update links, add some full stops, update descriptions, move some links

This commit is contained in:
jose nazario 2017-01-16 09:31:14 -05:00
parent 280f2b1954
commit 642d079916

255
README.md
View File

@ -17,61 +17,61 @@ Discover more awesome lists at [sindresorhus/awesome](https://github.com/sindres
- [Guides](#guides) - [Guides](#guides)
## Related Lists ## Related Lists
- [awesome-pcaptools](https://github.com/caesar0301/awesome-pcaptools), useful in network traffic analysis - [awesome-pcaptools](https://github.com/caesar0301/awesome-pcaptools), useful in network traffic analysis.
- [awesome-malware-analysis](https://github.com/rshipp/awesome-malware-analysis), with some overlap here for artifact analysis - [awesome-malware-analysis](https://github.com/rshipp/awesome-malware-analysis), with some overlap here for artifact analysis.
## <a name="honeypots"></a> Honeypots ## <a name="honeypots"></a> Honeypots
- Database Honeypots - Database Honeypots
- [MongoDB-HoneyProxy](https://github.com/Plazmaz/MongoDB-HoneyProxy) - A MongoDB honeypot proxy. - [MongoDB-HoneyProxy](https://github.com/Plazmaz/MongoDB-HoneyProxy) - A MongoDB honeypot proxy.
- [Elastic honey](https://github.com/jordan-wright/elastichoney) - A Simple Elasticsearch Honeypot - [Elastic honey](https://github.com/jordan-wright/elastichoney) - A Simple Elasticsearch Honeypot.
- [mysql](https://github.com/schmalle/MysqlPot) - A mysql honeypot, still very very early stage - [mysql](https://github.com/schmalle/MysqlPot) - A mysql honeypot, still very very early stage.
- [NoSQLpot](https://github.com/torque59/nosqlpot) - The NoSQL Honeypot Framework. - [NoSQLpot](https://github.com/torque59/nosqlpot) - The NoSQL Honeypot Framework.
- [ESPot](https://github.com/mycert/ESPot) - ElasticSearch Honeypot - [ESPot](https://github.com/mycert/ESPot) - An Elasticsearch honeypot written in NodeJS, to capture every attempts to exploit CVE-2014-3120.
- [Delilah](https://github.com/Novetta/delilah) - An Elasticsearch Honeypot written in Python - [Delilah](https://github.com/Novetta/delilah) - An Elasticsearch Honeypot written in Python.
- Web honeypots - Web honeypots
- [Glastopf](https://github.com/mushorg/glastopf) - Web Application Honeypot - [Glastopf](https://github.com/mushorg/glastopf) - Web Application Honeypot.
- [phpmyadmin_honeypot](https://github.com/gfoss/phpmyadmin_honeypot) - - A simple and effective phpMyAdmin honeypot - [phpmyadmin_honeypot](https://github.com/gfoss/phpmyadmin_honeypot) - - A simple and effective phpMyAdmin honeypot.
- [servlet](https://github.com/schmalle/Servletpot) - Web application Honeypot - [servlet](https://github.com/schmalle/Servletpot) - Web application Honeypot.
- [Nodepot](https://github.com/schmalle/Nodepot) - A nodejs web application honeypot - [Nodepot](https://github.com/schmalle/Nodepot) - A nodejs web application honeypot.
- [basic-auth-pot](https://github.com/bjeborn/basic-auth-pot) bap - http Basic Authentication honeyPot - [basic-auth-pot](https://github.com/bjeborn/basic-auth-pot) bap - http Basic Authentication honeyPot.
- [Shadow Daemon](https://shadowd.zecure.org) - A modular Web Application Firewall / High-Interaction Honeypot for PHP, Perl & Python apps - [Shadow Daemon](https://shadowd.zecure.org) - A modular Web Application Firewall / High-Interaction Honeypot for PHP, Perl & Python apps.
- [Servletpot](https://github.com/schmalle/servletpot) - Web application Honeypot - [Servletpot](https://github.com/schmalle/servletpot) - Web application Honeypot.
- [Google Hack Honeypot](http://ghh.sourceforge.net) - designed to provide reconnaissance against attackers that use search engines as a hacking tool against your resources. - [Google Hack Honeypot](http://ghh.sourceforge.net) - designed to provide reconnaissance against attackers that use search engines as a hacking tool against your resources.
- [smart-honeypot](https://github.com/freak3dot/smart-honeypot) - PHP Script demonstrating a smart honey pot - [smart-honeypot](https://github.com/freak3dot/smart-honeypot) - PHP Script demonstrating a smart honey pot.
- [HonnyPotter](https://github.com/MartinIngesen/HonnyPotter) - A WordPress login honeypot for collection and analysis of failed login attempts. - [HonnyPotter](https://github.com/MartinIngesen/HonnyPotter) - A WordPress login honeypot for collection and analysis of failed login attempts.
