awesome-honeypots/README.md

470 lines
17 KiB
Markdown
Raw Normal View History

2015-06-18 08:58:09 -04:00
# Awesome Honeypots
2015-06-18 09:29:43 -04:00
A curated list of awesome honeypots, tools, components and much more. The list is divided into categories such as web, services, and others, focusing on open source projects. There is no pre-established order of items in each category, the order is for contribution. If you want to contribute, please read the [guide](https://github.com/paralax/awesome-honeypots/blob/master/CONTRIBUTING.md).
2015-06-18 09:15:51 -04:00
2015-06-19 08:19:10 -04:00
## Related Lists
- [awesome-pcaptools](https://github.com/caesar0301/awesome-pcaptools), useful in network traffic analysis
- [awesome-malware-analysis](https://github.com/rshipp/awesome-malware-analysis), with some overlap here for artifact analysis
2015-06-18 08:58:09 -04:00
2015-06-19 07:19:39 -04:00
## <a name="honeypots"></a> Honeypots
2015-06-18 08:58:09 -04:00
- Database Honeypots
- [Elastic honey](https://github.com/jordan-wright/elastichoney)
- [mysql](https://github.com/schmalle/MysqlPot)
- [A framework for nosql databases ( only redis for now)](https://github.com/torque59/nosqlpot)
2015-06-18 12:21:10 -04:00
- [ESPot - ElasticSearch Honeypot](https://github.com/mycert/ESPot)
2015-06-18 08:58:09 -04:00
- Web honeypots
2015-06-18 09:13:48 -04:00
- [Glastopf](https://github.com/glastopf/glastopf)
2015-06-18 08:58:09 -04:00
- [Interactive phpmyadmin](https://github.com/gfoss/phpmyadmin_honeypot)
- [servlet](https://github.com/schmalle/Servletpot)
- [web honeypot in nodejs](https://github.com/schmalle/Nodepot)
- [basic auth - for web protected pages](https://github.com/bjeborn/basic-auth-pot)
2015-06-18 09:34:52 -04:00
- [Shadow Daemon](https://shadowd.zecure.org)
- [Servletpot](http://github.com/schmalle/servletpot)
2015-06-18 09:34:52 -04:00
- [Nodepot](http://github.com/schmalle/Nodepot)
- [Google Hack Honeypot](http://ghh.sourceforge.net)
2015-06-19 07:19:39 -04:00
- [smart-honeypot](https://github.com/freak3dot/smart-honeypot)
- [PHPHop](http://rstack.org/phphop/)
- [wp-smart-honeypot](https://github.com/freak3dot/wp-smart-honeypot)
2015-06-19 08:45:18 -04:00
- [wordpot](https://github.com/gbrindisi/wordpot) A Wordpress Honeypot
- [Bukkit Honeypot](https://github.com/Argomirr/Honeypot) Honeypot - A honeypot plugin for Bukkit
- [Laravel Application Honeypot](https://github.com/msurguy/Honeypot) Honeypot - Simple spam prevention package for Laravel applications
2015-06-19 09:13:15 -04:00
- [stack-honeypot](https://github.com/CHH/stack-honeypot) Inserts a trap for spam bots into responses
- [EoHoneypotBundle](https://github.com/eymengunay/EoHoneypotBundle) Honeypot type for Symfony2 forms
2015-06-18 08:58:09 -04:00
- Service Honeypots
2015-06-18 09:13:48 -04:00
- [Kippo](https://github.com/desaster/kippo) - Medium interaction SSH honeypot
2015-06-18 08:58:09 -04:00
- [for NTP](https://github.com/fygrave/honeyntp)
- [Camera pot *](https://github.com/alexbredo/honeypot-camera)
- Anti-honeypot stuff
- [kippo_detect](https://github.com/andrew-morris/kippo_detect) This is not a honeypot, but it detects kippo. (This guy has lots of more interesting stuff)
2015-06-18 09:13:48 -04:00
- ICS/SCADA honeypots
- [Conpot](https://github.com/glastopf/conpot)
2015-06-18 10:27:14 -04:00
