explaingit

hacklcx/hfish

4,513Audience · ops devopsComplexity · 3/5Setup · moderate

TLDR

A free enterprise honeypot platform that deploys 90+ types of fake services to detect attackers inside and outside a corporate network, with one-click deployment and multi-platform support.

Mindmap

mindmap
  root((HFish Honeypot))
    What It Does
      Decoy services
      Attacker detection
      Threat intelligence
    Service Types
      Web servers
      Email systems
      IoT devices
      Network equipment
    Deployment
      Management console
      Honeypot nodes
      One-click install
    Alerts
      Email and syslog
      Webhook
      WeChat DingTalk Feishu
    Platforms
      Linux x32 x64 ARM
      Windows x32 x64
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Deploy fake servers to detect attackers who have already breached your corporate network

USE CASE 2

Monitor attempts to access decoy services and receive alerts via email or messaging apps

USE CASE 3

Set up a honeypot grid covering 90+ service types to detect port scans and brute force attempts

USE CASE 4

Forward suspicious inbound traffic to a cloud honeypot network for additional analysis

Tech stack

LinuxWindows

Getting it running

Difficulty · moderate Time to first run · 30min

Deploy the management node first, then add honeypot nodes, one-click install on Linux or Windows.

Free community product, specific license terms are not stated in the README.

In plain English

HFish is a Chinese-built enterprise honeypot platform available free to the community. A honeypot is a decoy system set up to look like a real server or service, designed to attract attackers so their activity can be detected and logged before they reach actual systems. HFish packages this concept for corporate security teams and covers three scenarios: detecting threats that are already inside the internal network, sensing threats coming from outside, and generating threat intelligence from the activity recorded. The platform supports over 90 types of fake services. These cover a broad range of what a typical corporate network runs, including web servers, email systems, OA office platforms, CRM systems, NAS storage, network equipment like switches and routers, wireless access points, IoT devices, and various security products. When an attacker interacts with any of these decoy services, HFish logs the contact and can send an alert. Users can also build custom web-based honeypots beyond the built-in list. HFish runs as a management console connected to one or more honeypot nodes. The README notes that users deploy the management side first, then add nodes either from the built-in option or as separate installs. Deployment is described as one-click. The platform runs on Linux (x32, x64, ARM), Windows (x32, x64), and several Chinese domestic operating systems and processor architectures. Alerts go out via email, syslog, webhook, or popular Chinese messaging apps including WeChat Work, DingTalk, and Feishu. Additional features include the ability to forward suspicious traffic to a cloud honeypot network at no extra cost, a full-port scan detection mode, and configurable decoy file placements. The README is primarily in Chinese. Fields for this entry are based on the README content.

Copy-paste prompts

Prompt 1
I want to set up HFish to detect lateral movement inside our corporate network. How do I deploy the management console and add honeypot nodes?
Prompt 2
Show me how to configure HFish to send alerts to DingTalk when an attacker interacts with a honeypot service.
Prompt 3
How do I create a custom web-based honeypot in HFish that mimics our internal admin panel to attract attackers?
Open on GitHub → Explain another repo

← hacklcx on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.