Configuring HoneyPy

There are two configuration files for HoneyPy, both are located in the HoneyPy etc directory (e.g. /opt/HoneyPy/etc). The main configuration file is honeypy.cfg, and the services configuration file is services.cfg.


In the honeypy.cfg file, the main configuration section is the [honeypy] section and only has two options to configure.

Name Description
nodename Name for this HoneyPy node to be displayed in tweets, Slack messages, and other integrations.
limit_internal_logs Enabling this will ensure that the internal log files are limited to one day, which can be useful for limited deployments e.g. automated containers (e.g. Yes or No).
internal_log_dir Directory for internal HoneyPy logs (not external loggers). Use leading slash for absolute path, or omit for relative path. Default: log/


The remaining sections in the honeypy.cfg configuration file are for configuring loggers. Loggers are modules that make consuming or processing event data more convenient by sending the event data to another service. These other services and their configuration options are listed below.

NOTE: More than one logger can be configured at a time. For example, if the Elasticsearch, HoneyDB, and RabbitMQ loggers are configured then all events will be sent to all three services.

NOTE: By default, HoneyPy logs all events to the log file /opt/HoneyPy/log/honeypy.log. All events are logged to this file regardless of a logger being configured or not.


Name Description
enabled Enable this logger (e.g. Yes or No).
es_url URL to Elasticsearch endpoint (e.g. http://localhost:9200/honeypot/honeypy).


Name Description
enabled Enable this logger (e.g. Yes or No).
api_id Your HoneyDB API id.
api_key Your HoneyDB API key.


Name Description
enabled Enable this logger (e.g. Yes or No).
host Logstash host.
port Logstash port.


Name Description
enabled Enable this logger (e.g. Yes or No).
url_param RabbitMQ config url (e.g. amqp://username:password@rabbitmq_host/%2f).
exchange Name of the Rabbitmq Exchange
routing_key Rabbitmq routing Key (if not configured in RabbitmQ, leave blank)


Name Description
enabled Enable this logger (e.g. Yes or No).
webhook_url Slack channel webhook URL.


Name Description
enabled Enable this logger (e.g. Yes or No).
url Splunk API endpoint (e.g. https://localhost:8089/services/receivers/simple).
username Username for authentication.
password Password for authentication.


Name Description
enabled Enable this logger (e.g. Yes or No).
bot_id Telegram bot HTTP API token.


Name Description
enabled Enable this logger (e.g. Yes or No).
consumerkey Your Twitter consumer key.
consumersecret Your Twitter consumer secret.
oauthtoken Your Twitter OAuth token.
oauthsecret Your Twitter OAuth secret.


Name Description
enabled Enable this logger (e.g. Yes or No).
persistent Is a persistent connection required (e.g. Yes).
server hpfeeds server
port hpfeeds port
ident hpfeeds ident
secret hpfeeds secret
channel hpfeeds channel
serverid hpfeeds server ID


The service.cfg file tells HoneyPy which services to launch. There are several additional service configuration files located in the etc/profiles directory. The service config file is used to define service names, ports, and plugins to run on your honeypot. Each service defined in the file has an enabled option. This option can be set to Yes or No to determine which services run on start. You can also use one of the provided config files, or create your own. To use one of the other files simply copy the file over service.cfg. For example:

cp profiles/services.windows_iis.profile service.cfg

If you want to revert back to the default service config file simply run

cp profiles/service.default.profile service.cfg

Low Ports

While you should not run HoneyPy with the root user, this means HoneyPy will not be able to listen on ports 1 through 1024. As a workaround you can use implement port redirection with IPTables. If you're not familiar with using IPTables you can try using ipt-kit. You will need to run ipt-kit as root to modify IPTables. Once the redirection rules are in place you won't need to run HoneyPy as root for low ports.

As an example, if you want HoneyPy to listen for telnet connections on port 23, choose a port above 1024. Edit the HoneyPy service config file to have telnet run on the high port (e.g. 2300). Then use ipt-kit to redirect 23 to 2300, example commands:

if root user:

./ipt_set_tcp 23 2300

or if using sudo:

$sudo ./ipt_set_tcp 23 2300

If you have low ports configured, when you run HoneyPy it will display a list of ipt-kit commands to run. For example:

./ipt_set_tcp 7 10007
./ipt_set_udp 7 10007
./ipt_set_tcp 8 10008
./ipt_set_udp 8 10008
./ipt_set_tcp 21 10021
./ipt_set_tcp 23 10009
./ipt_set_tcp 24 10010

NOTE: The commands above can be generated as a script using HoneyPy. First edit your service.cfg, then run ./ -ipt. The script will be saved to /tmp/ Copy the script to the ipt-kit directory, and make sure the script file has execute permissions, e.g. chmod +x Run the script as root or with sudo.

Alternatively, you can use authbind to enabled the usage of low ports by HoneyPy's run user. More on authbind here: