{"passport":{"unfragile":{"@version":"1.0","version":"2026-05","artifact":{"id":"awesome-beelzebub-chatgpt-honeypot","slug":"beelzebub-chatgpt-honeypot","name":"Beelzebub ChatGPT Honeypot","type":"repo","url":"https://github.com/mariocandela/beelzebub","page_url":"https://unfragile.ai/beelzebub-chatgpt-honeypot","categories":["code-review-security"],"tags":[],"pricing":{"model":"open_source","free":true,"starting_price":null},"status":"active","verified":false},"capabilities":[{"id":"awesome-beelzebub-chatgpt-honeypot__cap_0","uri":"capability://automation.workflow.multi.protocol.honeypot.service.instantiation.via.builder.pattern","name":"multi-protocol honeypot service instantiation via builder pattern","description":"Constructs complete honeypot systems across SSH, HTTP, and TCP protocols using a Builder pattern implementation that coordinates configuration parsing, protocol manager initialization, and service lifecycle management. The Director component orchestrates the building sequence, loading YAML configurations and delegating protocol-specific setup to specialized builders, enabling low-code honeypot deployment without manual service wiring.","intents":["I want to spin up multiple protocol honeypots (SSH, HTTP, TCP) from a single configuration file without writing boilerplate service code","I need to programmatically construct honeypot instances with different protocol configurations at runtime","I want to extend honeypot types without modifying core initialization logic"],"best_for":["security teams deploying multi-protocol deception infrastructure","penetration testers building custom honeypot networks for red team exercises","developers integrating honeypots into larger threat detection platforms"],"limitations":["Builder pattern adds initialization overhead (~50-100ms per service) compared to direct instantiation","Configuration must be valid YAML; no runtime validation of protocol-specific constraints until service startup","Single-threaded Director orchestration may bottleneck initialization of 10+ simultaneous honeypot services"],"requires":["Go 1.16+","YAML configuration files with valid protocol definitions","Network ports available for each honeypot service (SSH:22, HTTP:80/443, TCP:custom)"],"input_types":["YAML configuration files","CLI arguments for config path override"],"output_types":["initialized Beelzebub service instances","protocol-specific listeners bound to network ports"],"categories":["automation-workflow","infrastructure-as-code"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"awesome-beelzebub-chatgpt-honeypot__cap_1","uri":"capability://text.generation.language.llm.powered.dynamic.command.response.generation.for.ssh.honeypots","name":"llm-powered dynamic command response generation for ssh honeypots","description":"Integrates OpenAI and Ollama LLM providers to generate contextually realistic SSH command responses in real-time, replacing static response files. When an attacker executes a command matching configured regex patterns, the system constructs a prompt from the matched command and sends it to the configured LLM provider, receiving dynamically generated output that mimics legitimate system behavior. This approach uses a plugin architecture where LLMHoneypot implements the response generator interface.","intents":["I want SSH honeypot responses to feel authentic and vary based on attacker input, not just return static strings","I need to simulate complex system behaviors (file listings, process outputs, error messages) without pre-recording them","I want to use either OpenAI's GPT models or self-hosted Ollama to avoid cloud dependencies for sensitive deployments"],"best_for":["security researchers studying attacker behavior and command patterns","threat intelligence teams analyzing attack sophistication through honeypot interactions","organizations requiring air-gapped honeypots (using Ollama) for compliance reasons"],"limitations":["LLM latency (500ms-2s per response) may be detectable by sophisticated attackers; responses slower than real systems","Prompt injection attacks possible if attacker commands are not sanitized before LLM submission","OpenAI integration requires valid API key and incurs per-token costs; Ollama requires local GPU/CPU resources","LLM responses may occasionally contradict configured regex patterns or system state, reducing believability"],"requires":["OpenAI API key (for GPT models) OR Ollama instance running locally (for self-hosted models)","SSH honeypot service configured with regex command patterns","Network connectivity to OpenAI API or local Ollama endpoint","Sufficient LLM context window to include command, system context, and response generation prompt"],"input_types":["SSH command strings (matched against regex patterns)","system context metadata (username, working directory, previous commands)"],"output_types":["LLM-generated command output strings","structured response objects with exit codes and stderr/stdout"],"categories":["text-generation-language","tool-use-integration"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"awesome-beelzebub-chatgpt-honeypot__cap_10","uri":"capability://tool.use.integration.plugin.system.for.extensible.honeypot.handlers.and.response.generators","name":"plugin system for extensible honeypot handlers and response generators","description":"Implements a plugin architecture that allows custom handlers and response generators to be registered at runtime without modifying core Beelzebub code. The LLMHoneypot plugin demonstrates this pattern, implementing a response generator interface that can be swapped for alternative implementations. Plugins can be loaded from external Go packages or compiled into the binary, enabling operators to extend honeypot functionality for custom protocols or attack simulation scenarios.","intents":["I want to implement custom response generation logic beyond LLM and static responses","I need to add support for new protocols or attack simulation scenarios without modifying Beelzebub core","I want to integrate custom threat intelligence or attack pattern databases into honeypot responses"],"best_for":["security researchers building custom honeypot extensions for research projects","organizations with proprietary protocols requiring custom honeypot implementations","threat intelligence teams integrating custom attack databases into honeypot responses"],"limitations":["Plugin development requires Go programming knowledge; no support for plugins in other languages","Plugins must be compiled into the binary; no dynamic plugin loading at runtime","Plugin interface is not versioned; breaking changes to interfaces require recompilation of all plugins","Limited documentation on plugin development; requires reading Beelzebub source code"],"requires":["Go 1.16+ development environment","Understanding of Beelzebub plugin interfaces (response generator, event handler, etc.)","Ability to compile custom plugins and link them into Beelzebub binary"],"input_types":["plugin source code (Go packages)","plugin interface definitions"],"output_types":["compiled plugin binaries","extended Beelzebub binary with custom plugins"],"categories":["tool-use-integration","code-generation-editing"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"awesome-beelzebub-chatgpt-honeypot__cap_11","uri":"capability://automation.workflow.docker.and.kubernetes.deployment.with.container.orchestration.support","name":"docker and kubernetes deployment with container orchestration support","description":"Provides Docker containerization and Kubernetes deployment manifests for running Beelzebub in containerized environments. Docker images include all dependencies and can be deployed as standalone containers or orchestrated via Kubernetes. Kubernetes support includes ConfigMap-based configuration management, Service definitions for network exposure, and StatefulSet patterns for persistent honeypot deployments. This enables honeypots to be deployed alongside other containerized security infrastructure.","intents":["I want to deploy honeypots in Docker containers for consistency and portability","I need to orchestrate multiple honeypot instances across a Kubernetes cluster","I want to manage honeypot configuration via Kubernetes ConfigMaps and Secrets"],"best_for":["cloud-native security teams deploying honeypots in Kubernetes clusters","DevOps teams integrating honeypots into containerized security infrastructure","organizations using Docker Compose or Kubernetes for infrastructure management"],"limitations":["Docker images add ~50-100MB overhead compared to binary deployment","Kubernetes networking requires careful configuration of Services and NetworkPolicies to expose honeypots","Container resource limits may impact honeypot performance under high-volume attacks","Persistent storage for event logs requires external volumes; no built-in persistence"],"requires":["Docker 20.10+ (for container deployment)","Kubernetes 1.20+ (for Kubernetes deployment)","Container registry access (Docker Hub, ECR, etc.) for image storage","Kubernetes ConfigMaps and Secrets for configuration management"],"input_types":["Dockerfile for image building","Kubernetes manifests (Deployment, Service, ConfigMap, Secret)","Docker Compose files for local testing"],"output_types":["Docker container images","running containers with exposed honeypot services","Kubernetes pods and