MIRAGE is a defensive honeypot framework designed to be attacked. The fake services, fake credentials, and fake filesystems exist solely to deceive attackers who have already targeted the honeypot. No code in this repository attacks or exploits any real system.

If you discover a vulnerability that could allow an attacker to:

• Escape the honeypot sandbox and access the host system
• Exfiltrate real credentials or data from the host
• Disable logging or alerting without detection
• Tamper with stored incident reports

Please report it privately by emailing the maintainer. Do not open a public issue.

The following are by design and not security issues:

• The SSH honeypot accepts any password → this is how honeypots work
• Fake credentials (AWS keys, DB passwords, SSH keys) are planted intentionally
• The dashboard is accessible without authentication → it's meant for SOC operators on a private network
• Commands run inside the honeypot shell produce fake output → this is deception

MIRAGE runs all untrusted workloads (Cowrie, OpenCanary) inside Docker containers with no host network access. The interactive shell server (port 2222) is also containerized.