A survey of contemporary open-source honeypots, frameworks, and tools

Automated attacks allow adversaries to exploit vulnerabilities in enterprise IT systems at short notice. To identify such attacks as well as new cybersecurity threats, defenders use honeypot systems; these monitored decoy resources mimic legitimate devices to entice adversaries. The domain of enterprise IT honeypots has been an active area of development and research, especially in the open-source community. In this work, we survey open-source honeypots, honeypot frameworks, and tools that help to develop or discover honeypot deployments. In contrast to existing surveys, our work provides a detailed discussion of the honeypots' system architecture, software architecture, and cloud-native deployment options. In addition, we cover the most recent academic research in honeypot detection and evasion techniques, and discuss how these advances impact current open-source honeypots. This work helps the reader to make an educated choice when selecting a honeypot for deployment or further development.