explaingit

aayusharyan/fake-iis

Analysis updated 2026-05-18

35HTMLAudience · ops devopsComplexity · 2/5LicenseSetup · easy

TLDR

A Docker container that convincingly impersonates a Microsoft IIS 8.0 server, used as a honeypot to attract and log scanner traffic.

Mindmap

mindmap
  root((fake-iis))
    What it does
      Mimics IIS 8.0
      Fakes headers
      Serves fake error pages
    Tech stack
      Docker
      OpenResty
      Alpine Linux
    Use cases
      Honeypot
      Scanner decoy
    Audience
      Homelab operators
    License
      MIT

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Deploy a decoy IIS server to attract and log scanner traffic in a homelab.

USE CASE 2

Misdirect automated probes away from your real services using a convincing fake splash page.

USE CASE 3

Study attacker behavior without exposing an actual IIS server.

What is it built with?

DockerOpenRestynginxAlpine Linux

How does it compare?

aayusharyan/fake-iisamyraxvpn-main/amyraxvpn-relayaaaa-zhen/siri-glsl
Stars353536
LanguageHTMLHTMLHTML
Setup difficultyeasyeasyeasy
Complexity2/52/52/5
Audienceops devopsgeneraldesigner

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · easy Time to first run · 5min
Use freely for any purpose, including commercial use, as long as you keep the copyright notice.

In plain English

fake-iis is a Docker container that pretends to be a Microsoft IIS 8.0 web server. When a browser or automated scanner connects to it, the container returns the same default splash page that IIS 8.0 would show, complete with matching HTTP response headers that identify the server as IIS and ASP.NET. It also serves a web.config endpoint with the expected content type and returns IIS-styled error pages for 403, 404, and 500 responses. The main use case is as a decoy or honeypot in a homelab or network. By running a convincing-looking IIS server on a port you want to monitor or misdirect, you can attract and observe scanners and automated probes without exposing a real service. All access and error logs are silently dropped inside the container, so there is no log noise to manage. Running it requires Docker. You can either pull the pre-built image from the GitHub Container Registry with a single command, or copy the provided Docker Compose example file, adjust the port mapping, and start it with docker compose. The container is built on OpenResty, which is a version of nginx with additional scripting capabilities, running on Alpine Linux to keep the image size small. The project is released under the MIT license.

Copy-paste prompts

Prompt 1
Help me deploy fake-iis with Docker Compose and map it to a port I want to monitor.
Prompt 2
Explain how fake-iis mimics IIS 8.0 response headers and error pages convincingly.
Prompt 3
Show me how to pull the fake-iis image from GitHub Container Registry and run it.

Frequently asked questions

What is fake-iis?

A Docker container that convincingly impersonates a Microsoft IIS 8.0 server, used as a honeypot to attract and log scanner traffic.

What language is fake-iis written in?

Mainly HTML. The stack also includes Docker, OpenResty, nginx.

What license does fake-iis use?

Use freely for any purpose, including commercial use, as long as you keep the copyright notice.

How hard is fake-iis to set up?

Setup difficulty is rated easy, with roughly 5min to a first successful run.

Who is fake-iis for?

Mainly ops devops.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.