[Shodan] Check an IP address whether it is a honeypot or a real control system

A honeypot is a term used to describe a computer or network setup with the purpose of attracting computer hackers. These computers allow a system administrator or security expert to analyze how a computer hacker may attempt to hack a network without risking the threat to their own network. Any problems discovered while analyzing the honey pot can be implemented into the real network or server making it more secure.

More HoneyPot & HoneyNet info, please read this article.

Check an IP address whether it is a honeypot or a real control system

1. How does it work?

   The defining characteristics of known honeypots were extracted and used to create a tool to let you identify honeypots! The probability that an IP is a honeypot is captured in a “Honeyscore” value that can range from 0.0 to 1.0. This is still a prototype/ work-in-progress so if you find some problems please email me at jmath@shodan.io

2. What’s the purpose?

   Honeypots are a great tool for learning more about the Internet, the latest malware being used and keep track of infections. When trying to catch an intelligent attacker though, many honeypots fall short in creating a realistic environment. Honeyscore was created to raise awareness of the short-comings of honeypots.

3. What technology did you use?

   The Honeyscore website and algorithm uses the following APIs/ frameworks:

   • Shodan Developer API
   • Python
   • Jade Node Template Engine

4. Contact information?

   You can reach me at the following locations:

   Email: jmath@shodan.io
   Twitter: @achillean

Usage

1. Go to https://honeyscore.shodan.io/
2. Enter an IP Address, and click “Check for HoneyPot”

Reference: shodan.io