- [HoneyPress](https://github.com/dustyfresh/HoneyPress) - python based WordPress honeypot in a docker container - [HoneyPress](https://github.com/dustyfresh/HoneyPress) - python based WordPress honeypot in a docker container.
- [wp-smart-honeypot](https://github.com/freak3dot/wp-smart-honeypot) - WordPress plugin to reduce comment spam with a smarter honeypot - [wp-smart-honeypot](https://github.com/freak3dot/wp-smart-honeypot) - WordPress plugin to reduce comment spam with a smarter honeypot.
- [wordpot](https://github.com/gbrindisi/wordpot) - A WordPress Honeypot - [wordpot](https://github.com/gbrindisi/wordpot) - A WordPress Honeypot.
- [Bukkit Honeypot](https://github.com/Argomirr/Honeypot) Honeypot - A honeypot plugin for Bukkit - [Bukkit Honeypot](https://github.com/Argomirr/Honeypot) Honeypot - A honeypot plugin for Bukkit.
- [Laravel Application Honeypot](https://github.com/msurguy/Honeypot) - Honeypot - Simple spam prevention package for Laravel applications - [Laravel Application Honeypot](https://github.com/msurguy/Honeypot) - Honeypot - Simple spam prevention package for Laravel applications.
- [stack-honeypot](https://github.com/CHH/stack-honeypot) - Inserts a trap for spam bots into responses - [stack-honeypot](https://github.com/CHH/stack-honeypot) - Inserts a trap for spam bots into responses.
- [EoHoneypotBundle](https://github.com/eymengunay/EoHoneypotBundle) - Honeypot type for Symfony2 forms - [EoHoneypotBundle](https://github.com/eymengunay/EoHoneypotBundle) - Honeypot type for Symfony2 forms.
- [shockpot](https://github.com/threatstream/shockpot) - WebApp Honeypot for detecting Shell Shock exploit attempts - [shockpot](https://github.com/threatstream/shockpot) - WebApp Honeypot for detecting Shell Shock exploit attempts.
- [django-admin-honeypot](https://github.com/dmpayton/django-admin-honeypot) - A fake Django admin login screen to notify admins of attempted unauthorized access. - [django-admin-honeypot](https://github.com/dmpayton/django-admin-honeypot) - A fake Django admin login screen to notify admins of attempted unauthorized access.
- Service Honeypots - Service Honeypots
- [honeyntp](https://github.com/fygrave/honeyntp) - NTP logger/honeypot - [honeyntp](https://github.com/fygrave/honeyntp) - NTP logger/honeypot.
- [honeypot-camera](https://github.com/alexbredo/honeypot-camera) - observation camera honeypot - [honeypot-camera](https://github.com/alexbredo/honeypot-camera) - observation camera honeypot.
- [troje](https://github.com/dutchcoders/troje/) - a honeypot built around lxc containers. It will run each connection with the service within a seperate lxc container. - [troje](https://github.com/dutchcoders/troje/) - a honeypot built around lxc containers. It will run each connection with the service within a seperate lxc container.
- [HoneyPy](https://github.com/foospidy/HoneyPy) - A low interaction honeypot - [HoneyPy](https://github.com/foospidy/HoneyPy) - A low interaction honeypot.
- [Ensnare](https://github.com/ahoernecke/ensnare) - Easy to deploy Ruby honeypot - [Ensnare](https://github.com/ahoernecke/ensnare) - Easy to deploy Ruby honeypot.
- [RDPy](https://github.com/citronneur/rdpy) - A Microsoft Remote Desktop Protocol (RDP) honeypot in python - [RDPy](https://github.com/citronneur/rdpy) - A Microsoft Remote Desktop Protocol (RDP) honeypot in python.
- [Honeyprint](https://github.com/glaslos/honeyprint) - Printer honeypot - [Honeyprint](https://github.com/glaslos/honeyprint) - Printer honeypot.
- [Tom's Honeypot](https://github.com/inguardians/toms_honeypot) - Low interaction Python honeypot - [Tom's Honeypot](https://github.com/inguardians/toms_honeypot) - Low interaction Python honeypot.
- Distributed Honeypots - Distributed Honeypots
- [DemonHunter](https://github.com/RevengeComing/DemonHunter) - Low interaction Honepot Server - [DemonHunter](https://github.com/RevengeComing/DemonHunter) - Low interaction Honepot Server.
- Anti-honeypot stuff - Anti-honeypot stuff
- [kippo_detect](https://github.com/andrew-morris/kippo_detect) - This is not a honeypot, but it detects kippo. (This guy has lots of more interesting stuff) - [kippo_detect](https://github.com/andrew-morris/kippo_detect) - This is not a honeypot, but it detects kippo. (This guy has lots of more interesting stuff)
- ICS/SCADA honeypots - ICS/SCADA honeypots
- [Conpot](https://github.com/mushorg/conpot) - ICS/SCADA honeypot - [Conpot](https://github.com/mushorg/conpot) - ICS/SCADA honeypot.
