SCADA Hacking: Creating a SCADA Honeypot

In this guide, we will create a SCADA/ICS Honeypot. As you know, a honeypot is a computer system that looks and acts like a vulnerable system. This particular honeypot is on an Ubuntu system with various SCADA protocols, including modbus.


Honeypots are used to study attacks. This particular Honeypot was developed by the Honeynet Project ( and is one of the most sophisticated SCADA honeypots developed to date. It is a low-interaction honeypot that changes the MAC address of its adapters so that attackers cannot easily hack it. As we'll see, it looks and acts almost identically to a real SCADA/ICS system, including slow response times like a heavily loaded industrial system.

To get started, you'll need an Ubuntu 12 or newer operating system. I have created a user “honey” with password “honey”, but of course, you can create any user/password you want.

Step #1 Install the necessary libraries

The first step is to install the necessary libraries and dependencies.

ubuntu > sudo apt-get install libsmi2ldbl snmp-mibs-downloader python-dev libevent-dev libxslt1-dev libxml2-dev


Step #2 Install the Python-pip package manager

In this step, we need to download the pip package manager

ubuntu>sudo apt-get install python pip



Step #3 Install MySQL and dependencies

Next, we need to install the open source database management system MySQL and its dependencies.

ubuntu>sudo apt-get install python-dev libmysqlclient-dev


ubuntu> sudo pip install MySQL-python



Step #4 Install Conpot

In this step, we download and install the SCADA honeypot conpot system, using pip.

ubuntu>sudo pip install conpot


Step #5 Run conpot

Next, we need to run the conpot system. Conpot comes with four different templates to replicate different SCADA systems. Here, we will use the default template that reproduces a Siemens SIMATIC S7-200.

ubuntu>sudo conpot – template default

honey5 honey6

As you can see, the honeypot is started and using an external IP address of The Best Technology Site in Greece
Follow us on Google News

SCADA Hacking, SCADA, Hacking

Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).