A curated list of awesome honeypots, tools, components and much more. The list is divided into categories such as web, services, and others, focusing on open source projects.
Honeypots
- Database Honeypots
- Elastic honey - A Simple Elasticsearch Honeypot
- mysql - A mysql honeypot, still very very early stage
- A framework for nosql databases ( only redis for now) - The NoSQL Honeypot Framework
- ESPot - ElasticSearch Honeypot
- Web honeypots
- Glastopf - Web Application Honeypot
- phpmyadmin_honeypot - - A simple and effective phpMyAdmin honeypot
- servlet - Web application Honeypot
- Nodepot - A nodejs web application honeypot
- basic-auth-pot bap - http Basic Authentication honeyPot
- Shadow Daemon - A modular Web Application Firewall / High-Interaction Honeypot for PHP, Perl & Python apps
- Servletpot - Web application Honeypot
- Google Hack Honeypot - designed to provide reconnaissance against attackers that use search engines as a hacking tool against your resources.
- smart-honeypot - PHP Script demonstrating a smart honey pot
- HonnyPotter - A WordPress login honeypot for collection and analysis of failed login attempts.
- wp-smart-honeypot - WordPress plugin to reduce comment spam with a smarter honeypot
- wordpot - A WordPress Honeypot
- Bukkit Honeypot Honeypot - A honeypot plugin for Bukkit
- Laravel Application Honeypot - Honeypot - Simple spam prevention package for Laravel applications
- stack-honeypot - Inserts a trap for spam bots into responses
- EoHoneypotBundle - Honeypot type for Symfony2 forms
- shockpot - WebApp Honeypot for detecting Shell Shock exploit attempts
- Service Honeypots
- Kippo - Medium interaction SSH honeypot
- honeyntp - NTP logger/honeypot
- honeypot-camera - observation camera honeypot
- troje - a honeypot built around lxc containers. It will run each connection with the service within a seperate lxc container.
- slipm-honeypot - A simple low-interaction port monitoring honeypot
- HoneyPy - A low interaction honeypot
- Ensnare - Easy to deploy Ruby honeypot
- RDPy - A Microsoft Remote Desktop Protocol (RDP) honeypot in python
- Anti-honeypot stuff
- kippo_detect - This is not a honeypot, but it detects kippo. (This guy has lots of more interesting stuff)
- ICS/SCADA honeypots
- Conpot - ICS/SCADA honeypot
- scada-honeynet - mimics many of the services from a popular PLC and better helps SCADA researchers understand potential risks of exposed control system devices
- SCADA honeynet - Building Honeypots for Industrial Networks
- Deployment
- Dionaea and EC2 in 20 Minutes - a tutorial on setting up Dionaea on an EC2 instance
- honeypotpi - Script for turning a Raspberry Pi into a Honey Pot Pi
- Data Analysis
- Kippo-Graph - a full featured script to visualize statistics from a Kippo SSH honeypot
- Kippo stats - Mojolicious app to display statistics for your kippo SSH honeypot
- Other/random
- NOVA uses honeypots as detectors, looks like a complete system.
- Open Canary - A low interaction honeypot intended to be run on internal networks.
- libemu - Shellcode emulation library, useful for shellcode detection.
