CipherSentry deploys SSH decoys that lure attackers in, analyzes their techniques and turns every intrusion attempt into actionable intelligence.
From credential capture to payload analysis, CipherSentry collects every detail of every intrusion attempt.
A fully simulated Debian 12 system with a virtual filesystem, real commands and plausible responses that fool sophisticated attackers.
Records username, password, SSH client version and authentication method. Feed your blocking rules with real data.
Every attacking IP geolocated on an interactive map. Visualize attack origins, distributed botnets and regional patterns.
Every file an attacker downloads is stored and classified without ever being executed. Analyze ELF droppers, scripts and binaries in a safe environment.
Web dashboard with server metrics, session timeline, per-IP analysis, attacker terminal reconstruction and report export.
Integrate honeypot data into your SIEM, XDR or threat intelligence platform. Token authentication, standard JSON responses.
It's not just a logger. CipherSentry simulates a full Debian server: a filesystem with real directories, commands with plausible output, interactive editors and compilers that "run" without executing real code.
CipherSentry is in early access. We're looking for security teams that want to capture real intelligence on attackers and give us direct feedback.
The first teams will get priority access, direct support from the team and founder pricing.
See available plans