Securing Agent Hologram

When hackers break in,
they find a fake company.

LeukQuant plants fake files, fake credentials, and a fake intranet inside your network. Attackers think they found something real. You catch them twice.

Live stats from deployed honeypots
2,847
Attacks caught this week
34
Countries attacking right now
7
Protocols monitored
128
Tripwires triggered today
Pricing

Simple pricing.
Cancel any time.

Starter
₹4,999/mo
For solo CA firms, small clinics, and individual consultants.
  • 3 honeypot protocols
  • Slack alerts
  • Dashboard access
  • 500 events per month
Enterprise
₹24,999/mo
For mid-size IT firms, microfinance institutions, and cooperative banks.
  • Everything in Growth
  • Dedicated IP per client
  • Monthly security briefing
  • Custom Ghost-Net profile
  • Unlimited events
If we don't catch at least one attack attempt in your first two weeks, we'll extend the pilot for free until we do. All plans include a free 2-week pilot.

DPDP Act 2023 - full enforcement begins May 2027

Every event LeukQuant captures automatically generates a security evidence log in the format India's Data Protection Board requires. When your auditor asks what security measures you had in place - you hand them the PDF. No extra work.

See a sample compliance report >

Deploy Ghost-Net on your network today.

Free 2-week pilot. We set it up with you in 30 minutes. If you're a Chennai fintech startup, CA firm, or IT services company - this was built for you.

No credit card required Cancel any time
How it works

Five steps.
30 minutes to deploy.

Free 2-week pilot No credit card Setup in 30 minutes

01
Deploy the honeypot engine
One command starts seven protocol emulators. Each looks identical to the real service it impersonates - our SSH looks like Ubuntu's OpenSSH, our MySQL responds exactly like MySQL 8.0.35.
02
Ghost-Net generates your fake company
Our local AI creates files tailored to your industry. A fintech company gets fake payment processing logs. A CA firm gets fake client tax records. Everything looks like it belongs to your actual company.
03
Attackers find the fake company
When someone brute-forces your login portal, they enter the Ghost-Net fake intranet. They believe they have access to your real network. They begin exploring.
04
Tripwires fire instantly
Every fake file is a monitored tripwire. The moment an attacker reads your fake AWS credentials or your fake database password, you receive a Level 5 alert in Slack within 8 seconds.
05
Credential canaries catch them twice
If the attacker reuses a fake password from wp-config.php on your database port, LeukQuant cross-correlates the sessions and confirms the same attacker hit two different systems.
Ghost-Net

What attackers find.
What you see.

Toggle between the attacker's experience and your real-time Slack alert. The entire concept in 30 seconds.

company-intranet - bash
attacker@192.168.1.1:~$ ls -la /var/www/html/
total 48
api_keys.json tripwire
customer_db.sql tripwire
financial_report.xlsx tripwire
ssh_config tripwire
Hover any file to reveal tripwire status
LeukQuant Alert
Today at 09:44 AM
LEVEL 5 THREAT DETECTEDCAUGHT TWICE

IP: 185.220.101.47 Country: Russia ISP: Frantech Solutions
AbuseIPDB Score: 98/100
File accessed: customer_db.sql database backup credential extracted
Cross-protocol: Same credential reused on MySQL port 3306 8 seconds later

Attacker confirmed on two systems. Evidence log generated.
09:41
HTTP login to fake intranet
09:43
customer_db.sql accessed - database backup credential extracted
09:44
Tripwire fired - Level 5 alert sent to Slack
09:45
Credential reused on MySQL 3306 - caught twice confirmed
Documentation

Developer Portal & API Config

Deploy tripwires, adjust emulations, and configure canary tokens inside your network segments.

Getting Started

Deploy the LeukQuant decoy environment into your network in under 3 minutes.

bash
curl -sSL https://api.leukquant.com/install.sh | sh
leukquant init --key=lq_live_f893jcba921

Once initialized, seven protocol emulators start listening on high-value target ports instantly.

Emulation Configuration

Modify ports and system banner strings in /etc/leukquant/config.yaml to match your network persona.

yaml
protocols:
  ssh:
    port: 22
    banner: "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"
  mysql:
    port: 3306
    version: "8.0.35"
    database_name: "prod_sales_history"

Honey Credentials

Plant bait files containing AWS, database, or SSH keys on endpoints to trigger alerts when they are accessed.

json
{
  "canary_type": "AWS_KEYS",
  "access_key": "AKIAXF422X8FJK71C01L",
  "trigger_action": "ALERT_SLACK_SECTOR_3",
  "label": "Fake database backup crawler credential"
}

Webhook Tuning

Forward detected intrusion alerts from LeukQuant directly to your security operational center.

json
POST /api/alerts HTTP/1.1
Host: your-soc-endpoint.com
Content-Type: application/json

{
  "event_id": "evt_90f23cb",
  "severity": "CRITICAL",
  "protocol": "MySQL-Canary",
  "intrusion_ip": "185.220.101.47"
}

Welcome back

Log in to your LeukQuant account.

Don't have an account? Create one

Start your free pilot

We'll set up Ghost-Net on your network in 30 minutes.

Edit Profile

Update your account details.

Settings

Configure platform preferences & emulations.