Hey everyone,
Deception technology is highly effective for early breach detection, but deployment friction especially with other OSS alternatives and supply chain risks (adding attack surface with heavy background daemons) often stall adoption.
On top of that i couldn't justify enterprise solutions pricing, and available open source alternatives just weren't good enough for me.
I built HoneyWire to solve this. It’s an open-source platform designed to deploy hardened cyber canaries across a distributed infrastructure in under 60 seconds without persistent agents.
Architectural Highlights:
Zero-Agent Deployment: Traps are provisioned via a point-in-time CLI tool that exits completely after spinning up the decoy container.
Attack Surface Reduction: Decoys are built using minimal, distroless container images, following principle of least privilege ensuring attackers cannot easily pivot from or leverage the trap itself.
Centralized Management: A centralized Hub monitors trap heartbeats and aggregates lateral movement alerts.
SIEM integration: Out-of-the-box support for log forwarding and immediate webhook alerting.
Code: https://github.com/andreicscs/HoneyWire
Site: https://honeywire.dev/
I'm eager to get feedback from defensive practitioners on the agentless provisioning model and feature roadmap.
I'd love to hear feedback on the Threatmodel docs!
