From fa58c3e8254ef9c6c193884094770f80562f5acd Mon Sep 17 00:00:00 2001 From: jose nazario Date: Wed, 27 Jun 2018 09:11:15 -0400 Subject: [PATCH] alphabetize the sections --- README.md | 238 +++++++++++++++++++++++++++--------------------------- 1 file changed, 119 insertions(+), 119 deletions(-) diff --git a/README.md b/README.md index 66a634e..232d313 100644 --- a/README.md +++ b/README.md @@ -23,58 +23,58 @@ Discover more awesome lists at [sindresorhus/awesome](https://github.com/sindres ## Honeypots - Database Honeypots - - [MongoDB-HoneyProxy](https://github.com/Plazmaz/MongoDB-HoneyProxy) - A MongoDB honeypot proxy. - - [Elastic honey](https://github.com/jordan-wright/elastichoney) - A Simple Elasticsearch Honeypot. - - [mysql](https://github.com/schmalle/MysqlPot) - A mysql honeypot, still very very early stage. - - [NoSQLpot](https://github.com/torque59/nosqlpot) - The NoSQL Honeypot Framework. - - [ESPot](https://github.com/mycert/ESPot) - An Elasticsearch honeypot written in NodeJS, to capture every attempts to exploit CVE-2014-3120. - [Delilah](https://github.com/Novetta/delilah) - An Elasticsearch Honeypot written in Python. + - [ESPot](https://github.com/mycert/ESPot) - An Elasticsearch honeypot written in NodeJS, to capture every attempts to exploit CVE-2014-3120. + - [Elastic honey](https://github.com/jordan-wright/elastichoney) - A Simple Elasticsearch Honeypot. + - [MongoDB-HoneyProxy](https://github.com/Plazmaz/MongoDB-HoneyProxy) - A MongoDB honeypot proxy. + - [NoSQLpot](https://github.com/torque59/nosqlpot) - The NoSQL Honeypot Framework. - [mysql-honeypotd](https://github.com/sjinks/mysql-honeypotd) - Low interaction MySQL honeypot written in C. + - [mysql](https://github.com/schmalle/MysqlPot) - A mysql honeypot, still very very early stage. - Web honeypots + - [Bukkit Honeypot](https://github.com/Argomirr/Honeypot) Honeypot - A honeypot plugin for Bukkit. + - [EoHoneypotBundle](https://github.com/eymengunay/EoHoneypotBundle) - Honeypot type for Symfony2 forms. - [Glastopf](https://github.com/mushorg/glastopf) - Web Application Honeypot. + - [Google Hack Honeypot](http://ghh.sourceforge.net) - designed to provide reconnaissance against attackers that use search engines as a hacking tool against your resources. + - [Laravel Application Honeypot](https://github.com/msurguy/Honeypot) - Honeypot - Simple spam prevention package for Laravel applications. + - [Nodepot](https://github.com/schmalle/Nodepot) - A nodejs web application honeypot. + - [Servletpot](https://github.com/schmalle/servletpot) - Web application Honeypot. + - [Shadow Daemon](https://shadowd.zecure.org/overview/introduction/) - A modular Web Application Firewall / High-Interaction Honeypot for PHP, Perl & Python apps. + - [WebTrap](https://github.com/IllusiveNetworks-Labs/WebTrap) - Designed to create deceptive webpages to deceive and redirect attackers away from real websites. + - [basic-auth-pot](https://github.com/bjeborn/basic-auth-pot) bap - http Basic Authentication honeyPot. + - [django-admin-honeypot](https://github.com/dmpayton/django-admin-honeypot) - A fake Django admin login screen to notify admins of attempted unauthorized access. + - [honeyhttpd](https://github.com/bocajspear1/honeyhttpd) - a Python-based web server honeypot builder. + - [phpmyadmin_honeypot](https://github.com/gfoss/phpmyadmin_honeypot) - - A simple and effective phpMyAdmin honeypot. + - [shockpot](https://github.com/threatstream/shockpot) - WebApp Honeypot for detecting Shell Shock exploit