PR

/claim #6403

Proposed changes

Adds opt-in honeypot detection to reduce noisy results from decoy services that match an unusual number of templates.

  • New flags (optimization group)

    • -nhp / --no-honeypot: disable honeypot detection
    • -mhm N / --max-host-match: absolute threshold; flag host after N unique template matches

  • Detection modes

    • Absolute threshold (-mhm > 0): flag when unique matches >= -mhm
    • Percentage heuristic fallback (only when -mhm is not set): flag when a host matches >= 50% of loaded templates, but only if >= 20 templates are loaded (to reduce false positives on small targeted scans)

  • Signature boosting

    • Known honeypot banners in response bodies (Cowrie/Dionaea/Glastopf/Conpot/Honeyd/Elastichoney, etc.) immediately push a host past the threshold. The triggering results are suppressed.

  • Integration points

    • pkg/protocols/common/honeypotcache: host-keyed cache tracking unique template IDs
    • pkg/core/executors.go: checks the cache to skip honeypot hosts and emits a structured ResultEvent with Error: "host was skipped as it was identified as a honeypot" (mirrors HostErrorsCache behavior)
    • Runner + SDK: cache is initialized and SetTotalTemplates is set after templates are loaded

Proof

Build:

go build ./...

Targeted tests:

go test ./pkg/protocols/common/honeypotcache/... -count=1 -v

go test ./pkg/core -run Test_executeTemplateOnInput_CallbackPath -count=1

Environment notes (not caused by this PR):

  • -race requires CGO (CGO_ENABLED=1), so go test ... -race is environment-limited here.
  • go test ./... can fail in this Windows environment due to:
    • pkg/protocols/headless/engine: temp dir permission issue under C:\WINDOWS\...
    • pkg/testutils/fuzzplayground: go-sqlite3 requires CGO

Checklist

  • PR created against dev
  • Tests added that prove the feature works
  • Proof included (build + targeted test commands)
  • All checks passed (CI not fully represented here; local environment has CGO/headless constraints noted above)
  • Documentation added (flags are discoverable via -h; no separate docs added)

Claim

Total prize pool $250
Total paid $0
Status Pending
Submitted March 16, 2026
Last updated March 16, 2026

Contributors

EN

Enkae

@enkae-code

 100%

Sponsors

PR

ProjectDiscovery

@projectdiscovery

$250