- [gridpot](https://github.com/sk4ld/gridpot) - Open source tools for realistic-behaving electric grid honeynets - [gridpot](https://github.com/sk4ld/gridpot) - Open source tools for realistic-behaving electric grid honeynets .
- [scada-honeynet](http://www.digitalbond.com/tools/scada-honeynet/) - mimics many of the services from a popular PLC and better helps SCADA researchers understand potential risks of exposed control system devices - [scada-honeynet](http://www.digitalbond.com/tools/scada-honeynet/) - mimics many of the services from a popular PLC and better helps SCADA researchers understand potential risks of exposed control system devices.
- [SCADA honeynet](http://scadahoneynet.sourceforge.net) - Building Honeypots for Industrial Networks - [SCADA honeynet](http://scadahoneynet.sourceforge.net) - Building Honeypots for Industrial Networks.
- [GasPot](https://github.com/sjhilt/GasPot) - Veeder Root Gaurdian AST, common in the oil and gas industry. - [GasPot](https://github.com/sjhilt/GasPot) - Veeder Root Gaurdian AST, common in the oil and gas industry.
- Other/random - Other/random
@ -79,167 +79,161 @@ Discover more awesome lists at [sindresorhus/awesome](https://github.com/sindres
- [Open Canary](https://pypi.python.org/pypi/opencanary) - A low interaction honeypot intended to be run on internal networks. - [Open Canary](https://pypi.python.org/pypi/opencanary) - A low interaction honeypot intended to be run on internal networks.
- [libemu](https://github.com/buffer/libemu) - Shellcode emulation library, useful for shellcode detection. - [libemu](https://github.com/buffer/libemu) - Shellcode emulation library, useful for shellcode detection.
- [OFPot](https://github.com/upa/ofpot) - OpenFlow Honeypot, redirects traffic for unused IPs to a honeypot. Built on POX. - [OFPot](https://github.com/upa/ofpot) - OpenFlow Honeypot, redirects traffic for unused IPs to a honeypot. Built on POX.
- [OpenCanary](https://github.com/thinkst/opencanary) - Modular and decentralised honeypot - [OpenCanary](https://github.com/thinkst/opencanary) - Modular and decentralised honeypot.
- Botnet C2 monitor - Botnet C2 monitor
- [Hale](https://github.com/pjlantz/Hale) - Botnet command &amp; control monitor - [Hale](https://github.com/pjlantz/Hale) - Botnet command &amp; control monitor.
- IPv6 attack detection tool - IPv6 attack detection tool
- [ipv6-attack-detector](https://github.com/mzweilin/ipv6-attack-detector/) - Google Summer of Code 2012 project, supported by The Honeynet Project organization - [ipv6-attack-detector](https://github.com/mzweilin/ipv6-attack-detector/) - Google Summer of Code 2012 project, supported by The Honeynet Project organization.
- Research Paper - Research Paper
- [vEYE](http://link.springer.com/article/10.1007%2Fs10115-008-0137-3) - behavioral footprinting for self-propagating worm detection and profiling - [vEYE](http://link.springer.com/article/10.1007%2Fs10115-008-0137-3) - behavioral footprinting for self-propagating worm detection and profiling.
- Dynamic code instrumentation toolkit - Dynamic code instrumentation toolkit
- [Frida](http://www.frida.re) - Inject JavaScript to explore native apps on Windows, Mac, Linux, iOS and Android - [Frida](http://www.frida.re) - Inject JavaScript to explore native apps on Windows, Mac, Linux, iOS and Android.
- Front-end for dionaea - Front-end for dionaea
- [DionaeaFR](https://github.com/rubenespadas/DionaeaFR) - Front Web to Dionaea low-interaction honeypot - [DionaeaFR](https://github.com/rubenespadas/DionaeaFR) - Front Web to Dionaea low-interaction honeypot.
- Tool to convert website to server honeypots - Tool to convert website to server honeypots
- [HIHAT](http://hihat.sourceforge.net/) - ransform arbitrary PHP applications into web-based high-interaction Honeypots - [HIHAT](http://hihat.sourceforge.net/) - ransform arbitrary PHP applications into web-based high-interaction Honeypots.
- Malware collector - Malware collector
- [Kippo-Malware](http://bruteforce.gr/kippo-malware) - Python script that will download all malicious files stored as URLs in a Kippo SSH honeypot database - [Kippo-Malware](http://bruteforce.gr/kippo-malware) - Python script that will download all malicious files stored as URLs in a Kippo SSH honeypot database.
