot!

      • Ion on December 9, 2015 at 11:24 PM
      • Reply

      Hi Steven, SHA1 is 693e9448dc9bd384917d9655b72f482c70ac1f8b and MD5 is ef3e5baa960207958a71cdb88cc66d55.

    • Scott Sciarrino on December 4, 2015 at 6:58 PM
    • Reply

    Is there a easy way to put it on a USB stick and run a Live version on some old hardware..Thanks..

      • Ion on December 9, 2015 at 11:25 PM
      • Reply

      Hey Scott, since this is distributed as an OVA I don’t think so… sorry.

    • Rob Z on January 19, 2016 at 4:38 PM
    • Reply

    I’m wondering if you can create your own folders/subfolders in kippo and if so how to go about it.

    1. Hi, do you mean creating your own content inside the honeypot? Yes that’s doable. You can copy/create file in honeyfs/ and then use utils/createfs.py. It’s better if you use Cowrie instead of Kippo though. See this: https://sehque.wordpress.com/2015/07/23/how-to-configure-and-deploy-a-cowrie-ssh-honeypot-for-beginners/

  4. thanks for this valuable article. I am really impressed by your site.

    • Archana on February 4, 2016 at 2:56 PM
    • Reply

    hi i am unable to log into honeydrive with the default password as honeydrive it says sorry wrong password!

    Please help.

    1. That is strange, you should be able to login as user “honeydrive” with password “honeydrive”. Are you trying to login as root perhaps?

        • Archana on February 14, 2016 at 9:09 PM

        hello, can you make a tutorial on honeyd (honeydrive)?

        things to be covered
        0) how to start (commands) – because honeyd -d -f filename.conf doesnt work
        1)a simple config file and how to deploy it
        2)how to deploy a honeypot
        3)mimicking of a server
        4)a small network simulation

        please kindly throw some light on the above mentioned topics!! please!

        • Ion on February 14, 2016 at 10:32 PM

        Hi. I’ve written something already here: https://bruteforcelab.com/getting-started-honeyd.html

    • Abraham Sinai on February 5, 2016 at 1:54 AM
    • Reply


    Is this a 32 bits or 64 bits machine?

      • Ion on February 5, 2016 at 12:15 PM
      • Reply

      Hi, it’s based on Xubuntu 32-bit.

    • Abraham Sinai on February 10, 2016 at 3:30 AM
    • Reply

    Hello, What about trying to install the Security Onion tools, Snort, Suricata, Bro, OSSEC and so on into HoneyDrive? Is it recommended?

      • Ion on February 10, 2016 at 9:38 PM
      • Reply

      Hi, it’s up to you. Of course you can do it.

    • Tahir on May 28, 2016 at 8:28 PM
    • Reply

    I am having troubles in downloading malware. Although I am getting thousands of connections but 0 downloads. Can you please help me.


    • Paul on June 17, 2016 at 8:28 PM
    • Reply

    I’m having issues with LaBrea. “Couldn’t open libdnet link interface”

      • Paul on June 17, 2016 at 8:39 PM
      • Reply

      Disreguard. Apparently it needed a ‘sudo su’

    • Nathan on October 19, 2016 at 1:15 PM
    • Reply

    Should you change the username/passwords on the Honeydrive installation? ^^

    • Tom on October 20, 2016 at 11:21 AM
    • Reply

    Trying to get honeyd on honeydrive3 running to add to my active defenses. On startup using honeyd -d -f test.CONF -p /home/honeydrive/Downloads/hhac-code/nmap-os-db -i eth0 This is the current nmap-os-db, I get the same error with the one that came with honeydrive3.

    I get this mysterious error:

    34: No personality for “MatchPoints”
    honeyd: parsing personality file failed

    Any clue how to fix it. A google search doesn’t reveal much either. I don’t know if it is the DB file or the conf file honeyd is using to lookup personalities in the DB. I am close but no cigar, and I cannot afford the store bought Nova project version.

    • Tom on October 20, 2016 at 4:53 PM
    • Reply

    Idea for HoneyDrive4 – install the opensource Nova project on it, honeyd on steroids.

