Cowrie vs Velociraptor
GitHub Stats
About Cowrie
Cowrie is a medium to high interaction SSH and Telnet honeypot designed to log brute force attacks, shell interactions, and file downloads. It emulates a full Unix system with a fake filesystem, allowing attackers to interact naturally while all commands, keystrokes, and uploaded files are recorded. Cowrie supports SFTP/SCP file upload capture, session replay in real-time or asynchronously, and forwards connection metadata to ELK, Splunk, or JSON files. It can proxy connections to real systems for high-interaction scenarios. Used to collect threat intelligence on attack tools, credentials, and TTPs being used against SSH infrastructure.
About Velociraptor
Velociraptor is an endpoint visibility and collection tool designed for digital forensic investigations and incident response (DFIR). It allows security teams to hunt for artifacts across thousands of endpoints simultaneously, providing deep insights into system activities. Written in Go, Velociraptor is notable for its scalability and speed, enabling rapid response and comprehensive analysis in enterprise environments.
Platform Support
Tags
Cowrie only
Velociraptor only