- Sebek in QEMU - Sebek in QEMU
- [Qebek](https://projects.honeynet.org/sebek/wiki/Qebek) - QEMU based Sebek. As Sebek, it is data capture tool for high interaction honeypot - [Qebek](https://projects.honeynet.org/sebek/wiki/Qebek) - QEMU based Sebek. As Sebek, it is data capture tool for high interaction honeypot.
- Malware Simulator - Malware Simulator
- [imalse](https://github.com/hbhzwj/imalse) - Integrated MALware Simulator and Emulator - [imalse](https://github.com/hbhzwj/imalse) - Integrated MALware Simulator and Emulator.
- Distributed sensor deployment - Distributed sensor deployment
- [Smarthoneypot](https://smarthoneypot.com/) - custom honeypot intelligence system that is simple to deploy and easy to manage - [Smarthoneypot](https://smarthoneypot.com/) - custom honeypot intelligence system that is simple to deploy and easy to manage.
- [Modern Honey Network](https://github.com/threatstream/mhn) - Multi-snort and honeypot sensor management, uses a network of VMs, small footprint SNORT installations, stealthy dionaeas, and a centralized server for management - [Modern Honey Network](https://github.com/threatstream/mhn) - Multi-snort and honeypot sensor management, uses a network of VMs, small footprint SNORT installations, stealthy dionaeas, and a centralized server for management.
- [ADHD](http://sourceforge.net/projects/adhd/) - Active Defense Harbinger Distribution (ADHD) is a Linux distro based on Ubuntu LTS. It comes with many tools aimed at active defense preinstalled and configured - [ADHD](http://sourceforge.net/projects/adhd/) - Active Defense Harbinger Distribution (ADHD) is a Linux distro based on Ubuntu LTS. It comes with many tools aimed at active defense preinstalled and configured.
- Network Analysis Tool - Network Analysis Tool
- [Tracexploit](https://code.google.com/p/tracexploit/) - replay network packets - [Tracexploit](https://code.google.com/p/tracexploit/) - replay network packets.
- Log anonymizer - Log anonymizer
- [LogAnon](http://code.google.com/p/loganon/) - log anonymization library that helps having anonymous logs consistent between logs and network captures - [LogAnon](http://code.google.com/p/loganon/) - log anonymization library that helps having anonymous logs consistent between logs and network captures.
- server
- [Honeysink](http://www.honeynet.org/node/773) - open source network sinkhole that provides a mechanism for detection and prevention of malicious traffic on a given network
- Botnet traffic detection - Botnet traffic detection
- [dnsMole](https://code.google.com/p/dns-mole/) - analyse dns traffic, and to potentionaly detect botnet C&C server and infected hosts - [dnsMole](https://code.google.com/p/dns-mole/) - analyse dns traffic, and to potentionaly detect botnet C&C server and infected hosts.
- Low interaction honeypot (router back door) - Low interaction honeypot (router back door)
- [Honeypot-32764](https://github.com/knalli/honeypot-for-tcp-32764) - Honeypot for router backdoor (TCP 32764) - [Honeypot-32764](https://github.com/knalli/honeypot-for-tcp-32764) - Honeypot for router backdoor (TCP 32764).
- honeynet farm traffic redirector - honeynet farm traffic redirector
- [Honeymole](https://web.archive.org/web/20120122130150/http://www.honeynet.org.pt/index.php/HoneyMole) - eploy multiple sensors that redirect traffic to a centralized collection of honeypots - [Honeymole](https://web.archive.org/web/20120122130150/http://www.honeynet.org.pt/index.php/HoneyMole) - eploy multiple sensors that redirect traffic to a centralized collection of honeypots.
- HTTPS Proxy - HTTPS Proxy
- [mitmproxy](http://mitmproxy.org/) - allows traffic flows to be intercepted, inspected, modified and replayed - [mitmproxy](http://mitmproxy.org/) - allows traffic flows to be intercepted, inspected, modified and replayed.
- System instrumentation - System instrumentation
- [Sysdig](http://www.sysdig.org) - open source, system-level exploration: capture system state and activity from a running Linux instance, then save, filter and analyze - [Sysdig](http://www.sysdig.org) - open source, system-level exploration: capture system state and activity from a running Linux instance, then save, filter and analyze.
- [Fibratus](https://github.com/rabbitstack/fibratus) - tool for exploration and tracing of the Windows kernel - [Fibratus](https://github.com/rabbitstack/fibratus) - tool for exploration and tracing of the Windows kernel.
- Honeypot for USB-spreading malware - Honeypot for USB-spreading malware
- [Ghost-usb](https://github.com/honeynet/ghost-usb-honeypot) - honeypot for malware that propagates via USB storage devices - [Ghost-usb](https://github.com/honeynet/ghost-usb-honeypot) - honeypot for malware that propagates via USB storage devices.
