From 642d0799163e793d784f40d094768d1201604a76 Mon Sep 17 00:00:00 2001 From: jose nazario Date: Mon, 16 Jan 2017 09:31:14 -0500 Subject: [PATCH] update links, add some full stops, update descriptions, move some links --- README.md | 255 +++++++++++++++++++++++++++--------------------------- 1 file changed, 126 insertions(+), 129 deletions(-) diff --git a/README.md b/README.md index 6612967..0b13752 100644 --- a/README.md +++ b/README.md @@ -17,61 +17,61 @@ Discover more awesome lists at [sindresorhus/awesome](https://github.com/sindres - [Guides](#guides) ## Related Lists -- [awesome-pcaptools](https://github.com/caesar0301/awesome-pcaptools), useful in network traffic analysis -- [awesome-malware-analysis](https://github.com/rshipp/awesome-malware-analysis), with some overlap here for artifact analysis +- [awesome-pcaptools](https://github.com/caesar0301/awesome-pcaptools), useful in network traffic analysis. +- [awesome-malware-analysis](https://github.com/rshipp/awesome-malware-analysis), with some overlap here for artifact analysis. ## Honeypots - Database Honeypots - [MongoDB-HoneyProxy](https://github.com/Plazmaz/MongoDB-HoneyProxy) - A MongoDB honeypot proxy. - - [Elastic honey](https://github.com/jordan-wright/elastichoney) - A Simple Elasticsearch Honeypot - - [mysql](https://github.com/schmalle/MysqlPot) - A mysql honeypot, still very very early stage + - [Elastic honey](https://github.com/jordan-wright/elastichoney) - A Simple Elasticsearch Honeypot. + - [mysql](https://github.com/schmalle/MysqlPot) - A mysql honeypot, still very very early stage. - [NoSQLpot](https://github.com/torque59/nosqlpot) - The NoSQL Honeypot Framework. - - [ESPot](https://github.com/mycert/ESPot) - ElasticSearch Honeypot - - [Delilah](https://github.com/Novetta/delilah) - An Elasticsearch Honeypot written in Python + - [ESPot](https://github.com/mycert/ESPot) - An Elasticsearch honeypot written in NodeJS, to capture every attempts to exploit CVE-2014-3120. + - [Delilah](https://github.com/Novetta/delilah) - An Elasticsearch Honeypot written in Python. - Web honeypots - - [Glastopf](https://github.com/mushorg/glastopf) - Web Application Honeypot - - [phpmyadmin_honeypot](https://github.com/gfoss/phpmyadmin_honeypot) - - A simple and effective phpMyAdmin honeypot - - [servlet](https://github.com/schmalle/Servletpot) - Web application Honeypot - - [Nodepot](https://github.com/schmalle/Nodepot) - A nodejs web application honeypot - - [basic-auth-pot](https://github.com/bjeborn/basic-auth-pot) bap - http Basic Authentication honeyPot - - [Shadow Daemon](https://shadowd.zecure.org) - A modular Web Application Firewall / High-Interaction Honeypot for PHP, Perl & Python apps - - [Servletpot](https://github.com/schmalle/servletpot) - Web application Honeypot + - [Glastopf](https://github.com/mushorg/glastopf) - Web Application Honeypot. + - [phpmyadmin_honeypot](https://github.com/gfoss/phpmyadmin_honeypot) - - A simple and effective phpMyAdmin honeypot. + - [servlet](https://github.com/schmalle/Servletpot) - Web application Honeypot. + - [Nodepot](https://github.com/schmalle/Nodepot) - A nodejs web application honeypot. + - [basic-auth-pot](https://github.com/bjeborn/basic-auth-pot) bap - http Basic Authentication honeyPot. + - [Shadow Daemon](https://shadowd.zecure.org) - A modular Web Application Firewall / High-Interaction Honeypot for PHP, Perl & Python apps. + - [Servletpot](https://github.com/schmalle/servletpot) - Web application Honeypot. - [Google Hack Honeypot](http://ghh.sourceforge.net) - designed to provide reconnaissance against attackers that use search engines as a hacking tool against your resources. - - [smart-honeypot](https://github.com/freak3dot/smart-honeypot) - PHP Script demonstrating a smart honey pot + - [smart-honeypot](https://github.com/freak3dot/smart-honeypot) - PHP Script demonstrating a smart honey pot. - [HonnyPotter](https://github.com/MartinIngesen/HonnyPotter) - A WordPress login honeypot for collection and analysis of failed login