Skip to content
This repository has been archived by the owner on Dec 4, 2024. It is now read-only.
/ helix-honeypot Public archive

K8s API Honeypot with Active Defense Capabilities

License

Notifications You must be signed in to change notification settings

Zeerg/helix-honeypot

Repository files navigation


Docker Image CI

Introduction

Helix is a honeypot that serves two primary purposes. When running in K8s mode it listens and responds as a typical K8s api server(most endpoints). When running in active defense a never ending response is generated on all api endpoints.

Usage

Usage:
  -mode string
    	The run mode for the honeypot [api, ad] (default "api")

Local Testing

Clone this repo

docker-compose up -d

Setup your kubeconfig for helix

- cluster:
    server: http://127.0.0.1:80
  name: helix
- context:
    cluster: helix
    user: helix
  name: helix
- name: helix
  user: {}

Deployment

  • Dockerhub
docker run -d -p80:80 helixhoneypot/helixhoneypot
  • Logging

For now all logging is done to stdout so if running inside docker you can add a driver to grab them.