Conpot is an ICS/SCADA honeypot designed to gather intelligence on adversaries targeting industrial control systems.
ICS/SCADA honeypot
Conpot is primarily used by security researchers and threat intelligence teams to detect and analyze attacks against industrial control systems by emulating vulnerable ICS environments. It helps organizations understand attacker behavior and improve their defense strategies in critical infrastructure sectors.
Users should customize templates and ports to better mimic their specific ICS environment for more effective threat intelligence. Running Conpot in a controlled network segment is recommended to avoid unintended exposure. Regularly update the tool and templates to capture evolving attacker techniques.
Refer to the quick install guide at https://conpot.readthedocs.io/en/latest/installation/quick_install.html
For advanced usage, follow the host install instructions at https://conpot.readthedocs.io/en/latest/installation/install.html
Optionally, deploy using Docker via the honeynet/conpot image on Docker Hubconpot
Starts the Conpot honeypot service with default settings
conpot --template <template_name>
Runs Conpot with a specified ICS template to emulate different devices
docker run -p 102:102 honeynet/conpot
Runs Conpot honeypot inside a Docker container exposing port 102