HoneyLabs

Blog · 2026-05-28

Hello from HoneyLabs

A short tour of what we run, what is in the dataset, and what we plan to write about here.


What you're looking at

HoneyLabs runs a fleet of internet-facing honeypot sensors and ships the events into a public, query-ready dataset. Right now we have over 13 million events across SSH, HTTP, TLS, and raw-TCP probes.

This blog is where we will share findings from the data. A few examples of what we plan to write up:

How to use the data yourself

The dataset is free for individual research use. We will publish writeups here as we find things worth sharing.

The weekly threat report

One email every Monday: which ports moved week over week, which KEV and recent CVEs are being probed in the wild, and the attack paths worth grepping your own logs for. Here is a real issue. Research write-ups like this one ride along when they land.

Double opt-in: we send one confirmation email and nothing else until you click it. Unsubscribe in one click, any time.