Hey folks,
Just open-sourced a project called HoneyWire, a distributed deception platform built as an alternative to commercial honeypots and traditional agent-heavy canary setups.
It allows you to turn any Linux asset into a network canary in about a minute. Instead of installing heavy background daemons, a transient CLI wrapper configures and launches lightweight, distroless decoy containers that check back into a centralized management dashboard.
If an attacker attempts lateral movement and touches one of these decoys, it triggers an instant alert to your SIEM or webhook notifications.
Project Links:
GitHub: https://github.com/andreicscs/HoneyWire
Site: https://honeywire.dev/
It’s completely free, self-hostable, and transparent. Let me know if you have any questions about the detection mechanisms or the tech stack!
This looks pretty cool, I’ll be having a proper look over the weekend!
Thanks! I’d love to get some feedback if you end up trying it out!