services"],"categories":["automation-workflow","infrastructure-as-code"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"awesome-beelzebub-chatgpt-honeypot__cap_12","uri":"capability://text.generation.language.customizable.llm.prompts.for.attack.specific.response.generation","name":"customizable llm prompts for attack-specific response generation","description":"Allows operators to customize LLM prompts that guide response generation for different attack scenarios, enabling fine-tuned honeypot behavior without code changes. Prompts can be configured per-protocol or per-command, allowing different response styles for SSH commands vs HTTP requests. This enables operators to simulate specific system behaviors (e.g., vulnerable database responses, misconfigured web servers) by crafting targeted prompts.","intents":["I want to customize LLM responses to simulate specific system behaviors or vulnerabilities","I need to generate different response styles for different attack types (reconnaissance vs exploitation)","I want to tune honeypot realism by adjusting LLM prompts based on observed attacker behavior"],"best_for":["threat researchers fine-tuning honeypot responses to study specific attack patterns","security teams simulating specific vulnerable systems or misconfigurations","organizations customizing honeypot behavior for industry-specific attack scenarios"],"limitations":["Prompt engineering requires expertise; poorly crafted prompts generate unrealistic responses","LLM responses are non-deterministic; same prompt may generate different responses across invocations","Prompt injection attacks possible if attacker input is included in prompts without sanitization","Prompt customization requires redeployment; no runtime prompt updates"],"requires":["YAML configuration with custom prompt templates","Understanding of LLM prompt engineering best practices","OpenAI API key or Ollama instance for response generation"],"input_types":["prompt templates (text with placeholders for command/request data)","protocol-specific or command-specific prompt configurations"],"output_types":["LLM-generated responses tailored to custom prompts","honeypot responses simulating specific system behaviors"],"categories":["text-generation-language","automation-workflow"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"awesome-beelzebub-chatgpt-honeypot__cap_2","uri":"capability://data.processing.analysis.protocol.agnostic.event.tracing.and.attack.recording","name":"protocol-agnostic event tracing and attack recording","description":"Implements a Singleton tracer component that captures all honeypot interactions (SSH commands, HTTP requests, TCP packets) into structured event logs, with pluggable backends for persistence and real-time publishing. Events include attack metadata (source IP, timestamp, protocol, payload), and the tracer can route events to RabbitMQ for stream processing, Prometheus for metrics aggregation, or local file storage. The tracer uses a Strategy pattern to support multiple output backends without coupling to specific implementations.","intents":["I want to capture every attack interaction across all honeypot protocols in a unified event format for forensic analysis","I need to stream honeypot events to a SIEM or threat intelligence platform in real-time via RabbitMQ","I want to generate Prometheus metrics from honeypot activity (attack frequency, protocol distribution, attacker geolocation)"],"best_for":["SOC teams correlating honeypot events with other security telemetry","threat intelligence analysts building attack pattern databases from honeypot interactions","DevSecOps teams monitoring honeypot health and attack trends via Prometheus dashboards"],"limitations":["Singleton tracer pattern creates global state; difficult to run multiple independent Beelzebub instances in same process","Event serialization (JSON encoding) adds ~5-10ms latency per event; high-volume attacks may cause buffering","RabbitMQ integration requires external message broker; no built-in fallback if broker is unavailable","Prometheus metrics are pull-based; real-time alerting requires external Prometheus + Alertmanager setup"],"requires":["RabbitMQ broker (if using RabbitMQ backend) with valid connection credentials","Prometheus instance (if using Prometheus metrics export)","File system write permissions (if using file-based event storage)","Network connectivity to configured event backends"],"input_types":["protocol-specific events (SSH command execution, HTTP requests, TCP connections)","attack metadata (source IP, timestamp, payload, protocol)"],"output_types":["structured JSON event logs","RabbitMQ message queue entries","Prometheus time-series metrics","local file-based event