attempts. - - [HoneyPress](https://github.com/dustyfresh/HoneyPress) - python based WordPress honeypot in a docker container - - [wp-smart-honeypot](https://github.com/freak3dot/wp-smart-honeypot) - WordPress plugin to reduce comment spam with a smarter honeypot - - [wordpot](https://github.com/gbrindisi/wordpot) - A WordPress Honeypot - - [Bukkit Honeypot](https://github.com/Argomirr/Honeypot) Honeypot - A honeypot plugin for Bukkit - - [Laravel Application Honeypot](https://github.com/msurguy/Honeypot) - Honeypot - Simple spam prevention package for Laravel applications - - [stack-honeypot](https://github.com/CHH/stack-honeypot) - Inserts a trap for spam bots into responses - - [EoHoneypotBundle](https://github.com/eymengunay/EoHoneypotBundle) - Honeypot type for Symfony2 forms - - [shockpot](https://github.com/threatstream/shockpot) - WebApp Honeypot for detecting Shell Shock exploit attempts + - [HoneyPress](https://github.com/dustyfresh/HoneyPress) - python based WordPress honeypot in a docker container. + - [wp-smart-honeypot](https://github.com/freak3dot/wp-smart-honeypot) - WordPress plugin to reduce comment spam with a smarter honeypot. + - [wordpot](https://github.com/gbrindisi/wordpot) - A WordPress Honeypot. + - [Bukkit Honeypot](https://github.com/Argomirr/Honeypot) Honeypot - A honeypot plugin for Bukkit. + - [Laravel Application Honeypot](https://github.com/msurguy/Honeypot) - Honeypot - Simple spam prevention package for Laravel applications. + - [stack-honeypot](https://github.com/CHH/stack-honeypot) - Inserts a trap for spam bots into responses. + - [EoHoneypotBundle](https://github.com/eymengunay/EoHoneypotBundle) - Honeypot type for Symfony2 forms. + - [shockpot](https://github.com/threatstream/shockpot) - WebApp Honeypot for detecting Shell Shock exploit attempts. - [django-admin-honeypot](https://github.com/dmpayton/django-admin-honeypot) - A fake Django admin login screen to notify admins of attempted unauthorized access. - Service Honeypots - - [honeyntp](https://github.com/fygrave/honeyntp) - NTP logger/honeypot - - [honeypot-camera](https://github.com/alexbredo/honeypot-camera) - observation camera honeypot + - [honeyntp](https://github.com/fygrave/honeyntp) - NTP logger/honeypot. + - [honeypot-camera](https://github.com/alexbredo/honeypot-camera) - observation camera honeypot. - [troje](https://github.com/dutchcoders/troje/) - a honeypot built around lxc containers. It will run each connection with the service within a seperate lxc container. - - [HoneyPy](https://github.com/foospidy/HoneyPy) - A low interaction honeypot - - [Ensnare](https://github.com/ahoernecke/ensnare) - Easy to deploy Ruby honeypot - - [RDPy](https://github.com/citronneur/rdpy) - A Microsoft Remote Desktop Protocol (RDP) honeypot in python - - [Honeyprint](https://github.com/glaslos/honeyprint) - Printer honeypot - - [Tom's Honeypot](https://github.com/inguardians/toms_honeypot) - Low interaction Python honeypot + - [HoneyPy](https://github.com/foospidy/HoneyPy) - A low interaction honeypot. + - [Ensnare](https://github.com/ahoernecke/ensnare) - Easy to deploy Ruby honeypot. + - [RDPy](https://github.com/citronneur/rdpy) - A Microsoft Remote Desktop Protocol (RDP) honeypot in python. + - [Honeyprint](https://github.com/glaslos/honeyprint) - Printer honeypot. + - [Tom's Honeypot](https://github.com/inguardians/toms_honeypot) - Low interaction Python honeypot. - Distributed Honeypots - - [DemonHunter](https://github.com/RevengeComing/DemonHunter) - Low interaction Honepot Server + - [DemonHunter](https://github.com/RevengeComing/DemonHunter) - Low interaction Honepot Server. - Anti-honeypot stuff - [kippo_detect](https://github.com/andrew-morris/kippo_detect) - This is not a honeypot, but it detects kippo. (This guy has lots of more interesting stuff) - ICS/SCADA honeypots - - [Conpot](https://github.com/mushorg/conpot) - ICS/SCADA honeypot - - [gridpot](https://github.com/sk4ld/gridpot) - Open source tools for realistic-behaving electric grid honeynets - - [scada-honeynet](http://www.digitalbond.com/tools/scada-honeynet/) - mimics