Helix is a honeypot that serves two primary purposes. When running in K8s mode it listens and responds as a typical K8s api server(most endpoints). When running in active defense a never ending response is generated on all api endpoints.
Usage:
-mode string
The run mode for the honeypot [api, ad] (default "api")
Clone this repo
docker-compose up -d
Setup your kubeconfig for helix
- cluster:
server: http://127.0.0.1:80
name: helix
- context:
cluster: helix
user: helix
name: helix
- name: helix
user: {}
- Dockerhub
docker run -d -p80:8000 helixhoneypot/helixhoneypot
- Logging
For now all logging is done to stdout so if running inside docker you can add a driver to grab them.