Platform Features
Everything you need to deploy, monitor, and analyze honeypot-based threat intelligence at scale.
Real-time Attack Monitoring
Watch attacks unfold as they happen. Our WebSocket-powered live feed delivers every event to your dashboard the instant it's captured — no polling, no delays.
WebSocket Live Feed
Stream attack events in real time directly to your browser. See credentials, commands, and payloads as they arrive.
Instant Alerts
Get notified the moment a new attack pattern or high-value target is detected across your honeypot fleet.
Live Attack Map
Visualize attack origins on an interactive world map with real-time event markers.
10+ Protocol Support
High-fidelity honeypots that convincingly emulate real services. Each protocol captures the specific data that matters — credentials for SSH, queries for databases, payloads for web servers.
SSH & Telnet
Capture passwords, public keys, and full post-authentication command sessions from brute-force bots and manual attackers.
Database Protocols
PostgreSQL, MySQL, and Elasticsearch honeypots log every query, authentication attempt, and injection payload.
Web & Network
HTTP, FTP, LDAP, SMB, and Kubernetes API honeypots capture web exploits, file transfers, and lateral movement techniques.
IP Intelligence
Turn raw attack data into actionable intelligence. Every attacker IP is enriched with geolocation, reputation data, and historical attack patterns.
Geo-location
Map every attack to its country, city, and ASN. Understand where your threats originate.
Reputation Scoring
Automated threat scoring based on attack frequency, diversity of protocols targeted, and historical behavior.
IP Lookup
Search any IP address to see its full attack history across all your honeypots and protocols.
Dashboard Analytics
Comprehensive dashboards give you a clear picture of your threat landscape. Track trends, spot anomalies, and drill down into specific attack types.
Attack Trends
Time-series charts showing attack volume by protocol over hours, days, and weeks.
Distribution Charts
See the breakdown of attack types, top source countries, and most-used credentials at a glance.
Top Lists
Ranked tables of top credentials, commands, malware samples, and attacker IPs.
API & MCP Integration
Integrate threat.gg data into your existing workflows. Our REST API and MCP server make it easy to automate, analyze, and act on threat data.
REST API
Full programmatic access to attacks, attackers, IP lookups, credentials, and malware data via authenticated JSON endpoints.
MCP Server
Connect threat.gg directly to Claude and other MCP-compatible AI tools for natural-language threat analysis.
Data Export
Export attack data in standard formats for integration with SIEMs, ticketing systems, and custom dashboards.
Geo-mapped Visualization
Understand the global threat landscape at a glance. Attack origins are plotted on interactive maps with country-level aggregation and drill-down capability.
Attack Origin Mapping
Every attack is geolocated and plotted on an interactive world map with real-time updates.
Country-level Analysis
Aggregate attack data by country to identify top threat sources and emerging patterns.
Ready to See Your Threat Landscape?
Deploy your first honeypot and start collecting intelligence in minutes.