many of the services from a popular PLC and better helps SCADA researchers understand potential risks of exposed control system devices - - [SCADA honeynet](http://scadahoneynet.sourceforge.net) - Building Honeypots for Industrial Networks + - [Conpot](https://github.com/mushorg/conpot) - ICS/SCADA honeypot. + - [gridpot](https://github.com/sk4ld/gridpot) - Open source tools for realistic-behaving electric grid honeynets . + - [scada-honeynet](http://www.digitalbond.com/tools/scada-honeynet/) - mimics many of the services from a popular PLC and better helps SCADA researchers understand potential risks of exposed control system devices. + - [SCADA honeynet](http://scadahoneynet.sourceforge.net) - Building Honeypots for Industrial Networks. - [GasPot](https://github.com/sjhilt/GasPot) - Veeder Root Gaurdian AST, common in the oil and gas industry. - Other/random @@ -79,167 +79,161 @@ Discover more awesome lists at [sindresorhus/awesome](https://github.com/sindres - [Open Canary](https://pypi.python.org/pypi/opencanary) - A low interaction honeypot intended to be run on internal networks. - [libemu](https://github.com/buffer/libemu) - Shellcode emulation library, useful for shellcode detection. - [OFPot](https://github.com/upa/ofpot) - OpenFlow Honeypot, redirects traffic for unused IPs to a honeypot. Built on POX. - - [OpenCanary](https://github.com/thinkst/opencanary) - Modular and decentralised honeypot + - [OpenCanary](https://github.com/thinkst/opencanary) - Modular and decentralised honeypot. - Botnet C2 monitor - - [Hale](https://github.com/pjlantz/Hale) - Botnet command & control monitor + - [Hale](https://github.com/pjlantz/Hale) - Botnet command & control monitor. - IPv6 attack detection tool - - [ipv6-attack-detector](https://github.com/mzweilin/ipv6-attack-detector/) - Google Summer of Code 2012 project, supported by The Honeynet Project organization + - [ipv6-attack-detector](https://github.com/mzweilin/ipv6-attack-detector/) - Google Summer of Code 2012 project, supported by The Honeynet Project organization. - Research Paper - - [vEYE](http://link.springer.com/article/10.1007%2Fs10115-008-0137-3) - behavioral footprinting for self-propagating worm detection and profiling + - [vEYE](http://link.springer.com/article/10.1007%2Fs10115-008-0137-3) - behavioral footprinting for self-propagating worm detection and profiling. - Dynamic code instrumentation toolkit - - [Frida](http://www.frida.re) - Inject JavaScript to explore native apps on Windows, Mac, Linux, iOS and Android + - [Frida](http://www.frida.re) - Inject JavaScript to explore native apps on Windows, Mac, Linux, iOS and Android. - Front-end for dionaea - - [DionaeaFR](https://github.com/rubenespadas/DionaeaFR) - Front Web to Dionaea low-interaction honeypot + - [DionaeaFR](https://github.com/rubenespadas/DionaeaFR) - Front Web to Dionaea low-interaction honeypot. - Tool to convert website to server honeypots - - [HIHAT](http://hihat.sourceforge.net/) - ransform arbitrary PHP applications into web-based high-interaction Honeypots + - [HIHAT](http://hihat.sourceforge.net/) - ransform arbitrary PHP applications into web-based high-interaction Honeypots. - Malware collector - - [Kippo-Malware](http://bruteforce.gr/kippo-malware) - Python script that will download all malicious files stored as URLs in a Kippo SSH honeypot database + - [Kippo-Malware](http://bruteforce.gr/kippo-malware) - Python script that will download all malicious files stored as URLs in a Kippo SSH honeypot database. - Sebek in QEMU - - [Qebek](https://projects.honeynet.org/sebek/wiki/Qebek) - QEMU based Sebek. As Sebek, it is data capture tool for high interaction honeypot + - [Qebek](https://projects.honeynet.org/sebek/wiki/Qebek) - QEMU based Sebek. As Sebek, it is data capture tool for high interaction honeypot. - Malware Simulator - - [imalse](https://github.com/hbhzwj/imalse) - Integrated MALware Simulator and Emulator + - [imalse](https://github.com/hbhzwj/imalse) - Integrated MALware Simulator and Emulator. - Distributed