Fake database and service endpoints that look real to attackers. When they try to connect or authenticate, you capture everything — credentials, tools, and source information.
[ALERT] PostgreSQL connection attempt
User: backup_admin, DB: production
Source: 91.121.xx.xx (OVH Hosting)
[ALERT] MySQL AUTH attempt
User: root, Pass: ******
Client: mysql-connector-python/8.0
[ALERT] Redis AUTH command
Password: "prod_cache_2024"
[INFO] SSH banner exchange
Client: SSH-2.0-OpenSSH_8.9
Listening on 12 protocols...
All protocols are included in the same tier. No upsells for specific databases.
Captures user, database, application name, and startup parameters.
Full handshake capture including auth credentials and client capabilities.
Captures AUTH passwords and all commands attempted.
Wire protocol parsing for auth attempts and database enumeration.
Banner exchange, client fingerprinting, and auth attempts.
Bind DN and credentials, search queries, Active Directory recon.
EHLO, AUTH credentials, and envelope information.
AMQP handshake, vhost access, and credentials.
Select a protocol (PostgreSQL, MySQL, etc.) and we provision a unique hostname.
Add the fake connection string to config files, documentation, or code comments.
When they scan or try to use the credentials, our honeypot responds like a real server.
We capture their IP, credentials used, client tools, and timing — and alert you instantly.
Add fake database connection strings to your codebase. If someone clones your repo or steals your config, you'll know when they try to connect.
Add references to "legacy" or "backup" databases in internal wikis. Attackers love finding documented shortcuts.
Create DNS entries for plausible services. Anyone scanning your network or resolving internal hostnames will trip the wire.
Add honeypot credentials to your team's password manager. If someone exports or steals credentials, you'll catch them.
Deploy protocol honeypots in minutes. All protocols included at £49/month.