- Open Relay Spam Honeypot
- SpamHAT - Spam Honeypot Tool
- Botnet C2 monitor
- Hale - Botnet command & control monitor
- IPv6 attack detection tool
- ipv6-attack-detector - Google Summer of Code 2012 project, supported by The Honeynet Project organization
- Research Paper
- vEYE - behavioral footprinting for self-propagating worm detection and profiling
- Honeynet statistics
- HoneyStats - A statistical view of the recorded activity on a Honeynet
- Dynamic code instrumentation toolkit
- Frida - Inject JavaScript to explore native apps on Windows, Mac, Linux, iOS and Android
- Front-end for dionaea
- DionaeaFR - Front Web to Dionaea low-interaction honeypot
- Tool to convert website to server honeypots
- HIHAT - ransform arbitrary PHP applications into web-based high-interaction Honeypots
- Malware collector
- Kippo-Malware - Python script that will download all malicious files stored as URLs in a Kippo SSH honeypot database
- Sebek in QEMU
- Qebek - QEMU based Sebek. As Sebek, it is data capture tool for high interaction honeypot
- Malware Simulator
- imalse - Integrated MALware Simulator and Emulator
- Distributed sensor deployment
- Smarthoneypot - custom honeypot intelligence system that is simple to deploy and easy to manage
- Modern Honey Network - Multi-snort and honeypot sensor management, uses a network of VMs, small footprint SNORT installations, stealthy dionaeas, and a centralized server for management
- ADHD - Active Defense Harbinger Distribution (ADHD) is a Linux distro based on Ubuntu LTS. It comes with many tools aimed at active defense preinstalled and configured
- Network Analysis Tool
- Tracexploit - replay network packets
- Log anonymizer
- LogAnon - log anonymization library that helps having anonymous logs consistent between logs and network captures
- server
- Honeysink - open source network sinkhole that provides a mechanism for detection and prevention of malicious traffic on a given network
- Botnet traffic detection
- dnsMole - analyse dns traffic, and to potentionaly detect botnet C&C server and infected hosts
- Low interaction honeypot (router back door)
- Honeypot-32764 - Honeypot for router backdoor (TCP 32764)
- honeynet farm traffic redirector
- Honeymole - eploy multiple sensors that redirect traffic to a centralized collection of honeypots
- HTTPS Proxy
- mitmproxy - allows traffic flows to be intercepted, inspected, modified and replayed
- spamtrap
- SendMeSpamIDS.py Simple SMTP fetch all IDS and analyzer
- System instrumentation
- Sysdig - open source, system-level exploration: capture system state and activity from a running Linux instance, then save, filter and analyze
- Honeypot for USB-spreading malware
- Ghost-usb - honeypot for malware that propagates via USB storage devices
- Data Collection
- Kippo2MySQL - extracts some very basic stats from Kippo’s text-based log files (a mess to analyze!) and inserts them in a MySQL database
- Kippo2ElasticSearch - Python script to transfer data from a Kippo SSH honeypot MySQL database to an ElasticSearch instance (server or cluster)
- Passive network audit framework parser
- pnaf - Passive Network Audit Framework
- VM Introspection
- VIX virtual machine introspection toolkit - VMI toolkit for Xen, called Virtual Introspection for Xen (VIX)
- vmscope - Monitoring of VM-based High-Interaction Honeypots
- vmitools - C library with Python bindings that makes it easy to monitor the low-level details of a running virtual machine
- Binary debugger
- Hexgolems - Schem Debugger Frontend - A debugger frontend
- Hexgolems - Pint Debugger Backend - A debugger backend and LUA wrapper for PIN
- Mobile Analysis Tool
- APKinspector - APKinspector is a powerful GUI tool for analysts to analyze the Android applications
- Androguard - Reverse engineering, Malware and goodware analysis of Android applications ... and more
- Low interaction honeypot
- Honeypoint - platform of distributed honeypot technologies
- Honeyperl - Honeypot software based in Perl with plugins developed for many functions like : wingates, telnet, squid, smtp, etc
- Honeynet data fusion
- HFlow2 - data coalesing tool for honeynet/network analysis
- Server
- LaBrea - takes over unused IP addresses, and creates virtual servers that are attractive to worms, hackers, and other denizens of the Internet.
