Smart honeypot capturing attacker HTTP behavior with MITRE mapping
It lures attackers with fake web services, captures every HTTP request, and classifies attacks using a rules‑based engine that maps events to MITRE ATT&CK techniques. Events are stored in a single SQLite file and visualized on a Flask dashboard showing session timelines and technique heatmaps. Designed for security analysts and red‑teamers needing a lightweight, self‑hosted honeypot that runs on a laptop. Unlike many honeypots, it offers deterministic rule‑based detection, built‑in MITRE integration, and an easy demo setup.
View on GitHub →IamMalath/smart-honeypot