Introduction to HoneyBee
Welcome to the HoneyBee documentation! HoneyBee is a distributed honeypot orchestration framework that allows you to deploy, manage, and monitor multiple honeypot nodes from a central manager.
What is HoneyBee?
HoneyBee is a comprehensive honeypot management platform consisting of three main components:
- HoneyBee Core - The central orchestration manager (written in Rust)
- HoneyBee Node - Individual honeypot nodes that connect to the manager (Go implementation)
- HoneyBee Potstore - Repository of pre-configured honeypots ready for deployment
Key Features
- π Secure by Design: TLS 1.3 encryption and TOTP authentication
- π Distributed: Manage multiple nodes from a central location
- π‘ Real-time Communication: JSON-based Protocol v2 over TCP/TLS
- π Resilient: Automatic reconnection and error handling
- π Observable: Comprehensive logging and monitoring
- π― Honeypot Management: Automatic installation and lifecycle management
- π Cross-Platform: Linux, Windows, and macOS support
- π§ͺ Beta Status: Actively developed and tested
System Architecture
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β HoneyBee Core Manager β
β (Rust - TCP Server) β
β β
β - Node Registry & Management β
β - Message Routing (Protocol v2) β
β - Status Tracking β
β - Backend API (Port 9002) β
β - WebSocket Proxy (Port 9003) β
ββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββ
β
β TCP/TLS + Protocol v2
β Port 9001
β
βββββββββ΄βββββββββ¬βββββββββββββββ¬βββββββββββββββ
β β β β
βββββΌββββ βββββΌββββ βββββΌββββ βββββΌββββ
β Node β β Node β β Node β β Node β
β (Go) β β (Go) β β (Go) β β (Go) β
βββββ¬ββββ βββββ¬ββββ βββββ¬ββββ βββββ¬ββββ
β β β β
β β β β
βββββΌββββ βββββΌββββ βββββΌββββ βββββΌββββ
βCowrie β βHonnyP β βCowrie β βDionaeaβ
βPot β βotter β βPot β βPot β
βββββββββ βββββββββ βββββββββ βββββββββ
Component Overview
HoneyBee Core
The central manager that orchestrates all nodes and honeypots:
- Node Registration: Nodes connect and register with TOTP authentication
- Command Distribution: Send commands to nodes (install, start, stop honeypots)
- Status Monitoring: Track node and honeypot status in real-time
- Event Aggregation: Collect events from all honeypots
- Backend API: RESTful API for external integrations
- WebSocket Proxy: Real-time updates via WebSocket
Repository: honeybee_core
HoneyBee Node
Go-based nodes that connect to the Core manager:
- Connection Management: Automatic reconnection with exponential backoff
- Honeypot Installation: Automatically install honeypots from Potstore
- Honeypot Lifecycle: Start, stop, restart, and monitor honeypots
- Event Forwarding: Forward honeypot events to Core in real-time
- TLS 1.3 Encryption: Secure communication with the manager
- TOTP Authentication: Time-based one-time password support
Repository: honeybee_node
HoneyBee Potstore
Repository of pre-configured honeypots:
- Pre-configured Honeypots: Cowrie, HonnyPotter, and more
- Automatic Integration: Honeypots automatically forward events to nodes
- Easy Installation: Nodes automatically install from Potstore
- Standardized Format: Consistent structure and configuration
Repository: honeybee_potstore
How It Works
- Deploy HoneyBee Core - Start the central manager
- Deploy HoneyBee Nodes - Nodes connect to Core and register
- Install Honeypots - Core sends commands to nodes to install honeypots from Potstore
- Monitor Attacks - Honeypots capture attacks and forward events to Core
- Analyze Data - Core aggregates all events for analysis
Quick Links
For New Users
- Quick Start Guide - Get your first deployment running
- Installation Overview - Install all components
- Architecture Overview - Understand the system
For Node Operators
- Node Installation - Set up a HoneyBee node
- Node Configuration - Configure your node
- Security Setup - Set up TLS and TOTP
- Honeypot Management - Manage honeypots
For System Administrators
- Core Deployment - Deploy HoneyBee Core
- Node Deployment - Deploy nodes in production
- Troubleshooting - Common issues and solutions
For Developers
- Protocol Specification - Message format and flow
- Creating Custom Nodes - Build nodes in any language
- Adding Honeypots - Add honeypots to Potstore
- API Reference - Core API documentation
Status
Current Version: Beta (v1.0.0)
Protocol Version: v2
Status: Actively developed and tested
Getting Help
- π Browse this documentation
- π Report issues
- π¬ Join discussions
- π Documentation Site
License
HoneyBee is open-source software licensed under MIT. See the LICENSE files in each repository for details.