attempts. + - [smart-honeypot](https://github.com/freak3dot/smart-honeypot) - PHP Script demonstrating a smart honey pot. - Snare/Tanner - successors to Glastopf - [Snare](https://github.com/mushorg/snare) - Super Next generation Advanced Reactive honEypot - [Tanner](https://github.com/mushorg/tanner) - Evaluating SNARE events - - [phpmyadmin_honeypot](https://github.com/gfoss/phpmyadmin_honeypot) - - A simple and effective phpMyAdmin honeypot. - - [Nodepot](https://github.com/schmalle/Nodepot) - A nodejs web application honeypot. - - [basic-auth-pot](https://github.com/bjeborn/basic-auth-pot) bap - http Basic Authentication honeyPot. - - [Shadow Daemon](https://shadowd.zecure.org/overview/introduction/) - A modular Web Application Firewall / High-Interaction Honeypot for PHP, Perl & Python apps. - - [Servletpot](https://github.com/schmalle/servletpot) - Web application Honeypot. - - [Google Hack Honeypot](http://ghh.sourceforge.net) - designed to provide reconnaissance against attackers that use search engines as a hacking tool against your resources. - - [smart-honeypot](https://github.com/freak3dot/smart-honeypot) - PHP Script demonstrating a smart honey pot. - - [Bukkit Honeypot](https://github.com/Argomirr/Honeypot) Honeypot - A honeypot plugin for Bukkit. - - [Laravel Application Honeypot](https://github.com/msurguy/Honeypot) - Honeypot - Simple spam prevention package for Laravel applications. - [stack-honeypot](https://github.com/CHH/stack-honeypot) - Inserts a trap for spam bots into responses. - - [EoHoneypotBundle](https://github.com/eymengunay/EoHoneypotBundle) - Honeypot type for Symfony2 forms. - - [shockpot](https://github.com/threatstream/shockpot) - WebApp Honeypot for detecting Shell Shock exploit attempts. - - [django-admin-honeypot](https://github.com/dmpayton/django-admin-honeypot) - A fake Django admin login screen to notify admins of attempted unauthorized access. - - [WebTrap](https://github.com/IllusiveNetworks-Labs/WebTrap) - Designed to create deceptive webpages to deceive and redirect attackers away from real websites. - WordPress honeypots - [HonnyPotter](https://github.com/MartinIngesen/HonnyPotter) - A WordPress login honeypot for collection and analysis of failed login attempts. - [HoneyPress](https://github.com/dustyfresh/HoneyPress) - python based WordPress honeypot in a docker container. - [wp-smart-honeypot](https://github.com/freak3dot/wp-smart-honeypot) - WordPress plugin to reduce comment spam with a smarter honeypot. - [wordpot](https://github.com/gbrindisi/wordpot) - A WordPress Honeypot. - - [honeyhttpd](https://github.com/bocajspear1/honeyhttpd) - a Python-based web server honeypot builder. - Service Honeypots + - [AMTHoneypot](https://github.com/packetflare/amthoneypot) - Honeypot for Intel's AMT Firmware Vulnerability CVE-2017-5689. + - [Ensnare](https://github.com/ahoernecke/ensnare) - Easy to deploy Ruby honeypot. + - [HoneyPy](https://github.com/foospidy/HoneyPy) - A low interaction honeypot. + - [Honeygrove](https://github.com/UHH-ISS/honeygrove) - A multi-purpose modular honeypot based on Twisted. + - [Honeyport](https://github.com/securitygeneration/Honeyport) - A simple honeyport written in Bash and Python. + - [Honeyprint](https://github.com/glaslos/honeyprint) - Printer honeypot. + - [Lyrebird](https://hub.docker.com/r/lyrebird/honeypot-base/) - A modern high-interaction honeypot framework. + - [MICROS honeypot](https://github.com/Cymmetria/micros_honeypot) - low interaction honeypot to detect CVE-2018-2636 