How to quickly deploy a honeypot with Kali Linux

Lure possible attackers into a trap with a Kali Linux honeypot.

How to quickly deploy a honeypot with Kali Linux

One thing many security experts depend on is the honeypot. What is a honeypot? Simply put, they are systems put in place to mimic particular targets of cyberattacks. With a honeypot in place, admins can detect and log attacks to certain services as well as the originating IP address of said attack.

Believe it or not, setting up a honeypot is quite simple--especially if you have a running instance of Kali Linux on hand. And that's exactly what I'm going to show you. With a combination of Kali Linux and pentbox, you can have a honeypot up and running in minutes.

SEE: Windows 10 security: A guide for business leaders (TechRepublic Premium)

What you'll need

The only things you'll need are a running instance of Kali Linux and a user account with admin privileges. 

How to download pentbox

Log in to your Kali Linux machine as an admin user. Open a terminal window and download pentbox with the command:


Once that file has finished downloading, extract the archive with the command:

tar xvfz pentbox-1.8.tar.gz

This will create a new directory named pentbox-1-8. Change into that new directory with cd pentbox-1.8.

How to run pentbox

The next step is to run the pentbox Ruby script with the command:


When you issue the command, you'll be greeted by a menu. From that menu select 2 (for Networking tools) and then 3 for Honeypot (Figure A).

Figure A


Launching the Honeypot script.

In the next menu (Figure B), select 1 (for Fast Auto Configuration). This will launch a honeypot listening on port 80. 

Figure B


Launching a simple port 80 honeypot.

Next, open a web browser on another machine (connect to the same network as the honeypot) and point it to http://SERVER_IP (where SERVER_IP is the IP address of your Kali machine). You should see an Access Denied error (Figure C) in the browser.

Figure C


Access denied.

Go back to the terminal window on the Kali Linux machine and you should see the honeypot picked up the attempted connection (Figure D).

Figure D


Attack on port 80.

How to launch a specific instance

Now we want to launch a honeypot to listen on a specific port. Say you've had trouble with attacks on SSH. To deploy pentbox such that it's listening in on port 22, you'd run the script and select 2 and then 3, followed by 2. When prompted for a port to open, type 22 (Figure E).

Figure E


Listening to port 22.

You can then opt to save a log and then have a beep announce an intrusion. Once the honeypot is running, attempt to SSH into the Kali Linux machine (from another machine) and you'll see pentbox logs the instance (Figure F).

Figure F


Our attempted SSH login.

As you can see, pentbox logs the attempt, as well as the originating IP address. 

Congratulations, you've just deployed your first honeypot. 

Also see

Online safety and security

Image: iStockphoto/solarseven