trap command deploys lightweight honeypot services that mimic real network services (SSH, HTTP, SMB, and more). When an attacker interacts with a trap, Panguard captures their tactics, generates threat intelligence, and alerts you immediately.
Usage
Subcommands
| Subcommand | Description |
|---|---|
start | Start honeypot services |
stop | Stop all running honeypot services |
status | Show active traps and interaction statistics |
config | View or modify trap configuration |
profiles | List attacker profiles built from trap interactions |
intel | Export collected threat intelligence data |
Options
Comma-separated list of honeypot service types to deploy. Options include
ssh, http, smb,
ftp, mysql, redis, rdp.Override the default directory for trap logs and intelligence data. Defaults to
~/.panguard/trap/.Keep all captured intelligence local — do not upload to the Panguard Threat Cloud.
Examples
Supported Honeypot Services
| Service | Default Port | What It Mimics |
|---|---|---|
ssh | 2222 | OpenSSH server |
http | 8080 | Apache/Nginx web server |
smb | 4450 | Windows file sharing |
ftp | 2121 | FTP server |
mysql | 3307 | MySQL database |
redis | 6380 | Redis key-value store |
rdp | 3390 | Windows Remote Desktop |
Related
Honeypots Guide
Step-by-step guide for deploying and managing honeypots.
Trap Product Overview
Architecture and design of the Trap deception system.
Attacker Profiling
How Panguard builds attacker profiles from trap data.
panguard threat
Run a local Threat Cloud server for intelligence aggregation.