SSH honeypot, deployed in the wild, collecting and sharing data

What is Secure Honey?

Secure Honey is an SSH honeypot (see what is a honeypot), deployed in the wild, collecting and sharing data. It's an open-source honeypot and threat intelligence project run by me -- Simon Bell.

An SSH (secure shell protocol) honeypot is designed to look like a real SSH server. SSH is a protocol that allows a secure, remote, command-line login between two networked computers (see SSH on Wikipedia). In other words: SSH allows a user to control another computer remotely.

Secure Honey started out in 2013 as my Computer Science BSc final year project, supervised by Dr Martin Berger at the University of Sussex. I wrote the original honeypot in C-code to research cyber-attack techniques and threat actor methodology.

In 2014, I graduated from the University of Sussex and Secure Honey won the British Computing Society's Best Final Year Project award. I also shared how I dissected Simplelocker -- one of Android's first ransomware viruses (see How To Dissect Android Simplelocker Ransomware) -- and produced an antidote (see Creating An Antidote For Android Simplelocker Ransomware). My ransomware analysis write-ups were featured in numerous tech news websites (see Thank You).

My BSc final year project dissertation (entitled "Building a Honeypot to Research Cyber-Attack Techniques") can be found, along with my original project proposal and interim report, on the publications page.

In 2021, I re-wrote the honeypot in Python and containerised it in Docker. This allows me to take a more agile approach; adding and modifying features to the honeypot as I learn form the collected data. I also built a dashboard on the homepage (see homepage) to summarise the data Secure Honey collects.

Information about IP address geolocation is provided by's IP Geolocation API. Information about malware samples is provided by the VirusTotal API.

About The Author

My name's Simon Bell, I'm a software engineer and web security specialist. I've been working in the tech industry for over 10 years. I have a PhD in Cyber Security, from Royal Holloway's Information Security Group (ISG), and a BSc in Computer Science, from the the University of Sussex.

Find out more about me, and view my portfolio, at: