Page:
Archetypes
Pages
Archetypes
CLI Reference
Custom Services
Database Drivers
Deployment Modes
Design Overview
Developer Guide
Distro Profiles
Environment Variables
Home
INI Config Format
Installation
Logging and Syslog
MazeNET
Module Reference Core
Module Reference Services
Module Reference Web
Module Reference Workers
Mutation and Randomization
Networking MACVLAN IPVLAN
OS Fingerprint Spoofing
PKI and mTLS
Performance Story
Quick Start
REST API Reference
Remote Updates
Requirements and Python Versions
Roadmap and Known Debt
SWARM Mode
Security and Stealth
Service Bus
Service Personas
Services Catalog
Sponsors
Support the Project
Systemd Setup
Teardown and State
Testing and CI
Tracing and Profiling
Troubleshooting
UI Things
Web Dashboard
Writing a Service Plugin
Clone
1
Archetypes
anti edited this page 2026-04-18 06:04:57 -04:00
Table of Contents
Archetypes
An archetype is a pre-packaged identity for a decky: a realistic combination of services, a preferred distro rotation, and a TCP/IP OS fingerprint that makes a decoy look like a specific class of machine without the user picking each piece by hand.
Source of truth: decnet/archetypes.py.
INI snippet
[corp-desktops]
archetype=windows-workstation
amount=4
[edge]
archetype=deaddeck
amount=1
See INI format. Archetypes can also be selected via
decnet deploy --archetype <slug> or rotated automatically with
--randomize-services.
Registered archetypes
| Slug | Display name | Services | Preferred distros | nmap_os |
|---|---|---|---|---|
windows-workstation |
Windows Workstation | smb, rdp | debian, ubuntu22 | windows |
windows-server |
Windows Server | smb, rdp, ldap | debian, ubuntu22 | windows |
domain-controller |
Domain Controller | ldap, smb, rdp, llmnr | debian, ubuntu22 | windows |
linux-server |
Linux Server | ssh, http | debian, ubuntu22, rocky9, fedora | linux |
web-server |
Web Server | http, ftp | debian, ubuntu22, ubuntu20 | linux |
database-server |
Database Server | mysql, postgres, redis | debian, ubuntu22 | linux |
mail-server |
Mail Server | smtp, pop3, imap | debian, ubuntu22 | linux |
file-server |
File Server | smb, ftp, ssh | debian, ubuntu22, rocky9 | linux |
printer |
Network Printer | snmp, ftp | alpine, debian | embedded |
iot-device |
IoT Device | mqtt, snmp, telnet | alpine | embedded |
industrial-control |
Industrial Control System | conpot, snmp | debian | embedded |
voip-server |
VoIP Server | sip | debian, ubuntu22 | linux |
monitoring-node |
Monitoring Node | snmp, ssh | debian, rocky9 | linux |
devops-host |
DevOps Host | docker_api, ssh, k8s | ubuntu22, debian | linux |
deaddeck |
Deaddeck (Entry Point) | ssh | debian, ubuntu22 | linux |
Notes
deaddeckexposes a real interactive SSH shell (not a honeypot emulation) and is intended as the internet-facing entry point.industrial-controluses Conpot to simulate Modbus / S7 / DNP3.- The
preferred_distroslist is rotated per-decky so a group of the same archetype still looks heterogeneous. - Each archetype's
nmap_osis applied as network-namespace sysctls on the decky's base container. See OS fingerprint spoofing.
See also
DECNET
User docs
- Quick-Start
- Installation
- Requirements-and-Python-Versions
- CLI-Reference
- INI-Config-Format
- Custom-Services
- Services-Catalog
- Service-Personas
- Archetypes
- Distro-Profiles
- OS-Fingerprint-Spoofing
- Networking-MACVLAN-IPVLAN
- Deployment-Modes
- SWARM-Mode
- MazeNET
- Remote-Updates
- Environment-Variables
- Teardown-and-State
- Database-Drivers
- Systemd-Setup
- Logging-and-Syslog
- Service-Bus
- Web-Dashboard
- REST-API-Reference
- Mutation-and-Randomization
- Troubleshooting
Developer docs
DECNET — honeypot deception-network framework. Pre-1.0, active development — use with caution. See Sponsors to support the project. Contact: samuel@securejump.cl