in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (MICROS). + - [RDPy](https://github.com/citronneur/rdpy) - A Microsoft Remote Desktop Protocol (RDP) honeypot in python. + - [SMB Honeypot](https://github.com/r0hi7/HoneySMB) - High interaction SMB service Honeypot capable of capturing wannacry like Malware. + - [Tom's Honeypot](https://github.com/inguardians/toms_honeypot) - Low interaction Python honeypot. + - [WebLogic honeypot](https://github.com/Cymmetria/weblogic_honeypot) - low interaction honeypot to detect CVE-2017-10271 in the Oracle WebLogic Server component of Oracle Fusion Middleware. + - [honeycomb_plugins](https://github.com/Cymmetria/honeycomb_plugins) - The plugin repository for Honeycomb, the honeypot framework by Cymmetria. - [honeyntp](https://github.com/fygrave/honeyntp) - NTP logger/honeypot. - [honeypot-camera](https://github.com/alexbredo/honeypot-camera) - observation camera honeypot. - - [troje](https://github.com/dutchcoders/troje/) - a honeypot built around lxc containers. It will run each connection with the service within a seperate lxc container. - - [HoneyPy](https://github.com/foospidy/HoneyPy) - A low interaction honeypot. - - [Ensnare](https://github.com/ahoernecke/ensnare) - Easy to deploy Ruby honeypot. - - [RDPy](https://github.com/citronneur/rdpy) - A Microsoft Remote Desktop Protocol (RDP) honeypot in python. - - [Honeyprint](https://github.com/glaslos/honeyprint) - Printer honeypot. - - [Tom's Honeypot](https://github.com/inguardians/toms_honeypot) - Low interaction Python honeypot. - - [Honeyport](https://github.com/securitygeneration/Honeyport) - A simple honeyport written in Bash and Python. - - [AMTHoneypot](https://github.com/packetflare/amthoneypot) - Honeypot for Intel's AMT Firmware Vulnerability CVE-2017-5689. - - [Lyrebird](https://hub.docker.com/r/lyrebird/honeypot-base/) - A modern high-interaction honeypot framework. - - [Honeygrove](https://github.com/UHH-ISS/honeygrove) - A multi-purpose modular honeypot based on Twisted. - - [WebLogic honeypot](https://github.com/Cymmetria/weblogic_honeypot) - low interaction honeypot to detect CVE-2017-10271 in the Oracle WebLogic Server component of Oracle Fusion Middleware. - - [MICROS honeypot](https://github.com/Cymmetria/micros_honeypot) - low interaction honeypot to detect CVE-2018-2636 in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (MICROS). - [honeytrap](https://github.com/honeytrap/honeytrap) - Advanced Honeypot framework written in Go. Can be connected up with other Honeypot software. - - [SMB Honeypot](https://github.com/r0hi7/HoneySMB) - High interaction SMB service Honeypot capable of capturing wannacry like Malware. - - [honeycomb_plugins](https://github.com/Cymmetria/honeycomb_plugins) - The plugin repository for Honeycomb, the honeypot framework by Cymmetria. + - [troje](https://github.com/dutchcoders/troje/) - a honeypot built around lxc containers. It will run each connection with the service within a seperate lxc container. - Distributed Honeypots - [DemonHunter](https://github.com/RevengeComing/DemonHunter) - Low interaction Honepot Server. @@ -84,17 +84,17 @@ Discover more awesome lists at [sindresorhus/awesome](https://github.com/sindres - ICS/SCADA honeypots - [Conpot](https://github.com/mushorg/conpot) - ICS/SCADA honeypot. + - [GasPot](https://github.com/sjhilt/GasPot) - Veeder Root Gaurdian AST, common in the oil and gas industry. + - [SCADA honeynet](http://scadahoneynet.sourceforge.net) - Building Honeypots for Industrial