start organizing

2024-09-28 17:15:50 +00:00 · 2015-06-19 07:19:39 -04:00 · 2015-06-19 07:19:39 -04:00 · 4da6603d41
commit 4da6603d41
parent 8f781db1ec
1 changed files with 150 additions and 32 deletions
--- a/README.md
+++ b/README.md
@ -4,6 +4,8 @@ A curated list of awesome honeypots, tools, components and much more. The list i
 A related list for many of us is [awesome-pcaptools](https://github.com/caesar0301/awesome-pcaptools), useful in network traffic analysis.
 ## <a name="honeypots"></a> Honeypots 
 - Database Honeypots
    - [Elastic honey](https://github.com/jordan-wright/elastichoney)
    - [mysql](https://github.com/schmalle/MysqlPot)
@ -20,6 +22,9 @@ A related list for many of us is [awesome-pcaptools](https://github.com/caesar03
    - [Servletpot](http://github.com/schmalle/servletpot)
    - [Nodepot](http://github.com/schmalle/Nodepot)
    - [Google Hack Honeypot](http://ghh.sourceforge.net)
    - [smart-honeypot](https://github.com/freak3dot/smart-honeypot)
    - [PHPHop](http://rstack.org/phphop/)    
    - [wp-smart-honeypot](https://github.com/freak3dot/wp-smart-honeypot)    
 - Service Honeypots
    - [Kippo](https://github.com/desaster/kippo) - Medium interaction SSH honeypot
@ -33,103 +38,131 @@ A related list for many of us is [awesome-pcaptools](https://github.com/caesar03
    - [Conpot](https://github.com/glastopf/conpot)
    - [scada-honeynet](http://www.digitalbond.com/tools/scada-honeynet/)
    - [SCADA honeynet](http://scadahoneynet.sourceforge.net)
 - Deployment
    - [Dionaea and EC2 in 20 Minutes](http://andrewmichaelsmith.com/2012/03/dionaea-honeypot-on-ec2-in-20-minutes/)
- Visualization
+
    - [HoneyMap](https://github.com/fw42/honeymap)
    - [HoneyMalt](https://github.com/SneakersInc/HoneyMalt)
 - Data Analysis
    - [Kippo-Graph](http://bruteforce.gr/kippo-graph)
    - [Kippo stats](https://github.com/mfontani/kippo-stats)
 - Other/random
    - [NOVA](https://github.com/DataSoft/Nova) uses honeypots as detectors, looks like a complete system
    - [Mantrap / Symantec Decoy Server](http://www.systemhouse.com/symantec/sds.htm)
    - [BigEye](http://violating.us/projects/bigeye/)
    - [BackOfficer Friendly](http://www.nfr.com/resource/backOfficer.php)
 - Proxy honeypot
    - [Proxypot](http://proxypot.spamteam.nl)
 - Open Relay Spam Honeypot
    - [SpamHAT](https://github.com/miguelraulb/spamhat)
 - Botnet C2 monitor
    - [Hale](http://github.com/pjlantz/Hale)
 - IPv6 attack detection tool
    - [ipv6-guard](https://www.honeynet.org/gsoc2012/slot8)
    - [ipv6-attack-detector](https://github.com/mzweilin/ipv6-attack-detector/)
- PHP honeypot
+
    - [smart-honeypot](https://github.com/freak3dot/smart-honeypot)
    - [PHPHop](http://rstack.org/phphop/)
 - Honeypot Database
    - [Manuka](https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&ved=0CCgQFjAB&url=https%3A%2F%2Fstaff.washington.edu%2Fdittrich%2Ftalks%2Fieee-ia-manuka.ppt&ei=nS1fVdDjJeL9ywP5soG4Cg&usg=AFQjCNGTVLU6WQe04DdUd1jzVx3Fmwi6Xg&bvm=bv.93990622,d.bGQ)
 - Research Paper
    - [vEYE](http://link.springer.com/article/10.1007%2Fs10115-008-0137-3)
 - Honeynet statistics
    - [HoneyStats](http://sourceforge.net/projects/honeystats/)
 - Visual analsysis for network traffic
    - [Picviz](http://www.wallinfire.net/picviz)
 - dynamic code instrumentation toolkit
