Hey everyone,
I wanted to run high-fidelity network canaries in my homelab, but I couldn't justify enterprise pricing, and I wasn't a fan of managing custom orchestration across all my VMs to make available oss solutions work.
So, I built HoneyWire. It’s a completely free, open-source distributed deception platform.
It uses a point-in-time CLI wizard to deploy hardened, distroless Docker traps. You run the command once, it spins up the decoy, registers it to your centralized Hub dashboard, and the setup agent completely exits. No persistent background daemons.
Features:
Zero-Agent: No ongoing background overhead on your hosts.
Centralized UI: View fleet health, uptime, and lateral movement alerts in dark mode.
Alerting: Built-in push notifications and SIEM forwarding.
Privacy: 100% free, open-source, and strictly zero telemetry.
GitHub Repo: https://github.com/andreicscs/HoneyWire Landing Page: https://honeywire.dev/
Would love to hear your thoughts on the architecture or any feedback if you test it out!
Is this for homelab penetration testing?
Well, you could use it for blue team simulations i guess, but not really, it is a Deception platform, meaning it is a tool used to deploy micro honeypots, or as i like to call them, tripwires, that report back to the hub as soon as they are tripped. Since these tripwires offer no real services or value every interaction with them is pretty suspicious, meaning that if something for example tries to poke around a server that has been deployed with HoneyWire tripwires, it will report back to the hub with information about what interacted with it, when, where, and what was done. Check the project's official website for more details: https://honeywire.dev/ You can also check out the concept of Canaries on Thinkst Canary s website i think they do a great job explaining the idea https://canary.tools/.