Canary Tokens

The software creates lightweight, embedded honeypot triggers—canary tokens—that alert administrators when they are accessed, indicating a possible breach. It runs as a daemon and emulates a variety of network services, so an intruder who interacts with the dummy endpoints generates an alert that includes the source IP and the point of contact. Alerts can be sent through multiple mechanisms configured by the user.

It is written in Python, making it cross‑platform, and can be deployed on minimal hardware such as a Raspberry Pi or a modest virtual machine. The core package is self‑hostable, free, and open‑source under a BSD‑3‑Clause license, with optional modules for protocols like SNMP, Samba, and port‑scan detection that require additional system components. Installation is supported via standard Python tools, Docker, and package managers on Linux and macOS.

The project targets security teams, system administrators, and developers who need a low‑resource, customizable way to detect unauthorized access without relying on external services. Its modular design allows users to extend or modify the honeypot behavior to fit specific environments.