dweinstein

dweinstein / canary

Public

Tiny filesystem honeypot for macOS. Mounts fake secret files (.env, id_rsa, credentials.json) via WebDAV (no root) or NFS (root) — any access triggers an alert. Zero dependencies, pure Go stdlib.

developer-tools filesystem honeypot security supply-chain
21
0
100% credibility
Found Mar 25, 2026 at 21 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Go
AI Summary

Canary is a macOS security tool that creates virtual folders with realistic fake credential files and sends alerts whenever they are accessed.

How It Works

1
🛡️ Discover the trap

You learn about Canary, a clever Mac tool that plants fake secret files to catch anyone snooping for your real passwords and keys.

2
💻 Get it ready

You download the files from the maker and prepare the simple program so it's good to go on your Mac.

3
Pick your style
😊
Easy mode

Set it up quickly without needing special admin access.

🕵️
Stealth mode

Make it super hidden, but it asks for your admin password.

4
📁 Choose hiding spots

Pick everyday folders like your home secrets area to fill with tempting fake files.

5
🚀 Turn on the trap

Run the program with one command, and your fake folders appear like magic, ready to watch.

6
🔔 Catch the peekers

If malware or a bad guy touches any fake file, you get instant pop-up alerts with sounds and details.

🎉 Secrets safe

You've set an early warning system, so real intruders get caught before finding anything important.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 21 to 21 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is canary?

Canary plants fake secret files like .env, id_rsa, and credentials.json in macOS directories you pick, turning them into honeypots that alert on any access. Malware scanners, rogue scripts, or shell-wielding attackers trip it instantly via macOS notifications and logs, without touching real data. Built in pure Go stdlib, it mounts via WebDAV (no root) or NFS (root-required for stealth), compiling to an 8MB binary with zero dependencies—run `./canary ~/.secrets.d` and it's live.

Why is it gaining traction?

No FUSE, kernel hacks, or libs needed; it blends into macOS mounts (webdav or nfs in `mount` output) and filters system noise like Spotlight probes. NFS mode hides the server from same-user attackers who can't kill or unmount it, while WebDAV supports multiple points sans sudo. Devs dig the customizable bait tree and outputs (add webhooks easily), standing out from github canary tokens or discord canary github experiments with full filesystem traps over static drops.

Who should use this?

macOS power users or devs handling credentials on personal/work machines, spotting insider threats or credential dumpers early. Security folks testing tools like canary checker github scanners on their setups. Threat hunters on laptops at canary wharf london cafes, wanting quick-deploy alerts without root drama.

Verdict

Solid for macOS-specific canary drops—great docs, launchd integration, and lsof process IDing make it production-ready despite 21 stars and 1.0% credibility score. Early maturity means tweak the tree yourself; spin it up if you're on Apple silicon chasing github tiny file manager vibes.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.