Secure Honey

SSH honeypot written in C

What is Secure Honey?

Secure Honey is an SSH honeypot written in C. If that makes no sense to you, please read on...

This website is a place for me to log the progress of my final year project at the University of Sussex, the project is being supervised by Dr Martin Berger.

The project aim is to build a honeypot to research cyber-attack techniques; I've named the honeypot "Secure Honey".

What is a Honeypot?

A honeypot is defined as: a place to which many people are attracted. In this case I'm trying to attract cyber attackers (or hackers).

Or, In computer terminology: a honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems

A honeypot "consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated and monitored, and which seems to contain information or a resource of value to attackers" (technical definition: Wikipedia).

The idea behind a honeypot is to lure an attacker into believing that they're breaking/hacking into a computer network - but it's actually a trap. The honeypot records the attackers activities and logs it for analysis

For further reading on honeypots see:

Secure Honey

My final year project is to Build an SSH Honeypot written in C so I can then research cyber-attack techniques.

An SSH (secure shell) honeypot is designed to look like an SSH server. SSH is used to allow a secure, remote, command-line login between two networked computers (see SSH on Wikipedia).

In other words: SSH allows a computer user to control another computer remotely.

So why am I building the honeypot in C?

C is a powerful system programming language and is one of the most widely used programming languages of all time (see Wikipedia page on the C programming language.)

I've chosen to write my project in C because the SSH server I'm "impersonating" is written in C. By using the same language, I'm hoping to be able to convince attackers that they're connecting to a real SSH server.

Who am I?

My name's Simon Bell, I'm a final year undergraduate student studying Computer Science (BSc) at the University of Sussex, United Kingdom.

Why does this page reference Wikipedia?

Since writing this page I've received a number of concerns from readers stating that Wikipedia is an unreliable source of information. I've added this section to address these concerns and explain why this page references Wikipedia multiple times.

The field of Computer Science and Information Security is constantly evolving on a daily basis and, therefore, many technical definitions can become outdated rather quickly.

Wikipedia is a useful resource for gaining familiarity with topics (Harvard University: "What's Wrong with Wikipedia?"). The purpose if this about page is to provide the reader with a familiarity of technical terms related to the project.

So the references to Wikipedia provided on this page are there to help the reader understand the technical aspects of this project, since Wikipedia is often the most frequently updated source for technical definitions. Also, considering the volume of Wikipedia readers that lookup technical definitions, any errors are likely to be swiftly corrected.

The academic research carried out for this project does not include references to Wikipedia (except for the occasional image URL), as can be seen in the publications section of this website.

Image credit: "Honey jar" by Nic McPhee,

Live Stats (see full stats)

Attempted logins

date range # attempts
past 7 days4,426
past 30 days17,357
all time4,114,040

Top 5 passwords

password # attempts

Top 5 usernames

username # attempts

Stats represent data collected from SSH login attempts on multiple honeypots. Parts of some stats may be filtered to maintain anonymity.

Updated: Tue, 07 Jun 2016 16:33:48 +0100

Live Password Cloud

12qwaszx 963852741 1234%^ POIUYT 12344321 zxcvbn 111 zaqxsw 888888 111111 asdfghjkl a123456 windows qwer1234 q1w2e3 Passw0rd zxcv support 1111 server iloveyou welcome123 user !@ abcdef a cisco 123abc qwer qwerty123 q123456 manager 54321 alpine qq123456 huawei 11223344 password zaqxswcde qazwsx default 1 qwe123 test okokok 88888888 ubnt dragon 159753 147852369 12345678 passwd qwertyuiop 23456 power qwaszx huawei123 changeme123 123123123 5201314 Aa123456 qwe 1qazxsw2 nagios redhat zaqxswcdevfr q1w2e3r4 1234qwer 1qaz2wsx3edc monitor 12345 pass root1234 password123 123qweasd 000000 z1x2c3v4 qaz qazwsx123 f**kyou admin123!@# Pass123 121212 p@ssword 1a2s3d4f 1qaz2wsx Admin123456 woaini zaq1xsw2 linux adminadmin _ system 1qaz@WSX P@ssw0rd1 sapp a1b2c3d4 654321 qazwsxedc 1234 sqlpp qazxsw asdf sysadmin qqpp abc123 idc2008 123123 666666 123456 123qwe 987654321 admin123 admin@123 zhang 789789 11111111 idcidc qwerty123456 secret Huawei@123 !@#$%^ changeme 1q2w3e 147258369 superman 147258 admin1 mnbvcxz admin welcome 225588 !qaz1QAZ 123 p0o9i8u7 apple aaa !QAZ2wsx administrator zzzzzz oracle qwerty china 0000 rootpass 7890pp letmein abcd1234 1122334455 raspberry abc1234 a1s2d3f4 rootroot P@ssw0rd qwert public adminpp 1q2w3e4r5t root 1234567890 qweasd guest asdfgh test123 zxcvbnm caonima - !QAZ@WSX 112233 147147 123654 q1w2e3r4t5 1234567 1q2w3e4r password1 root123 123456789 12345qwert qweasdzxc 110110 159357