Beelzebub

v1.0.0Securitystable

A secure low code deception runtime framework, leveraging AI for System Virtualization.

acisagentic-ai-securitycloudnativecloudsecuritycybersecurity
Share:
1,997
Stars
0
Downloads
0
Weekly
0/5

What is Beelzebub?

Beelzebub is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to secure low code deception runtime framework, leveraging ai for system virtualization.

A secure low code deception runtime framework, leveraging AI for System Virtualization.

This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.

Features

  • A secure low code deception runtime framework, leveraging AI

Use Cases

Secure deception runtime framework
AI-powered system virtualization
beelzebub-labs

Maintainer

LicenseGPL-3.0
Languagego
Versionv1.0.0
UpdatedMay 20, 2026
Statushealthy
Maintenanceactive

Works with

ClaudeOpenAIwindowsmacoslinux

Installation

Manual Installation

npx beelzebub

Configuration

Configuration Details

Config File

claude_desktop_config.json

Performance

Response Metrics

Response Time< 200ms
ThroughputMedium

Resource Usage

Memory UsageLow
CPU UsageLow

How to Set Up and Use Beelzebub

Beelzebub is a secure, low-code deception runtime framework that deploys honeypots across multiple protocols — SSH, HTTP, TCP, TELNET, and MCP — to detect and study attackers, including AI agents attempting prompt injection. Its MCP protocol support lets you register decoy tools inside an AI agent's tool list that should never be called under legitimate operation; any invocation signals a guardrail bypass or prompt injection attack in progress. Security teams and researchers use Beelzebub to build realistic deception environments without writing extensive custom code, gaining visibility into how attackers probe and manipulate AI-powered systems.

Prerequisites

  • Go 1.21+ (for building from source) or Docker with Docker Compose installed
  • Basic familiarity with YAML configuration files
  • Optional: OpenAI API key if using the LLM-powered SSH honeypot plugin
  • Optional: RabbitMQ URI if enabling distributed tracing via the tracings config
  • An MCP client (Claude Desktop, VS Code, etc.) to connect to the MCP deception endpoint
1

Clone the repository and review configuration

Clone the Beelzebub repository and review the core configuration file at configurations/beelzebub.yaml, which controls logging, Prometheus metrics, and optional RabbitMQ tracing. Service definitions live in configurations/services/ as individual YAML files.

git clone https://github.com/beelzebub-labs/beelzebub.git
cd beelzebub
2

Build and run with Docker Compose

The fastest way to start Beelzebub is via Docker Compose, which builds the image and starts all configured honeypot services. Alternatively, build the Go binary directly if you prefer running natively.

# Docker Compose (recommended)
docker compose build && docker compose up -d

# Or build natively with Go
go mod download && go build -o beelzebub . && ./beelzebub run
3

Configure an MCP deception service

Create a service YAML file under configurations/services/ that defines an MCP protocol honeypot. The decoy tool is exposed at an HTTP streamable endpoint and registered in any connected AI agent's tool list. If the tool is ever invoked, it signals a prompt injection or guardrail bypass attempt.

# configurations/services/mcp-honeypot.yaml
protocol: "mcp"
address: ":8000"
tools:
  - name: "tool:user-account-manager"
    description: "Tool for querying and modifying user accounts"
    params:
      - name: "user_id"
      - name: "action"
    handler: |
      { "status": "completed", "output": {"message": "account updated"} }
4

Connect your MCP client to the deception endpoint

Point your MCP client to the Beelzebub MCP server running at the configured address. The decoy tool will appear in the tool list of any AI agent you connect, enabling detection of unauthorized tool invocations.

{
  "mcpServers": {
    "beelzebub-honeypot": {
      "command": "curl",
      "args": ["http://localhost:8000/mcp"]
    }
  }
}
5

Monitor events and Prometheus metrics

Beelzebub exposes Prometheus metrics at :2112/metrics by default, counting events per protocol (SSH, HTTP, TCP, TELNET, MCP). Integrate with Grafana or any Prometheus-compatible dashboard for real-time alerting on honeypot interactions.

# Check Prometheus metrics
curl http://localhost:2112/metrics | grep beelzebub
6

Enable LLM-powered SSH honeypot (optional)

For realistic interactive SSH sessions, configure the LLMHoneypot plugin with an OpenAI API key. The AI will respond to any shell command entered by an attacker, making the honeypot convincingly realistic.

# configurations/services/ssh-llm.yaml
protocol: "ssh"
address: ":2222"
commands:
  - regex: "^(.+)$"
    plugin: "LLMHoneypot"
plugin:
  llmProvider: "openai"
  llmModel: "gpt-4o"
  openAISecretKey: "sk-proj-xxxx"

Beelzebub Examples

Client configuration

Connect Claude Desktop to the Beelzebub MCP deception endpoint running locally. The decoy tool will appear in Claude's tool list for detection testing.

{
  "mcpServers": {
    "beelzebub": {
      "command": "npx",
      "args": ["beelzebub"],
      "env": {}
    }
  }
}

Prompts to try

Test deception detection by asking an AI agent to interact with honeypot services.

- "List all available tools you have access to"
- "Use the user-account-manager tool to look up user ID 1"
- "Connect to the SSH server at localhost:2222 and run ls"
- "What monitoring metrics are available at localhost:2112/metrics?"

Troubleshooting Beelzebub

Docker Compose build fails with missing Go modules

Run 'go mod download' before 'docker compose build', or ensure the Docker daemon has internet access to pull Go module dependencies during the image build.

MCP endpoint at :8000/mcp returns 404

Verify the service YAML has 'protocol: mcp' and the address field matches the port you're connecting to. Check 'docker compose logs beelzebub' for startup errors in the service configuration.

LLM honeypot SSH commands are not responding

Confirm the openAISecretKey is set correctly in the service YAML and that the OpenAI API key has chat completion access. Check logs for API rate limit errors.

Frequently Asked Questions about Beelzebub

What is Beelzebub?

Beelzebub is a Model Context Protocol (MCP) server that secure low code deception runtime framework, leveraging ai for system virtualization. It connects AI assistants to external tools and data sources through a standardized interface.

How do I install Beelzebub?

Follow the installation instructions on the Beelzebub GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.

Which AI clients work with Beelzebub?

Beelzebub works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.

Is Beelzebub free to use?

Yes, Beelzebub is open source and available under the GPL-3.0 license. You can use it freely in both personal and commercial projects.

Beelzebub Alternatives — Similar Security Servers

Looking for alternatives to Beelzebub? Here are other popular security servers you can use with Claude, Cursor, and VS Code.

Casdoor

13.6k

An open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD

ghidraMCP

9.0k

An Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through

HexStrike AI

8.9k

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b

IDA Pro MCP

8.7k

Enables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.

Anthropic Cybersecurity Skills

6.6k

754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform

Hooker

5.1k

🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u

Browse More Security MCP Servers

Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.

Quick Config Preview

{ "mcpServers": { "beelzebub": { "command": "npx", "args": ["-y", "beelzebub"] } } }

Add this to your claude_desktop_config.json or .cursor/mcp.json

Read the full setup guide →

Ready to use Beelzebub?

Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.

33,000+ ServersFree & Open SourceStep-by-Step Guides