- [scada-honeynet](http://www.digitalbond.com/tools/scada-honeynet/)
- [SCADA honeynet](http://scadahoneynet.sourceforge.net)
2015-06-19 07:19:39 -04:00
2015-06-18 09:34:52 -04:00
- Deployment
- [Dionaea and EC2 in 20 Minutes](http://andrewmichaelsmith.com/2012/03/dionaea-honeypot-on-ec2-in-20-minutes/)
2015-06-19 07:19:39 -04:00
- Data Analysis
- [Kippo-Graph](http://bruteforce.gr/kippo-graph)
- [Kippo stats](https://github.com/mfontani/kippo-stats)
2015-06-19 07:19:39 -04:00
2015-06-18 09:34:52 -04:00
- Other/random
- [NOVA](https://github.com/DataSoft/Nova) uses honeypots as detectors, looks like a complete system
- [Mantrap / Symantec Decoy Server](http://www.systemhouse.com/symantec/sds.htm)
- [BigEye](http://violating.us/projects/bigeye/)
- [BackOfficer Friendly](http://www.nfr.com/resource/backOfficer.php)
2015-06-19 07:19:39 -04:00
- Proxy honeypot
- [Proxypot](http://proxypot.spamteam.nl)
2015-06-19 07:19:39 -04:00
- Open Relay Spam Honeypot
- [SpamHAT](https://github.com/miguelraulb/spamhat)
2015-06-19 07:19:39 -04:00
- Botnet C2 monitor
- [Hale](http://github.com/pjlantz/Hale)
2015-06-19 07:19:39 -04:00
- IPv6 attack detection tool
- [ipv6-guard](https://www.honeynet.org/gsoc2012/slot8)
- [ipv6-attack-detector](https://github.com/mzweilin/ipv6-attack-detector/)
2015-06-19 07:19:39 -04:00
- Honeypot Database
- [Manuka](https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&ved=0CCgQFjAB&url=https%3A%2F%2Fstaff.washington.edu%2Fdittrich%2Ftalks%2Fieee-ia-manuka.ppt&ei=nS1fVdDjJeL9ywP5soG4Cg&usg=AFQjCNGTVLU6WQe04DdUd1jzVx3Fmwi6Xg&bvm=bv.93990622,d.bGQ)
2015-06-19 07:19:39 -04:00
- Research Paper
- [vEYE](http://link.springer.com/article/10.1007%2Fs10115-008-0137-3)
2015-06-19 07:19:39 -04:00
- Honeynet statistics
- [HoneyStats](http://sourceforge.net/projects/honeystats/)
2015-06-19 07:19:39 -04:00
- Visual analsysis for network traffic
- [Picviz](http://www.wallinfire.net/picviz)
2015-06-19 07:19:39 -04:00
- dynamic code instrumentation toolkit
- [Frida](http://www.frida.re)
2015-06-19 07:19:39 -04:00
- Front-end for dionaea
- [DionaeaFR](https://github.com/rubenespadas/DionaeaFR)
2015-06-19 07:19:39 -04:00
- Tool to convert website to server honeypots
- [HIHAT](http://hihat.sourceforge.net/)
2015-06-19 07:19:39 -04:00
- Malware collector
- [Kippo-Malware](http://bruteforce.gr/kippo-malware)
2015-06-19 07:19:39 -04:00
- Sebek in QEMU
- [Qebek](https://projects.honeynet.org/sebek/wiki/Qebek)
2015-06-19 07:19:39 -04:00
- Malware Simulator
- [imalse](https://github.com/hbhzwj/imalse)
2015-06-19 07:19:39 -04:00
- Distributed sensor deployment
- [Sombria](http://www.lac.co.jp/business/sns/intelligence/sombria_e.html)
- [Smarthoneypot](http://smarthoneypot.com)
2015-06-19 07:19:39 -04:00
- Network Analysis Tool
- [Tracexploit](https://code.google.com/p/tracexploit/)
2015-06-19 07:19:39 -04:00
- Log anonymizer
- [LogAnon](http://code.google.com/p/loganon/)
2015-06-19 07:19:39 -04:00
- server
- [Honeysink](http://www.honeynet.org/node/773)
2015-06-19 07:19:39 -04:00
- Botnet traffic detection
- [dnsMole](https://code.google.com/p/dns-mole/)
2015-06-19 07:19:39 -04:00
- Low interaction honeypot (router back door)
- [Honeypot-32764](https://github.com/knalli/honeypot-for-tcp-32764)
2015-06-19 07:19:39 -04:00
- honeynet farm traffic redirector
- [Honeymole](https://web.archive.org/web/20120122130150/http://www.honeynet.org.pt/index.php/HoneyMole)