records"],"categories":["data-processing-analysis","automation-workflow"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"awesome-beelzebub-chatgpt-honeypot__cap_3","uri":"capability://automation.workflow.http.honeypot.endpoint.configuration.with.static.and.llm.generated.responses","name":"http honeypot endpoint configuration with static and llm-generated responses","description":"Defines configurable HTTP honeypot services that listen on specified ports and respond to requests on defined endpoint paths with either static response bodies or LLM-generated content. Each endpoint can be configured with HTTP method matching (GET, POST, etc.), response status codes, custom headers, and optional regex-based request body matching. The HTTP honeypot service uses the same LLMHoneypot plugin as SSH, allowing dynamic response generation for sophisticated attack simulation.","intents":["I want to create fake web application endpoints that respond realistically to attacker probing and exploitation attempts","I need to simulate vulnerable APIs or web services without exposing real systems","I want to generate different responses based on request content (e.g., different responses for SQL injection vs XSS payloads)"],"best_for":["web application security teams testing attack detection and response capabilities","threat intelligence teams analyzing web-based attack patterns and payloads","incident response teams simulating compromised web services for training"],"limitations":["Static responses cannot adapt to complex HTTP features (cookies, sessions, redirects); LLM responses add latency","No built-in HTTPS/TLS support without external reverse proxy; requires manual certificate management","Regex-based request matching is limited; complex content negotiation requires custom endpoint handlers","HTTP honeypot cannot maintain state across requests; each request is independent"],"requires":["Available TCP port for HTTP listener (typically 80 or 8080)","YAML configuration defining endpoint paths, methods, and response bodies","OpenAI API key or Ollama instance (if using LLM-generated responses)"],"input_types":["HTTP requests (method, path, headers, body)","endpoint configuration (path patterns, response templates)"],"output_types":["HTTP responses (status code, headers, body)","event records (request/response metadata)"],"categories":["automation-workflow","text-generation-language"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"awesome-beelzebub-chatgpt-honeypot__cap_4","uri":"capability://automation.workflow.ssh.honeypot.with.regex.based.command.matching.and.authentication","name":"ssh honeypot with regex-based command matching and authentication","description":"Implements an SSH server honeypot that accepts connections with configurable credentials, matches executed commands against regex patterns, and returns either static or LLM-generated responses. The SSH honeypot can be configured with custom server version strings and server names to mimic specific SSH implementations. Command matching uses regex patterns to identify attack commands (e.g., privilege escalation attempts, reconnaissance commands) and route them to appropriate response handlers.","intents":["I want to detect and analyze SSH brute-force attacks and command execution attempts without exposing real systems","I need to understand what commands attackers execute after gaining SSH access","I want to simulate a specific SSH server version or system to study version-specific exploits"],"best_for":["infrastructure security teams monitoring for unauthorized SSH access","threat research teams analyzing post-exploitation behavior","security operations centers (SOCs) building attack pattern databases"],"limitations":["SSH honeypot does not support interactive shell sessions; only command execution with predefined responses","Regex pattern matching is limited; complex command parsing requires custom handlers","No support for SSH key authentication; password-only authentication may be detected by sophisticated attackers","Server version spoofing is detectable via SSH protocol details (key exchange algorithms, supported ciphers)"],"requires":["Available TCP port 22 (or custom port configured in YAML)","SSH honeypot service configuration with authentication credentials and command patterns","OpenAI API key or Ollama instance (if using LLM-generated responses)"],"input_types":["SSH connection attempts (username, password)","SSH command execution requests (command strings)","regex patterns for command matching"],"output_types":["SSH authentication success/failure responses","command execution output (stdout, stderr, exit codes)","event records (connection metadata, executed commands)"],"categories":["automation-workflow","text-generation-language"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"awesome-beelzebub-chatgpt-honeypot__cap_5","uri":"capability://automation.workflow.tcp.honeypot.for.custom.protocol.simulation","name":"tcp