Just for fun

AI Honeypot Demo

Here is a demo of an SSH honeypot with artificial intelligence. The interactive terminal simulates an Ubuntu environment, allowing you to explore and test Linux commands. It is a very simple demo, but can be improved to be more realistic (see FAQ).

guest@trapster:~
Welcome to Ubuntu 20.10 (GNU/Linux 5.8.0-63-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

  System information as of Fri Feb 21 19:09:38 CET 2025

  System load:  1.11              Processes:             132
  Usage of /:   50.7% of 1.79TB   Users logged in:       1
  Memory usage: 10%               IPv4 address for eno0: 151.80.31.22
  Swap usage:   6%                IPv6 address for eno0: 2001:41d0:e:b16::1

 * Super-optimized for small spaces - read how we shrank the memory
   footprint of MicroK8s to make it the smallest full K8s around.

   https://ubuntu.com/blog/microk8s-memory-optimisation

0 updates can be installed immediately.
0 of these updates are security updates.

Failed to connect to https://changelogs.ubuntu.com/meta-release. Check your Internet connection or proxy settings


Last login: Fri Feb 21 19:09:38 2025 from 3.15.3.102
guest@trapster:~$

FAQ

How does this work?

This demo uses the trapster.libs.ai.ssh library which allows to generate SSH responses using the Llama-3-1-70b language model. This same library is also available via a standard SSH client using Trapster Community, which allows to simulate a complete SSH server.

Can a hacker easily detect that it is a honeypot?

Yes, in its current form. It is a very basic demo. However, the real interest for CTI, lies in the use of AI to generate "context" : fake files, simulated users, or responses to unknown commands.

Does it exist on other protocols?

Yes, on HTTP for example. But the most effective approach is to couple this with a real server. The idea is to respond only to attacks or unknown requests, leaving the server to handle legitimate traffic. This allows for more accurate detection of intrusion attempts while maintaining a normal service for legitimate users.

Does Trapster integrate AI?

Yes but not in this form. We use AI to generate fake files, data. We do not want the AI to become a way to detect the honeypot, but rather a way to generate realistic data and context.

Can I secure my company with a honeypot like this?

No, this demo is only a proof of concept. However, low-interaction honeypots are particularly effective in corporate environments, especially on internal networks. Their main advantage is that they generate very few false positives and are easy to deploy. For more information on our security solutions adapted to companies, please contact us.