So I made krain-sec — a Go honeypot that pretends to be a fully functional corporate server, a full Krain Security ops console.
Why I made this?
Our servers have been getting hit by everything from script kiddies to above-average attackers. Firewalls and enterprise security solutions were expensive and a pain to maintain.
So I built something lightweight, automated, and easy to deploy instead — for people who can't afford enterprise security products, usually small teams running their own infrastructure.
What makes it different?
Most honeypots out there are built to detect and log and usually block and manhunt the attacker. That's it. Krain-sec is built to waste attackers' time and irritate them — endless rabbit-holes, confuse scanners, dead ends that look like real progress.
What's in the box
A login page and dashboard that look like the real ops tool
A fake admin SSH box with old command history and "emergency" credential files lying around
Bait files (canary-token style) that quietly phone home the second someone opens or exfils them
A browser-side trick (think WebRTC/fingerprinting) that can leak an attacker's real network info when they load the fake dashboard — still refining how far to take this, open to feedback here
A robots.txt / sitemap that basically says "don't look here" (so of course they look)
A live board showing who's knocking, what's failing, and what they've touched
The idea is simple: make them stay, dig, grab the wrong secrets, and burn time — while you watch.
Scanners trip the forbidden paths. Humans loot the fake AWS keys. You watch it all light up on the dashboard.
Running it
Set your env variables, then:
bashmake prod
That's it.
Try it / contribute
Open source → Krain-Sec
Lab / research only. Don't drop this onto a network you don't own, and this isn't meant for hacking back at anyone — just wasting their time and learning what they're after.
More features are coming. If you run into issues, let me know.
If you've got deception ideas — DNS canaries, Office beacons, Endlessh on port 22 — drop them below. Building in public.
Top comments (0)