The Next-Generation Autonomous AI Deception Platform
Turn your server into an inescapable labyrinth of digital deception.
Hell4U is a state-of-the-art honeypot and cyber-deception engine designed to actively trap, analyze, and troll malicious actors. Built for security researchers and SOC teams, it exposes fake infrastructure to the public internet while analyzing attacker behavior in real time with an uncensored AI.
- 🕸️ Multi-Protocol Honeypots: Fully interactive SSH, FTP, Telnet, and HTTP traps.
- 🗺️ Global Attack Map: Visualize active sessions and incoming attacks in a beautiful, real-time cyber-map.
- 🧠 Satan AI: An integrated, completely unrestricted AI that analyzes attacker intent, translates payloads, and chats with you about the incoming threats.
- 🎙️ Voice Mode (SOC Operator): Hear live TTS announcements whenever an attacker connects, escalates privileges, or drops malware.
- 🦠 Malware Sandbox: Automatically intercepts, hashes, and reverse-engineers dropped files using AI.
- 🏗️ Fake Infra Builder: Instantly generate hyper-realistic dummy environments (Docker hosts, enterprise networks, startup databases) to fool manual attackers.
- 🎯 IP Sniper: Generate weaponized tracking links to de-anonymize attackers attempting to phish or exploit your fake HTTP routes.
Hell4U is fully dockerized and takes less than 60 seconds to deploy.
- Docker & Docker Compose (or OrbStack for Mac)
git
-
Clone the repository:
git clone https://github.com/chadi0x/hell4u.git cd hell4u -
Spin up the environment:
docker compose up -d
-
Access the platform:
- Open http://localhost:3000 in your browser.
- The backend API is available at http://localhost:8000/docs.
You don't need to port-forward your router to trap attackers. Hell4U has built-in integration guides for exposing your honeypot globally.
Instant SSH Exposure (Zero Install):
ssh -p 443 -R0:localhost:2222 a.pinggy.ioInstant HTTP Exposure:
cloudflared tunnel --url http://localhost:8080Check the Exposure Tab in the dashboard for integrations with Ngrok, Serveo, LocalTunnel, and Tailscale.
Hell4U is broken down into highly decoupled, microservice-based components:
| Component | Tech Stack | Port | Description |
|---|---|---|---|
| Frontend | React, Vite, Framer Motion, TailwindCSS | 3000 |
The real-time SOC dashboard. |
| Backend API | FastAPI, SQLAlchemy (Async), PostgreSQL | 8000 |
Core logic, session tracking, and AI integration. |
| Telemetry | Redis Pub/Sub | 6379 |
Handles live WebSocket events between the honeypots and UI. |
| SSH/Telnet/FTP Engine | Python (asyncio), paramiko | 2222,23,21 |
The interactive shell emulator. |
| HTTP Trap | FastAPI | 8080 |
Fake web vulnerabilities and admin panels. |
| Ollama | Llama3 (Local) | 11434 |
The uncensored "Satan AI" model powering malware analysis. |
Hell4U is designed for educational, research, and defensive purposes only. By running this software, you agree that you are solely responsible for its use. Do not expose honeypots on production networks without understanding the security implications. All intercepted payloads should be treated as highly dangerous.