sensor deployment - - [Smarthoneypot](https://smarthoneypot.com/) - custom honeypot intelligence system that is simple to deploy and easy to manage - - [Modern Honey Network](https://github.com/threatstream/mhn) - Multi-snort and honeypot sensor management, uses a network of VMs, small footprint SNORT installations, stealthy dionaeas, and a centralized server for management - - [ADHD](http://sourceforge.net/projects/adhd/) - Active Defense Harbinger Distribution (ADHD) is a Linux distro based on Ubuntu LTS. It comes with many tools aimed at active defense preinstalled and configured + - [Smarthoneypot](https://smarthoneypot.com/) - custom honeypot intelligence system that is simple to deploy and easy to manage. + - [Modern Honey Network](https://github.com/threatstream/mhn) - Multi-snort and honeypot sensor management, uses a network of VMs, small footprint SNORT installations, stealthy dionaeas, and a centralized server for management. + - [ADHD](http://sourceforge.net/projects/adhd/) - Active Defense Harbinger Distribution (ADHD) is a Linux distro based on Ubuntu LTS. It comes with many tools aimed at active defense preinstalled and configured. - Network Analysis Tool - - [Tracexploit](https://code.google.com/p/tracexploit/) - replay network packets + - [Tracexploit](https://code.google.com/p/tracexploit/) - replay network packets. - Log anonymizer - - [LogAnon](http://code.google.com/p/loganon/) - log anonymization library that helps having anonymous logs consistent between logs and network captures - -- server - - [Honeysink](http://www.honeynet.org/node/773) - open source network sinkhole that provides a mechanism for detection and prevention of malicious traffic on a given network + - [LogAnon](http://code.google.com/p/loganon/) - log anonymization library that helps having anonymous logs consistent between logs and network captures. - Botnet traffic detection - - [dnsMole](https://code.google.com/p/dns-mole/) - analyse dns traffic, and to potentionaly detect botnet C&C server and infected hosts + - [dnsMole](https://code.google.com/p/dns-mole/) - analyse dns traffic, and to potentionaly detect botnet C&C server and infected hosts. - Low interaction honeypot (router back door) - - [Honeypot-32764](https://github.com/knalli/honeypot-for-tcp-32764) - Honeypot for router backdoor (TCP 32764) + - [Honeypot-32764](https://github.com/knalli/honeypot-for-tcp-32764) - Honeypot for router backdoor (TCP 32764). - honeynet farm traffic redirector - - [Honeymole](https://web.archive.org/web/20120122130150/http://www.honeynet.org.pt/index.php/HoneyMole) - eploy multiple sensors that redirect traffic to a centralized collection of honeypots + - [Honeymole](https://web.archive.org/web/20120122130150/http://www.honeynet.org.pt/index.php/HoneyMole) - eploy multiple sensors that redirect traffic to a centralized collection of honeypots. - HTTPS Proxy - - [mitmproxy](http://mitmproxy.org/) - allows traffic flows to be intercepted, inspected, modified and replayed + - [mitmproxy](http://mitmproxy.org/) - allows traffic flows to be intercepted, inspected, modified and replayed. - System instrumentation - - [Sysdig](http://www.sysdig.org) - open source, system-level exploration: capture system state and activity from a running Linux instance, then save, filter and analyze - - [Fibratus](https://github.com/rabbitstack/fibratus) - tool for exploration and tracing of the Windows kernel + - [Sysdig](http://www.sysdig.org) - open source, system-level exploration: capture system state and activity from a running Linux instance, then save, filter and analyze. + - [Fibratus](https://github.com/rabbitstack/fibratus) - tool for exploration and tracing of the Windows kernel. - Honeypot for USB-spreading malware - - [Ghost-usb](https://github.com/honeynet/ghost-usb-honeypot) - honeypot for malware that propagates via USB storage devices + - [Ghost-usb](https://github.com/honeynet/ghost-usb-honeypot) - honeypot for malware that propagates via USB storage devices. - Data Collection - - [Kippo2MySQL](http://bruteforce.gr/kippo2mysql) - extracts some very basic stats from Kippo’s text-based log files (a mess to analyze!) and inserts them in a MySQL database - - [Kippo2ElasticSearch](http://bruteforce.gr/kippo2elasticsearch) - Python script to transfer data from a Kippo SSH honeypot MySQL database to an ElasticSearch instance (server or cluster) + - [Kippo2MySQL](http://bruteforce.gr/kippo2mysql) - extracts some very basic stats from Kippo’s text-based log files (a mess to analyze!) and inserts them in a MySQL database. + - [Kippo2ElasticSearch](http://bruteforce.gr/kippo2elasticsearch) - Python script to transfer data from a Kippo SSH honeypot MySQL database to an ElasticSearch instance (server or cluster). - Passive network audit framework parser - - [pnaf](https://github.com/jusafing/pnaf) - Passive Network Audit Framework + - [pnaf](https://github.com/jusafing/pnaf) - Passive Network Audit Framework. - VM Introspection - - [VIX virtual machine introspection toolkit](http://assert.uaf.edu/research/vmi.html) - VMI toolkit for Xen, called Virtual Introspection for Xen (VIX) - - [vmscope](http://cs.gmu.edu/~xwangc/Publications/RAID07-VMscope.pdf) - Monitoring of VM-based -High-Interaction Honeypots - - [vmitools](http://libvmi.com/) - C library with Python bindings that makes it easy to monitor the low-level details of a running virtual machine + - [VIX virtual machine introspection toolkit](http://assert.uaf.edu/research/vmi.html) - VMI toolkit for Xen, called Virtual Introspection for Xen (VIX). + - [vmscope](http://cs.gmu.edu/~xwangc/Publications/RAID07-VMscope.pdf) - Monitoring of VM-based. + +- High-Interaction Honeypots + - [vmitools](http://libvmi.com/) - C library with Python bindings that makes it easy to monitor the low-level details of a running virtual machine. - Binary debugger - - [Hexgolems - Schem Debugger Frontend](https://github.com/hexgolems/schem) - A debugger frontend - - [Hexgolems - Pint Debugger Backend](https://github.com/hexgolems/pint) - A debugger backend and LUA wrapper for PIN + - [Hexgolems - Schem Debugger Frontend](https://github.com/hexgolems/schem) - A debugger frontend. + - [Hexgolems - Pint Debugger Backend](https://github.com/hexgolems/pint) - A debugger backend and LUA wrapper for PIN. - Mobile Analysis Tool - - [APKinspector](https://github.com/honeynet/apkinspector/) - APKinspector is a powerful GUI tool for analysts to analyze the Android applications - - [Androguard](https://github.com/androguard/androguard) - Reverse engineering, Malware and goodware analysis of Android applications ... and more + - [APKinspector](https://github.com/honeynet/apkinspector/) - APKinspector is a powerful GUI tool for analysts to analyze the Android applications. + - [Androguard](https://github.com/androguard/androguard) - Reverse engineering, Malware and goodware analysis of Android applications ... and more. - Low interaction honeypot - - [Honeypoint](http://microsolved.com/HoneyPoint-server.html) - platform of distributed honeypot technologies - - [Honeyperl](http://sourceforge.net/projects/honeyperl/) - Honeypot software based in Perl with plugins developed for many functions like : wingates, telnet, squid, smtp, etc + - [Honeypoint](http://microsolved.com/HoneyPoint-server.html) - platform of distributed honeypot technologies. + - [Honeyperl](http://sourceforge.net/projects/honeyperl/) - Honeypot software based in Perl with plugins developed for many functions like : wingates, telnet, squid, smtp, etc. - Honeynet data fusion - - [HFlow2](https://projects.honeynet.org/hflow) - data coalesing tool for honeynet/network analysis + - [HFlow2](https://projects.honeynet.org/hflow) - data coalesing tool for honeynet/network analysis. - Server - [LaBrea](http://labrea.sourceforge.net/labrea-info.html) - takes over unused IP addresses, and creates virtual servers that are attractive to worms, hackers, and other denizens of the Internet. - - [KFSensor](http://www.keyfocus.net/kfsensor/) - Windows based honeypot Intrusion Detection System (IDS) - - [Honeyd](https://github.com/provos/honeyd) Also see [more honeyd tools](#honeyd) - - [UDPot Honeypot](https://github.com/jekil/UDPot) - Simple UDP / DNS honeypot scripts - - [Conpot](http://conpot.org/) - ow interactive server side Industrial Control Systems honeypot - - [Bifrozt](https://github.com/Bifrozt/bifrozt-ansible) - High interaction honeypot solution for Linux based systems - - [Beeswarm](http://www.beeswarm-ids.org/) - Honeypot deployment made easy - - [Bait and Switch](http://baitnswitch.sourceforge.net) - redirects all hostile traffic to a honeypot that is partially mirroring your production system - - [Artillery](https://github.com/trustedsec/artillery/) - open-source blue team tool designed to protect Linux and Windows operating systems through multiple methods - - [slipm-honeypot](https://github.com/rshipp/slipm-honeypot) - A simple low-interaction port monitoring honeypot - - [HoneyWRT](https://github.com/CanadianJeff/honeywrt) - low interaction Python honeypot designed to mimic services or ports that might get targeted by attackers - - [Amun](http://amunhoney.sourceforge.net) - vulnerability emulation honeypot - - [TelnetHoney](https://github.com/AnguisCaptor/TelnetHoney) - A simple telnet honeypot - - [Hontel](https://github.com/stamparm/hontel) - Telnet Honeypot - - [MTPot](https://github.com/CymmetriaResearch/MTPot) - Open Source Telnet Honeypot, focused on Mirai malware - - [Heralding](https://github.com/johnnykv/heralding) - A credentials catching honeypot - - [VNC-Pot](https://github.com/SepehrHml/VNC-Pot) - A low interaction VNC honeypot - - [vnclowpot](https://github.com/magisterquis/vnclowpot) - A low interaction VNC honeypot - - [SIREN](https://github.com/blaverick62/SIREN) - Semi-Intelligent HoneyPot Network - HoneyNet Intelligent Virtual Environment + - [Honeysink](http://www.honeynet.org/node/773) - open source network sinkhole that provides a mechanism for detection and prevention of malicious traffic on a given network. + - [KFSensor](http://www.keyfocus.net/kfsensor/) - Windows based honeypot Intrusion Detection System (IDS). + - [Honeyd](https://github.com/provos/honeyd) Also see [more honeyd tools](#honeyd). + - [UDPot Honeypot](https://github.com/jekil/UDPot) - Simple UDP / DNS honeypot scripts. + - [Conpot](http://conpot.org/) - ow interactive server side Industrial Control Systems honeypot. + - [Bifrozt](https://github.com/Bifrozt/bifrozt-ansible) - High interaction honeypot solution for Linux based systems. + - [Beeswarm](http://www.beeswarm-ids.org/) - Honeypot deployment made easy. + - [Bait and Switch](http://baitnswitch.sourceforge.net) - redirects all hostile traffic to a honeypot that is partially mirroring your production system. + - [Artillery](https://github.com/trustedsec/artillery/) - open-source blue team tool designed to protect Linux and Windows operating systems through multiple methods. + - [slipm-honeypot](https://github.com/rshipp/slipm-honeypot) - A simple low-interaction port monitoring honeypot. + - [HoneyWRT](https://github.com/CanadianJeff/honeywrt) - low interaction Python honeypot designed to mimic services or ports that might get targeted by attackers. + - [Amun](http://amunhoney.sourceforge.net) - vulnerability emulation honeypot. + - [TelnetHoney](https://github.com/AnguisCaptor/TelnetHoney) - A simple telnet honeypot. + - [Hontel](https://github.com/stamparm/hontel) - Telnet Honeypot. + - [MTPot](https://github.com/CymmetriaResearch/MTPot) - Open Source Telnet Honeypot, focused on Mirai malware. + - [Heralding](https://github.com/johnnykv/heralding) - A credentials catching honeypot. + - [VNC-Pot](https://github.com/SepehrHml/VNC-Pot) - A low interaction VNC honeypot. + - [vnclowpot](https://github.com/magisterquis/vnclowpot) - A low interaction VNC honeypot. + - [SIREN](https://github.com/blaverick62/SIREN) - Semi-Intelligent HoneyPot Network - HoneyNet Intelligent Virtual Environment. - [telnetlogger](https://github.com/robertdavidgraham/telnetlogger) - A Telnet honeypot designed to track the Mirai botnet. - VM cloaking