Skip to main content
NEW · APP STORE Now on iOS · macOS · iPad Android & Windows soon GET IT
Prompts Honeytokens Deployment for Breach Detection

agent security skill risk: medium

Honeytokens Deployment for Breach Detection

Provides instructions, prerequisites, and Python code examples for deploying DNS canaries, fake AWS credentials, document beacons, and database records as honeytokens that trigger…

  • Policy sensitive
  • Human review
  • External action: medium

SKILL 4 files · 2 folders

SKILL.md
Download 
---
name: implementing-honeytokens-for-breach-detection
description: "Deploys canary tokens and honeytokens (fake AWS credentials, DNS canaries, document beacons, database records)"
---
# Implementing Honeytokens for Breach Detection


## When to Use

- When deploying or configuring implementing honeytokens for breach detection capabilities in your environment
- When establishing security controls aligned to compliance requirements
- When building or improving security architecture for this domain
- When conducting security assessments that require this implementation

## Prerequisites

- Familiarity with security operations concepts and tools
- Access to a test or lab environment for safe execution
- Python 3.8+ with required dependencies installed
- Appropriate authorization for any testing activities

## Instructions

Deploy honeytokens across critical systems to detect unauthorized access. Each token
type alerts via webhook when triggered by an attacker.

```python
import requests

# Create a DNS canary token via Canarytokens
resp = requests.post("https://canarytokens.org/generate", data={
    "type": "dns",
    "email": "[email protected]",
    "memo": "Production DB server honeytoken",
})
token = resp.json()
print(f"DNS token: {token['hostname']}")
```

Token types to deploy:
1. AWS credential files (~/.aws/credentials) with canary keys
2. DNS tokens embedded in configuration files
3. Document beacons (Word/PDF) in sensitive file shares
4. Database honeytoken records in user tables
5. Web bugs in internal wiki/documentation pages

## Examples

```python
# Generate a fake AWS credentials file with canary token
aws_creds = f"[default]\naws_access_key_id = {canary_key_id}\naws_secret_access_key = {canary_secret}\n"
with open("/opt/backup/.aws/credentials", "w") as f:
    f.write(aws_creds)
```

EXPECTED OUTPUT

Format
markdown
Constraints
  • include code examples
  • list token types
  • cover prerequisites and when to use

EXAMPLES

Includes two Python code examples for generating DNS canary tokens and fake AWS credentials.

CAVEATS

Dependencies
  • Familiarity with security operations concepts and tools
  • Access to a test or lab environment for safe execution
  • Python 3.8+ with required dependencies installed
  • Appropriate authorization for any testing activities
Missing context
  • Target environment or specific systems to deploy tokens on
  • Webhook endpoint configuration details
  • Error handling or validation steps for the code snippets
Ambiguities
  • Code example references undefined variables (canary_key_id, canary_secret)
  • Instructions cut off mid-example without closing the code block or providing full implementation

QUALITY

OVERALL
0.50
CLARITY
0.70
SPECIFICITY
0.55
REUSABILITY
0.35
COMPLETENESS
0.50

IMPROVEMENT SUGGESTIONS

  • Add explicit placeholders (e.g., {{webhook_url}}, {{email_address}}) to make the prompt reusable as a template
  • Complete the final code block and define all referenced variables
  • Specify output format or success criteria for the deployment steps

USAGE

Copy the prompt above and paste it into your AI of choice — Claude, ChatGPT, Gemini, or anywhere else you're working. Replace any placeholder sections with your own context, then ask for the output.

MORE FOR AGENT