Deceptive Honeypot. Real Intelligence.

Catch attackers before they catch you. Mirror Trap runs a grid of fake services, classifies every probe with AI, fingerprints attacker behavior, and delivers real-time intelligence — all in one self-contained platform.

Get Started Pricing
8
Honeypot Ports
AI
Classification
1
Command Deploy
How It Works

From probe to intelligence in five steps

Every attacker interaction is captured, classified, and reported automatically. No manual analysis needed.

01

Listen and deceive

Ports 22, 80, 443, 3306, 5432, 6379, 8080, and 8443 serve realistic banners. Attackers see a real server, not a honeypot.

02

Detect and classify

After three or more probes, the engine flags the attacker. AI classifies their type, tool, skill level, and likely objective.

03

Fingerprint and track

Behavioral DNA is hashed from port sequence and timing. The same attacker using different IPs produces the same fingerprint.

04

Alert and report

Instant Telegram or email notifications. Weekly PDF reports with attacker breakdowns, top ports, and security recommendations.

05

Learn and adapt

Self-learning modules adjust trap placement based on attacker patterns. Each interaction makes the system smarter.

Features

What makes Mirror Trap different

Not just another honeypot. Behavioral fingerprinting and AI classification separate signal from noise.

Service Mimicry

8 Port Matrix

Fake SSH, HTTP, MySQL, PostgreSQL, Redis, and more all with realistic banners and responses.

tap to see use case →
Use Case
Attackers see real SSH, HTTP, and database banners. They waste hours probing services that don't exist.
AI Analysis

Deep Learning Classifier

DeepSeek-powered classification of attacker type, tool, skill level, and next move.

tap to see use case →
Use Case
Every attacker is tagged by type, tool, and objective in seconds. You know exactly who is targeting you before they know they've been caught.
Behavioral DNA

Cross-IP Tracking

Same attacker switching VPNs gets the same behavioral hash. Track across IPs and sessions.

tap to see use case →
Use Case
The same attacker switching VPNs gets the same fingerprint. You track them across sessions, IPs, and days.
Live Dashboard

Real-Time Monitoring

WebSocket-powered threat gauges, port heatmaps, and live attacker timeline.

tap to see use case →
Use Case
Your entire threat landscape on one screen, updating live. Every port, every attacker, every session in real time.
Alerting

Telegram Integration

Instant notifications with full classification and threat level delivered to your phone.

tap to see use case →
Use Case
Get an alert on your phone the moment an attacker engages. Classification and threat level included in every message.
Reporting

Weekly PDF Reports

Auto-generated threat intelligence reports with attacker trends and session breakdowns.

tap to see use case →
Use Case
Auto-generated threat intelligence reports sent every week. Share with your team or keep as audit trail.
Deception

Rabbit Hole

Multi-layer fake internal network. Attackers explore for hours while you watch every move.

tap to see use case →
Use Case
Attackers think they've broken into your network. They explore fake servers for hours while you watch every move.
Deployment

Docker Ready

One-command Docker Compose deploy. Zero configuration, zero expertise required.

tap to see use case →
Use Case
Deploy the entire platform with one command. No configuration, no dependencies, no server expertise needed.
Administration

Admin Panel

Full attacker database with search, filter, bulk operations, and live session logs.

tap to see use case →
Use Case
Search, filter, and export your full attacker database. Bulk operations and live logs in one place.
Pricing

Start free. Upgrade when you need more.

Self-hosted is always free. Cloud plans for teams that want zero infrastructure to manage.

Self-Hosted
$0
Full engine on your infrastructure
  • All honeypot features
  • AI classification
  • DNA fingerprinting
  • Telegram alerts
  • Docker deploy
  • Community support
Get Started
Cloud Pro
$19/month
Managed cloud platform, no server setup
  • Everything in Self-Hosted
  • Managed cloud dashboard
  • Email alerts
  • Weekly PDF reports
  • 30-day data retention
  • Email support
Coming Soon
Business
$49/month
Multi-site with white-label options
  • Everything in Cloud Pro
  • Multi-site deployment
  • API access
  • White-label reports
  • 90-day data retention
  • Priority support
Coming Soon
Deployment

Up and running in under a minute

Choose your path.

Docker (recommended)
docker compose up -d
# Dashboard at http://localhost:5000
Manual (Linux)
git clone https://github.com/ApnexQQQ/mirror-trap.git
cd mirror-trap
pip install flask flask-socketio eventlet requests
cd dashboard && python3 app.py
Architecture

What's under the hood

ComponentTechnology
Honeypot EnginePython, Raw TCP Sockets, Threading
DashboardFlask, Socket.IO, Eventlet
ClassifierDeepSeek API
AlertsTelegram Bot API
DatabaseSQLite
ReportsReportLab, Weekly PDF Generation
DeploymentDocker, Docker Compose, Systemd