Paper Contents
Abstract
Honeypots are deceptive security mechanisms designed to attract, detect, and analyze cyber threats by mimicking real systems. They are widely used in cybersecurity research and defense strategies to study attack patterns and adversary techniques. However, if not configured properly honeypots can be easily detected, making them potential targets for attackers to gain access to the main server. This paper introduces Honeypott3r, an open-source, multi-layered security analysis framework designed to systematically assess the security of honeypots. The framework focuses on SSH and HTTP-based honeypots, specifically Cowrie, Conpot, and Wordpot, which are deployed in Docker containers on AWS EC2 (Debian). Honeypott3r performs detection, log evasion, privilege escalation, reverse exploitation, and denial-of-service (DoS) simulations, leveraging tools like Trivy, Bandit, Safety-CLI, Nmap, Nikto, and WPScan. It also searches for Metasploit modules to identify potential exploits. The collected data is stored in MongoDB and visualized through an interactive dashboard for further analysis. The results reveal various weaknesses in honeypots, highlighting the need for improved deception techniques. This research contributes to the cybersecurity community by providing a structured approach to honeypot vulnerability assessment, helping defenders enhance their security posture and mitigate risks more effectively.Keywords: Honeypots, Cowrie, Conpot, Wordpot, Vulnerability Assessment
Copyright
Copyright © 2025 Ayushman Bilas Thakur. This is an open access article distributed under the Creative Commons Attribution License.