2015-06-19 07:19:39 -04:00
- IDS signature generator
- [Nebula](http://nebula.carnivore.it/)
2015-06-19 07:19:39 -04:00
- Fake wireless access point
- [FakeAP](http://www.blackalchemy.to/project/fakeap/)
2015-06-19 07:19:39 -04:00
- HTTPS Proxy
- [mitmproxy](http://mitmproxy.org/)
2015-06-19 07:19:39 -04:00
- spamtrap
- [Jackpot Mailswerver](http://jackpot.uk.net/)
2015-06-19 07:19:39 -04:00
- System instrumentation
- [Sysdig](http://www.sysdig.org)
2015-06-19 07:19:39 -04:00
- Honeypot for USB-spreading malware
- [Ghost-usb](https://code.google.com/p/ghost-usb-honeypot/)
2015-06-19 07:19:39 -04:00
- Data Collection
- [Kippo2MySQL](http://bruteforce.gr/kippo2mysql)
- [Kippo2ElasticSearch](http://bruteforce.gr/kippo2elasticsearch)
2015-06-19 07:19:39 -04:00
- Passive network audit framework parser
- [pnaf](https://github.com/jusafing/pnaf)
2015-06-19 07:19:39 -04:00
- VM Introspection
- [VIX virtual machine introspection toolkit](http://assert.uaf.edu/research/vmi.html)
- [xenaccess](https://code.google.com/p/xenaccess/)
- [vmscope](http://cs.gmu.edu/~xwangc/Publications/RAID07-VMscope.pdf)
- [vmitools](http://libvmi.com/)
2015-06-19 07:19:39 -04:00
- Binary debugger
- [Hexgolems - Schem Debugger Frontend](https://github.com/hexgolems/schem)
- [Hexgolems - Pint Debugger Backend](https://github.com/hexgolems/pint)
2015-06-19 07:19:39 -04:00
- Mobile Analysis Tool
- [APKinspector](https://github.com/honeynet/apkinspector/)
- [Androguard](https://code.google.com/p/androguard/)
2015-06-19 07:19:39 -04:00
- Low interaction honeypot
- [Honeypoint](http://microsolved.com/?page_id=69)
- [Honeyperl](http://sourceforge.net/projects/honeyperl/)
2015-06-19 07:19:39 -04:00
- Honeynet data fusion
- [HFlow2](https://projects.honeynet.org/hflow)
2015-06-19 07:19:39 -04:00
- Server
- [Tiny Honeypot](http://www.alpinista.org/thp/ -> http://web.archive.org/web/20090606073121/http://www.alpinista.org/files/thp/)
- [Nephenthes](http://nepenthes.carnivore.it//)
- [LaBrea](http://labrea.sourceforge.net/labrea-info.html)
- [Kippo](https://github.com/desaster/kippo)
- [KFSensor](http://www.keyfocus.net/kfsensor/)
- [Honeytrap](http://honeytrap.carnivore.it/)
2015-06-19 07:19:39 -04:00
- [Honeyd](https://github.com/provos/honeyd) Also see [more honeyd tools](#honeyd)
- [Honeeebox](http://honeeebox.net)
- [Glastopf](http://glastopf.org/)
- [DNS Honeypot](https://github.com/jekil/UDPot)
- [Django-kippo](https://github.com/jedie/django-kippo)
- [Dionaea](http://dionaea.carnivore.it/)
- [Conpot](http://conpot.org/)
- [Bifrozt](http://sourceforge.net/projects/bifrozt/)
- [Beeswarm](http://www.beeswarm-ids.org/)
- [Bait and Switch](http://baitnswitch.sourceforge.net)
- [Artillery](https://github.com/trustedsec/artillery/)
- [Amun](http://amunhoney.sourceforge.net)
2015-06-19 07:19:39 -04:00
- VM cloaking script
- [Antivmdetect](https://github.com/nsmfoo/antivmdetection)
2015-06-19 07:19:39 -04:00
- IDS signature generation
- [Honeycomb](http://www.cl.cam.ac.uk/~cpk25/honeycomb/)
2015-06-19 07:19:39 -04:00
- Multiple
- [Honeeepi](https://redmine.honeynet.org/projects/honeeepi/wiki)
2015-06-19 07:19:39 -04:00
- Web interface to packet analyzer
- [OpenWitness](https://github.com/oguzy/openwitness)
2015-06-19 07:19:39 -04:00
- lookup service for AS-numbers and prefixes