script - - [Antivmdetect](https://github.com/nsmfoo/antivmdetection) - Script to create templates to use with VirtualBox to make vm detection harder + - [Antivmdetect](https://github.com/nsmfoo/antivmdetection) - Script to create templates to use with VirtualBox to make vm detection harder. - IDS signature generation - - [Honeycomb](http://www.icir.org/christian/honeycomb/) + - [Honeycomb](http://www.icir.org/christian/honeycomb/) - Automated signature creation using honeypots. -- lookup service for AS-numbers and prefixes - - [CC2ASN](http://www.cc2asn.com/) +- Lookup service for AS-numbers and prefixes + - [CC2ASN](http://www.cc2asn.com/) - A simple lookup service for AS-numbers and prefixes belonging to any given country in the world. - Web interface (for Thug) - - [Rumal](https://github.com/thugs-rumal/) - Thug's Rumāl: a Thug's dress & weapon + - [Rumal](https://github.com/thugs-rumal/) - Thug's Rumāl: a Thug's dress & weapon. - Data Collection / Data Sharing - - [HPfriends](http://hpfriends.honeycloud.net/#/home) - data-sharing platform - - [HPFeeds](https://github.com/rep/hpfeeds/) - lightweight authenticated publish-subscribe protocol + - [HPfriends](http://hpfriends.honeycloud.net/#/home) - data-sharing platform. + - [HPFeeds](https://github.com/rep/hpfeeds/) - lightweight authenticated publish-subscribe protocol. - Python bindings for libemu - - [Pylibemu](https://github.com/buffer/pylibemu) - A Libemu Cython wrapper + - [Pylibemu](https://github.com/buffer/pylibemu) - A Libemu Cython wrapper. - central management tool - - [PHARM](http://www.nepenthespharm.com/) + - [PHARM](http://www.nepenthespharm.com/) - Manage , Report, Analyze your distributed Nepenthes instances. - Network connection analyzer - - [Impost](http://impost.sourceforge.net/) + - [Impost](http://impost.sourceforge.net/) - a network security auditing tool designed to analyze the forensics behind compromised and/or vulnerable daemons. - Virtual Machine Cloaking - - [VMCloak](https://github.com/jbremer/vmcloak) + - [VMCloak](https://github.com/jbremer/vmcloak) - Automated Virtual Machine Generation and Cloaking for Cuckoo Sandbox. - Honeypot deployment - - [Modern Honeynet Network](http://threatstream.github.io/mhn/) - - [SurfIDS](http://ids.surfnet.nl/) + - [Modern Honeynet Network](http://threatstream.github.io/mhn/) - makes deploying and managing secure honeypots extremely simple. + - [SurfIDS](http://ids.surfnet.nl/) - an open source Distributed Intrusion Detection System based on passive sensors. - Automated malware analysis system - - [Cuckoo](https://cuckoosandbox.org/) - - [Anubis](https://anubis.iseclab.org/) - - [Hybrid Analysis](https://www.hybrid-analysis.com) + - [Cuckoo](https://cuckoosandbox.org/) - he leading open source automated malware analysis system. + - [Hybrid Analysis](https://www.hybrid-analysis.com) - a free malware analysis service powered by Payload Security that detects and analyzes unknown threats using a unique Hybrid Analysis technology. - Low interaction - - [mwcollectd](http//git.mwcollect.org/mwcollectd) + - [mwcollectd](https://www.openhub.net/p/mwcollectd) - a versatile malware collection daemon, uniting the best features of nepenthes and honeytrap - Low interaction honeypot on USB stick - - [Honeystick](http://www.ukhoneynet.org/research/honeystick-howto/) + - [Honeystick](http://www.ukhoneynet.org/research/honeystick-howto/) - Honeypot extensions to Wireshark - - [Whireshark Extensions](https://www.honeynet.org/project/WiresharkExtensions) - -- Data Analysis Tool - - [HpfeedsHoneyGraph](https://github.com/yuchincheng/HpfeedsHoneyGraph) - - [Acapulco](https://github.com/hgascon/Acapulco4HNP) + - [Whireshark Extensions](https://www.honeynet.org/project/WiresharkExtensions) - support applying Snort IDS rules and signatures against pcap files. - Telephony honeypot - [Zapping Rachel](https://seanmckaybeck.com/zapping-rachel.html) @@ -427,30 +421,33 @@ the honeyd daemon and generate configuration files - [Argos](http://www.few.vu.nl/argos/) - An emulator for capturing