Getting Started

This page contains a list of potential project ideas that we are keen to develop during GSoC 2025. If you would like to apply as a GSoC student, please follow these two steps to get started:

1. Read through this page and identify the project ideas you find interesting. Play around with our tools!
2. Join us on Discord and talk to your potential mentors on Discord

If there are any questions, please don’t hesitate and get in touch! 🙂

GSoC and The Honeynet Project

During the previous years of GSoC, the Honeynet Project’s students have created a wide range of very successful open source security projects, many of which have gone on to become the industry standard open source tools in their respective fields.

We are also always interested in hearing any ideas for additional relevant computer security and honeynet-related R&D projects (although remember that to qualify for receiving GSoC funding from Google your project deliverables need to fit in to GSoC’s project timescales!). If you have a suitable and interesting project, we will always try and find the right resources to mentor it and support you.

Please note - even if you aren’t an eligible GSoC participant, we are also always looking for general volunteers who are enthusiastic and interested in getting involved in honeynet R&D.

Each sponsored GSoC 2025 project will have one or more mentors available to provide a guaranteed contact point to students, plus one or more technical advisors to help applicants with the technical direction and delivery of the project (often the original author of a tool or its current maintainer, and usually someone recognized as an international expert in their particular field). Our Google Summer of Code organizational administrators will also be available to all sponsored GSoC students for general advice and logistical support. We’ll also provide hosting for project infrastructure, if required.

For all questions about the Honeynet Project, the GSoC program or our projects, please contact us on Discord (preferred)** or email us at [email protected].

Application template

If you are considering applying to participate with us in GSoC 2025 please find our application template here. Use it when you are preparing your application on the official GSoC site and don’t hesitate to ask your mentors for feedback before submitting!

GSoC 2025 Project Ideas Overview

• #1 - BuffaLogs: new alert notifications
• #2 - BuffaLogs: new ingestion sources
• #3 - IntelOwl improvements: analyzers and integrations
• #4 - Extending the Artemis scanner
• #5 - IntelOwl improvements: analyzers and integrations
• #6 - Improving the SweetCam IP camera honeypot
• #7 - Improving the DICOMHawk medical honeypot
• #8 - Implementing Protocol Parsers for Glutton Using Spicy

#1 - BuffaLogs: new alert notifications

BuffaLogs currently does not support alert notification. We are expanding the system to allow alert be sent to various destinations.

Project Objectives:

Developing alert notifications for one or more of the following sources, depending on the project timeline:

• Email
• Http request
• Slack
• Additional sources to be considered based on project scope

Technical Requirements:

• Develop modular and maintainable Python code for each implemented connector
• Create comprehensive unit tests and integration tests
• Provide detailed documentation

#2 - BuffaLogs: new ingestion sources

BuffaLogs currently supports data ingestion exclusively from Elasticsearch. To enhance its functionality and versatility, we are expanding the system to accommodate multiple data sources.

Project Objectives:

Developing connectors for one or more of the following sources, depending on the project timeline:

• Relational Databases (MySQL, Postgres, etc.)
• File-based Data Sources (CSV, JSON)
• AWS CloudTrail Logs
• Additional sources to be considered based on project scope

Technical Requirements:

• Develop modular and maintainable Python code for each implemented connector
• Create comprehensive unit tests and integration tests
• Provide detailed documentation

#3 - IntelOwl improvements: analyzers and integrations

This projects aims to improve the tests implemented in IntelOwl, in particular the ones regarding the Analyzers.

Right now, the actual implementation is kinda limited due to the inheritance of a framework built years ago, based on monkeypatching the tests.

The goal is to refactor this framework in a way that is easier to use and, at the same time, that it allows better tests implementation.

A thorough explanation of the problem and deliverables is described here.

This is a time-consuming project that requires focus and attention. We expect the contributor to refactor most of the analyzers’ tests and write additional checks.

The ideal candidate for this project is someone who understand how IntelOwl’s framework works and knows testing frameworks like unittest very well.

#4 - Extending the Artemis scanner

Artemis is a modular vulnerability scanner that checks multiple aspects of website security and builds easy-to-read messages to send to organizations to get the vulnerabilities fixed. Multiple national-level CSIRTs use it to improve the security of their constituencies - for example, since 2023, CERT PL has used Artemis to find and report more than half a million vulnerabilities.