- Kippo - SSH honeypot
- KFSensor - Windows based honeypot Intrusion Detection System (IDS)
- Honeyd Also see more honeyd tools
- Glastopf - Honeypot which emulates thousands of vulnerabilities to gather data from attacks targeting web applications
- DNS Honeypot - Simple UDP honeypot scripts
- Conpot - ow interactive server side Industrial Control Systems honeypot
- Bifrozt - High interaction honeypot solution for Linux based systems
- Beeswarm - Honeypot deployment made easy
- Bait and Switch - redirects all hostile traffic to a honeypot that is partially mirroring your production system
- Artillery - open-source blue team tool designed to protect Linux and Windows operating systems through multiple methods
- Amun - vulnerability emulation honeypot
- VM cloaking script
- Antivmdetect - Script to create templates to use with VirtualBox to make vm detection harder
- IDS signature generation
- lookup service for AS-numbers and prefixes
- Web interface (for Thug)
- Rumal - Thug's Rumāl: a Thug's dress & weapon
- Data Collection / Data Sharing
- Distributed spam tracking
- Python bindings for libemu
- Pylibemu - A Libemu Cython wrapper
- Controlled-relay spam honeypot
- Shiva - Spam Honeypot with Intelligent Virtual Analyzer
- Visualization Tool
- central management tool
- Network connection analyzer
- Virtual Machine Cloaking
- Honeypot deployment
- Automated malware analysis system
- Low interaction
- Low interaction honeypot on USB stick
- Honeypot extensions to Wireshark
- Data Analysis Tool
- Telephony honeypot
- Client
- Visual analysis for network traffic
- Binary Management and Analysis Framework
- Honeypot
- PDF document inspector
- Distribution system
- HoneyClient Management
- Network Analysis
- Hybrid low/high interaction honeypot
- Sebek on Xen
- SSH Honeypot
- Glastopf data analysis
- Distributed sensor project
- a pcap analyzer
- Client Web crawler
- network traffic redirector
- Honeypot Distribution with mixed content
- Honeypot sensor
- Dragon Research Group Distro
- Honeeepi - Honeeepi is a honeypot sensor on Raspberry Pi which based on customized Raspbian OS.
- File carving
- File and Network Threat Intelligence
- data capture
- SSH proxy
- Anti-Cheat
- behavioral analysis tool for win32
- Live CD
- Spamtrap
- Spampot.py
- Spamhole
- spamd
- Mail::SMTP::Honeypot - perl module that appears to provide the functionality of a standard SMTP server
- Commercial honeynet
- Server (Bluetooth)
- Dynamic analysis of Android apps
- Dockerized Low Interaction packaging
- Manuka
- Dockerized Thug
- Dockerpot A docker based honeypot.
- Docker honeynet Several Honeynet tools set up for Docker containers
- Network analysis
- Sebek data visualization
- SIP Server
- Botnet C2 monitoring
- low interaction
- Malware collection
Honeyd Tools
- Honeyd plugin
- Honeyd viewer
- Honeyd to MySQL connector
- A script to visualize statistics from honeyd
- Honeyd UI
- Honeyd configuration GUI - application used to configure the honeyd daemon and generate configuration files
- Honeyd stats
Network and Artifact Analysis
- Sandbox
- RFISandbox - a PHP 5.x script sandbox built on top of funcall
- dorothy2 - A malware/botnet analysis framework written in Ruby
- COMODO automated sandbox
- Argos - An emulator for capturing zero-day attacks
- Sandbox-as-a-Service
- malwr.com - free malware analysis service and community
- detux.org - Multiplatform Linux Sandbox
- Joebox Cloud - analyzes the behavior of malicious files including PEs, PDFs, DOCs, PPTs, XLSs, APKs, URLs and MachOs on Windows, Android and Mac OS X for suspicious activities
Data Tools
- Front Ends
- Tango - Honeypot Intelligence with Splunk
- Django-kippo - Django App for kippo SSH Honeypot
- Wordpot-Frontend - a full featured script to visualize statistics from a Wordpot honeypot -Shockpot-Frontend - a full featured script to visualize statistics from a Shockpot honeypot
- Visualization
0 comentários:
Post a Comment
Note: Only a member of this blog may post a comment.