atirathi/iot-honeypot

# IoT Honeypot Multi-protocol IoT honeypot for threat intelligence collection. Telnet :23 SSH :22 HTTP :80 MQTT :1883 ## Architecture graph TB subgraph Attackers A[Internet Scanners] B[Botnets] C[Threat Actors] end subgraph Honeypot T[Telnet :23] S[SSH :22] H[HTTP :80] M[MQTT :1883] end subgraph Pipeline R[(Redis Streams)] D[(TimescaleDB)] E[Event Bus] end subgraph Observability API[FastAPI :8080] UI[Web Dashboard] G[Grafana :3000] AL[Webhook Alerter] end A --> T & S & H & M B --> T & S & H & M C --> T & S & H & M T --> E S --> E H --> E M --> E E --> R E --> D E --> AL API --> R & D UI --> API G --> D ## Docs | Document | Contents | |----------|----------| | [Architecture](docs/ARCHITECTURE.md) | System design, data flow, container model | | [Deployment](docs/DEPLOYMENT.md) | Docker, local dev, production, monitoring | | [Protocols](docs/PROTOCOLS.md) | Telnet/SSH/HTTP/MQTT honeypot specs | | [API Reference](docs/API.md) | REST endpoints, auth, examples | | [Configuration](docs/CONFIGURATION.md) | All env vars, defaults, descriptions | | [Development](docs/DEVELOPMENT.md) | Setup, testing, adding protocols | ## Quick Start git clone cd iot-honeypot # Docker deployment docker compose up -d # Verify curl http://localhost:8080/health curl http://localhost:8080/dashboard ## Attack Simulation telnet localhost 23 # login: root/admin, any password ssh root@localhost # any password accepted curl http://localhost/ # router login page mosquitto_pub -h localhost \ -t home/temp -m "25.5" # MQTT publish ## Dashboard - **Web UI**: http://localhost:8080/dashboard - **Grafana**: http://localhost:3000 (admin/admin) - **API**: http://localhost:8080/docs ## License MIT