LLM-Powered SSH Honeypot for Realistic Attacker Simulation
BinaryPot is a high-interaction SSH honeypot that uses Large Language Models to simulate realistic Linux terminal behavior and analyze attacker behavior and threats. It dynamically generates state-aware command responses to engage attackers, capture their actions, and support deeper cybersecurity analysis.
-
🧠 LLM-Powered Shell Simulation
Generates realistic Linux terminal outputs using fine-tuned local models -
🔐 High-Interaction Honeypot
Engages attackers instead of blocking them immediately -
⚙️ State-Aware Responses
Behavior adapts based on user, working directory, installed tools, permissions, and network rules -
📡 Command Logging & Analysis
Captures attacker commands, outputs, sessions, and activity patterns -
🔌 Backend API (FastAPI)
Handles authentication, sessions, logs, approvals, and honeypot logic -
💻 Frontend Dashboard (React + AntD)
Clean dashboard for monitoring and managing honeypot activity -
🤖 Local Model Support
Supports locally stored AI models for shell response generation
BinaryPot/
│
├── bpot-backend/ # FastAPI backend, honeypot engine, auth/API, AI logic
├── bpot-frontend/ # React frontend dashboard
└── README.md- Python
- FastAPI
- SQLAlchemy
- JWT Authentication
- SSH honeypot engine
- Local LLM integration
- React
- Ant Design (AntD)
- Axios
- React Router
- Fine-tuned local models for shell response generation
- QLoRA / LoRA fine-tuning for lightweight adapter training
- State-aware command response generation
- Behavioral analysis
- Threat analysis
- Report support through API
- Attacker connects through SSH into a simulated environment
- Commands are parsed with system state context
- Hardcoded commands return fast and realistic shell outputs
- Complex or unknown commands can be handled by local AI models
- All commands, outputs, and sessions are logged for analysis
- The frontend dashboard displays captured honeypot activity
git clone https://github.com/not-official/BinaryPot.git
cd BinaryPotcd bpot-backend
# create virtual environment
python -m venv venv
# activate virtual environment
source venv/bin/activate # Linux / macOS
venv\Scripts\activate # Windows
# install dependencies
pip install -r requirements.txtBinaryPot requires local AI model files for generating realistic shell responses.
The model files are large, so they are not included in this GitHub repository.
Each user must download the required model files separately and place them inside the backend models folder.
Create a models folder inside bpot-backend:
cd bpot-backend
mkdir modelsExpected structure:
bpot-backend/
│
├── models/
│ ├── model-folder-1/
│ │ ├── adapter_config.json
│ │ ├── adapter_model.safetensors
│ │ └── other model files...
│ │
│ └── model-folder-2/
│ ├── config files...
│ └── model files...
│
├── honeypot/
├── ai/
├── app/
└── requirements.txtExample:
bpot-backend/models/your-model-folder-name/Make sure the model path in the backend code matches the folder name inside models.
Note: The
models/folder is ignored by Git because model files are large. Models must be downloaded separately and placed manually inside the correct folder.
From inside bpot-backend:
py -m honeypot.run-honeypotConnect to the honeypot:
ssh -p 2222 localhostFrom inside bpot-backend:
uvicorn app.main:app --reloadcd bpot-frontend
npm install
npm startCreate .env files where required.
JWT_SECRET=your_secret_key
SMTP_HOST=smtp.gmail.com
SMTP_PORT=465
SMTP_EMAIL=your_email@gmail.com
SMTP_PASSWORD=your_app_password
ADMIN_EMAIL=admin@example.comIf external AI APIs are used in future versions, add the required API keys in the backend .env file.
- Model files are not pushed to GitHub
- Create the
modelsfolder manually insidebpot-backend - Download and place required models inside the
modelsfolder - Ensure
__init__.pyfiles exist in required Python folders for imports to work correctly - Run backend commands from inside the
bpot-backenddirectory - Keep
.env, model files, SSH keys, and local virtual environments out of Git
This is a final-year project built for educational and research purposes.