git404hub

what is hfish fr?

hacklcx/hfish — explained in plain English

Analysis updated 2026-05-18

4,513Audience · ops devopsComplexity · 3/5Setup · moderate

tl;dr

A free enterprise honeypot platform that deploys 90+ types of fake services to detect attackers inside and outside a corporate network, with one-click deployment and multi-platform support.

vibe map

mindmap
  root((HFish Honeypot))
    What It Does
      Decoy services
      Attacker detection
      Threat intelligence
    Service Types
      Web servers
      Email systems
      IoT devices
      Network equipment
    Deployment
      Management console
      Honeypot nodes
      One-click install
    Alerts
      Email and syslog
      Webhook
      WeChat DingTalk Feishu
    Platforms
      Linux x32 x64 ARM
      Windows x32 x64

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

what do people make with this?

VIBE 1

Deploy fake servers to detect attackers who have already breached your corporate network

VIBE 2

Monitor attempts to access decoy services and receive alerts via email or messaging apps

VIBE 3

Set up a honeypot grid covering 90+ service types to detect port scans and brute force attempts

VIBE 4

Forward suspicious inbound traffic to a cloud honeypot network for additional analysis

what's the stack?

LinuxWindows

how it stacks up fr

hacklcx/hfishcode52/carnaclocuslab/tcn
Stars4,5134,5134,513
LanguageC#Python
Setup difficultymoderateeasymoderate
Complexity3/51/53/5
Audienceops devopsgeneralresearcher

Figures from each repo's GitHub metadata at analysis time.

how do i run it?

Difficulty · moderate time til it works · 30min

Deploy the management node first, then add honeypot nodes, one-click install on Linux or Windows.

Free community product, specific license terms are not stated in the README.

in plain english

HFish is a Chinese-built enterprise honeypot platform available free to the community. A honeypot is a decoy system set up to look like a real server or service, designed to attract attackers so their activity can be detected and logged before they reach actual systems. HFish packages this concept for corporate security teams and covers three scenarios: detecting threats that are already inside the internal network, sensing threats coming from outside, and generating threat intelligence from the activity recorded. The platform supports over 90 types of fake services. These cover a broad range of what a typical corporate network runs, including web servers, email systems, OA office platforms, CRM systems, NAS storage, network equipment like switches and routers, wireless access points, IoT devices, and various security products. When an attacker interacts with any of these decoy services, HFish logs the contact and can send an alert. Users can also build custom web-based honeypots beyond the built-in list. HFish runs as a management console connected to one or more honeypot nodes. The README notes that users deploy the management side first, then add nodes either from the built-in option or as separate installs. Deployment is described as one-click. The platform runs on Linux (x32, x64, ARM), Windows (x32, x64), and several Chinese domestic operating systems and processor architectures. Alerts go out via email, syslog, webhook, or popular Chinese messaging apps including WeChat Work, DingTalk, and Feishu. Additional features include the ability to forward suspicious traffic to a cloud honeypot network at no extra cost, a full-port scan detection mode, and configurable decoy file placements. The README is primarily in Chinese. Fields for this entry are based on the README content.

prompts (copy fr)

prompt 1
I want to set up HFish to detect lateral movement inside our corporate network. How do I deploy the management console and add honeypot nodes?
prompt 2
Show me how to configure HFish to send alerts to DingTalk when an attacker interacts with a honeypot service.
prompt 3
How do I create a custom web-based honeypot in HFish that mimics our internal admin panel to attract attackers?

Frequently asked questions

what is hfish fr?

A free enterprise honeypot platform that deploys 90+ types of fake services to detect attackers inside and outside a corporate network, with one-click deployment and multi-platform support.

What license does hfish use?

Free community product, specific license terms are not stated in the README.

How hard is hfish to set up?

Setup difficulty is rated moderate, with roughly 30min to a first successful run.

Who is hfish for?

Mainly ops devops.

peek the repo → explain another one

This repo across BitVibe Labs

double-check against the repo, no cap.