beelzebub

Beelzebub is an open‑source deception runtime that deploys adaptive, LLM‑powered decoy services across multiple protocols, including SSH, HTTP, TCP, TELNET, and MCP. It generates context‑aware responses in real time, keeping attackers engaged long enough to collect high‑fidelity threat intelligence and to detect prompt‑injection attacks against AI agents. The framework uses YAML‑based service definitions with regex command matching, allowing new decoy services to be added without custom code.

The system includes a plugin SDK for extending functionality via `CommandPlugin` or `HTTPPlugin` interfaces, and it provides full observability through Prometheus metrics and RabbitMQ event streaming. Deployment options cover Docker, Docker Compose, and Kubernetes (Helm), with features such as graceful shutdown and per‑service memory limits for production environments.

Targeted at security teams and engineers who need a highly secure, self‑hostable honeypot solution, Beelzebub offers a low‑code, multi‑protocol deception platform that can be integrated into existing infrastructure to detect and analyze cyber attacks while remaining free, subscription‑free, and released under the MIT license.