Add Deception

[andy-smith-tracebit]

https://github.com/tracebit-com/awesome-deception

A curated list of articles, papers, talks, frameworks, guides, and conferences for cyber deception — defensive techniques that mislead attackers using honeypots, honeytokens, decoys, and canaries.

The repo:

• Has been around since January 2026 (well past the 30-day minimum).
• Is licensed CC0 1.0 and the license is detected by GitHub.
• Has awesome and awesome-list as topics.
• Uses main as the default branch.
• Includes a contributing.md and a Footnotes section.
• Passes awesome-lint cleanly.
• Is human-curated, not AI-generated.

The closest existing entry is Honeypots (awesome-honeypots), which is scoped to open source honeypot tooling. awesome-deception covers the broader discipline — research, articles, talks, frameworks (MITRE Engage, D3FEND), and operational guidance — and explicitly directs honeypot tooling submissions to that list to keep the two complementary rather than overlapping.

[sindresorhus]

Thanks for making an Awesome list! 🙌

It looks like you didn't read the guidelines closely enough. I noticed multiple things that are not followed. Try going through the list point for point to ensure you follow it. I spent a lot of time creating the guidelines so I wouldn't have to comment on common mistakes, and rather spend my time improving Awesome.

[Saurabhtbj1201]

Follow the guideline

[MOSINCO]

Seeing it now

[mnusurov]

Clean submission! Good scoping vs. awesome-honeypots. The CC0 license and contributing.md are in order. Looks ready to go.

[tech-and-finance]

Target repo holds up well: CC0 ✅, main ✅, topics awesome + awesome-list ✅, awesome-lint clean ✅, 4 months old (well past the 30-day minimum) ✅, 122 stars for a niche topic is solid. Awesome badge is present in the target README ✅.

Two things worth flagging:

1. Entry description is grammatically awkward and doesn't match the target README. The PR adds:

   "Through deception, misleading attackers with honeypots, honeytokens, and decoys to detect, study, and disrupt intrusions."

   "Through deception, misleading..." is a dangling gerund and repeats "deception" right after the entry name. Funny thing is the target README already has a clean version:

   "Misleading attackers with honeypots, honeytokens, and decoys to detect, study, and disrupt intrusions."

   I'd just reuse that — short, objective, matches the guideline pattern (cf. "iOS — Mobile operating system for Apple phones and tablets.").

2. Possible overlap with awesome-honeypots (already listed in ## Security):

   - [Honeypots](https://github.com/paralax/awesome-honeypots#readme) - Deception trap, designed to entice an attacker into attempting to compromise the information systems in an organization.

   Not necessarily a duplicate — awesome-deception is a superset (honeypots + honeytokens + decoys + canaries + papers/talks/frameworks) and your target README even links to awesome-honeypots as a complementary resource. But it's worth calling out in the PR body so Sindre doesn't bounce it as a near-dup at first glance. A sentence like "Complements [awesome-honeypots] — this one covers the broader deception space including honeytokens, decoys, and canaries, plus articles/papers/talks." would clarify the scope.

For the rest, fit is great — Security section is the right place. Once the description is swapped and the scope-vs-honeypots is clarified in the PR body, this is a solid addition.

[dataindataout]

Great list! Look at the following guidelines, especially for the Articles section:

• Entries have a description, unless the title is descriptive enough by itself. It rarely is though.
• The link and description are separated by a dash.