- Data Collection - Data Collection
- [Kippo2MySQL](http://bruteforce.gr/kippo2mysql) - extracts some very basic stats from Kippos text-based log files (a mess to analyze!) and inserts them in a MySQL database - [Kippo2MySQL](http://bruteforce.gr/kippo2mysql) - extracts some very basic stats from Kippos text-based log files (a mess to analyze!) and inserts them in a MySQL database.
- [Kippo2ElasticSearch](http://bruteforce.gr/kippo2elasticsearch) - Python script to transfer data from a Kippo SSH honeypot MySQL database to an ElasticSearch instance (server or cluster) - [Kippo2ElasticSearch](http://bruteforce.gr/kippo2elasticsearch) - Python script to transfer data from a Kippo SSH honeypot MySQL database to an ElasticSearch instance (server or cluster).
- Passive network audit framework parser - Passive network audit framework parser
- [pnaf](https://github.com/jusafing/pnaf) - Passive Network Audit Framework - [pnaf](https://github.com/jusafing/pnaf) - Passive Network Audit Framework.
- VM Introspection - VM Introspection
- [VIX virtual machine introspection toolkit](http://assert.uaf.edu/research/vmi.html) - VMI toolkit for Xen, called Virtual Introspection for Xen (VIX) - [VIX virtual machine introspection toolkit](http://assert.uaf.edu/research/vmi.html) - VMI toolkit for Xen, called Virtual Introspection for Xen (VIX).
- [vmscope](http://cs.gmu.edu/~xwangc/Publications/RAID07-VMscope.pdf) - Monitoring of VM-based - [vmscope](http://cs.gmu.edu/~xwangc/Publications/RAID07-VMscope.pdf) - Monitoring of VM-based.
High-Interaction Honeypots
- [vmitools](http://libvmi.com/) - C library with Python bindings that makes it easy to monitor the low-level details of a running virtual machine - High-Interaction Honeypots
- [vmitools](http://libvmi.com/) - C library with Python bindings that makes it easy to monitor the low-level details of a running virtual machine.
- Binary debugger - Binary debugger
- [Hexgolems - Schem Debugger Frontend](https://github.com/hexgolems/schem) - A debugger frontend - [Hexgolems - Schem Debugger Frontend](https://github.com/hexgolems/schem) - A debugger frontend.
- [Hexgolems - Pint Debugger Backend](https://github.com/hexgolems/pint) - A debugger backend and LUA wrapper for PIN - [Hexgolems - Pint Debugger Backend](https://github.com/hexgolems/pint) - A debugger backend and LUA wrapper for PIN.
- Mobile Analysis Tool - Mobile Analysis Tool
- [APKinspector](https://github.com/honeynet/apkinspector/) - APKinspector is a powerful GUI tool for analysts to analyze the Android applications - [APKinspector](https://github.com/honeynet/apkinspector/) - APKinspector is a powerful GUI tool for analysts to analyze the Android applications.
- [Androguard](https://github.com/androguard/androguard) - Reverse engineering, Malware and goodware analysis of Android applications ... and more - [Androguard](https://github.com/androguard/androguard) - Reverse engineering, Malware and goodware analysis of Android applications ... and more.
- Low interaction honeypot - Low interaction honeypot
- [Honeypoint](http://microsolved.com/HoneyPoint-server.html) - platform of distributed honeypot technologies - [Honeypoint](http://microsolved.com/HoneyPoint-server.html) - platform of distributed honeypot technologies.
- [Honeyperl](http://sourceforge.net/projects/honeyperl/) - Honeypot software based in Perl with plugins developed for many functions like : wingates, telnet, squid, smtp, etc - [Honeyperl](http://sourceforge.net/projects/honeyperl/) - Honeypot software based in Perl with plugins developed for many functions like : wingates, telnet, squid, smtp, etc.
- Honeynet data fusion - Honeynet data fusion
- [HFlow2](https://projects.honeynet.org/hflow) - data coalesing tool for honeynet/network analysis - [HFlow2](https://projects.honeynet.org/hflow) - data coalesing tool for honeynet/network analysis.
- Server - Server
- [LaBrea](http://labrea.sourceforge.net/labrea-info.html) - takes over unused IP addresses, and creates virtual servers that are attractive to worms, hackers, and other denizens of the Internet. - [LaBrea](http://labrea.sourceforge.net/labrea-info.html) - takes over unused IP addresses, and creates virtual servers that are attractive to worms, hackers, and other denizens of the Internet.
- [KFSensor](http://www.keyfocus.net/kfsensor/) - Windows based honeypot Intrusion Detection System (IDS) - [Honeysink](http://www.honeynet.org/node/773) - open source network sinkhole that provides a mechanism for detection and prevention of malicious traffic on a given network.
