Live Guide: https://fiazhacksheild.github.io/azure-honeypot
This project demonstrates how to deploy a T-Pot honeypot on Microsoft Azure, expose it intentionally for research, and analyze real-world attack traffic using built-in dashboards.
- Deploy Azure VM and networking for a controlled honeypot lab
- Install T-Pot Community Edition
- Open all inbound traffic intentionally (lab only)
- Observe attacks via Kibana, Grafana, and service dashboards
- Destroy the environment safely when done
- Azure free trial or active subscription
- VM: 4 vCPUs, 16 GB RAM, 256 GB disk
- Linux workstation with SSH and Nmap
- Create resource group and VM in Azure
- Add high-priority NSG allow-all rule
- SSH into VM, create non-root user, update system
- Clone and install T-Pot, reboot
- Validate services and ports, access dashboards
- Run external Nmap scans to generate events
T-Pot portal:
https://<vm_public_ip>:64297/
Delete entire lab:
az group delete --name tpot-rg --yes --no-wait- Azure VMs
- Azure NSGs
- T-Pot CE: https://github.com/telekom-security/tpotce
- Honeypots overview
Full documentation and screenshots available at: