DejaVU - Open Source Deception Framework
Alternatives To Dejavu
Project NameStarsDownloadsRepos Using ThisPackages Using ThisMost Recent CommitTotal ReleasesLatest ReleaseOpen IssuesLicenseLanguage
a month ago4gpl-3.0C
🍯 T-Pot - The All In One Honeypot Platform 🐝
2 days ago100otherPython
Cowrie SSH/Telnet Honeypot
8 months ago7otherPHP
DejaVU - Open Source Deception Framework
3 years ago3JavaScript
a friendly data mocking service to generate random data in the required format, all written in basic javascript; exactly how beginners like.
a day agoapache-2.0Go
DICOM Honeypot
Alternatives To Dejavu
Select To Compare

Alternative Project Comparisons

DejaVU - Open Source Deception Platform

DejaVu (part of is a deception platform which can be used to deploy decoys on both cloud(for now we support AWS) and internal network.

This is our presentation at Blackhat Europe where we show how we can leverage Deception to detect common adversary tactics and techniques during various stages of attack lifecycle.

Deploying DejaVu on Internal Network

If you are looking deploying DejaVu on your internal network, you can download the platform from Use the below guides to help you get started.

Default credentials: administrator:changepassword


We started DejaVu in 2018 and initially presented our work at Blackhat, Defcon, and HITB. Over the last few years we have added various new decoys, breadcrumbs and changed our architecture based on the feedback from organisations using it.

DejaVu can be used by the defender to deploy multiple interactive (Server and Client) decoys strategically across their network on different VLANs and on Cloud (AWS). To ease the management of decoys, we have built a web based platform which can be used to deploy, administer and configure all the decoys effectively from a centralized console. Logging and alerting dashboard displays detailed information about the alerts generated and can be further configured on how these alerts should be handled. If certain IPs like in-house vulnerability scanner, SCCM etc. needs to be discarded, this can be configured which effectively would mean very few false positives.

Alerts only occur when an adversary is engaged with the decoy, so now when the attacker touches the decoy during reconnaissance or performs authentication attempts this raises a high accuracy alert which should be investigated by the defense. Decoys can also be placed on the client VLANs to detect client side attacks such as responder/LLMNR attacks using client side decoys. Additionally, common attacks which the adversary uses to compromise such as abusing Tomcat/SQL server for initial foothold can be deployed as decoys, luring the attacker and enabling detection.

One of the major advantages of DejaVu - Using a single platform you can deploys decoys across different VLANS and manage, monitor them.

Use Cases

Below are few examples attack vectors using DejaVu platform you can detect:

  • (Attack) : Port Scan/Enumeration

    (Defense) : Fake Services spread out throughout the network

  • (Attack) : Password Spray/ Brute Force Attack

    (Defense) : Deploy multiple common services, attempts on two/more decoys potentially a password spray attempt

  • (Attack) : Attacker targeting low hanging fruits - Tomcat/MSSQL/Jenkins

    (Defense) : Deploy common platforms attackers look for initial foothold

  • (Attack) : Responsder/ LLMNR Poisoning

    (Defense) : NBNS client side decoys to detect MITM attacks

  • (Attack) : Bloodhound/Similar tools to identify attack path

    (Defense) : DNS Records Manipulation and fake servers

  • (Attack) : Lateral Movement - Pass the Hash

    (Defense) : Fake Sessions and Injecting Memory Credentials Tokens

  • (Attack) : Kerberoast attack

    (Defense) : Kerberoasting Service Accounts Honey Tokens

  • (Attack) : Data Ex-filtration

    (Defense) : Honeyfiles to detect ex-filtration occurrences



  • DejaVu Engine: This is used deploy decoys across your infrastrucure. So let's you have multiple offices, you would depoloy an engine in each.
  • DejaVu Console: A centralized console to view and manager all the alerts from your various engines. Think of this as your dashboard. Engines connect to Console.

Decoy Types

  • Server Decoys

    • MYSQL
    • SNMP
    • Custom HTTP Decoy - You can configure this with a custom HTML template
    • TELNET
    • SMB Server with custom files
    • FTP
    • TFTP
    • Web Server - Tomcat, Apache, Basic Auth
    • SSH Interactive and Non-Interactive
    • SMTP
    • RDP Interactive and Non-Interactive
    • VNC
    • HONEYCOMB (To capture events from Honey Docs)
    • ICS/SCADA Decoys - Modbus and S7COMM
  • Client Decoys

    • NBNS Decoy
    • MITM Decoy
    • SSDP Client
    • Email Client
  • BreadCrumbs

    • Honey Docs
    • HoneyHash - Injects creds into memory
    • Kerberoast Honey Account

Sneak Peek



  • Big shout to open source community for previous work on Honeypots
Popular Deception Projects
Popular Docker Projects
Popular Security Categories
Related Searches

Get A Weekly Email With Trending Projects For These Categories
No Spam. Unsubscribe easily at any time.