From eb66a0460d0f205e848a08a7b9d0f83a6009788a Mon Sep 17 00:00:00 2001 From: jose nazario Date: Thu, 18 Jun 2015 09:27:11 -0400 Subject: [PATCH] tons of updates from the Google spreadsheet --- README.md | 318 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 318 insertions(+) diff --git a/README.md b/README.md index 098927a..3c19301 100644 --- a/README.md +++ b/README.md @@ -26,3 +26,321 @@ The list is divided into categories such as web, services, and others, focusing - ICS/SCADA honeypots - [Conpot](https://github.com/glastopf/conpot) + +- Visualization + - [HoneyMap](https://github.com/fw42/honeymap) + - [HoneyMalt](https://github.com/SneakersInc/HoneyMalt) +- Data Analysis + - [Kippo-Graph](http://bruteforce.gr/kippo-graph) + - [Kippo stats](https://github.com/mfontani/kippo-stats) +- - + - [honeytoken](-) + - [Mantrap / Symantec Decoy Server](http://www.systemhouse.com/symantec/sds.htm) + - [BigEye](http://violating.us/projects/bigeye/) + - [BackOfficer Friendly](http://www.nfr.com/resource/backOfficer.php) +- Proxy honeypot + - [Proxypot](http://proxypot.spamteam.nl) +- Open Relay Spam Honeypot + - [SpamHAT](https://github.com/miguelraulb/spamhat) +- Botnet C2 monitor + - [Hale](http://github.com/pjlantz/Hale) +- IPv6 attack detection tool + - [ipv6-guard](https://www.honeynet.org/gsoc2012/slot8) + - [ipv6-attack-detector](https://github.com/mzweilin/ipv6-attack-detector/) +- PHP honeypot + - [smart-honeypot](https://github.com/freak3dot/smart-honeypot) + - [PHPHop](http://rstack.org/phphop/) +- Honeypot Database + - [Manuka](https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&ved=0CCgQFjAB&url=https%3A%2F%2Fstaff.washington.edu%2Fdittrich%2Ftalks%2Fieee-ia-manuka.ppt&ei=nS1fVdDjJeL9ywP5soG4Cg&usg=AFQjCNGTVLU6WQe04DdUd1jzVx3Fmwi6Xg&bvm=bv.93990622,d.bGQ) +- Research Paper + - [vEYE](http://link.springer.com/article/10.1007%2Fs10115-008-0137-3) +- Honeynet statistics + - [HoneyStats](http://sourceforge.net/projects/honeystats/) +- Visual analsysis for network traffic + - [Picviz](http://www.wallinfire.net/picviz) +- Web honeypot + - [Shadow Daemon](https://shadowd.zecure.org) + - [Servletpot](github.com/schmalle/servletpot) + - [Nodepot](http://github.com/schmalle/Nodepot) + - [Google Hack Honeypot](http://ghh.sourceforge.net) +- dynamic code instrumentation toolkit + - [Frida](http://www.frida.re) +- Front-end for dionaea + - [DionaeaFR](https://github.com/rubenespadas/DionaeaFR) +- Tool to convert website to server honeypots + - [HIHAT](http://hihat.sourceforge.net/) +- Malware collector + - [Kippo-Malware](http://bruteforce.gr/kippo-malware) +- Sebek in QEMU + - [Qebek](https://projects.honeynet.org/sebek/wiki/Qebek) +- Malware Simulator + - [imalse](https://github.com/hbhzwj/imalse) +- Distributed sensor deployment + - [Sombria](http://www.lac.co.jp/business/sns/intelligence/sombria_e.html) + - [Smarthoneypot](http://smarthoneypot.com) +- SCADA honeypot + - [scada-honeypot](http://www.digitalbond.com/tools/scada-honeynet/) + - [SCADA honeynet](http://scadahoneynet.sourceforge.net) +- Network Analysis Tool + - [Tracexploit](https://code.google.com/p/tracexploit/) +- Log anonymizer + - [LogAnon](http://code.google.com/p/loganon/) +- server + - [Honeysink](http://www.honeynet.org/node/773) +- Botnet traffic detection + - [dnsMole](https://code.google.com/p/dns-mole/) +- Low interaction honeypot (router back door) + - [Honeypot-32764](https://github.com/knalli/honeypot-for-tcp-32764) +- honeynet farm traffic redirector + - [Honeymole](https://web.archive.org/web/20120122130150/http://www.honeynet.org.pt/index.php/HoneyMole) +- IDS signature generator + - [Nebula](http://nebula.carnivore.it/) +- Fake wireless access point + - [FakeAP](http://www.blackalchemy.to/project/fakeap/) +- HTTPS Proxy + - [mitmproxy](http://mitmproxy.org/) +- spamtrap + - [Jackpot Mailswerver](http://jackpot.uk.net/) +- System instrumentation + - [Sysdig](http://www.sysdig.org) +- Honeypot for USB-spreading malware + - [Ghost-usb](https://code.google.com/p/ghost-usb-honeypot/) +- Type + - [Tool](URL) +- analysis tool + - [RFISandbox](http://monkey.org/~jose/software/rfi-sandbox/) +- Data Collection + - [Kippo2MySQL](http://bruteforce.gr/kippo2mysql) + - [Kippo2ElasticSearch](http://bruteforce.gr/kippo2elasticsearch) +- Honeyd viewer + - [Honeyview](http://honeyview.sourceforge.net/) +- Passive network audit framework parser + - [pnaf](https://github.com/jusafing/pnaf) +- Honeyd to MySQL connector + - [Honeyd2MySQL](http://bruteforce.gr/honeyd2mysql) +- VM Introspection + - [VIX virtual machine introspection toolkit](http://assert.uaf.edu/research/vmi.html) + - [xenaccess](https://code.google.com/p/xenaccess/) + - [vmscope](http://cs.gmu.edu/~xwangc/Publications/RAID07-VMscope.pdf) + - [vmitools](http://libvmi.com/) +- Binary debugger + - [Hexgolems - Schem Debugger Frontend](https://github.com/hexgolems/schem) + - [Hexgolems - Pint Debugger Backend](https://github.com/hexgolems/pint) +- Mobile Analysis Tool + - [APKinspector](https://github.com/honeynet/apkinspector/) + - [Androguard](https://code.google.com/p/androguard/) +- Low interaction honeypot + - [Honeypoint](http://microsolved.com/?page_id=69) + - [Honeyperl](http://sourceforge.net/projects/honeyperl/) +- Honeynet data fusion + - [HFlow2](https://projects.honeynet.org/hflow) +- Server + - [Tiny Honeypot](http://www.alpinista.org/thp/ -> http://web.archive.org/web/20090606073121/http://www.alpinista.org/files/thp/) + - [Nephenthes](http://nepenthes.carnivore.it//) + - [LaBrea](http://labrea.sourceforge.net/labrea-info.html) + - [Kippo](https://github.com/desaster/kippo) + - [KFSensor](http://www.keyfocus.net/kfsensor/) + - [Honeytrap](http://honeytrap.carnivore.it/) + - [Honeyd](https://github.com/provos/honeyd) + - [Honeeebox](http://honeeebox.net) + - [Glastopf](http://glastopf.org/) + - [DNS Honeypot](https://github.com/jekil/UDPot) + - [Django-kippo](https://github.com/jedie/django-kippo) + - [Dionaea](http://dionaea.carnivore.it/) + - [Conpot](http://conpot.org/) + - [Bifrozt](http://sourceforge.net/projects/bifrozt/) + - [Beeswarm](http://www.beeswarm-ids.org/) + - [Bait and Switch](http://baitnswitch.sourceforge.net) + - [Artillery](https://github.com/trustedsec/artillery/) + - [Amun](http://amunhoney.sourceforge.net) +- VM cloaking script + - [Antivmdetect](https://github.com/nsmfoo/antivmdetection) +- Honeyd ported to Windows + - [Winhoneyd](http://www2.netvigilance.com/winhoneyd) +- IDS signature generation + - [Honeycomb](http://www.cl.cam.ac.uk/~cpk25/honeycomb/) +- Multiple + - [Honeeepi](https://redmine.honeynet.org/projects/honeeepi/wiki) +- Web interface to packet analyzer + - [OpenWitness](https://github.com/oguzy/openwitness) +- lookup service for AS-numbers and prefixes + - [CC2ASN](http://www.cc2asn.com/) +- Data Collection / Analysis Tool + - [Carniwwwhore](http://carnivore.it/2010/11/27/carniwwwhore) +- Wordpress spam honeypot + - [wp-smart-honeypot](https://github.com/freak3dot/wp-smart-honeypot) +- Web interface (for Thug) + - [Rumal](https://github.com/pdelsante/rumal) +- Snort binary carving + - [Pehunter](http://src.carnivore.it/pehunter/) +- Data Collection / Data Sharing + - [HPfriends](http://hpfriends.honeycloud.net/#/home) + - [HPFeeds](https://github.com/rep/hpfeeds/) +- PE-executables analyses + - [Xandora](http://www.xandora.net/xangui/) +- Distributed spam tracking + - [Project