    - [Frida](http://www.frida.re)
 - Front-end for dionaea
    - [DionaeaFR](https://github.com/rubenespadas/DionaeaFR)
 - Tool to convert website to server honeypots
    - [HIHAT](http://hihat.sourceforge.net/)
 - Malware collector
    - [Kippo-Malware](http://bruteforce.gr/kippo-malware)
 - Sebek in QEMU
    - [Qebek](https://projects.honeynet.org/sebek/wiki/Qebek)
 - Malware Simulator
    - [imalse](https://github.com/hbhzwj/imalse)
 - Distributed sensor deployment
    - [Sombria](http://www.lac.co.jp/business/sns/intelligence/sombria_e.html)
    - [Smarthoneypot](http://smarthoneypot.com)
 - Network Analysis Tool
    - [Tracexploit](https://code.google.com/p/tracexploit/)
 - Log anonymizer
    - [LogAnon](http://code.google.com/p/loganon/)
 - server
    - [Honeysink](http://www.honeynet.org/node/773)
 - Botnet traffic detection
    - [dnsMole](https://code.google.com/p/dns-mole/)
 - Low interaction honeypot (router back door)
    - [Honeypot-32764](https://github.com/knalli/honeypot-for-tcp-32764)
 - honeynet farm traffic redirector
    - [Honeymole](https://web.archive.org/web/20120122130150/http://www.honeynet.org.pt/index.php/HoneyMole)
 - IDS signature generator
    - [Nebula](http://nebula.carnivore.it/)
 - Fake wireless access point
    - [FakeAP](http://www.blackalchemy.to/project/fakeap/)
 - HTTPS Proxy
    - [mitmproxy](http://mitmproxy.org/)
 - spamtrap
    - [Jackpot Mailswerver](http://jackpot.uk.net/)
 - System instrumentation
    - [Sysdig](http://www.sysdig.org)
 - Honeypot for USB-spreading malware
    - [Ghost-usb](https://code.google.com/p/ghost-usb-honeypot/)
 - Data Collection
    - [Kippo2MySQL](http://bruteforce.gr/kippo2mysql)
    - [Kippo2ElasticSearch](http://bruteforce.gr/kippo2elasticsearch)
- Honeyd viewer
+
    - [Honeyview](http://honeyview.sourceforge.net/)
 - Passive network audit framework parser
    - [pnaf](https://github.com/jusafing/pnaf)
- Honeyd to MySQL connector
+
    - [Honeyd2MySQL](http://bruteforce.gr/honeyd2mysql)
 - VM Introspection
    - [VIX virtual machine introspection toolkit](http://assert.uaf.edu/research/vmi.html)
    - [xenaccess](https://code.google.com/p/xenaccess/)
    - [vmscope](http://cs.gmu.edu/~xwangc/Publications/RAID07-VMscope.pdf)
    - [vmitools](http://libvmi.com/)
 - Binary debugger
    - [Hexgolems - Schem Debugger Frontend](https://github.com/hexgolems/schem)
    - [Hexgolems - Pint Debugger Backend](https://github.com/hexgolems/pint)
 - Mobile Analysis Tool
    - [APKinspector](https://github.com/honeynet/apkinspector/)
    - [Androguard](https://code.google.com/p/androguard/)
 - Low interaction honeypot
    - [Honeypoint](http://microsolved.com/?page_id=69)
    - [Honeyperl](http://sourceforge.net/projects/honeyperl/)
 - Honeynet data fusion
    - [HFlow2](https://projects.honeynet.org/hflow)
 - Server
    - [Tiny Honeypot](http://www.alpinista.org/thp/  -> http://web.archive.org/web/20090606073121/http://www.alpinista.org/files/thp/)
    - [Nephenthes](http://nepenthes.carnivore.it//)
@ -137,9 +170,7 @@ A related list for many of us is [awesome-pcaptools](https://github.com/caesar03
    - [Kippo](https://github.com/desaster/kippo)
    - [KFSensor](http://www.keyfocus.net/kfsensor/)
    - [Honeytrap](http://honeytrap.carnivore.it/)
-    - [Honeyd](https://github.com/provos/honeyd)