The goal is to improve the number and quality of detected vulnerabilities. There may be multiple ways of achieving this goal:

• Extend Artemis with modules detecting new types of vulnerabilities (for example, by integrating existing open-source tools),
• Improve Artemis in other aspects such as performance or ease of use.

The primary required skills are Python programming and familiarity with Linux and Docker. Familiarity with web security topics is also desired.

#5 - IntelOwl improvements: analyzers and integrations

Right now we have a lot of Analyzers implemented in IntelOwl.

But they are not enough! They are one of the core parts of the application so we want to add even more of them!!!! :)

This project aims to increment the number of available Analyzers and adjusting the old ones that are not working anymore as intended. We have about 10 different Analyzers that has been requested by the community members in Github and are still not implemented. Plus we have other analyzers that requires intervention, like Yara, YETI, DNS Detectors and so on.

Plus, we would like this project to carry additional non-Analyzer related work, like the addition of new Ingestors or Playbooks for instance, which are pretty similar components.

Another optional and very different task could be to add support for Podman for the overall project as an alternative of Docker. This would require working more with the documentation and the core parts of the projects.

The ideal candidate for this project is someone who understand how IntelOwl’s framework works and already tried to implement some Analyzers.

#6 - Improving the SweetCam IP camera honeypot

SweetCam is an open-source honeypot designed to emulate IP camera behaviors with minimal setup while offering robust modularity for extending functionality. It is built to support the emulation of key protocols commonly used by IP cameras, including SSH, RTSP, and HTTP. A distinguishing feature of SweetCam is its ability to create a realistic web interface resembling an IP camera’s dashboard. This includes a login page and a simulated camera interface that can be customized using user-defined 360-degree video streams and images, making it highly adaptable to various use cases. The modular architecture of SweetCam ensures flexibility, allowing users to easily integrate support for new camera models and configurations. By providing a realistic medium-interaction environment, SweetCam effectively lures and studies attackers targeting IP cameras, offering valuable insights for cybersecurity research and network defense strategies.

GSoC 2025

Outcomes

• template-based device emulation
• new protocol support
• enhance Docker Usability (Automation & Base setup)
• Various improvements: Error based handling on HTTP page, Language Button at HTTP page, forgot password, implementation of sound, day/night configurations

Skills Preferred

• Basic Linux/Command Line skills
• Docker
• Shell, JavaScript

#7 - Improving the DICOMHawk medical honeypot

DICOMHawk is a powerful and efficient honeypot for DICOM servers, designed to attract and log unauthorized access attempts and interactions. Built using Flask and pynetdicom, DICOMHawk offers a streamlined web interface for monitoring and managing DICOM interactions in real-time.

Features

• DICOM Server Simulation: Supports C-ECHO, C-FIND, and C-STORE operations to simulate a realistic DICOM server environment.
• Logging: Detailed logging of DICOM associations, DIMSE messages, and event-specific data to track and analyze potential attacks.
• Web Interface: A user-friendly web interface to view server status, active associations, and logs.
• Custom Handlers: Easily extendable to support additional DICOM services and custom logging or handling requirements.

GSoC 2025

Outcomes

• Examine a potential integration with TPot
• Improve Docker usage (Security & Automation)
• Improve logging capabilities
• Integrate CanaryToken Webhook
• Potentially add additional protocol
• Documentation of the Implementations
• Testing

Skills Preferred

• Basic Linux/Command Line skills
• Docker
• Python

#8 - Implementing Protocol Parsers for Glutton Using Spicy

Glutton is a powerful Generic Low Interaction Honeypot designed to emulate various network services and capture malicious activity for security analysis. Its strength lies in its generic nature, supporting a wide range of network protocols.

The goal of this project is to:

• Develop a Go wrapper to integrate Spicy with Glutton.
• Implement protocol parsers for HTTP and DNS as initial examples.
• Provide documentation to explain the implementation.

The primary required skill is proficiency in Go programming and familiarity with Linux networking.
An understanding of network monitoring tools like Spicy or similar is a nice-to-have skill.