Introduction
Imagine your Regolo-powered agent defending your infrastructure entertaining the hackers while they try to breach in your system. With Beelzebub + Regolo into your stack: realistic decoys , crisp telemetry, and zero unexpected panic attacks.
With this setup you spot prompt-injection 🚨, catch lateral-movement scams, and gather real attack traces without turning your infra into a haunted house 👻. Faster incident response, safer agents.
What is Beelzebub?
Beelzebub is an open-source, low-code honeypot framework 🪤 that uses large language models 🧠 to convincingly simulate high-interaction services while staying operationally simple and secure. You define services in YAML (SSH, HTTP, raw TCP, even MCP tools for agent pipelines), run it on Docker or Kubernetes 🐳, and harvest high-fidelity threat intel as attackers poke around.
Built-in observability 📈 (Prometheus metrics), ELK integration, and a Helm chart make deployment pleasantly boring. The twist: an MCP honeypot that registers “tools” your agent should never touch perfect for catching prompt-injection in the act. 🐝
A few highlights:
✅ LLM-backed realism without running real, vulnerable services. GitHub
✅ Multi-protocol decoys: SSH, HTTP, TCP, and MCP for agents. GitHub
✅ Ops-friendly: Docker/K8s, Prometheus/Grafana, Elastic integration. beelzebub-honeypot.com
Prerequisites ⚙️
🐍 Python 3.12+ and Git installed
🔑 A Regolo.ai API key
🐻 GO installed
Setup Guide
1) Get a Regolo.ai API key 🔑
Generate an API key from Regolo.ai and keep it handy.
2) Install Beelzebub 🌐
In a new folder for beelzebub run:
git clone https://github.com/mariocandela/beelzebubCode language: PHP (php)3) Setup your Honeypot
Go to the “configurations” folder and create a dedicated folder so only this service runs:
mkdir ./configurations/services-regoloThan in the new “services-regolo” folder write a file similar to this :
apiVersion: "v1"
protocol: "ssh" # use any beelzebub-compatible module
address: ":2222" # use the port you want
description: "SSH interactive Regolo (OpenAI-compatible)"
commands:
- regex: "^(.+)$"
plugin: "LLMHoneypot"
serverVersion: "OpenSSH"
serverName: "ubuntu"
passwordRegex: "^(root|qwerty|Smoker666|123456|jenkins|minecraft|sinus|alex|postgres|Ly123456|1234)$"
deadlineTimeoutSeconds: 6000
plugin:
llmProvider: "openai" # Regolo is OpenAI-compatible
llmModel: "mistral-small3.2" # Use your favourite model (better with small ones)
host: "https://api.regolo.ai/v1/chat/completions" # Base URL
openAISecretKey: "your-api-key"
Code language: YAML (yaml)4) Run Beelzebub
On the shell :
go build -o beelzebub .And then:
./beelzebub --confCore ./configurations/beelzebub.yaml \
--confServices ./configurations/services-regolo/Code language: Bash (bash)5) Connect with SSH
In the terminal:
ssh user@localhost -p 2222
# password must match passwordRegex:
# "^(root|qwerty|Smoker666|123456|jenkins|minecraft|sinus|alex|postgres|Ly123456|1234)$"Code language: CSS (css)Read the Beelzebub docs for the introduction of other features based on Regolo models
🎉Finished ! 🎉
That’s it, your Beelzebub + Regolo Honeypot is live!
Now your infrastructure is safe and you can spot attacks with the help of AI 🐝