Wannabat

Wannabat: Free Interactive Honeypot for Vulnerability Analysis

A free and open source honeypot designed to mimic a real system with vulnerable components, attracting and analyzing adversaries, while providing a simulated health system.

What is Wannabat?

Wannabat is an open source interactive honeypot solution created by French cybersecurity company Tesorion. It is designed to emulate a real environment with multiple vulnerable services, applications, and operating systems in order to attract and study advanced cyber threats.

One of the key features of Wannabat is its simulated Windows health system. It mimics the behavior of a real medical organization's network, with vulnerable medical devices, workstations, databases containing electronic health records (EHRs), and other components. This provides attackers with an attractive target for compromising sensitive patient data.

As adversaries interact with the environment and attempt to escalate privileges or steal data, Wannabat closely monitors and logs their activities. Security analysts can then review these forensic artifacts to gain critical insights into the tactics, techniques, and procedures (TTPs) used by threat actors targeting the healthcare sector and other industries.

By engaging and observing real-world attackers within its controlled honeypot, Wannabat enables organizations to improve threat intelligence, augment detection capabilities, and ultimately enhance cyber resilience. As an open source project, the solution also provides a framework that developers and researchers can build upon to create their own deceitful networks for threat research.

Wannabat Features

Official Links