honeypot for custom protocol simulation","description":"Provides a generic TCP honeypot service that listens on configurable ports and responds to raw TCP connections with static or LLM-generated responses. Unlike SSH and HTTP honeypots, TCP honeypots are protocol-agnostic and can simulate any TCP-based service (Telnet, FTP, custom protocols) by matching incoming data against regex patterns and returning configured responses. This enables honeypots for proprietary or legacy protocols without protocol-specific implementation.","intents":["I want to honeypot custom or proprietary TCP-based protocols without writing protocol-specific code","I need to detect scanning and exploitation attempts against non-standard services (Telnet, legacy databases, custom APIs)","I want to simulate multiple different TCP services on different ports from a single configuration file"],"best_for":["organizations defending legacy systems and proprietary protocols","threat researchers studying attacks against non-standard services","security teams deploying deception infrastructure for custom internal protocols"],"limitations":["No protocol-specific intelligence; regex matching is crude for complex binary protocols","Stateless responses; cannot maintain protocol state across multiple messages","Binary protocol support is limited; regex matching works best on text-based protocols","No built-in protocol parsing; attackers may detect honeypot via protocol violations"],"requires":["Available TCP port(s) for honeypot listeners","YAML configuration defining port, regex patterns, and response templates","OpenAI API key or Ollama instance (if using LLM-generated responses)"],"input_types":["raw TCP data (text or binary)","regex patterns for data matching","response templates (static strings or LLM prompts)"],"output_types":["TCP response data (text or binary)","event records (connection metadata, exchanged data)"],"categories":["automation-workflow"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"awesome-beelzebub-chatgpt-honeypot__cap_6","uri":"capability://automation.workflow.rabbitmq.event.publishing.for.distributed.attack.analysis","name":"rabbitmq event publishing for distributed attack analysis","description":"Integrates with RabbitMQ message broker to publish honeypot events in real-time, enabling downstream stream processing, SIEM ingestion, and distributed analysis. Events are serialized as JSON and published to configurable RabbitMQ exchanges/queues, allowing multiple consumers to subscribe to attack data without coupling to the honeypot. This enables architectures where honeypots feed threat intelligence pipelines, incident response workflows, and security analytics platforms.","intents":["I want to stream honeypot events to my SIEM or threat intelligence platform in real-time","I need to process honeypot events through multiple downstream systems (correlation, enrichment, alerting) without modifying the honeypot","I want to build a distributed honeypot network where events from multiple honeypots feed a central analysis platform"],"best_for":["enterprise SOCs integrating honeypots into existing security infrastructure","threat intelligence teams building attack pattern databases from multiple honeypots","DevSecOps teams building event-driven security automation workflows"],"limitations":["Requires external RabbitMQ broker; adds operational complexity and potential single point of failure","Event publishing is asynchronous; no guarantee of delivery if broker is unavailable","RabbitMQ connection failures may cause event loss if not properly handled with retry logic","Message serialization (JSON encoding) adds ~5-10ms latency per event"],"requires":["RabbitMQ broker instance (3.8+) with network accessibility","RabbitMQ connection credentials (username, password, host, port)","RabbitMQ exchange and queue configuration matching Beelzebub's publishing configuration","Downstream consumers subscribed to RabbitMQ queues to process events"],"input_types":["honeypot events (SSH commands, HTTP requests, TCP connections)","RabbitMQ connection configuration (host, port, credentials, exchange/queue names)"],"output_types":["JSON-serialized event messages published to RabbitMQ","event routing to multiple downstream consumers"],"categories":["automation-workflow","tool-use-integration"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"awesome-beelzebub-chatgpt-honeypot__cap_7","uri":"capability://data.processing.analysis.prometheus.metrics.export.for.honeypot.monitoring.and.alerting","name":"prometheus metrics export for honeypot monitoring and alerting","description":"Exports