- [CC2ASN](http://www.cc2asn.com/)
2015-06-19 07:19:39 -04:00
- Data Collection / Analysis Tool
- [Carniwwwhore](http://carnivore.it/2010/11/27/carniwwwhore)
2015-06-19 07:19:39 -04:00
- Web interface (for Thug)
- [Rumal](https://github.com/pdelsante/rumal)
2015-06-19 07:19:39 -04:00
- Snort binary carving
- [Pehunter](http://src.carnivore.it/pehunter/)
2015-06-19 07:19:39 -04:00
- Data Collection / Data Sharing
- [HPfriends](http://hpfriends.honeycloud.net/#/home)
- [HPFeeds](https://github.com/rep/hpfeeds/)
2015-06-19 07:19:39 -04:00
- PE-executables analyses
- [Xandora](http://www.xandora.net/xangui/)
2015-06-19 07:19:39 -04:00
- Distributed spam tracking
- [Project Honeypot](https://www.projecthoneypot.org)
2015-06-19 07:19:39 -04:00
- Python bindings for libemu
- [Pylibemu](https://github.com/buffer/pylibemu)
2015-06-19 07:19:39 -04:00
- Controlled-relay spam honeypot
- [Shiva](https://github.com/shiva-spampot/shiva)
2015-06-19 07:19:39 -04:00
- Visualization Tool
- [Webviz](not working)
- [Glastopf Analytics](https://github.com/vavkamil/Glastopf-Analytics)
- [Afterglow Cloud](http://afterglow.secviz.org/)
- [Afterglow](http://afterglow.sourceforge.net/)
2015-06-19 07:19:39 -04:00
- central management tool
- [PHARM](http://www.nepenthespharm.com/)
2015-06-19 07:19:39 -04:00
- Network connection analyzer
- [Impost](http://impost.sourceforge.net/)
2015-06-19 07:19:39 -04:00
- Virtual Machine Cloaking
- [VMCloak](https://github.com/jbremer/vmcloak)
2015-06-19 07:19:39 -04:00
- Honeypot deployment
- [Modern Honeynet Network](http://threatstream.github.io/mhn/)
- [SurfIDS](http://ids.surfnet.nl/)
2015-06-19 07:19:39 -04:00
- Honeynet analysis tool
- [Honeynet Security Console](http://www.activeworx.org/programs/hsc/index.htm)
2015-06-19 07:19:39 -04:00
- Automated malware analysis system
- [Cuckoo](http://www.cuckoosandbox.org/)
- [Anubis](https://anubis.iseclab.org/)
2015-06-19 07:19:39 -04:00
- Low interaction
- [mwcollectd](http//git.mwcollect.org/mwcollectd)
2015-06-19 07:19:39 -04:00
- Low interaction honeypot on USB stick
- [Honeystick](http://www.ukhoneynet.org/research/honeystick-howto/)
2015-06-19 07:19:39 -04:00
- Honeypot extensions to Wireshark
- [Whireshark Extensions](https://www.honeynet.org/project/WiresharkExtensions)
2015-06-19 07:19:39 -04:00
- Data Analysis Tool
- [HpfeedsHoneyGraph](https://github.com/yuchincheng/HpfeedsHoneyGraph)
- [Acapulco](https://github.com/hgascon/Acapulco4HNP)
2015-06-19 07:19:39 -04:00
- Telephony honeypot
- [Zapping Rachel](https://seanmckaybeck.com/2014/08/17/zapping-rachel/)
2015-06-19 07:19:39 -04:00
- Client
2015-06-19 07:19:39 -04:00
- [Pwnypot](https://github.com/shjalayeri/pwnypot)
2015-06-18 10:00:01 -04:00
- [MonkeySpider](http://monkeyspider.sourceforge.net)
- [Capture-HPC-NG](https://github.com/CERT-Polska/HSN-Capture-HPC-NG)
- [Wepawet](http://wepawet.cs.ucsb.edu/about.php)
- [URLQuery](https://urlquery.net/)
- [Trigona](https://www.honeynet.org/project/Trigona)
- [Thug](https://buffer.github.io/thug/)
- [Shelia](http://www.cs.vu.nl/~herbertb/misc/shelia/)
- [PhoneyC](https://github.com/honeynet/phoneyc)
- [Libemu](http://libemu.carnivore.it/)
- [Jsunpack-n](https://code.google.com/p/jsunpack-n/)
- [HoneyC](https://projects.honeynet.org/honeyc)
- [HoneyBOT](http://www.atomicsoftwaresolutions.com/honeybot.php)
