HoneyPot setup - A Detect, Deflect or Study Hacking Attempts

Hacking Truth

So, Today in this blog i will going to talk about Pentbox HoneyPot tool for Kali Linux and any Linux distribution . This tool about Detect, Deflect or Study Hacking Attempts, so, first of all we know what is HoneyPot ? How does it work ? why are honeypots important to a network ? and Installing with working process in Kali Linux ?


A honeypot is a network-attached system set up as a decoy to lure cyberattackers and to detect, deflect or study hacking attempts in order to gain unauthorized access to information systems. The function of a honeypot is to represent itself on the internet as a potential target for attackers -- usually a server or other high-value target -- and to gather information and notify defenders of any attempts to access the honeypot by unauthorized users. Pentbox HoneyPot setup - A Detect, Deflect or Study Hacking Attempts

How does it do ?

After setting up any network, system etc it can trace the hacking activity done by the attackers.so, generally, a honeypot operation consists of a computer, applications and data that simulate the behavior of a real system and appears as part of a network; however, the honeypot is actually isolated and closely monitored. Because there is no reason for legitimate users to access a honeypot, any attempts to communicate with a honeypot should be considered hostile. HoneyPot setup - A Detect, Deflect or Study Hacking Attempts

Viewing and logging this activity can help improve security by providing insight into the level and types of threat a network infrastructure faces while distracting attackers away from assets of real value. Researchers suspect that some cybercriminals use honeypots themselves to gather intelligence about researchers, act as decoys and to spread misinformation.

Why are honeypots important to a network ?

Honeypots, as the name suggests, are designed to catch a hacker's eye so that their efforts will be drawn to attacking the honeypot rather than a system where they could cause serious harm. They appear to be an easy entry point into a network to distract attackers from looking at other parts of the system.

Types of Honeypots

Low-interaction honeypots.
Medium-interaction honeypots.
High-interaction honeypots.

Low Ineraction Honeypots

Low-interaction honeypots simulate only the services frequently requested by attackers. Since they consume relatively few resources, multiple virtual machines can easily be hosted on one physical system, the virtual systems have a short response time, and less code is required, reducing the complexity of the security of the virtual systems.

Medium Interaction Honeypots

Medium-interaction honeypots  might more fully implement the HTTP protocol to emulate a well-known vendor’s implementation, such as Apache. However, there are no implementations of a medium-interaction honeypots and for the purposes of this paper, the definition of low-interaction honeypots captures the functionality of medium-interaction honeypots in that they only provide partial implementation of services and do not allow typical, full interaction with the system as high-interaction honeypots.

High Interaction Honeypots

High-interaction honeypots imitate the activities of the real systems that host a variety of services. It let the hacker interact with the system as they would any regular operating system, with the goal of capturing the maximum amount of information on the attacker’s techniques. Any command or application an end-user would expect to be installed is available and generally, there is little to no restriction placed on what the hacker can do once he/she comprises the system. According to recent researches in high interaction honeypot technology, by employing virtual machines, multiple honeypots can be hosted on a single physical machine. Therefore, even if the honeypot is compromised, it can be restored more quickly. Although high interaction honeypots provide more security by being difficult to detect, but it has the main drawback that it is costly to maintain. If virtual machines are not available, one honeypot must be maintained for each physical computer, which can also lead to an increase of cost. Example: Honeynet.


git clone https://github.com/royaflash/pentbox.git

cd pentbox


tar -zxvf pentbox-1.8.tar.gz

cd pentbox-1.8/

chmod +x ./pentbox.rb

./pentbox.rb  ( ruby programming language extension )

i will choose option 2 - Network Tools

and this time i will choose option 3 - Honeypot

and this time i will choose option 1 - Fast Auto configuration 

Now open a web browser on another machine such as your host machine and point it to the IP address on your kali machine. My Kali box IP was You can use the commands
ip a 
ip address
ifconfig | grep inet
or ifconfig

You should get an access denied and if you did that’s right.

You should see the following.

If you would like to dig deeper and have your honeypot listen to a specific port. You would run bentbox as such and select 2 and then 3 followed by 2. When the script prompts you to enter a port type in 22. Port 22 is the for SSH

When I try to SSH in to the IP address I get the following “INTRUSION ATTEMPT DETECTED!”

you can see the attempt was logged and where the IP was originated from.

Congrats! Now you have successfully set up your Honeypot!


This was written for educational purpose and pentest only.
The author will not be responsible for any damage ..!
The author of this tool is not responsible for any misuse of the information.
You will not misuse the information to gain unauthorized access.
This information shall only be used to expand knowledge and not for causing  malicious or damaging attacks. Performing any hacks without written permission is illegal ..!

All video’s and tutorials are for informational and educational purposes only. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. We believe that it is impossible to defend yourself from hackers without knowing how hacking is done. The tutorials and videos provided on www.hackingtruth.in is only for those who are interested to learn about Ethical Hacking, Security, Penetration Testing and malware analysis. Hacking tutorials is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used.

All tutorials and videos have been made using our own routers, servers, websites and other resources, they do not contain any illegal activity. We do not promote, encourage, support or excite any illegal activity or hacking without written permission in general. We want to raise security awareness and inform our readers on how to prevent themselves from being a victim of hackers. If you plan to use the information for illegal purposes, please leave this website now. We cannot be held responsible for any misuse of the given information.

- Hacking Truth by Kumar Atul Jaiswal

Video Tutorial :- Don't forget to subscribe


Post a Comment

* Please Don't Spam Here. All the Comments are Reviewed by Admin.
Post a Comment (0)
Our website uses cookies to enhance your experience. Learn More
Accept !