HoneyBox is a virtual hard disk drive (VMDK format) with Ubuntu Server 11.10 32-bit edition installed. It contains various honeypot systems such as Kippo SSH honeypot, Dionaea malware honeypot and Honeyd. Additionally it includes useful scripts and utilities to analyze and visualize the data it captures. Lastly, other helpful tools like tshark (command-line Wireshark), pdftools, etc. are also present.



The latest version (0.1) contains Kippo SSH honeypot and related scripts (kippo-graph, kippo-stats, kippo-sessions, etc). Everything is pre-configured to work. It has been tested on several commercial sites. Due to its size the file is hosted at SourceForge. Just Google "SourceForge HoneyBox" to find it.

Please also take a look at the README.txt file at SourceForge (also included inside the disk) to learn the specific features and where everything is located.


After downloading the file, you must uncompress it and then you simply have to create a new virtual machine (suggested software: Oracle VM VirtualBox) and select the VMDK drive as its hard disk.

  1. 1aNormus

    Thanks for putting this out. Been playing with the distro for the last few hours, and I am impressed with the package. This will be perfect for some honeypot training I plan to put out soon.

    Thank you,

    1. Ion

      Hello Normus, thanks for your comment!

      I plan to include more software to it soon (so be sure to check from time to time) and perhaps create a lightweight desktop version (think Xubuntu/Lubuntu) with some GUI tools as well.

      The current version includes everything that has to do with Kippo SSH honeypot. It’s a good start in the domain of honeypots and you’ll get some interesting results. I’d be happy to see some of them.


Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>