Hey everyone,
I wanted to run high-fidelity network canaries in my network, but I couldn’t justify enterprise pricing, and I wasn’t a fan of managing custom orchestration across all my VMs to make available OSS solutions work.
So, I built HoneyWire. It’s a completely free, open-source distributed deception platform.
It uses a point-in-time CLI wizard to deploy hardened, distroless Docker traps. You run the command once, it spins up the decoy, registers it to your centralized Hub dashboard, and the setup agent completely exits. No persistent background daemons.
Features:
Zero-Agent: No ongoing background overhead on your hosts.
Centralized UI: View fleet health, uptime, and lateral movement alerts in dark mode.
Alerting: Built-in push notifications and SIEM forwarding.
Privacy: 100% free, open-source, and strictly zero telemetry.
GitHub Repo: https://github.com/andreicscs/HoneyWire Landing Page: https://honeywire.dev/
Would love to hear your thoughts on the architecture or any feedback if you test it out!
AI Disclosure: As a student and solo developer/maintainer, I used AI as a “junior dev” during project development to help accelerate boilerplate writing and documentation. All core architecture, system structure, and security logic were fully designed and implemented by me.
just did a quick readthrough. looks like you’ve covered my use cases (for my home network at least). looking forward to seeing how it integrates into my stack.
forgive me if you go over these questions, I didn’t find them covered anywhere.
how lightweight are the endpoints/sensors compared to opencanary?
is there any way to do a log export? I saw several siem integrations and more on the roadmap but I personally always appreciate the ability to do this.
Glad to hear it fits your home network use case! I’d love to know how your deployment goes please feel free to drop any feedback (good or bad) once you get it running!
To answer your questions:
Each sensor decoy image is under 5MB, built as a distroless container running a single, statically compiled Go binary. i built it to hopefully be compatible with any hardware you may have available.
There is currently no way to export events logs, I’ll add that to the todo list!
Thanks so much for taking the time to check out the codebase and ask these!