- [Honeyd](https://github.com/provos/honeyd) Also see [more honeyd tools](#honeyd) - [KFSensor](http://www.keyfocus.net/kfsensor/) - Windows based honeypot Intrusion Detection System (IDS).
- [UDPot Honeypot](https://github.com/jekil/UDPot) - Simple UDP / DNS honeypot scripts - [Honeyd](https://github.com/provos/honeyd) Also see [more honeyd tools](#honeyd).
- [Conpot](http://conpot.org/) - ow interactive server side Industrial Control Systems honeypot - [UDPot Honeypot](https://github.com/jekil/UDPot) - Simple UDP / DNS honeypot scripts.
- [Bifrozt](https://github.com/Bifrozt/bifrozt-ansible) - High interaction honeypot solution for Linux based systems - [Conpot](http://conpot.org/) - ow interactive server side Industrial Control Systems honeypot.
- [Beeswarm](http://www.beeswarm-ids.org/) - Honeypot deployment made easy - [Bifrozt](https://github.com/Bifrozt/bifrozt-ansible) - High interaction honeypot solution for Linux based systems.
- [Bait and Switch](http://baitnswitch.sourceforge.net) - redirects all hostile traffic to a honeypot that is partially mirroring your production system - [Beeswarm](http://www.beeswarm-ids.org/) - Honeypot deployment made easy.
- [Artillery](https://github.com/trustedsec/artillery/) - open-source blue team tool designed to protect Linux and Windows operating systems through multiple methods - [Bait and Switch](http://baitnswitch.sourceforge.net) - redirects all hostile traffic to a honeypot that is partially mirroring your production system.
- [slipm-honeypot](https://github.com/rshipp/slipm-honeypot) - A simple low-interaction port monitoring honeypot - [Artillery](https://github.com/trustedsec/artillery/) - open-source blue team tool designed to protect Linux and Windows operating systems through multiple methods.
- [HoneyWRT](https://github.com/CanadianJeff/honeywrt) - low interaction Python honeypot designed to mimic services or ports that might get targeted by attackers - [slipm-honeypot](https://github.com/rshipp/slipm-honeypot) - A simple low-interaction port monitoring honeypot.
- [Amun](http://amunhoney.sourceforge.net) - vulnerability emulation honeypot - [HoneyWRT](https://github.com/CanadianJeff/honeywrt) - low interaction Python honeypot designed to mimic services or ports that might get targeted by attackers.
- [TelnetHoney](https://github.com/AnguisCaptor/TelnetHoney) - A simple telnet honeypot - [Amun](http://amunhoney.sourceforge.net) - vulnerability emulation honeypot.
- [Hontel](https://github.com/stamparm/hontel) - Telnet Honeypot - [TelnetHoney](https://github.com/AnguisCaptor/TelnetHoney) - A simple telnet honeypot.
- [MTPot](https://github.com/CymmetriaResearch/MTPot) - Open Source Telnet Honeypot, focused on Mirai malware - [Hontel](https://github.com/stamparm/hontel) - Telnet Honeypot.
- [Heralding](https://github.com/johnnykv/heralding) - A credentials catching honeypot - [MTPot](https://github.com/CymmetriaResearch/MTPot) - Open Source Telnet Honeypot, focused on Mirai malware.
- [VNC-Pot](https://github.com/SepehrHml/VNC-Pot) - A low interaction VNC honeypot - [Heralding](https://github.com/johnnykv/heralding) - A credentials catching honeypot.
- [vnclowpot](https://github.com/magisterquis/vnclowpot) - A low interaction VNC honeypot - [VNC-Pot](https://github.com/SepehrHml/VNC-Pot) - A low interaction VNC honeypot.
- [SIREN](https://github.com/blaverick62/SIREN) - Semi-Intelligent HoneyPot Network - HoneyNet Intelligent Virtual Environment - [vnclowpot](https://github.com/magisterquis/vnclowpot) - A low interaction VNC honeypot.
- [SIREN](https://github.com/blaverick62/SIREN) - Semi-Intelligent HoneyPot Network - HoneyNet Intelligent Virtual Environment.
- [telnetlogger](https://github.com/robertdavidgraham/telnetlogger) - A Telnet honeypot designed to track the Mirai botnet. - [telnetlogger](https://github.com/robertdavidgraham/telnetlogger) - A Telnet honeypot designed to track the Mirai botnet.
- VM cloaking script - VM cloaking script
- [Antivmdetect](https://github.com/nsmfoo/antivmdetection) - Script to create templates to use with VirtualBox to make vm detection harder - [Antivmdetect](https://github.com/nsmfoo/antivmdetection) - Script to create templates to use with VirtualBox to make vm detection harder.
