Abstract

Honeypots are now considered a well-studied cyber-deception mechanism that can assist in defending networks as well as identifying new attack trends. However, recent research has shown that honeypots may also be vulnerable to attacks; especially fingerprinting identification ones. Moreover, many open-source honeypots lack an external security analysis and are often deployed with their default settings.

We present honeyscanner, an open-source vulnerability analyzer for honeypots. It is designed to automatically attack a given honeypot, to determine if the honeypot is vulnerable to specific types of cyber-attacks. The analyzer uses a variety of attacks, ranging from identifying vulnerable software libraries to DoS, and fuzzing attacks. In the end, an evaluation report is provided to the honeypot administrator, including advice on how to enhance the security of the honeypot.