Lophiid is a hybrid AI honeypot for detecting and interacting with mass web application exploitation attempts.
The design of lophiid is that one backend controls multiple honeypot sensors agents across the web. Each honeypot can be configured individually but the backend is able to track interactions with attackers across all of them.
While you can configure Lophiid with static content and rules, you can also make use of the AI triage and responsing of requests. In that case, AI will determine what kind of attack is happening and will then involve the right "responder" (code) with the right AI model to deal with that request.
Key features:
- Hybrid AI honeypot approach
- Highly scalable
- Static, scripted (Javascript) and AI supported response handling
- Alerting possible (Telegram, extensible)
- Desktop and mobile UI with comprehensive search
- AI analysis of attacks
- Automatic tagging of requests and attacks to help triage
- Automatically malware collection and storage
- Yara (yara-x) integration
- Direct integration with VirusTotal
- Ratelimiting / DoS protection
- Exporting of rules for sharing with the community
- Extensive metrics for prometheus/grafana
- Highly customizable
For more information check out the Detailed Description document. To get started, make use of the Quick Start guide.
If you need any assistance, please don't hesitate to open an issue or to reach out to niels.heinen{at}gmail.com.
Requests page overview which shows all the requests that honeypots are getting.
The downloads page shows information about all the downloaded payloads which
were obtained via attacks. The payloads themselves are also stored locally in
the malware directory (configurable via the backend config).
Contributions are super welcome! Just fork the repo and send us a PR. Please regularly check the CONTRIBUTING.md for general guidelines