Spip - A Lightweight, Open Source TCP/TLS Honeypot Sensor

Spip is an open-source, low-interaction network honeypot sensor developed in Go, designed to listen on TCP ports (with or without TLS) and record incoming scan traffic. It captures raw streams, including payloads, and exports them in Elastic Common Schema (ECS) format for easy integration with SIEM or ELK solutions. The project aims for a minimal footprint and extracts metadata such as user-agents or HTTP paths, while functioning as an intrusion detection system or tripwire to monitor lateral movements. A future version will include a centralized manager to aggregate and enrich logs with ASN, GeoIP, and DNS data.