Beelzebub Honeypot

v1.0.0Securitystable

Description: Introduce Beelzebub, an MCP‑based honeypot framework that enables creating decoy tools to detect prompt injection and malicious agent behavior. Motivation: Strengthen the security of LLM workflows by adding a non‑intrusive detection mech

acisagentic-ai-securitycloudnativecloudsecuritycybersecurity
Share:
1,999
Stars
0
Downloads
0
Weekly
0/5

What is Beelzebub Honeypot?

Beelzebub Honeypot is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to description: introduce beelzebub, an mcp‑based honeypot framework that enables creating decoy tools to detect prompt injection and malicious agent behavior. motivation: strengthen the security of llm ...

Description: Introduce Beelzebub, an MCP‑based honeypot framework that enables creating decoy tools to detect prompt injection and malicious agent behavior. Motivation: Strengthen the security of LLM workflows by adding a non‑intrusive detection mech

This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.

Features

  • Description: Introduce Beelzebub, an MCP‑based honeypot fram

Use Cases

Detect prompt injection attacks
Malicious agent behavior detection framework
beelzebub-labs

Maintainer

LicenseGPL-3.0
Languagego
Versionv1.0.0
UpdatedMay 22, 2026
Statushealthy
Maintenanceactive

Works with

ClaudeOpenAIwindowsmacoslinux

Installation

Manual Installation

npx beelzebub-mcp-honeypot

Configuration

Configuration Details

Config File

claude_desktop_config.json

Performance

Response Metrics

Response Time< 200ms
ThroughputMedium

Resource Usage

Memory UsageLow
CPU UsageLow

How to Set Up and Use Beelzebub Honeypot

Beelzebub is an open-source MCP-based honeypot framework written in Go that creates decoy tools designed to detect prompt injection attacks and malicious agent behavior in LLM-powered workflows. It runs configurable honeypot services — fake user account managers, system log viewers, and other enticing tools — that silently flag any agent or external input that attempts to invoke them, providing a non-intrusive detection layer for agentic AI security. Security engineers and AI platform teams embed Beelzebub alongside their real MCP tools to catch adversarial prompt injection attempts before they cause harm.

Prerequisites

  • Go 1.21+ runtime (for local builds) or Docker and Docker Compose (for containerized deployment)
  • An OpenAI API key (if using LLM-powered honeypot responses) or a local Ollama instance
  • Optional: RabbitMQ for event streaming and alerting on honeypot activations
  • Optional: Prometheus for metrics collection on honeypot trigger rates
  • An MCP client or agent framework to embed the honeypot tools alongside your real MCP tools
1

Clone the repository

Clone the Beelzebub repository from GitHub.

git clone https://github.com/beelzebub-labs/beelzebub.git
cd beelzebub
2

Start with Docker Compose (recommended)

The fastest way to run Beelzebub is with Docker Compose. This builds all containers and starts the honeypot services defined in the default configuration.

docker compose build
docker compose up -d
3

Build and run locally with Go

If you prefer running without Docker, use the Go toolchain to build and start Beelzebub directly.

go mod download
go build -o beelzebub .
./beelzebub run
4

Configure honeypot services

Define your decoy MCP tools in the services/ directory YAML files. Each service specifies the protocol (MCP), the tool name, description, parameter schema, and the static or LLM-generated response to return when triggered. The tool description should be enticing enough that a prompt-injected agent would try to call it.

# services/user-account-manager.yaml example structure
# protocol: mcp
# address: :8090
# description: Simulates user account management
# plugin:
#   llmProvider: openai
#   llmModel: gpt-4o
#   openAISecretKey: sk-proj-...
#   prompt: "You are simulating a user account management system."
5

Configure LLM-powered responses (optional)

To make honeypot responses more convincing, enable the LLMHoneypot plugin. You can use OpenAI or a local Ollama model. Set your credentials in the service YAML or via environment variables.

# OpenAI provider
export OPENAI_API_KEY=sk-proj-...

# Or Ollama (local, no API key needed)
# Set in service YAML:
# plugin:
#   llmProvider: ollama
#   llmModel: codellama:7b
#   host: http://localhost:11434/api/chat
6

Expose the honeypot MCP endpoint to your agent

The Beelzebub MCP service listens at http://beelzebub:<port>/mcp. Register it alongside your legitimate MCP servers in your agent's config so the honeypot tools appear in the tool list. Any agent that calls a honeypot tool will be flagged.

