Using Your Modern Honeynet (MHN)

Using Your Modern Honeynet (MHN)

What you'll see when running a server and sensors

In previous posts, I covered creating an MHN Server and deploying MHN Sensors. This post shows you some of MHN's capabilities.

Server Side

On the server, you can observe the following via the web interface.


See a map updated near real-time of attack sources and targets.

MHN-Realtime-Attack-Map image


Deploy new sensors as covered in a previous post.


View near real-time data on attacks hitting your sensors.

MHN Attacks Report screenshot


Download and interact with actual payloads deposited in hacking attempts on your sensors. Use extreme caution with these. They are likely live exploits. You will want to have a segregated environment and experience doing malware analysis.

MHN Payloads screenshot


You can view rules for applicable sensors like Snort rules here.

MHN Rules Management screenshot


View deployed sensors and the number of hits they've received.

MHN Sensors and Hits screenshot


You can view some interesting statistics from Kippo and Cowrie sensors here including top passwords and usernames observed in attacks and top attackers.

Top captured usernames and passwords:
MHN Most cowrie-kippo most used usernames and passwords screenshot

Kippo/Cowrie top attackers:
MHN Kippo and Cowrie Top Attackers screenshot

On Honeypots

On the individual honeypots, you can look further at the information collected. Some may not be readily visible on the MHN Server.

Consult the project site for the individual honeypot you're interested in exploring deeper for more information.

/* Adding copy button to code snippet in Ghost */