deddit.petersanchez.com

HoneyWire: Open-source, zero-agent cyber canaries for your homelab (Thinkst/OpenCanary alternative)
from andreicscs@lemmy.world to selfhosted@lemmy.world on 23 Jun 16:19
https://lemmy.world/post/48542912

Hey everyone,

I wanted to run high-fidelity network canaries in my homelab, but I couldn’t justify enterprise pricing, and I wasn’t a fan of managing custom orchestration across all my VMs to make available oss solutions work.

So, I built HoneyWire. It’s a completely free, open-source distributed deception platform.

It uses a point-in-time CLI wizard to deploy hardened, distroless Docker traps. You run the command once, it spins up the decoy, registers it to your centralized Hub dashboard, and the setup agent completely exits. No persistent background daemons.

Features:

Zero-Agent: No ongoing background overhead on your hosts.

Centralized UI: View fleet health, uptime, and lateral movement alerts in dark mode.

Alerting: Built-in push notifications and SIEM forwarding.

Privacy: 100% free, open-source, and strictly zero telemetry.

GitHub Repo: github.com/andreicscs/HoneyWire Landing Page: honeywire.dev

Would love to hear your thoughts on the architecture or any feedback if you test it out!

#selfhosted

threaded - newest

irmadlad@lemmy.world on 23 Jun 17:24 collapse

Do I understand correctly that with HoneyWire you deploy ‘false assets’? I guess along the lines of a honeypot but the ability to deceive bots and other nefarious actors into thinking there are specific assets that they might want to exploit?

andreicscs@lemmy.world on 23 Jun 17:50 next collapse

That’s exactly how it works. You deploy these low-interaction decoys (traps) across your internal network to act as tripwires. Since legitimate users have no reason to touch them, any interaction is a high-fidelity alert indicating a potential breach or lateral movement. Right now, you can spin up a few different types of traps, like a network scan detector that sits completely quietly and triggers an alert if it detects a port or network scan hitting that specific node, or a Web Router Login Page, that looks like a legacy admin interface and instantly alerts you if someone tries to brute-force or log in. The best part about HoneyWire’s architecture is that developing new sensors is the easiest part, so the ecosystem is designed to be highly extensible as the community grows.

rainwall@piefed.social on 23 Jun 17:49 collapse

Looks like the following from github:

Suite of Official HoneyWires: Includes native TCP Tarpit, Web Router Decoy, File Canary (FIM), ICMP Canary, and Network Scan Detector.

I don’t see any AI disclosure on github or here OP. Can you specificy how AI has been used on this project?