zero-day attacks - Sandbox-as-a-Service - - [malwr.com](https://malwr.com/) - free malware analysis service and community - - [detux.org](http://detux.org) - Multiplatform Linux Sandbox - - [Joebox Cloud](https://jbxcloud.joesecurity.org/login) - analyzes the behavior of malicious files including PEs, PDFs, DOCs, PPTs, XLSs, APKs, URLs and MachOs on Windows, Android and Mac OS X for suspicious activities + - [malwr.com](https://malwr.com/) - free malware analysis service and community. + - [detux.org](http://detux.org) - Multiplatform Linux Sandbox. + - [Joebox Cloud](https://jbxcloud.joesecurity.org/login) - analyzes the behavior of malicious files including PEs, PDFs, DOCs, PPTs, XLSs, APKs, URLs and MachOs on Windows, Android and Mac OS X for suspicious activities. ## Data Tools - Front Ends - - [Tango](https://github.com/aplura/Tango) - Honeypot Intelligence with Splunk - - [Django-kippo](https://github.com/jedie/django-kippo) - Django App for kippo SSH Honeypot - - [Wordpot-Frontend](https://github.com/GovCERT-CZ/Wordpot-Frontend) - a full featured script to visualize statistics from a Wordpot honeypot - - [Shockpot-Frontend](https://github.com/GovCERT-CZ/Shockpot-Frontend) - a full featured script to visualize statistics from a Shockpot honeypot - - [honeypotDisplay](https://github.com/Joss-Steward/honeypotDisplay) - A flask website which displays data I've gathered with my SSH Honeypot - - [honeyalarmg2](https://github.com/schmalle/honeyalarmg2) - Simplified UI for showing honeypot alarms + - [Tango](https://github.com/aplura/Tango) - Honeypot Intelligence with Splunk. + - [Django-kippo](https://github.com/jedie/django-kippo) - Django App for kippo SSH Honeypot. + - [Wordpot-Frontend](https://github.com/GovCERT-CZ/Wordpot-Frontend) - a full featured script to visualize statistics from a Wordpot honeypot. + - [Shockpot-Frontend](https://github.com/GovCERT-CZ/Shockpot-Frontend) - a full featured script to visualize statistics from a Shockpot honeypot. + - [honeypotDisplay](https://github.com/Joss-Steward/honeypotDisplay) - A flask website which displays data I've gathered with my SSH Honeypot. + - [honeyalarmg2](https://github.com/schmalle/honeyalarmg2) - Simplified UI for showing honeypot alarms. - Visualization - - [Kippo-Graph](http://bruteforce.gr/kippo-graph) - a full featured script to visualize statistics from a Kippo SSH honeypot - - [Kippo stats](https://github.com/mfontani/kippo-stats) - Mojolicious app to display statistics for your kippo SSH honeypot - - [HoneyStats](http://sourceforge.net/projects/honeystats/) - A statistical view of the recorded activity on a Honeynet - - [HoneyMap](https://github.com/fw42/honeymap) - Real-time websocket stream of GPS events on a fancy SVG world map - - [HoneyMalt](https://github.com/SneakersInc/HoneyMalt) - Maltego tranforms for mapping Honeypot systems + - [Kippo-Graph](http://bruteforce.gr/kippo-graph) - a full featured script to visualize statistics from a Kippo SSH honeypot. + - [Kippo stats](https://github.com/mfontani/kippo-stats) - Mojolicious app to display statistics for your kippo SSH honeypot. + - [HoneyStats](http://sourceforge.net/projects/honeystats/) - A statistical view of the recorded activity on a Honeynet. + - [HoneyMap](https://github.com/fw42/honeymap) - Real-time websocket stream of GPS events on a fancy SVG world map. + - [HoneyMalt](https://github.com/SneakersInc/HoneyMalt) - Maltego tranforms for mapping Honeypot systems. - [Glastopf Analytics](https://github.com/vavkamil/Glastopf-Analytics) - [Afterglow Cloud](https://github.com/ayrus/afterglow-cloud) - [Afterglow](http://afterglow.sourceforge.net/) - - [ovizart](https://github.com/oguzy/ovizart) - visual analysis for network traffic + - [ovizart](https://github.com/oguzy/ovizart) - visual analysis for network traffic. + - [HpfeedsHoneyGraph](https://github.com/yuchincheng/HpfeedsHoneyGraph) - a visualization app to visualize hpfeeds logs. + - [Acapulco](https://github.com/hgascon/Acapulco4HNP) - Automated Attack Community Graph Construction. + ## Guides