Skill

implementing-honeytokens-for-breach-detection

From asi

Deploys honeytokens like fake AWS credentials, DNS canaries, document beacons, and DB records using Canarytokens API and webhooks to alert on attacker access. For intrusion detection systems.

Python

AWS

security

npx claudepluginhub plurigrid/asi --plugin asi

Tool Access

This skill uses the workspace's default tool permissions.

Preview

- When deploying or configuring implementing honeytokens for breach detection capabilities in your environment

SKILL.md

Similar Skills

implementing-honeytokens-for-breach-detection

5.9k

Deploys honeytokens including fake AWS credentials, DNS canaries, document beacons, and DB records via Canarytokens API and webhooks to alert on attacker access for intrusion detection.

3 files

cybersecurity-skills

implementing-honeytokens-for-breach-detection

Deploys honeytokens like fake AWS credentials, DNS canaries, document beacons, and database records that trigger alerts on access using Canarytokens API and webhooks. For breach detection in security operations.

3 files

cybersecurity-skills-zh

implementing-deception-based-detection-with-canarytoken

Deploys and monitors Canary Tokens via Thinkst Canary API for deception-based breach detection using web bug, DNS, document, and AWS key tokens. Useful for cybersecurity tripwires.

asi

Stats

Parent Repo Stars16

Parent Repo Forks5

Last CommitApr 4, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Implementing Honeytokens for Breach Detection

When to Use

When deploying or configuring implementing honeytokens for breach detection capabilities in your environment

When establishing security controls aligned to compliance requirements

When building or improving security architecture for this domain

When conducting security assessments that require this implementation

Prerequisites

Familiarity with security operations concepts and tools

Access to a test or lab environment for safe execution

Python 3.8+ with required dependencies installed

Appropriate authorization for any testing activities

Instructions

Deploy honeytokens across critical systems to detect unauthorized access. Each token type alerts via webhook when triggered by an attacker.

import requests # Create a DNS canary token via Canarytokens resp = requests.post("https://canarytokens.org/generate", data={ "type": "dns", "email": "soc@company.com", "memo": "Production DB server honeytoken", }) token = resp.json() print(f"DNS token: {token['hostname']}")

Token types to deploy:

AWS credential files (~/.aws/credentials) with canary keys

DNS tokens embedded in configuration files

Document beacons (Word/PDF) in sensitive file shares

Database honeytoken records in user tables

Web bugs in internal wiki/documentation pages

Examples

# Generate a fake AWS credentials file with canary token aws_creds = f"[default]\naws_access_key_id = {canary_key_id}\naws_secret_access_key = {canary_secret}\n" with open("/opt/backup/.aws/credentials", "w") as f: f.write(aws_creds)