Glastopf - Honeypot which emulates thousands of vulnerabilities


Glastopf is a Honeypot which emulates thousands of vulnerabilities to gather data from attacks targeting web applications. The principle behind it is very simple: Reply the correct response to the attacker exploiting the web application.

How to install

To use this tool, please use a method listed below

In a Linux (Debian OS), run the following command(s).


Add the Backports repository to your sources.list:

deb squeeze-backports main

Or (for Wheezy):

deb wheezy-backports main

Install the dependencies:

apt-get update
  apt-get install python python-openssl python-gevent libevent-dev python-dev build-essential
  apt-get install python-argparse python-chardet python-requests python-sqlalchemy
  apt-get install python-beautifulsoup mongodb python-pip python-dev python-setuptools
  apt-get install g++ git php5 php5-dev liblapack-dev gfortran
  apt-get install libxml2-dev libxslt-dev
  apt-get install libmysqlclient-dev
  pip install --upgrade distribute

Install and configure the PHP sandbox

Download using git:

cd /opt
git clone git://
cd BFR
./configure --enable-bfr
make && make install

Copy the search path to and add it to php.ini. It can look like this:

zend_extension = /usr/lib/php5/20131226/

Install glastopf

Install latest stable release from pip:

pip install glastopf

Or install latest development version from the repository:

cd /opt
git clone
git clone
git clone
cd glastopf
python install


Prepare glastopf environment:

cd /opt
  mkdir myhoneypot
  cd myhoneypot

A new default glastopf.cfg has been created in myhoneypot, which can be customized as required.


Download directly from the following link:


How to execute

Start Glastopf (from your 'myhoneypot' directory):


Use your web browser to visit your honeypot. You should see the following output on your command line:

2021-03-13 21:10:33,047 (glastopf.glastopf) Initializing Glastopf using "/opt/myhoneypot" as work directory.
2021-03-13 21:10:33,048 (glastopf.glastopf) Connecting to main database with: sqlite:///db/glastopf.db
2021-03-13 21:10:33,073 (glastopf.modules.reporting.auxiliary.log_hpfeeds) Connecting to feed broker.
2021-03-13 21:10:33,237 (glastopf.modules.reporting.auxiliary.log_hpfeeds) Connected to hpfeed broker.
2021-03-13 21:10:36,290 (glastopf.glastopf) Glastopf started and privileges dropped.
2021-03-13 21:10:56,282 (glastopf.glastopf) requested GET / on
2021-03-13 21:10:56,401 (glastopf.glastopf) requested GET /style.css on
2021-03-13 21:10:56,463 (glastopf.glastopf) requested GET /favicon.ico on




Next steps:


This article was contributed by Gavin Dennis from Jamaica. Gavin is a member of the Caribbean CSPA.

Was this article helpful?
0 out of 0 found this helpful



Article is closed for comments.