- [CWSandbox / GFI Sandbox](http://www.gfi.com/malware-analysis-tool)
- [Capture-HPC-Linux](https://redmine.honeynet.org/projects/linux-capture-hpc/wiki)
- [Capture-HPC](https://projects.honeynet.org/capture-hpc)
- [Andrubis](https://anubis.iseclab.org/)
2015-06-19 07:19:39 -04:00
- Commercial high interaction honeypot
- [Countertack Scout](http://www.countertack.com/countertack-scout)
2015-06-19 07:19:39 -04:00
- Visual analysis for network traffic
- [ovizart-ng](https://github.com/honeynet/ovizart-ng)
- [ovizart](https://github.com/honeynet/ovizart)
2015-06-19 07:19:39 -04:00
- Binary Management and Analysis Framework
- [Viper](http://viper.li/)
2015-06-19 07:19:39 -04:00
- Honeypot
- [Single-honeypot](http://sourceforge.net/projects/single-honeypot/)
- [Honeyd For Windows](http://www.securityprofiling.com/honeyd/honeyd.shtml)
- [SWiSH](http://shat.net/swish/)
- [IMHoneypot](https://github.com/glastopf/imhoneypot)
- [Deception Toolkit](http://www.all.net/dtk/dtk.html)
- [Cybercop Sting](http://www.nai.com/international/uk/asp_set/products/tns/ccsting_intro.asp)
2015-06-19 07:19:39 -04:00
- PDF document inspector
- [peepdf](https://code.google.com/p/peepdf/)
2015-06-19 07:19:39 -04:00
- Distribution system
- [Thug Distributed Task Queuing](https://thug-distributed.readthedocs.org/en/latest/index.html)
2015-06-19 07:19:39 -04:00
- HoneyClient Management
- [HoneyWeb](https://code.google.com/p/gsoc-honeyweb/)
2015-06-19 07:19:39 -04:00
- Network Analysis
- [HoneyProxy](http://honeyproxy.org/)
2015-06-19 07:19:39 -04:00
- Hybrid low/high interaction honeypot
- [HoneyBrid](http://honeybrid.sourceforge.net)
2015-06-19 07:19:39 -04:00
- Sebek on Xen
- [xebek](https://code.google.com/p/xebek/)
2015-06-19 07:19:39 -04:00
- SSH Honeypot
- [Kojoney](http://kojoney.sourceforge.net/)
2015-06-19 07:19:39 -04:00
- Glastopf data analysis
- [Glastopf Analytics](https://github.com/vavkamil/Glastopf-Analytics)
2015-06-19 07:19:39 -04:00
- Distributed sensor project
- [DShield Web Honeypot Project](https://sites.google.com/site/webhoneypotsite/)
- [Distributed Web Honeypot Project](http://projects.webappsec.org/w/page/29606603/Distributed%20Web%20Honeypots)
2015-06-19 07:19:39 -04:00
- a pcap analyzer
- [Honeysnap](https://projects.honeynet.org/honeysnap/)
2015-06-19 07:19:39 -04:00
- Client Web crawler
- [HoneySpider Network](https://github.com/CERT-Polska/hsn2-bundle)
2015-06-19 07:19:39 -04:00
- network traffic redirector
- [Honeywall](https://projects.honeynet.org/honeywall/)
2015-06-19 07:19:39 -04:00
- Honeypot Distribution with mixed content
- [HoneyDrive](http://bruteforce.gr/honeydrive)
2015-06-19 07:19:39 -04:00
- Honeypot sensor
- [Dragon Research Group Distro](https://www.dragonresearchgroup.org/drg-distro.html)
2015-06-19 07:19:39 -04:00
- File carving
- [TestDisk & PhotoRec](http://www.cgsecurity.org/)
2015-06-19 07:19:39 -04:00
- File and Network Threat Intelligence
- [VirusTotal](http://virustotal.com)
2015-06-19 07:19:39 -04:00
- data capture
- [Sebek](https://projects.honeynet.org/sebek/)
2015-06-19 07:19:39 -04:00
- SSH proxy
- [HonSSH](https://github.com/tnich/honssh)
2015-06-19 07:19:39 -04:00
- Anti-Cheat
- [Minecraft honeypot](http://www.curse.com/bukkit-plugins/minecraft/honeypot)
2015-06-19 07:19:39 -04:00
- behavioral analysis tool for win32
- [Capture BAT](https://www.honeynet.org/node/315)
2015-06-19 07:19:39 -04:00