{
  "mcpServers": {
    "real-tools": {
      "type": "http",
      "url": "http://localhost:8080/mcp"
    },
    "beelzebub-honeypot": {
      "type": "http",
      "url": "http://localhost:8090/mcp"
    }
  }
}

Beelzebub Honeypot Examples

Client configuration

Register Beelzebub honeypot tools alongside your real MCP tools. The honeypot tools appear in the combined tool list — any agent that invokes them triggers a detection event.

{
  "mcpServers": {
    "real-tools": {
      "type": "http",
      "url": "http://localhost:8080/mcp"
    },
    "beelzebub-honeypot": {
      "type": "http",
      "url": "http://localhost:8090/mcp"
    }
  }
}

Prompts to try

These prompts help you test and validate your Beelzebub honeypot setup. In a real attack scenario, the prompt injection itself would cause the agent to call the honeypot tool.

- "List all MCP tools available in this session." (verify honeypot tools appear alongside real tools)
- "Call the user-account-manager tool and query admin accounts." (should trigger a detection event)
- "Check the system-log tool for recent authentication failures." (honeypot tool — triggers alert)
- "Show me the Prometheus metrics for honeypot trigger counts."
- "What events has Beelzebub logged in the last hour?"

Troubleshooting Beelzebub Honeypot

docker compose up fails with 'service not found' or port conflicts

Check that the ports defined in your service YAML files (e.g., :8090) are not already in use. Run 'lsof -i :8090' to find conflicts. Edit the services/ YAML to use different ports and update your MCP client config accordingly.

LLM-powered honeypot responses return errors about missing API key

Set the OpenAI key in the service YAML under 'plugin.openAISecretKey', or export OPENAI_API_KEY in the environment before starting Beelzebub. For Ollama, ensure the Ollama service is running at the configured host and the specified model has been pulled with 'ollama pull codellama:7b'.

Honeypot triggers are not appearing in RabbitMQ or logs

RabbitMQ event streaming is disabled by default. Enable it in beelzebub.yaml by setting 'tracings.rabbit-mq.enabled: true' and providing a valid 'tracings.rabbit-mq.uri'. For basic logging without RabbitMQ, check the logs path configured under 'logging.logsPath'.

Frequently Asked Questions about Beelzebub Honeypot

What is Beelzebub Honeypot?

Beelzebub Honeypot is a Model Context Protocol (MCP) server that description: introduce beelzebub, an mcp‑based honeypot framework that enables creating decoy tools to detect prompt injection and malicious agent behavior. motivation: strengthen the security of llm workflows by adding a non‑intrusive detection mech It connects AI assistants to external tools and data sources through a standardized interface.

How do I install Beelzebub Honeypot?

Follow the installation instructions on the Beelzebub Honeypot GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.

Which AI clients work with Beelzebub Honeypot?

Beelzebub Honeypot works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.

Is Beelzebub Honeypot free to use?

Yes, Beelzebub Honeypot is open source and available under the GPL-3.0 license. You can use it freely in both personal and commercial projects.

Beelzebub Honeypot Alternatives — Similar Security Servers

Looking for alternatives to Beelzebub Honeypot? Here are other popular security servers you can use with Claude, Cursor, and VS Code.

Casdoor

13.6k

An open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD

ghidraMCP

9.0k

An Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through

HexStrike AI

8.9k

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b

IDA Pro MCP

8.7k

Enables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.

Anthropic Cybersecurity Skills

6.6k

754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform

Hooker

5.1k

🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u

Browse More Security MCP Servers

Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.

Quick Config Preview

{ "mcpServers": { "beelzebub-mcp-honeypot": { "command": "npx", "args": ["-y", "beelzebub-mcp-honeypot"] } } }

Add this to your claude_desktop_config.json or .cursor/mcp.json

Read the full setup guide →

Ready to use Beelzebub Honeypot?

Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.

33,000+ ServersFree & Open SourceStep-by-Step Guides