- IDS signature generation - IDS signature generation
- [Honeycomb](http://www.icir.org/christian/honeycomb/) - [Honeycomb](http://www.icir.org/christian/honeycomb/) - Automated signature creation using honeypots.
- lookup service for AS-numbers and prefixes - Lookup service for AS-numbers and prefixes
- [CC2ASN](http://www.cc2asn.com/) - [CC2ASN](http://www.cc2asn.com/) - A simple lookup service for AS-numbers and prefixes belonging to any given country in the world.
- Web interface (for Thug) - Web interface (for Thug)
- [Rumal](https://github.com/thugs-rumal/) - Thug's Rumāl: a Thug's dress & weapon - [Rumal](https://github.com/thugs-rumal/) - Thug's Rumāl: a Thug's dress & weapon.
- Data Collection / Data Sharing - Data Collection / Data Sharing
- [HPfriends](http://hpfriends.honeycloud.net/#/home) - data-sharing platform - [HPfriends](http://hpfriends.honeycloud.net/#/home) - data-sharing platform.
- [HPFeeds](https://github.com/rep/hpfeeds/) - lightweight authenticated publish-subscribe protocol - [HPFeeds](https://github.com/rep/hpfeeds/) - lightweight authenticated publish-subscribe protocol.
- Python bindings for libemu - Python bindings for libemu
- [Pylibemu](https://github.com/buffer/pylibemu) - A Libemu Cython wrapper - [Pylibemu](https://github.com/buffer/pylibemu) - A Libemu Cython wrapper.
- central management tool - central management tool
- [PHARM](http://www.nepenthespharm.com/) - [PHARM](http://www.nepenthespharm.com/) - Manage , Report, Analyze your distributed Nepenthes instances.
- Network connection analyzer - Network connection analyzer
- [Impost](http://impost.sourceforge.net/) - [Impost](http://impost.sourceforge.net/) - a network security auditing tool designed to analyze the forensics behind compromised and/or vulnerable daemons.
- Virtual Machine Cloaking - Virtual Machine Cloaking
- [VMCloak](https://github.com/jbremer/vmcloak) - [VMCloak](https://github.com/jbremer/vmcloak) - Automated Virtual Machine Generation and Cloaking for Cuckoo Sandbox.
- Honeypot deployment - Honeypot deployment
- [Modern Honeynet Network](http://threatstream.github.io/mhn/) - [Modern Honeynet Network](http://threatstream.github.io/mhn/) - makes deploying and managing secure honeypots extremely simple.
- [SurfIDS](http://ids.surfnet.nl/) - [SurfIDS](http://ids.surfnet.nl/) - an open source Distributed Intrusion Detection System based on passive sensors.
- Automated malware analysis system - Automated malware analysis system
- [Cuckoo](https://cuckoosandbox.org/) - [Cuckoo](https://cuckoosandbox.org/) - he leading open source automated malware analysis system.
- [Anubis](https://anubis.iseclab.org/) - [Hybrid Analysis](https://www.hybrid-analysis.com) - a free malware analysis service powered by Payload Security that detects and analyzes unknown threats using a unique Hybrid Analysis technology.
- [Hybrid Analysis](https://www.hybrid-analysis.com)
- Low interaction - Low interaction
- [mwcollectd](http//git.mwcollect.org/mwcollectd) - [mwcollectd](https://www.openhub.net/p/mwcollectd) - a versatile malware collection daemon, uniting the best features of nepenthes and honeytrap
- Low interaction honeypot on USB stick - Low interaction honeypot on USB stick
- [Honeystick](http://www.ukhoneynet.org/research/honeystick-howto/) - [Honeystick](http://www.ukhoneynet.org/research/honeystick-howto/)
- Honeypot extensions to Wireshark - Honeypot extensions to Wireshark
- [Whireshark Extensions](https://www.honeynet.org/project/WiresharkExtensions) - [Whireshark Extensions](https://www.honeynet.org/project/WiresharkExtensions) - support applying Snort IDS rules and signatures against pcap files.
- Data Analysis Tool
- [HpfeedsHoneyGraph](https://github.com/yuchincheng/HpfeedsHoneyGraph)
- [Acapulco](https://github.com/hgascon/Acapulco4HNP)
- Telephony honeypot - Telephony honeypot
- [Zapping Rachel](https://seanmckaybeck.com/zapping-rachel.html) - [Zapping Rachel](https://seanmckaybeck.com/zapping-rachel.html)
@ -427,30 +421,33 @@ the honeyd daemon and generate configuration files
- [Argos](http://www.few.vu.nl/argos/) - An emulator for capturing zero-day attacks - [Argos](http://www.few.vu.nl/argos/) - An emulator for capturing zero-day attacks
- Sandbox-as-a-Service - Sandbox-as-a-Service
- [malwr.com](https://malwr.com/) - free malware analysis service and community - [malwr.com](https://malwr.com/) - free malware analysis service and community.