Honeypot](https://www.projecthoneypot.org) +- Python bindings for libemu + - [Pylibemu](https://github.com/buffer/pylibemu) +- Client honeypot + - [Pwnypot](https://github.com/shjalayeri/pwnypot) +- Controlled-relay spam honeypot + - [Shiva](https://github.com/shiva-spampot/shiva) +- Visualization Tool + - [Webviz](not working) + - [Glastopf Analytics](https://github.com/vavkamil/Glastopf-Analytics) + - [Afterglow Cloud](http://afterglow.secviz.org/) + - [Afterglow](http://afterglow.sourceforge.net/) +- central management tool + - [PHARM](http://www.nepenthespharm.com/) +- Network connection analyzer + - [Impost](http://impost.sourceforge.net/) +- Virtual Machine Cloaking + - [VMCloak](https://github.com/jbremer/vmcloak) +- A script to visualize statistics from honeyd + - [Honeyd-Viz](http://bruteforce.gr/honeyd-viz) +- Honeypot deployment + - [Modern Honeynet Network](http://threatstream.github.io/mhn/) + - [SurfIDS](http://ids.surfnet.nl/) +- Honeyd UI + - [Honeyd configuration GUI](http://www.citi.umich.edu/u/provos/honeyd/ch01-results/1/) +- Honeynet analysis tool + - [Honeynet Security Console](http://www.activeworx.org/programs/hsc/index.htm) +- Automated malware analysis system + - [Cuckoo](http://www.cuckoosandbox.org/) + - [Anubis](https://anubis.iseclab.org/) +- Low interaction + - [mwcollectd](http//git.mwcollect.org/mwcollectd) +- Low interaction honeypot on USB stick + - [Honeystick](http://www.ukhoneynet.org/research/honeystick-howto/) +- Honeypot extensions to Wireshark + - [Whireshark Extensions](https://www.honeynet.org/project/WiresharkExtensions) +- Data Analysis Tool + - [HpfeedsHoneyGraph](https://github.com/yuchincheng/HpfeedsHoneyGraph) + - [Acapulco](https://github.com/hgascon/Acapulco4HNP) +- Telephony honeypot + - [Zapping Rachel](https://seanmckaybeck.com/2014/08/17/zapping-rachel/) +- Client + - [Capture-HPC-NG](https://github.com/CERT-Polska/HSN-Capture-HPC-NG) + - [Wepawet](http://wepawet.cs.ucsb.edu/about.php) + - [URLQuery](https://urlquery.net/) + - [Trigona](https://www.honeynet.org/project/Trigona) + - [Thug](https://buffer.github.io/thug/) + - [Shelia](http://www.cs.vu.nl/~herbertb/misc/shelia/) + - [PhoneyC](https://github.com/honeynet/phoneyc) + - [Libemu](http://libemu.carnivore.it/) + - [Jsunpack-n](https://code.google.com/p/jsunpack-n/) + - [HoneyC](https://projects.honeynet.org/honeyc) + - [HoneyBOT](http://www.atomicsoftwaresolutions.com/honeybot.php) + - [CWSandbox / GFI Sandbox](www.gfi.com/malware-analysis-tool) + - [Capture-HPC-Linux](https://redmine.honeynet.org/projects/linux-capture-hpc/wiki) + - [Capture-HPC](https://projects.honeynet.org/capture-hpc) + - [Andrubis](https://anubis.iseclab.org/) +- Commercial high interaction honeypot + - [Countertack Scout](http://www.countertack.com/countertack-scout) +- Visual analysis for network traffic + - [ovizart-ng](https://github.com/honeynet/ovizart-ng) + - [ovizart](https://github.com/honeynet/ovizart) +- Binary Management and Analysis Framework + - [Viper](http://viper.li/) +- Honeypot + - [Single-honeypot](http://sourceforge.net/projects/single-honeypot/) + - [Honeyd For Windows](http://www.securityprofiling.com/honeyd/honeyd.shtml) + - [SWiSH](http://shat.net/swish/) + - [IMHoneypot](https://github.com/glastopf/imhoneypot) + - [Deception Toolkit](http://www.all.net/dtk/dtk.html) + - [Cybercop Sting](http://www.nai.com/international/uk/asp_set/products/tns/ccsting_intro.asp) +- PDF document inspector + - [peepdf](https://code.google.com/p/peepdf/) +- Distribution system + - [Thug Distributed Task Queuing](https://thug-distributed.readthedocs.org/en/latest/index.html) +- HoneyClient Management + - [HoneyWeb](https://code.google.com/p/gsoc-honeyweb/) +- Network Analysis + - [HoneyProxy](http://honeyproxy.org/) +- Hybrid low/high interaction honeypot + - [HoneyBrid](http://honeybrid.sourceforge.net) +- Sebek on Xen + - [xebek](https://code.google.com/p/xebek/) +- SSH Honeypot + - [Kojoney](http://kojoney.sourceforge.net/) +- Glastopf data analysis + - [Glastopf Analytics](https://github.com/vavkamil/Glastopf-Analytics) +- Distributed sensor project + - [DShield Web Honeypot Project](https://sites.google.com/site/webhoneypotsite/) + - [Distributed Web Honeypot Project](http://projects.webappsec.org/w/page/29606603/Distributed%20Web%20Honeypots) +- a pcap analyzer + - [Honeysnap](https://projects.honeynet.org/honeysnap/) +- Client Web crawler + - [HoneySpider Network](https://github.com/CERT-Polska/hsn2-bundle) +- network traffic redirector + - [Honeywall](https://projects.honeynet.org/honeywall/) +- Honeypot Distribution with mixed content + - [HoneyDrive](http://bruteforce.gr/honeydrive) +- Honeypot sensor + - [Dragon Research Group Distro](https://www.dragonresearchgroup.org/drg-distro.html) +- File carving + - [TestDisk & PhotoRec](http://www.cgsecurity.org/) +- File and Network Threat Intelligence + - [VirusTotal](http://virustotal.com) +- data capture + - [Sebek](https://projects.honeynet.org/sebek/) +- SSH proxy + - [HonSSH](https://github.com/tnich/honssh) +- Anti-Cheat + - [Minecraft honeypot](http://www.curse.com/bukkit-plugins/minecraft/honeypot) +- behavioral analysis tool for win32 + - [Capture BAT](https://www.honeynet.org/node/315) +- Live CD + - [DAVIX](http://davix.secviz.org) +- Spamtrap + - [Spampot.py](http://woozle.org/%7Eneale/src/python/spampot.py) + - [Spamhole](http://www.spamhole.net/) + - [spamd](http://www.openbsd.org/cgi-bin/man.cgi?query=spamd&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html) + - [SMTPot.py](http://llama.whoi.edu/smtpot.py) +- Commercial honeynet + - [Specter](http://www.specter.com/default50.htm) + - [Smoke Detector](http://palisadesys.com/products/smokedetector/) + - [Sandtrap](http://www.sandstorm.net/products/sandtrap/) + - [PatriotBox](http://www.alkasis.com/?fuseaction=products.info&id=20) + - [PacketDecoy](http://palisadesys.com/products/packetdecoy/) + - [NetFacade](http://www22.verizon.com/fns/solutions/netsec/netsec_netfacade.html) + - [Netbait](http://www.netbaitinc.com) +- Server (Bluetooth) + - [Bluepot](http://code.google.com/p/bluepot/) +- Honeyd stats + - [Honeydsum.pl](http://www.honeynet.org.br/) +- Dynamic analysis of Android apps + - [Droidbox](https://code.google.com/p/droidbox/) +- Dockerized Low Interaction packaging + - [Manuka](https://github.com/andrewmichaelsmith/manuka) +- Network analysis + - [Quechua](https://bitbucket.org/zaccone/quechua) +- Sebek data visualization + - [Sebek Dataviz](http://www.honeynet.org/gsoc/project4) +- Threat Intel feed aggregator / network grapher + - [Malcom](http://malcom.io) +- Sandbox + - [Argos](http://www.few.vu.nl/argos/) +- SIP Server + - [Artemnesia VoIP](http://artemisa.sourceforge.net) +- Honeyd plugin + - [Honeycomb](http://www.honeyd.org/tools.php) +- Sandbox-as-a-Service + - [malwr.com](malwr.com) +- Botnet C2 monitoring + - [botsnoopd](botsnoopd.mwcollect.org) +- low interaction + - [mysqlpot](github.com/schmalle/mysqlpot) +- Malware collection + - [Honeybow](http://honeybow.mwcollect.org/) +- sandbox + - [PHPSandbox](http://www.fieryprophet.com/phpsandbox) + - [dorothy2](https://github.com/m4rco-/dorothy2) + - [COMODO automated sandbox](https://help.comodo.com/topic-72-1-451-4768-.html) +- client + - [MonkeySpider](http://monkeyspider.sourceforge.net) +- Bootable honeyd + - [HOACD](http://www.honeynet.org.br/tools/) +- NTP honeypot + - [HoneyNTP](https://github.com/fygrave/honeyntp)