Networks. - [gridpot](https://github.com/sk4ld/gridpot) - Open source tools for realistic-behaving electric grid honeynets . - [scada-honeynet](http://www.digitalbond.com/blog/2007/07/24/scada-honeynet-article-in-infragard-publication/) - mimics many of the services from a popular PLC and better helps SCADA researchers understand potential risks of exposed control system devices. - - [SCADA honeynet](http://scadahoneynet.sourceforge.net) - Building Honeypots for Industrial Networks. - - [GasPot](https://github.com/sjhilt/GasPot) - Veeder Root Gaurdian AST, common in the oil and gas industry. - Other/random - - [NOVA](https://github.com/DataSoft/Nova) uses honeypots as detectors, looks like a complete system. - - [Open Canary](https://pypi.org/project/opencanary/) - A low interaction honeypot intended to be run on internal networks. - - [OFPot](https://github.com/upa/ofpot) - OpenFlow Honeypot, redirects traffic for unused IPs to a honeypot. Built on POX. - - [OpenCanary](https://github.com/thinkst/opencanary) - Modular and decentralised honeypot. - [DSHP](https://github.com/naorlivne/dshp) - Damn Simple HoneyPot with pluggable handlers. + - [NOVA](https://github.com/DataSoft/Nova) uses honeypots as detectors, looks like a complete system. + - [OFPot](https://github.com/upa/ofpot) - OpenFlow Honeypot, redirects traffic for unused IPs to a honeypot. Built on POX. + - [Open Canary](https://pypi.org/project/opencanary/) - A low interaction honeypot intended to be run on internal networks. + - [OpenCanary](https://github.com/thinkst/opencanary) - Modular and decentralised honeypot. - Botnet C2 tools - [Hale](https://github.com/pjlantz/Hale) - Botnet command & control monitor. @@ -113,9 +113,9 @@ Discover more awesome lists at [sindresorhus/awesome](https://github.com/sindres - [Kippo-Malware](http://bruteforcelab.com/kippo-malware) - Python script that will download all malicious files stored as URLs in a Kippo SSH honeypot database. - Distributed sensor deployment - - [Smarthoneypot](https://smarthoneypot.com/) - custom honeypot intelligence system that is simple to deploy and easy to manage. - - [Modern Honey Network](https://github.com/threatstream/mhn) - Multi-snort and honeypot sensor management, uses a network of VMs, small footprint SNORT installations, stealthy dionaeas, and a centralized server for management. - [ADHD](https://sourceforge.net/projects/adhd/) - Active Defense Harbinger Distribution (ADHD) is a Linux distro based on Ubuntu LTS. It comes with many tools aimed at active defense preinstalled and configured. + - [Modern Honey Network](https://github.com/threatstream/mhn) - Multi-snort and honeypot sensor management, uses a network of VMs, small footprint SNORT installations, stealthy dionaeas, and a centralized server for management. + - [Smarthoneypot](https://smarthoneypot.com/) - custom honeypot intelligence system that is simple to deploy and easy to manage. - Network Analysis Tool - [Tracexploit](https://code.google.com/archive/p/tracexploit/) - replay network packets. @@ -148,18 +148,18 @@ Discover more awesome lists at [sindresorhus/awesome](https://github.com/sindres - [pnaf](https://github.com/jusafing/pnaf) - Passive Network Audit Framework. - VM monitoring and tools - - [vmscope](https://cs.gmu.edu/~xwangc/Publications/RAID07-VMscope.pdf) - Monitoring of VM-based. - - [vmitools](http://libvmi.com/) - C library with Python bindings that makes it easy to monitor the low-level details of a running virtual machine. - [Antivmdetect](https://github.com/nsmfoo/antivmdetection) - Script