An awesome collection of articles, papers, conferences, guides, and tools relating to deception in cybersecurity.

Signature based honeypot detector tool written in Golang

Automation tool for Windows Deception Host Burn-In

A lightweight distributed deception hub. Catch lateral movement and threats using zero-noise tripwires.

A simple SSH gateway for deception deployments

Deceptive Operations: Lure, Observe, and Secure Tool

A portable active cyber defense tool that uses decoy-based delaying tactics to mislead and restrain attackers in untrusted networks.

A distributed, AI-powered honeypot system for Kubernetes. Uses OpenRouter to access 100+ LLMs (GPT-4o, Claude, Gemini) for generating realistic, context-aware vulnerable server responses. Features advanced scanner detection, session memory, and detailed artifact logging to trick attackers and capture threat intelligence.

Behavioral User-driven Deceptive Activities Framework

Deploys 14 Honeypot services (SSH, Telnet, ADB, MongoDB, VNC, MySQL, etc). Real-time dashboard with live WebSocket updates, attack geolocation, automated alerts + IP blocking, and payload/IOC analysis.

HTTP honeypot on autopilot

A deceptive web application designed to lure and monitor potential attackers by simulating a real, sensitive environment. It logs IPs, geolocation, user-agents, and suspicious interactions, and runs on a Dockerized Flask app deployed via AWS EC2 for scalable cybersecurity analysis.

New and improved ESP32-P4 based PoE honeypot

Adversarial Cognitive Portal Trap Architecture — A multi-layered defensive system that contains, degrades, disrupts, and commandeers autonomous offensive AI agents via a reverse kill chain (L0-L4).

A fork of the original mailhoney SMTP honeypot rewritten due to library deprecation

ML-powered deception-based banking honeypot system using React, FastAPI, and behavioral biometrics.

Multi-protocol authentication honeypot framework with advanced evasion, fake success responses, and Docker deployment. Captures SSH, FTP, Telnet, HTTP/HTTPS, MySQL, RDP, and SMB attacks.

Defensive Active Directory hardening & deception dashboard

A fork of Spamhole by Dustin Trammell with added safety

AETHER is an autonomous, AI-driven cyber defense system that shifts security from passive detection to active deception. It encodes attacker behavior as digital DNA and uses reinforcement learning to dynamically engage, mislead, and analyze advanced threats in real time. https://aetherconcept02.vercel.app