Contributing

Contents

Contributing#

This project is open to contributions, and there are several areas of work to be developed. Join the Discord server to get involved:

Discord: https://discord.gg/RXWn85cnYm

Roadmap#

Completed:

  • Modbus Industrial Honeypot Module — Complete TCP honeypot with PLC emulation

  • React Dashboard Redesign — Modern SPA with React 19, Vite, Tailwind CSS

  • Rule-Based Alerting Engine — Declarative YAML rules (MLS001 … MLS012) with MQL queries, severities, schedules and accumulated 0–100 verdicts

  • Alerts Page — Grouped/flat views, severity & status filters, bulk acknowledge/resolve

  • Agent Topology — Interactive manager ↔ agents ↔ modules canvas with persisted layout

  • Activity & Attacker Statistics Pages

  • Custom FTP Honeypot Image — Debian slim + vsftpd, dropping the third-party fauria/vsftpd dependency

  • GeoIP Attack Map — Interactive world map with ip-api.com enrichment

  • Hybrid Deployment — Support for internal, external, and mixed networks

  • CVE Module Framework — Dedicated category for vulnerability-specific honeypots

  • Telnet Honeypot Module — Standard telnet honeypot with weak credentials

  • Interactive Shell

  • Critical Events Dashboard — Highlighted alerts for security-critical events

  • Distributed Architecture — Manager/agent model with mTLS-secured communications

  • Agent Health Monitoring — Real-time agent status polling and dashboard page

  • Auto-Enrollment — One-time token based agent enrollment with embedded PKI

  • HTTPS Dashboard — Direct access over TLS (no SSH tunnel needed)

  • Remote Agent Management — Start/stop/restart agent modules from manager CLI via mTLS

  • Dashboard Enhancements — Auto-refresh, date range filter, trend arrows, heatmap, multi-day timeline, top credentials, sortable/paginated tables

  • GeoIP Enrichment API — Cached batch IP geolocation with country flags in dashboard

  • Security Hardening — Path traversal protection, rate limiting, input validation, SHA-256 hashing, SSRF mitigation, error message sanitization

Planned:

  • Improve MQTT module

  • Develop new CVE modules

  • Develop new modules (SNMP, etc.)

  • MITRE ATT&CK mapping for threat events

  • Automated PDF/HTML reports

  • Behavioral clustering (attack pattern grouping)

  • Adaptive deception (dynamic honeypot responses)

  • Rules UI to tune thresholds without redeploying (engine landed in v2.2, UI still pending)

Credits#

Thank you to all contributors for helping the project move forward.

Contents