to create templates to use with VirtualBox to make vm detection harder. - [VMCloak](https://github.com/jbremer/vmcloak) - Automated Virtual Machine Generation and Cloaking for Cuckoo Sandbox. + - [vmitools](http://libvmi.com/) - C library with Python bindings that makes it easy to monitor the low-level details of a running virtual machine. + - [vmscope](https://cs.gmu.edu/~xwangc/Publications/RAID07-VMscope.pdf) - Monitoring of VM-based. - Binary debugger - - [Hexgolems - Schem Debugger Frontend](https://github.com/hexgolems/schem) - A debugger frontend. - [Hexgolems - Pint Debugger Backend](https://github.com/hexgolems/pint) - A debugger backend and LUA wrapper for PIN. + - [Hexgolems - Schem Debugger Frontend](https://github.com/hexgolems/schem) - A debugger frontend. - Mobile Analysis Tool - - [APKinspector](https://github.com/honeynet/apkinspector/) - APKinspector is a powerful GUI tool for analysts to analyze the Android applications. - [Androguard](https://github.com/androguard/androguard) - Reverse engineering, Malware and goodware analysis of Android applications ... and more. + - [APKinspector](https://github.com/honeynet/apkinspector/) - APKinspector is a powerful GUI tool for analysts to analyze the Android applications. - Low interaction honeypot - [Honeyperl](https://sourceforge.net/projects/honeyperl/) - Honeypot software based in Perl with plugins developed for many functions like : wingates, telnet, squid, smtp, etc. @@ -168,30 +168,30 @@ Discover more awesome lists at [sindresorhus/awesome](https://github.com/sindres - [HFlow2](https://projects.honeynet.org/hflow) - data coalesing tool for honeynet/network analysis. - Server - - [LaBrea](http://labrea.sourceforge.net/labrea-info.html) - takes over unused IP addresses, and creates virtual servers that are attractive to worms, hackers, and other denizens of the Internet. - - [Honeysink](http://www.honeynet.org/node/773) - open source network sinkhole that provides a mechanism for detection and prevention of malicious traffic on a given network. - - [KFSensor](http://www.keyfocus.net/kfsensor/) - Windows based honeypot Intrusion Detection System (IDS). - - [Honeyd](https://github.com/provos/honeyd) Also see [more honeyd tools](#honeyd). - - [UDPot Honeypot](https://github.com/jekil/UDPot) - Simple UDP / DNS honeypot scripts. - - [Conpot](http://conpot.org/) - ow interactive server side Industrial Control Systems honeypot. - - [Bifrozt](https://github.com/Ziemeck/bifrozt-ansible) - Automatic deploy bifrozt with ansible. - - [Bait and Switch](http://baitnswitch.sourceforge.net) - redirects all hostile traffic to a honeypot that is partially mirroring your production system. - - [Artillery](https://github.com/trustedsec/artillery/) - open-source blue team tool designed to protect Linux and Windows operating systems through multiple methods. - - [slipm-honeypot](https://github.com/rshipp/slipm-honeypot) - A simple low-interaction port monitoring honeypot. - - [HoneyWRT](https://github.com/CanadianJeff/honeywrt) - low interaction Python honeypot designed to mimic services or ports that might get targeted by attackers. - [Amun](http://amunhoney.sourceforge.net) - vulnerability emulation honeypot. - - [TelnetHoney](https://github.com/AnguisCaptor/TelnetHoney) - A simple telnet honeypot. - - [Hontel](https://github.com/stamparm/hontel) - Telnet Honeypot. - - [MTPot](https://github.com/Cymmetria/MTPot) - Open Source Telnet Honeypot, focused on Mirai