honeypot activity as Prometheus time-series metrics, enabling real-time monitoring, dashboarding, and alerting on attack patterns. Metrics include attack frequency by protocol, source IP distribution, command execution patterns, and response latencies. The tracer publishes metrics in Prometheus text format on a configurable HTTP endpoint, allowing Prometheus servers to scrape honeypot metrics alongside other infrastructure metrics.","intents":["I want to monitor honeypot activity in real-time via Prometheus dashboards and Grafana visualizations","I need to set up alerts when attack patterns change (e.g., spike in SSH brute-force attempts)","I want to correlate honeypot metrics with other infrastructure metrics (network, application, system) in Prometheus"],"best_for":["DevOps and SRE teams monitoring security infrastructure alongside application metrics","SOCs building real-time dashboards of attack activity","security teams setting up automated alerts on anomalous honeypot activity"],"limitations":["Prometheus metrics are pull-based; honeypot must expose HTTP endpoint for scraping (adds operational overhead)","Metrics cardinality can explode if source IPs or commands are used as labels; requires careful metric design","Real-time alerting requires Prometheus + Alertmanager setup; no built-in alerting in Beelzebub","Metric retention is limited by Prometheus storage; long-term analysis requires external data warehouse"],"requires":["Prometheus server (2.0+) configured to scrape honeypot metrics endpoint","Available HTTP port for metrics endpoint (typically 9090 or custom)","Grafana (optional, for visualization) or other Prometheus-compatible dashboarding tool"],"input_types":["honeypot events (attacks, commands, connections)","Prometheus scrape configuration (interval, timeout)"],"output_types":["Prometheus text format metrics (HELP, TYPE, samples)","time-series data in Prometheus TSDB","Grafana dashboards and alerts"],"categories":["data-processing-analysis","automation-workflow"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"awesome-beelzebub-chatgpt-honeypot__cap_8","uri":"capability://automation.workflow.yaml.based.configuration.for.honeypot.services.and.global.settings","name":"yaml-based configuration for honeypot services and global settings","description":"Provides declarative YAML configuration system for defining honeypot services (SSH, HTTP, TCP), protocol-specific parameters, LLM provider settings, and global logging/tracing configuration. Configuration is split into core configuration (beelzebub.yaml) for global settings and service configuration files for individual honeypot definitions. The parser component loads and validates YAML, enabling operators to deploy honeypots without code changes or recompilation.","intents":["I want to define multiple honeypot services in configuration files without writing Go code","I need to change honeypot behavior (ports, responses, LLM providers) without recompiling","I want to version control honeypot configurations and deploy them consistently across environments"],"best_for":["security operations teams managing honeypot deployments across multiple environments","DevOps engineers automating honeypot deployment via infrastructure-as-code","security researchers rapidly prototyping honeypot configurations"],"limitations":["YAML syntax errors are not caught until runtime; no schema validation at parse time","Complex conditional logic is not supported; all configuration is static","No environment variable substitution; credentials must be hardcoded or injected externally","Configuration hot-reloading is not supported; changes require service restart"],"requires":["Valid YAML syntax for configuration files","File system read permissions for configuration files","Knowledge of Beelzebub configuration schema (protocol types, parameter names)"],"input_types":["YAML configuration files (beelzebub.yaml, service configs)","CLI arguments for config file paths"],"output_types":["parsed configuration objects","validated service definitions","error messages for invalid configurations"],"categories":["automation-workflow","infrastructure-as-code"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"awesome-beelzebub-chatgpt-honeypot__cap_9","uri":"capability://automation.workflow.telegram.real.time.attack.notifications","name":"telegram real-time attack notifications","description":"Sends real-time attack notifications to Telegram channels/users when honeypot events occur, enabling immediate alerting to security teams. The notification system integrates with the tracer to subscribe to attack events and format them as Telegram messages. This provides out-of-band alerting independent of SIEM or monitoring systems, ensuring