+    - [Honeyd](https://github.com/provos/honeyd) Also see [more honeyd tools](#honeyd)
    - Bootable honeyd
        - [HOACD](http://www.honeynet.org.br/tools/)
    - [Honeeebox](http://honeeebox.net)
    - [Glastopf](http://glastopf.org/)
    - [DNS Honeypot](https://github.com/jekil/UDPot)
@ -151,74 +182,91 @@ A related list for many of us is [awesome-pcaptools](https://github.com/caesar03
    - [Bait and Switch](http://baitnswitch.sourceforge.net)
    - [Artillery](https://github.com/trustedsec/artillery/)
    - [Amun](http://amunhoney.sourceforge.net)
 - VM cloaking script
    - [Antivmdetect](https://github.com/nsmfoo/antivmdetection)
- Honeyd ported to Windows
+
    - [Winhoneyd](http://www2.netvigilance.com/winhoneyd)
 - IDS signature generation
    - [Honeycomb](http://www.cl.cam.ac.uk/~cpk25/honeycomb/)
 - Multiple
    - [Honeeepi](https://redmine.honeynet.org/projects/honeeepi/wiki)
 - Web interface to packet analyzer
    - [OpenWitness](https://github.com/oguzy/openwitness)
 - lookup service for AS-numbers and prefixes
    - [CC2ASN](http://www.cc2asn.com/)
 - Data Collection / Analysis Tool
    - [Carniwwwhore](http://carnivore.it/2010/11/27/carniwwwhore)
- Wordpress spam honeypot
+
    - [wp-smart-honeypot](https://github.com/freak3dot/wp-smart-honeypot)
 - Web interface (for Thug)
    - [Rumal](https://github.com/pdelsante/rumal)
 - Snort binary carving
    - [Pehunter](http://src.carnivore.it/pehunter/)
 - Data Collection / Data Sharing
    - [HPfriends](http://hpfriends.honeycloud.net/#/home)
    - [HPFeeds](https://github.com/rep/hpfeeds/)
 - PE-executables analyses
    - [Xandora](http://www.xandora.net/xangui/)
 - Distributed spam tracking
    - [Project Honeypot](https://www.projecthoneypot.org)
 - Python bindings for libemu
    - [Pylibemu](https://github.com/buffer/pylibemu)
- Client honeypot
+
    - [Pwnypot](https://github.com/shjalayeri/pwnypot)
 - Controlled-relay spam honeypot
    - [Shiva](https://github.com/shiva-spampot/shiva)
 - Visualization Tool
    - [Webviz](not working)
    - [Glastopf Analytics](https://github.com/vavkamil/Glastopf-Analytics)
    - [Afterglow Cloud](http://afterglow.secviz.org/)
    - [Afterglow](http://afterglow.sourceforge.net/)
 - central management tool
    - [PHARM](http://www.nepenthespharm.com/)
 - Network connection analyzer
    - [Impost](http://impost.sourceforge.net/)
 - Virtual Machine Cloaking
    - [VMCloak](https://github.com/jbremer/vmcloak)
- A script to visualize statistics from honeyd
+
    - [Honeyd-Viz](http://bruteforce.gr/honeyd-viz)
 - Honeypot deployment
    - [Modern Honeynet Network](http://threatstream.github.io/mhn/)
    - [SurfIDS](http://ids.surfnet.nl/)
- Honeyd UI
+
    - [Honeyd configuration GUI](http://www.citi.umich.edu/u/provos/honeyd/ch01-results/1/)
 - Honeynet analysis tool
    - [Honeynet Security Console](http://www.activeworx.org/programs/hsc/index.htm)
 - Automated malware analysis system
    - [Cuckoo](http://www.cuckoosandbox.org/)
    - [Anubis](https://anubis.iseclab.org/)
 - Low interaction
    - [mwcollectd](http//git.mwcollect.org/mwcollectd)
 - Low interaction honeypot on USB stick
    - [Honeystick](http://www.ukhoneynet.org/research/honeystick-howto/)
 - Honeypot extensions to Wireshark
    - [Whireshark Extensions](https://www.honeynet.org/project/WiresharkExtensions)
