I built Beelzebub, an open-source framework for honeypots designed for those who want to safely collect and analyze attacks without sacrificing realism. TL;DR: low-code (YAML), multi-protocol (SSH/HTTP/TCP/MCP), LLM integration to simulate realistic system behavior while keeping a secure low-interaction architecture.
Why I built it ?
- High-interaction honeypots are realistic but risky and expensive to maintain.
- Low-interaction honeypots are safe but attackers can spot them easily. Beelzebub tries to strike a balance: it leverages LLMs to generate convincing, dynamic responses while running on a fully controlled backend.
What it offers today:
- Low-code configuration via YAML, modular and easily extensible.
- LLM integration (OpenAI or local models) to create honeypots that talk back like real systems.
- Multi-protocol support: SSH, HTTP, TCP, and MCP (useful for catching prompt-injection attempts against LLM agents).
- Ready for production with Docker, Kubernetes, and integrations with observability stacks (Prometheus, ELK).
Why give it a star and an upvote:
- An upvote here helps more defenders and researchers discover it.
- A star on GitHub helps the project grow (visibility, contributors, integrations). If you try it and like it, please the repo and share your feedback!
Thanks for reading, if you’d like me to post a case study or benchmark showing how it performs against real-world attacks, let me know!