- [detux.org](http://detux.org) - Multiplatform Linux Sandbox - [detux.org](http://detux.org) - Multiplatform Linux Sandbox.
- [Joebox Cloud](https://jbxcloud.joesecurity.org/login) - analyzes the behavior of malicious files including PEs, PDFs, DOCs, PPTs, XLSs, APKs, URLs and MachOs on Windows, Android and Mac OS X for suspicious activities - [Joebox Cloud](https://jbxcloud.joesecurity.org/login) - analyzes the behavior of malicious files including PEs, PDFs, DOCs, PPTs, XLSs, APKs, URLs and MachOs on Windows, Android and Mac OS X for suspicious activities.
## <a name="visualizers"></a> Data Tools ## <a name="visualizers"></a> Data Tools
- Front Ends - Front Ends
- [Tango](https://github.com/aplura/Tango) - Honeypot Intelligence with Splunk - [Tango](https://github.com/aplura/Tango) - Honeypot Intelligence with Splunk.
- [Django-kippo](https://github.com/jedie/django-kippo) - Django App for kippo SSH Honeypot - [Django-kippo](https://github.com/jedie/django-kippo) - Django App for kippo SSH Honeypot.
- [Wordpot-Frontend](https://github.com/GovCERT-CZ/Wordpot-Frontend) - a full featured script to visualize statistics from a Wordpot honeypot - [Wordpot-Frontend](https://github.com/GovCERT-CZ/Wordpot-Frontend) - a full featured script to visualize statistics from a Wordpot honeypot.
- [Shockpot-Frontend](https://github.com/GovCERT-CZ/Shockpot-Frontend) - a full featured script to visualize statistics from a Shockpot honeypot - [Shockpot-Frontend](https://github.com/GovCERT-CZ/Shockpot-Frontend) - a full featured script to visualize statistics from a Shockpot honeypot.
- [honeypotDisplay](https://github.com/Joss-Steward/honeypotDisplay) - A flask website which displays data I've gathered with my SSH Honeypot - [honeypotDisplay](https://github.com/Joss-Steward/honeypotDisplay) - A flask website which displays data I've gathered with my SSH Honeypot.
- [honeyalarmg2](https://github.com/schmalle/honeyalarmg2) - Simplified UI for showing honeypot alarms - [honeyalarmg2](https://github.com/schmalle/honeyalarmg2) - Simplified UI for showing honeypot alarms.
- Visualization - Visualization
- [Kippo-Graph](http://bruteforce.gr/kippo-graph) - a full featured script to visualize statistics from a Kippo SSH honeypot - [Kippo-Graph](http://bruteforce.gr/kippo-graph) - a full featured script to visualize statistics from a Kippo SSH honeypot.
- [Kippo stats](https://github.com/mfontani/kippo-stats) - Mojolicious app to display statistics for your kippo SSH honeypot - [Kippo stats](https://github.com/mfontani/kippo-stats) - Mojolicious app to display statistics for your kippo SSH honeypot.
- [HoneyStats](http://sourceforge.net/projects/honeystats/) - A statistical view of the recorded activity on a Honeynet - [HoneyStats](http://sourceforge.net/projects/honeystats/) - A statistical view of the recorded activity on a Honeynet.
- [HoneyMap](https://github.com/fw42/honeymap) - Real-time websocket stream of GPS events on a fancy SVG world map - [HoneyMap](https://github.com/fw42/honeymap) - Real-time websocket stream of GPS events on a fancy SVG world map.
- [HoneyMalt](https://github.com/SneakersInc/HoneyMalt) - Maltego tranforms for mapping Honeypot systems - [HoneyMalt](https://github.com/SneakersInc/HoneyMalt) - Maltego tranforms for mapping Honeypot systems.
- [Glastopf Analytics](https://github.com/vavkamil/Glastopf-Analytics) - [Glastopf Analytics](https://github.com/vavkamil/Glastopf-Analytics)
- [Afterglow Cloud](https://github.com/ayrus/afterglow-cloud) - [Afterglow Cloud](https://github.com/ayrus/afterglow-cloud)
- [Afterglow](http://afterglow.sourceforge.net/) - [Afterglow](http://afterglow.sourceforge.net/)
- [ovizart](https://github.com/oguzy/ovizart) - visual analysis for network traffic - [ovizart](https://github.com/oguzy/ovizart) - visual analysis for network traffic.
- [HpfeedsHoneyGraph](https://github.com/yuchincheng/HpfeedsHoneyGraph) - a visualization app to visualize hpfeeds logs.
- [Acapulco](https://github.com/hgascon/Acapulco4HNP) - Automated Attack Community Graph Construction.
## <a name="guides"></a>Guides ## <a name="guides"></a>Guides