malware. + - [Artillery](https://github.com/trustedsec/artillery/) - open-source blue team tool designed to protect Linux and Windows operating systems through multiple methods. + - [Bait and Switch](http://baitnswitch.sourceforge.net) - redirects all hostile traffic to a honeypot that is partially mirroring your production system. + - [Bifrozt](https://github.com/Ziemeck/bifrozt-ansible) - Automatic deploy bifrozt with ansible. + - [Conpot](http://conpot.org/) - ow interactive server side Industrial Control Systems honeypot. - [Heralding](https://github.com/johnnykv/heralding) - A credentials catching honeypot. - - [vnclowpot](https://github.com/magisterquis/vnclowpot) - A low interaction VNC honeypot. + - [HoneyWRT](https://github.com/CanadianJeff/honeywrt) - low interaction Python honeypot designed to mimic services or ports that might get targeted by attackers. + - [Honeyd](https://github.com/provos/honeyd) Also see [more honeyd tools](#honeyd). + - [Honeysink](http://www.honeynet.org/node/773) - open source network sinkhole that provides a mechanism for detection and prevention of malicious traffic on a given network. + - [Hontel](https://github.com/stamparm/hontel) - Telnet Honeypot. + - [KFSensor](http://www.keyfocus.net/kfsensor/) - Windows based honeypot Intrusion Detection System (IDS). + - [LaBrea](http://labrea.sourceforge.net/labrea-info.html) - takes over unused IP addresses, and creates virtual servers that are attractive to worms, hackers, and other denizens of the Internet. + - [MTPot](https://github.com/Cymmetria/MTPot) - Open Source Telnet Honeypot, focused on Mirai malware. - [SIREN](https://github.com/blaverick62/SIREN) - Semi-Intelligent HoneyPot Network - HoneyNet Intelligent Virtual Environment. - - [telnetlogger](https://github.com/robertdavidgraham/telnetlogger) - A Telnet honeypot designed to track the Mirai botnet. + - [TelnetHoney](https://github.com/AnguisCaptor/TelnetHoney) - A simple telnet honeypot. + - [UDPot Honeypot](https://github.com/jekil/UDPot) - Simple UDP / DNS honeypot scripts. + - [arctic-swallow](https://github.com/ajackal/arctic-swallow) - a low interaction honeypot. + - [glutton](https://github.com/mushorg/glutton) - All eating honeypot. - [honeytrap](https://github.com/tillmannw/honeytrap) - a low-interaction honeypot and network security tool written to catch attacks against TCP and UDP services. - [mwcollectd](https://www.openhub.net/p/mwcollectd) - a versatile malware collection daemon, uniting the best features of nepenthes and honeytrap. - [portlurker](https://github.com/bartnv/portlurker) - Port listener / honeypot in Rust with protocol guessing and safe string display. - - [arctic-swallow](https://github.com/ajackal/arctic-swallow) - a low interaction honeypot. - - [glutton](https://github.com/mushorg/glutton) - All eating honeypot. + - [slipm-honeypot](https://github.com/rshipp/slipm-honeypot) - A simple low-interaction port monitoring honeypot. + - [telnetlogger](https://github.com/robertdavidgraham/telnetlogger) - A Telnet honeypot designed to track the Mirai botnet. + - [vnclowpot](https://github.com/magisterquis/vnclowpot) - A low interaction VNC honeypot. - IDS signature generation - [Honeycomb](http://www.icir.org/christian/honeycomb/) - Automated signature creation using honeypots. @@ -221,26 +221,26 @@ Discover more awesome lists at [sindresorhus/awesome](https://github.com/sindres - Client - - [Pwnypot](https://github.com/shjalayeri/pwnypot) - High Interaction Client Honeypot - - [MonkeySpider](http://monkeyspider.sourceforge.net) - - [Capture-HPC-NG](https://github.com/CERT-Polska/HSN-Capture-HPC-NG) - - [URLQuery](https://urlquery.net/) - - [Trigona](https://www.honeynet.org/project/Trigona) - - [Thug](https://buffer.github.io/thug/) - Python low-interaction honeyclient - - [Shelia](https://www.cs.vu.nl/~herbertb/misc/shelia/) - a client-side honeypot for attack detection - - [PhoneyC](https://github.com/honeynet/phoneyc) - Python honeyclient (later replaced by Thug) - - [Jsunpack-n](https://github.com/urule99/jsunpack-n) - - [HoneyC](https://projects.honeynet.org/honeyc) - - [HoneyBOT](http://www.atomicsoftwaresolutions.com/) - [CWSandbox / GFI Sandbox](https://www.gfi.com/products-and-solutions/all-products) - [Capture-HPC-Linux](https://redmine.honeynet.org/projects/linux-capture-hpc/wiki) + - [Capture-HPC-NG](https://github.com/CERT-Polska/HSN-Capture-HPC-NG) - [Capture-HPC](https://projects.honeynet.org/capture-hpc) - a high interaction client honeypot (also called honeyclient). + - [HoneyBOT](http://www.atomicsoftwaresolutions.com/) + - [HoneyC](https://projects.honeynet.org/honeyc) + - [Jsunpack-n](https://github.com/urule99/jsunpack-n) + - [MonkeySpider](http://monkeyspider.sourceforge.net) + - [PhoneyC](https://github.com/honeynet/phoneyc) - Python honeyclient (later replaced by Thug) + - [Pwnypot](https://github.com/shjalayeri/pwnypot) - High Interaction Client Honeypot + - [Shelia](https://www.cs.vu.nl/~herbertb/misc/shelia/) - a client-side honeypot for attack detection + - [Thug](https://buffer.github.io/thug/) - Python low-interaction honeyclient + - [Trigona](https://www.honeynet.org/project/Trigona) + - [URLQuery](https://urlquery.net/) - [YALIH (Yet Another Low Interaction Honeyclient)](https://github.com/Masood-M/yalih) - a low Interaction Client honeypot designed to detect malicious websites through signature, anomaly and pattern matching techniques - Honeypot - - [Single-honeypot](https://sourceforge.net/projects/single-honeypot/) - - [IMHoneypot](https://github.com/mushorg/imhoneypot) - [Deception Toolkit](http://www.all.net/dtk/dtk.html) + - [IMHoneypot](https://github.com/mushorg/imhoneypot) + - [Single-honeypot](https://sourceforge.net/projects/single-honeypot/) - PDF document inspector - [peepdf](https://github.com/jesparza/peepdf) - Powerful Python tool to analyze PDF documents @@ -255,21 +255,21 @@ Discover more awesome lists at [sindresorhus/awesome](https://github.com/sindres - [HoneyBrid](http://honeybrid.sourceforge.net) - SSH Honeypots - - [Kojoney](http://kojoney.sourceforge.net/) - - [Kojoney2](https://github.com/madirish/kojoney2) - low interaction SSH honeypot written in Python. Based on Kojoney by Jose Antonio Coret + - [Cowrie](https://github.com/micheloosterhof/cowrie) - Cowrie SSH Honeypot (based on kippo) + - [DShield docker](https://github.com/xme/dshield-docker) - Docker container running cowrie with DShield output enabled. + - [HUDINX](https://github.com/Cryptix720/HUDINX) - tiny interaction SSH honeypot engineered in Python to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker. + - [Kippo_JunOS](https://github.com/gregcmartin/Kippo_JunOS) - Kippo configured to be a backdoored netscreen. - [Kippo](https://github.com/desaster/kippo) - Medium interaction SSH honeypot - [LongTail Log Analysis @ Marist College](http://longtail.it.marist.edu/honey/) - analyzed SSH honeypot logs - - [Cowrie](https://github.com/micheloosterhof/cowrie) - Cowrie SSH Honeypot (based on kippo) - - [sshlowpot](https://github.com/magisterquis/sshlowpot) - Yet