critical attacks are immediately visible to on-call personnel.","intents":["I want to receive immediate Telegram notifications when attacks are detected by honeypots","I need to alert on-call security personnel to critical honeypot events without waiting for SIEM ingestion","I want to send formatted attack summaries (source IP, command, timestamp) to Telegram for quick triage"],"best_for":["security operations centers with on-call rotation requiring immediate attack notifications","incident response teams needing rapid alerting on honeypot activity","security teams in resource-constrained environments without SIEM infrastructure"],"limitations":["Telegram API rate limits may cause notification delays during high-volume attacks","Telegram notifications are unstructured text; no built-in filtering or correlation","Requires Telegram bot token and chat ID; credentials must be securely managed","No acknowledgment mechanism; cannot track which alerts have been acted upon"],"requires":["Telegram bot token (created via BotFather)","Telegram chat ID or channel ID for receiving notifications","Network connectivity to Telegram API (api.telegram.org)","Beelzebub configuration with Telegram integration enabled"],"input_types":["honeypot events (attacks, commands, connections)","Telegram bot token and chat ID"],"output_types":["Telegram messages sent to configured chat/channel","formatted attack summaries with metadata"],"categories":["automation-workflow","tool-use-integration"],"confidence":0.5,"matches":0,"success_rate":0}],"trust":{"score":25,"verified":false,"data_access_risk":"high","permissions":["Go 1.16+","YAML configuration files with valid protocol definitions","Network ports available for each honeypot service (SSH:22, HTTP:80/443, TCP:custom)","OpenAI API key (for GPT models) OR Ollama instance running locally (for self-hosted models)","SSH honeypot service configured with regex command patterns","Network connectivity to OpenAI API or local Ollama endpoint","Sufficient LLM context window to include command, system context, and response generation prompt","Go 1.16+ development environment","Understanding of Beelzebub plugin interfaces (response generator, event handler, etc.)","Ability to compile custom plugins and link them into Beelzebub binary"],"failure_modes":["Builder pattern adds initialization overhead (~50-100ms per service) compared to direct instantiation","Configuration must be valid YAML; no runtime validation of protocol-specific constraints until service startup","Single-threaded Director orchestration may bottleneck initialization of 10+ simultaneous honeypot services","LLM latency (500ms-2s per response) may be detectable by sophisticated attackers; responses slower than real systems","Prompt injection attacks possible if attacker commands are not sanitized before LLM submission","OpenAI integration requires valid API key and incurs per-token costs; Ollama requires local GPU/CPU resources","LLM responses may occasionally contradict configured regex patterns or system state, reducing believability","Plugin development requires Go programming knowledge; no support for plugins in other languages","Plugins must be compiled into the binary; no dynamic plugin loading at runtime","Plugin interface is not versioned; breaking changes to interfaces require recompilation of all plugins","builder identity is not verified yet","no observed match outcomes yet"],"rank_breakdown":{"adoption":0.05,"quality":0.35,"ecosystem":0.39999999999999997,"match_graph":0.25,"freshness":0.52,"weights":{"adoption":0.3,"quality":0.2,"ecosystem":0.15,"match_graph":0.3,"freshness":0.05}},"observed_outcomes":{"matches":0,"success_rate":0,"avg_confidence":0,"top_intents":[],"last_matched_at":null},"maintenance":{"status":"active","updated_at":"2026-06-17T09:51:02.371Z","last_scraped_at":"2026-05-03T14:00:05.262Z","last_commit":null},"community":{"stars":null,"forks":null,"weekly_downloads":null,"model_downloads":null,"model_likes":null}},"distribution":{"claim_url":"https://unfragile.ai/submit?claim=beelzebub-chatgpt-honeypot","compare_url":"https://unfragile.ai/compare?artifact=beelzebub-chatgpt-honeypot"}},"signature":"B4p8aG555EwsVTZ6jSW+CWFz426YLkazG+j/MTaOA4lZCurJDN5zyZ/SUDRDmjS1vW9t9OcK2tSwUwgj0Y65AA==","signedAt":"2026-06-19T11:15:16.862Z","signedBy":"unfragile.ai","version":1},"_links":{"self":"https://unfragile.ai/api/v1/passport/beelzebub-chatgpt-honeypot","artifact":"https://unfragile.ai/beelzebub-chatgpt-honeypot","verify":"https://unfragile.ai/api/v1/verify?slug=beelzebub-chatgpt-honeypot","publicKey":"https://unfragile.ai/api/v1/trust-passport-public-key","spec":"https://unfragile.ai/trust","schema":"https://unfragile.ai/schema.json","docs":"https://unfragile.ai/docs"}}