Honeyport is a PowerShell script designed to create a honeypot on a Windows-based system. The script is available at:
https://github.com/Pwdrkeg/honeyport/
An elevated PowerShell session must be used. Once the Execution Policy for a PowerShell script has been configured, the script has several different command line parameters. The switch –ports will listen on a single or multiple ports; the example shows port 23. The local Windows Firewall may display a prompt when the script is initially executed.
To review log information, use the command Get-EventLog honeyport.
Once completed, use the command Stop-Job -Name HoneyPort and Remove-Job –Name HoneyPort to kill the background process.
The data from the Event Log could be exported to a text file using a command such as the example below.
Get-EventLog honeyport | Select Time, Message | Format-List | Out-File report.txt