    • Ade Jodi Harmawan on February 22, 2017 at 3:27 AM
    • Reply

    i have prombel running honeypot

    root @ honeydrive: ~ # Honeyd -d -f /etc/honeypot/honeyd.conf
    Honeyd V1.5c Copyright (c) 2002-2007 Niels Provos
    Honeyd [2114]: started with -d -f /etc/honeypot/honeyd.conf
    Honeyd [2114]: listening promiscuously on eth0 (ip proto arp or 47 or (udp and src and dst port 67 port 68) or (ip)) and not ether src 08: 00: 27: 38: d1: ec
    Honeyd [2114]: demoting process privileges to 65534 uid, gid 65534
    Honeyd [2114]: **update_check: failed to resolve host.**

    • adekunle alawiye on March 13, 2017 at 1:55 PM
    • Reply

    how can i change the honeypot passwords?

      • Ion on March 19, 2017 at 8:51 AM
      • Reply

      Hi, it depends on the honeypot software. Look at the configuration file or README for the one you want to change the password for.

    • adekunle alawiye on March 16, 2017 at 5:45 PM
    • Reply

    Hi all,

    I want to move my honeydrive3 to cloud so as to generate attacks for analysis on my project. I am stuck as honeydrive3 comes as a vm. I am totally lost and very short on time.

      • Ion on March 20, 2017 at 1:06 AM
      • Reply

      Maybe this can help you, I haven’t tried it though: https://docs.aws.amazon.com/vm-import/latest/userguide/vmimport-image-import.html – In any case, you can just create a new instance in one of the cloud providers and manually install the honeypots of your choice, you don’t necessarily need HoneyDrive3.

    • santanu chatterjee on March 19, 2017 at 2:08 AM
    • Reply

    I am new to this and taken this up as a DYI project :-).I have been able to set up and run honeydrive in my home PC, and start script for Kippo and Dionaea has executed successfully.I can connect to the internet through honeydrive.I have upgraded and updated all of Honeydrive applications and the OS itself. I have 2 questions:-

    1) My home network works in 192.168…..(IPV4), but virtualbox,running honedrive, has taken up 10.0.2…(IPv4) as its own IP. If I want to set up DMZ which by default in my router(running DDWRT firmware) starts with 192.168…(IPV4).Should I add my physical PCs IP address or should I leave honeydrive running in virtualbox as it is, and it would do its job… as it runs kippo and other honeypots?

    2) My Kippo web interface is opening(I havent seen a single entry. However, when I am using Dionaea’s – http://localhost/phpliteadmin/phpliteadmin.php, it is giving me- 403 forbidden error “You don’t have permission to access /phpliteadmin/phpliteadmin.php on this server.”How do I fix this to access this interface?

      • Ion on March 20, 2017 at 1:13 AM
      • Reply

      Hi there!

      1) I think this is happening because of your VirtualBox settings. Go to the VM’s configuration and network interfaces and look around for an option to change the adapter from NAT to Bridged: https://www.virtualbox.org/manual/ch06.html#network_bridged. This will make the VM take an address in the 192.168.x.x space. Then in your router you can forward specific ports from your public IP to your VM’s IP, like SSH, SMB, etc.

      2) Hm, can you maybe check the Apache logs to see what the error might be when you get a 403? It might be because the file doesn’t have the correct permissions (to be readable by the apache/www-data user). You should also try DionaeaFR (already included) as well, it’s like Kippo-Graph but for Dionaea.

    • Austin on April 5, 2017 at 2:48 PM
    • Reply

    Hey Ion, I really hope you are still active here, as I could really use your help!

    Im currently trying to use the Honeydrive3 distro as a project for school here in sweden, and I have been spending days trying to understand and use Honeyd with my setup. Kippo, Dionaea seem to be working fine, but the Honeyd is being a real pain in the butt. Here is my setup.

    Main Computer Ubuntu 16.04 ( running Virtual Box

    Honeydrive3 inside Virtual Box (

    I have tried many many different tutorials on how to setup Honeyd, including yours! Each tutorial seems to be giving me different results.

    TekTip’s tutorial results in “update_check: failed to resolve host honeyd”

    http://packetstorm.foofus.com/papers/general/honeyd_report.pdf tutorial results in the virtual honeypot not being able to be pinged.

    Your tutorial results that the Honeyd Deamon is started and seems to be working, yet no logs, or pings reach the virtual honeypot. I even used the exact configurations, just different IP addresses!

    Honestly Im quite lost after countless tutorials and opinions and I thought honeyd was a simple tool to start! Is there any way you could help me out? I dont know if you’re still active on this forum, but if you are I can post more configs and maybe solve this together! 🙂

    • AGV on April 20, 2017 at 7:33 PM
    • Reply

    downloading and waiting for install. thanks bro!