 - Data Analysis Tool
    - [HpfeedsHoneyGraph](https://github.com/yuchincheng/HpfeedsHoneyGraph)
    - [Acapulco](https://github.com/hgascon/Acapulco4HNP)
 - Telephony honeypot
    - [Zapping Rachel](https://seanmckaybeck.com/2014/08/17/zapping-rachel/)
 - Client
    - [Pwnypot](https://github.com/shjalayeri/pwnypot)
    - [MonkeySpider](http://monkeyspider.sourceforge.net)
    - [Capture-HPC-NG](https://github.com/CERT-Polska/HSN-Capture-HPC-NG)
    - [Wepawet](http://wepawet.cs.ucsb.edu/about.php)
@ -235,13 +283,17 @@ A related list for many of us is [awesome-pcaptools](https://github.com/caesar03
    - [Capture-HPC-Linux](https://redmine.honeynet.org/projects/linux-capture-hpc/wiki)
    - [Capture-HPC](https://projects.honeynet.org/capture-hpc)
    - [Andrubis](https://anubis.iseclab.org/)
 - Commercial high interaction honeypot
    - [Countertack Scout](http://www.countertack.com/countertack-scout)
 - Visual analysis for network traffic
    - [ovizart-ng](https://github.com/honeynet/ovizart-ng)
    - [ovizart](https://github.com/honeynet/ovizart)
 - Binary Management and Analysis Framework
    - [Viper](http://viper.li/)
 - Honeypot
    - [Single-honeypot](http://sourceforge.net/projects/single-honeypot/)
    - [Honeyd For Windows](http://www.securityprofiling.com/honeyd/honeyd.shtml)
@ -249,54 +301,77 @@ A related list for many of us is [awesome-pcaptools](https://github.com/caesar03
    - [IMHoneypot](https://github.com/glastopf/imhoneypot)
    - [Deception Toolkit](http://www.all.net/dtk/dtk.html)
    - [Cybercop Sting](http://www.nai.com/international/uk/asp_set/products/tns/ccsting_intro.asp)
 - PDF document inspector
    - [peepdf](https://code.google.com/p/peepdf/)
 - Distribution system
    - [Thug Distributed Task Queuing](https://thug-distributed.readthedocs.org/en/latest/index.html)
 - HoneyClient Management
    - [HoneyWeb](https://code.google.com/p/gsoc-honeyweb/)
 - Network Analysis
    - [HoneyProxy](http://honeyproxy.org/)
 - Hybrid low/high interaction honeypot
    - [HoneyBrid](http://honeybrid.sourceforge.net)
 - Sebek on Xen
    - [xebek](https://code.google.com/p/xebek/)
 - SSH Honeypot
    - [Kojoney](http://kojoney.sourceforge.net/)
 - Glastopf data analysis
    - [Glastopf Analytics](https://github.com/vavkamil/Glastopf-Analytics)
 - Distributed sensor project
    - [DShield Web Honeypot Project](https://sites.google.com/site/webhoneypotsite/)
    - [Distributed Web Honeypot Project](http://projects.webappsec.org/w/page/29606603/Distributed%20Web%20Honeypots)
 - a pcap analyzer
    - [Honeysnap](https://projects.honeynet.org/honeysnap/)
 - Client Web crawler
    - [HoneySpider Network](https://github.com/CERT-Polska/hsn2-bundle)
 - network traffic redirector
    - [Honeywall](https://projects.honeynet.org/honeywall/)
 - Honeypot Distribution with mixed content
    - [HoneyDrive](http://bruteforce.gr/honeydrive)
 - Honeypot sensor
    - [Dragon Research Group Distro](https://www.dragonresearchgroup.org/drg-distro.html)
 - File carving
    - [TestDisk & PhotoRec](http://www.cgsecurity.org/)
 - File and Network Threat Intelligence
    - [VirusTotal](http://virustotal.com)
 - data capture
    - [Sebek](https://projects.honeynet.org/sebek/)
 - SSH proxy
    - [HonSSH](https://github.com/tnich/honssh)
 - Anti-Cheat
