Knock-Knock v2 – Visualizing bot attacks in multi-protocol Technicolor
Retro terminal aesthetic displays live bot credentials, but GreyNoise does threat intel better.

Watching bots fail 'sol/sol321' logins in real time is weirdly hypnotic.
Security researchers, sysadmins, network engineers
GreyNoise · Shodan · Cowrie
Retro terminal aesthetic displays live bot credentials, but GreyNoise does threat intel better.
LLM-generated decoy pages beat static honeytokens for engagement.
It turns trapped SSH bots into collectible fish with species tied to trap duration, a live aquarium view, achievements, leaderboards and a read-only REST API — a delightful gamification of honeypot telemetry. Nice practical details too: privacy-friendly default hashing, optional on-click IP lookups (Shodan/AbuseIPDB), and a Docker Compose entrypoint that runs migrations and seeds automatically; just remember this is purely a visualization layer — you still need endlessh-go and InfluxDB.
Three-line calendar complication for Apple Watch that's actually free and open source.
Automated storytelling mode flies you through events with voice-over narration.
Live honeypot visualization with globe heat map and attack stats—addictive to watch.