    • AGV on April 24, 2017 at 5:12 PM
    • Reply

    Its works! 😀

    • ASD on May 17, 2017 at 10:50 PM
    • Reply

    Hi – I’d like to manually configure network connections for Honeydrive; however, the server does not allow me to do so. Looks like server policies allow only root user to change network settings and will not accept password for honeydrive account. Any ideas on how we can make manually assign a static IP address to Honeydrive?

    • donger on May 22, 2017 at 2:41 PM
    • Reply

    I had a problem that I not able to login into Honeydrive. Originally it do not need to login and after I install honeycomb for honeyd and i restart it then I not able to login.
    I tried password honeydrive it did not mention password is wrong when I click login then it go back to login page again.

    • GoRo on February 16, 2018 at 9:46 PM
    • Reply

    How can I set up alert notifications honeypot?

      • Ion on February 17, 2018 at 5:29 AM
      • Reply

      Each honeypot is different, and it might or might not have alerting built in. Depending on the software you might have to build your own solution. For example, you might have to write some code to query the honeypot’s database periodically and get a report emailed to you. If you index events in Elasticsearch (e.g. using my fork of kippo with added ES support) then you could use something like ElastAlert, and so on.

    • GoRo on February 17, 2018 at 7:48 AM
    • Reply

    Please, tell more about ElastAlert. Can there be a link where I can read?

      • Ion on April 24, 2018 at 8:25 AM
      • Reply


    • GoRo on February 17, 2018 at 7:50 AM
    • Reply

    How can I manage honeydrive via SSH?

    • Bigtexun on April 4, 2018 at 3:37 PM
    • Reply

    So I appreciate the apparent completeness of the bundle. I also appreciate the fact that each software package is an entity of it’s own, and thus has it’s own documentation. However I would like to point out that all of the HoneyDrive 3 documentation seems to stop at the installation.

    Where is the getting started guide? How do I find a guide to using the system, short of reading the documentation for over 50 packages and wildly guessing about how these over 50 tools are integrated?

    If the goal was making something easy for experts to deploy, you seem to have achieved it, but most experts already have their own tools suite packaged in a bootable thumbdrive, so there isn’t a lot of reason for an “expert” to need Honeydrive, except to introduce it to someone else. On the other hand, if the goal was to make it easy for a security novice to deploy a honeypot, you missed 95% of the documentation needed to achieve that goal.

    I’m sure I will eventually get started with this, but so far 90% of the time I have spent in the effort to deploy this has been searching for documentation. Deploying a virtual machine is easy, and hardly needs a lot of documentation for success. So the only documentation I see is documentation I didn’t really need. I’ve got 30 years of systems engineering experience, but even I need a basic “this is how you get started with this new tool” guide.

    Sorry to be so negative here… I see so much effort around this to firm up documentation of the installation, so many different methods are documented… There should at least be a set of links for further reading at the end of the installation instructions… Something more than “enjoy!”

  5. [email protected]:~ $ sudo service dionaea start
    Job for dionaea.service failed because the control process exited with error code.
    See “systemctl status dionaea.service” and “journalctl -xe” for details.

    [email protected]:~ $ sudo service dionaea status
    ● dionaea.service – LSB: Dionaea Honeypot
    Loaded: loaded (/etc/init.d/dionaea; generated; vendor preset: enabled)
    Active: failed (Result: exit-code) since Fri 2018-08-03 20:36:08 +08; 1min
    Docs: man:systemd-sysv-generator(8)
    Process: 2415 ExecStart=/etc/init.d/dionaea start (code=exited, status=203/E
    CPU: 2ms

    Aug 03 20:36:08 raspberrypi systemd[1]: Starting LSB: Dionaea Honeypot…
    Aug 03 20:36:08 raspberrypi systemd[1]: dionaea.service: Control process exite
    Aug 03 20:36:08 raspberrypi systemd[1]: Failed to start LSB: Dionaea Honeypot.
    Aug 03 20:36:08 raspberrypi systemd[1]: dionaea.service: Unit entered failed s
    Aug 03 20:36:08 raspberrypi systemd[1]: dionaea.service: Failed with result ‘e
    lines 1-12/12 (END)

    an error that I have when I want to start my service dionaea on raspberry pi 3. what I need to do ? or that I have do a wrong configuration ? please help me T_T

  6. I have configured honeyd on my system i started with dionaea honeypot
    but i am not getting binaries
    what will be the reason?
    i have tried with nmap command ,but port no 139 & 445 are showing as FILTERED.
    please help me.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.