    - [Minecraft honeypot](http://www.curse.com/bukkit-plugins/minecraft/honeypot)
 - behavioral analysis tool for win32
    - [Capture BAT](https://www.honeynet.org/node/315)
 - Live CD
    - [DAVIX](http://davix.secviz.org)
 - Spamtrap
    - [Spampot.py](http://woozle.org/%7Eneale/src/python/spampot.py)
    - [Spamhole](http://www.spamhole.net/)
    - [spamd](http://www.openbsd.org/cgi-bin/man.cgi?query=spamd&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html)
    - [SMTPot.py](http://llama.whoi.edu/smtpot.py)
 - Commercial honeynet
    - [Specter](http://www.specter.com/default50.htm)
    - [Smoke Detector](http://palisadesys.com/products/smokedetector/)
@ -305,36 +380,79 @@ A related list for many of us is [awesome-pcaptools](https://github.com/caesar03
    - [PacketDecoy](http://palisadesys.com/products/packetdecoy/)
    - [NetFacade](http://www22.verizon.com/fns/solutions/netsec/netsec_netfacade.html)
    - [Netbait](http://www.netbaitinc.com)
 - Server (Bluetooth)
    - [Bluepot](http://code.google.com/p/bluepot/)
- Honeyd stats
+
    - [Honeydsum.pl](http://www.honeynet.org.br/)
 - Dynamic analysis of Android apps
    - [Droidbox](https://code.google.com/p/droidbox/)
 - Dockerized Low Interaction packaging
    - [Manuka](https://github.com/andrewmichaelsmith/manuka)
 - Network analysis
    - [Quechua](https://bitbucket.org/zaccone/quechua)
 - Sebek data visualization
    - [Sebek Dataviz](http://www.honeynet.org/gsoc/project4)
 - Threat Intel feed aggregator / network grapher
    - [Malcom](http://malcom.io)
- Sandbox
+
    - [Argos](http://www.few.vu.nl/argos/)
 - SIP Server
    - [Artemnesia VoIP](http://artemisa.sourceforge.net)
- Honeyd plugin
+
    - [Honeycomb](http://www.honeyd.org/tools.php)
 - Sandbox-as-a-Service
    - [malwr.com](http://malwr.com)
 - Botnet C2 monitoring
    - [botsnoopd](http://botsnoopd.mwcollect.org)
 - low interaction
    - [mysqlpot](https://github.com/schmalle/mysqlpot)
 - Malware collection
    - [Honeybow](http://honeybow.mwcollect.org/)
- sandbox
+
 ## <a name="honeyd"></a> Honeyd Tools
 - Honeyd plugin
    - [Honeycomb](http://www.honeyd.org/tools.php)
 - Honeyd viewer
    - [Honeyview](http://honeyview.sourceforge.net/)
 - Honeyd to MySQL connector
    - [Honeyd2MySQL](http://bruteforce.gr/honeyd2mysql)
 - Bootable honeyd
    - [HOACD](http://www.honeynet.org.br/tools/)
 - Honeyd ported to Windows
    - [Winhoneyd](http://www2.netvigilance.com/winhoneyd)
 - A script to visualize statistics from honeyd
    - [Honeyd-Viz](http://bruteforce.gr/honeyd-viz)
 - Honeyd UI
    - [Honeyd configuration GUI](http://www.citi.umich.edu/u/provos/honeyd/ch01-results/1/)
 - Honeyd stats
    - [Honeydsum.pl](http://www.honeynet.org.br/)
 ## <a name="analysis"></a> Network and Artifact Analysis
 - Sandbox
    - [PHPSandbox](http://www.fieryprophet.com/phpsandbox)
    - [RFISandbox](http://monkey.org/~jose/software/rfi-sandbox/)
    - [dorothy2](https://github.com/m4rco-/dorothy2)
    - [COMODO automated sandbox](https://help.comodo.com/topic-72-1-451-4768-.html)
 - Sandbox
    - [Argos](http://www.few.vu.nl/argos/)
 - Sandbox-as-a-Service
    - [malwr.com](http://malwr.com)    
 ## <a name="visualizers"></a> Visualiation Tools
 - Visualization
    - [HoneyMap](https://github.com/fw42/honeymap)
    - [HoneyMalt](https://github.com/SneakersInc/HoneyMalt)