4

Home

anti edited this page 2026-04-19 00:25:30 -04:00

Table of Contents

• DECNET Wiki
• Start here
• User docs
• Developer docs
• Project meta

DECNET Wiki

⚠ Pre-1.0 — use with caution. DECNET is under active development and has not yet cut a v1.0 release. The test suite currently covers more than 1,900 cases, but expect bugs in the corners we haven't probed and expect features to land, shift, and occasionally break between versions. Do not deploy against production adversaries without reading the code you're trusting, and pin to a known commit if you need stability.

DECNET is a honeypot deception-network framework that spins up fleets of fake machines (deckies) running realistic services (RDP, SMB, SSH, FTP, HTTP, and more) to lure, observe, and profile attackers. Every interaction is funnelled to an isolated logging network (syslog/ELK/SIEM) so the real infrastructure stays silent while the decoys do the talking. It runs on a single host (UNIHOST) or across a swarm, with container-level OS fingerprint spoofing and per-service personas.

Start here

• New to DECNET? Read Quick-Start.
• Setting up a host from scratch? Read Installation and Requirements-and-Python-Versions.
• Looking up a flag? See CLI-Reference.

Supported Python: 3.11, 3.12, 3.13. Python 3.14 is not supported — its new garbage collector breaks DECNET under load. See Requirements-and-Python-Versions.

User docs

• Quick-Start
• Installation
• Requirements-and-Python-Versions
• CLI-Reference
• INI-Config-Format
• Custom-Services
• Services-Catalog
• Service-Personas
• Archetypes
• Distro-Profiles
• OS-Fingerprint-Spoofing
• Networking-MACVLAN-IPVLAN
• Deployment-Modes
• SWARM-Mode
• Environment-Variables
• Teardown-and-State
• Database-Drivers
• Systemd-Setup
• Logging-and-Syslog
• Web-Dashboard
• REST-API-Reference
• Mutation-and-Randomization
• Troubleshooting

Developer docs

• Developer-Guide
• Design-Overview
• Writing-a-Service-Plugin
• Module-Reference-Core
• Module-Reference-Web
• Module-Reference-Services
• Module-Reference-Workers
• Testing-and-CI
• Performance-Story
• Tracing-and-Profiling

Project meta

• Sponsors
• Support-the-Project
• Security-and-Stealth
• Roadmap-and-Known-Debt

DECNET

• Home

User docs

• Quick-Start
• Installation
• Requirements-and-Python-Versions
• CLI-Reference
• INI-Config-Format
• Custom-Services
• Services-Catalog
• Service-Personas
• Archetypes
• Distro-Profiles
• OS-Fingerprint-Spoofing
• Networking-MACVLAN-IPVLAN
• Deployment-Modes
• SWARM-Mode
• MazeNET
• Remote-Updates
• Environment-Variables
• Teardown-and-State
• Database-Drivers
• Systemd-Setup
• Logging-and-Syslog
• Service-Bus
• Web-Dashboard
• REST-API-Reference
• Mutation-and-Randomization
• Troubleshooting

Developer docs

• Developer-Guide
• Design-Overview
• Writing-a-Service-Plugin
• UI-Things
• Module-Reference-Core
• Module-Reference-Web
• Module-Reference-Services
• Module-Reference-Workers
• PKI-and-mTLS
• Testing-and-CI
• Performance-Story
• Tracing-and-Profiling

Project meta

• Sponsors
• Support-the-Project
• Security-and-Stealth
• Roadmap-and-Known-Debt

DECNET — honeypot deception-network framework. Pre-1.0, active development — use with caution. See Sponsors to support the project. Contact: samuel@securejump.cl