Will do, my bad, thanks for the clarification!

Hey, creator of HoneyWire here! Wow, thank you so much for sharing this, digicat!

I built this because I wanted high-fidelity network canaries in my lab but hated enterprise pricing and didn't want to manage persistent background orchestration daemons across all my hosts to make other OSS alternatives work.

To give a quick breakdown for the blue team here: it uses a point-in-time CLI wizard to deploy hardened, distroless Docker traps, and then the setup agent completely exits. It's got a centralized UI with fleet management, built-in SIEM forwarding and push notifications. Thanks to the UI fleet management and setup wizard cli tool it takes less then 60 seconds to deploy sensors on a new node.

I'd love to hear what this community thinks of the architecture!

Glad to hear it fits your home network use case! I'd love to know how your deployment goes please feel free to drop any feedback (good or bad) once you get it running!

To answer your questions:

Each sensor decoy image is under 5MB, built as a distroless container running a single, statically compiled Go binary. i built it to hopefully be compatible with any hardware you may have available.

There is currently no way to export events logs, I'll add that to the todo list!

Thanks so much for taking the time to check out the codebase and ask these!

Thanks so much! I'd love to get your feedback if you end up deploying it. I've been staring at this codebase for so long that I'm sure I have some tunnel vision and might be blind to obvious issues. Let me know what you think!

I appreciate the feedback and the 2p! I definitely don't take it personally. I completely understand the skepticism around AI in this community, which is why I don't hide it. At the end of the day, the core engine, the distroless container architecture, and the threat model were entirely engineered by me. HoneyWire is fully open-source and transparent, so anyone is welcome to audit the codebase. I also have several other public, non-AI projects on my GitHub if anyone wants to vet my background. But fair point I’ll make sure to be more upfront about using it as a scaffolding tool in future posts

No issue that's a completely fair question, yes AI was used as an accelerator for writing boilerplate code, scaffolding the initial UI layout, and helping me structure the documentation. However, the core security logic, container architecture, and threat model were entirely designed and verified by me. I have about 8-9 years of software development experience. While HoneyWire is my first major public release, it’s the culmination of years of building internal tools, network utilities, and lab environments.

Because security is the primary focus, I deliberately designed the architecture to minimize risks. I highly encourage you to review the source code on GitHub, I'd be happy to receive feedback about the architecture or any threat-modeling critiques!

AI Disclosure: As a student and solo developer/maintainer, I used AI as a "junior dev" during project development to help accelerate boilerplate writing and documentation. All core architecture, system structure, and security logic were fully designed and implemented by me.

That's exactly how it works. You deploy these low-interaction decoys (traps) across your internal network to act as tripwires. Since legitimate users have no reason to touch them, any interaction is a high-fidelity alert indicating a potential breach or lateral movement. Right now, you can spin up a few different types of traps, like a network scan detector that sits completely quietly and triggers an alert if it detects a port or network scan hitting that specific node, or a Web Router Login Page, that looks like a legacy admin interface and instantly alerts you if someone tries to brute-force or log in. The best part about HoneyWire's architecture is that developing new sensors is the easiest part, so the ecosystem is designed to be highly extensible as the community grows.