Sunday, May 1, 2016


Honeyport is a PowerShell script designed to create a honeypot on a Windows-based system.  The script is available at:

An elevated PowerShell session must be used.  Once the Execution Policy for a PowerShell script has been configured, the script has several different command line parameters.  The switch –ports will listen on a single or multiple ports; the example shows port 23.  The local Windows Firewall may display a prompt when the script is initially executed.


To review log information, use the command Get-EventLog honeyport.


Once completed, use the command Stop-Job -Name HoneyPort and Remove-Job –Name HoneyPort to kill the background process.


The data from the Event Log could be exported to a text file using a command such as the example below.

Get-EventLog honeyport | Select Time, Message | Format-List | Out-File report.txt


No comments:

Post a Comment