Honeypot as a Service allows an attacker to log in via SSH or telnet and execute commands.
10K+
Note: This is an unofficial Docker implementation of CZ.NIC's HaaS proxy. The official Docker version was discontinued, but the service remains available via pip, deb, and rpm packages.
HaaS (Honeypot as a Service) is a research project by CZ.NIC that allows anyone to contribute to cybersecurity research by running SSH/Telnet honeypots. This Docker container makes it easy to participate in the project.
A honeypot is specialized software that simulates a vulnerable system to attract and monitor cyber attacks. It acts like a decoy, allowing attackers to connect via SSH or Telnet, execute commands, and download malware - all while secretly recording their activities for security research.
DEVICE_TOKENCreate a docker-compose.yml file:
version: "3.8"
services:
haas:
container_name: haas
image: mikromcz/haas:latest
restart: unless-stopped
hostname: haas
security_opt:
- no-new-privileges:true
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Prague # Adjust to your timezone
- DEVICE_TOKEN=YOUR_DEVICE_TOKEN_HERE
- LOG_LEVEL=info # Options: error, warning, info, debug
ports:
- "2222:2222"
networks:
- haas_network
networks:
haas_network:
driver: bridge
Run with:
docker-compose up -d
docker run -d \
--name haas \
--restart=unless-stopped \
--security-opt=no-new-privileges:true \
-e "DEVICE_TOKEN=YOUR_DEVICE_TOKEN_HERE" \
-e "LOG_LEVEL=info" \
-e "TZ=Europe/Prague" \
-p 2222:2222 \
mikromcz/haas:latest
Critical: You must forward external port 22 (SSH) to the container's port 2222:
Internet (port 22) → Router → Docker Host (port 2222) → Container (port 2222)
| Variable | Required | Default | Description |
|---|---|---|---|
DEVICE_TOKEN | ✅ Yes | - | Your unique device token from haas.nic.cz |
LOG_LEVEL | ❌ No | info | Logging verbosity: error, warning, info, debug |
TZ | ❌ No | UTC | Container timezone |
PUID | ❌ No | 1000 | User ID for running the service |
PGID | ❌ No | 1000 | Group ID for running the service |
# Real-time logs
docker logs -f haas
# Recent logs
docker logs --tail 50 haas
Normal operation:
2025-09-07T19:30:15 info Starting HaaS proxy...
2025-09-07T19:30:16 info Connected to HaaS server
2025-09-07T19:30:17 info Listening on port 2222
Note: You may see occasional error messages like:
CRITICAL twisted 'channel open failed, direct-tcpip is not allowed'Unhandled Error in SSH transportThese are normal and indicate your honeypot is receiving and rejecting malicious connection attempts.
docker ps should show the container runningtelnet your-ip 22 should connect⚠️ Important Security Notes:
Container won't start:
netstat -tlnp | grep 2222DEVICE_TOKEN is correctNo connections being logged:
nmap -p22 your-external-ipHigh CPU/memory usage:
LOG_LEVEL to error to reduce log verbosityThis is an unofficial Docker implementation. For:
python:3.14-alpineDisclaimer: This project is not officially affiliated with CZ.NIC. It's a community-maintained Docker implementation of their HaaS proxy service.
Content type
Image
Digest
sha256:b363ad1b4…
Size
41.1 MB
Last updated
15 days ago
docker pull mikromcz/haas