- Live CD
- [DAVIX](http://davix.secviz.org)
2015-06-19 07:19:39 -04:00
- Spamtrap
- [Spampot.py](http://woozle.org/%7Eneale/src/python/spampot.py)
- [Spamhole](http://www.spamhole.net/)
- [spamd](http://www.openbsd.org/cgi-bin/man.cgi?query=spamd&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html)
- [SMTPot.py](http://llama.whoi.edu/smtpot.py)
2015-06-19 07:19:39 -04:00
- Commercial honeynet
- [Specter](http://www.specter.com/default50.htm)
- [Smoke Detector](http://palisadesys.com/products/smokedetector/)
- [Sandtrap](http://www.sandstorm.net/products/sandtrap/)
- [PatriotBox](http://www.alkasis.com/?fuseaction=products.info&id=20)
- [PacketDecoy](http://palisadesys.com/products/packetdecoy/)
- [NetFacade](http://www22.verizon.com/fns/solutions/netsec/netsec_netfacade.html)
- [Netbait](http://www.netbaitinc.com)
2015-06-19 07:19:39 -04:00
- Server (Bluetooth)
- [Bluepot](http://code.google.com/p/bluepot/)
2015-06-19 07:19:39 -04:00
- Dynamic analysis of Android apps
- [Droidbox](https://code.google.com/p/droidbox/)
2015-06-19 07:19:39 -04:00
- Dockerized Low Interaction packaging
- [Manuka](https://github.com/andrewmichaelsmith/manuka)
2015-06-19 07:19:39 -04:00
- Network analysis
- [Quechua](https://bitbucket.org/zaccone/quechua)
2015-06-19 07:19:39 -04:00
- Sebek data visualization
- [Sebek Dataviz](http://www.honeynet.org/gsoc/project4)
2015-06-19 07:19:39 -04:00
- Threat Intel feed aggregator / network grapher
- [Malcom](http://malcom.io)
2015-06-19 07:19:39 -04:00
- SIP Server
- [Artemnesia VoIP](http://artemisa.sourceforge.net)
2015-06-19 07:19:39 -04:00
- Botnet C2 monitoring
- [botsnoopd](http://botsnoopd.mwcollect.org)
2015-06-19 07:19:39 -04:00
- low interaction
- [mysqlpot](https://github.com/schmalle/mysqlpot)
2015-06-19 07:19:39 -04:00
- Malware collection
- [Honeybow](http://honeybow.mwcollect.org/)
2015-06-19 07:19:39 -04:00
## <a name="honeyd"></a> Honeyd Tools
- Honeyd plugin
- [Honeycomb](http://www.honeyd.org/tools.php)
- Honeyd viewer
- [Honeyview](http://honeyview.sourceforge.net/)
- Honeyd to MySQL connector
- [Honeyd2MySQL](http://bruteforce.gr/honeyd2mysql)
- Bootable honeyd
- [HOACD](http://www.honeynet.org.br/tools/)
- Honeyd ported to Windows
- [Winhoneyd](http://www2.netvigilance.com/winhoneyd)
- A script to visualize statistics from honeyd
- [Honeyd-Viz](http://bruteforce.gr/honeyd-viz)
- Honeyd UI
- [Honeyd configuration GUI](http://www.citi.umich.edu/u/provos/honeyd/ch01-results/1/)
- Honeyd stats
- [Honeydsum.pl](http://www.honeynet.org.br/)
## <a name="analysis"></a> Network and Artifact Analysis
- Sandbox
- [PHPSandbox](http://www.fieryprophet.com/phpsandbox)
2015-06-18 10:00:01 -04:00
- [RFISandbox](http://monkey.org/~jose/software/rfi-sandbox/)
- [dorothy2](https://github.com/m4rco-/dorothy2)
- [COMODO automated sandbox](https://help.comodo.com/topic-72-1-451-4768-.html)
2015-06-19 07:19:39 -04:00
- Sandbox
- [Argos](http://www.few.vu.nl/argos/)
- Sandbox-as-a-Service
- [malwr.com](http://malwr.com)
2015-06-19 08:45:18 -04:00
## <a name="visualizers"></a> Data Tools
- Front Ends
- [Tango](https://github.com/aplura/Tango) Tango - Honeypot Intelligence with Splunk
2015-06-19 07:19:39 -04:00
- Visualization
- [HoneyMap](https://github.com/fw42/honeymap)
2015-06-19 08:19:10 -04:00
- [HoneyMalt](https://github.com/SneakersInc/HoneyMalt)