another no-frills low-interaction ssh honeypot in Go. - - [sshhipot](https://github.com/magisterquis/sshhipot) - High-interaction MitM SSH honeypot - - [DShield docker](https://github.com/xme/dshield-docker) - Docker container running cowrie with DShield output enabled. + - [Kojoney](http://kojoney.sourceforge.net/) + - [Kojoney2](https://github.com/madirish/kojoney2) - low interaction SSH honeypot written in Python. Based on Kojoney by Jose Antonio Coret - [hornet](https://github.com/czardoz/hornet) - Medium interaction SSH Honeypot that supports multiple virtual hosts - [ssh-honeypot](https://github.com/droberson/ssh-honeypot) - Fake sshd that logs ip addresses, usernames, and passwords. - - [Kippo_JunOS](https://github.com/gregcmartin/Kippo_JunOS) - Kippo configured to be a backdoored netscreen. - [ssh-honeypotd](https://github.com/sjinks/ssh-honeypotd) - A low-interaction SSH honeypot written in C. - [sshesame](https://github.com/jaksi/sshesame) - A fake SSH server that lets everyone in and logs their activity. + - [sshhipot](https://github.com/magisterquis/sshhipot) - High-interaction MitM SSH honeypot + - [sshlowpot](https://github.com/magisterquis/sshlowpot) - Yet another no-frills low-interaction ssh honeypot in Go. - [sshsyrup](https://github.com/mkishere/sshsyrup) - A simple SSH Honeypot with features to capture terminal activity and upload to asciinema.org - - [HUDINX](https://github.com/Cryptix720/HUDINX) - tiny interaction SSH honeypot engineered in Python to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker. - Distributed sensor project - [DShield Web Honeypot Project](https://sites.google.com/site/webhoneypotsite/) @@ -293,8 +293,8 @@ Discover more awesome lists at [sindresorhus/awesome](https://github.com/sindres - [TestDisk & PhotoRec](https://www.cgsecurity.org/) - Sebek - - [Sebek](https://projects.honeynet.org/sebek/) - data capture - [Qebek](https://projects.honeynet.org/sebek/wiki/Qebek) - QEMU based Sebek. As Sebek, it is data capture tool for high interaction honeypot. + - [Sebek](https://projects.honeynet.org/sebek/) - data capture - [xebek](https://code.google.com/archive/p/xebek/) - Sebek on Xen - SSH proxy @@ -307,15 +307,15 @@ Discover more awesome lists at [sindresorhus/awesome](https://github.com/sindres - [DAVIX](https://www.secviz.org/node/89) - The DAVIX Live CD - Spamtrap - - [Mailoney](https://github.com/awhitehatter/mailoney) - SMTP honeypot, Open Relay, Cred Harvester written in python. - - [Spamhole](http://www.spamhole.net/) - - [spamd](http://man.openbsd.org/cgi-bin/man.cgi?query=spamd%26apropos=0%26sektion=0%26manpath=OpenBSD+Current%26arch=i386%26format=html) - [Mail::SMTP::Honeypot](http://search.cpan.org/~miker/Mail-SMTP-Honeypot-0.11/Honeypot.pm) - perl module that appears to provide the functionality of a standard SMTP server - - [honeypot](https://github.com/jadb/honeypot) - The Project Honey Pot un-official PHP SDK - - [SpamHAT](https://github.com/miguelraulb/spamhat) - Spam Honeypot Tool + - [Mailoney](https://github.com/awhitehatter/mailoney) - SMTP honeypot, Open Relay, Cred Harvester written in python. - [SendMeSpamIDS.py](https://github.com/johestephan/VerySimpleHoneypot) Simple SMTP fetch all IDS and analyzer - [Shiva](https://github.com/shiva-spampot/shiva) - Spam Honeypot with Intelligent Virtual Analyzer - [Shiva The Spam Honeypot Tips And Tricks For Getting It Up And Running](https://www.pentestpartners.com/security-blog/shiva-the-spam-honeypot-tips-and-tricks-for-getting-it-up-and-running/) + - [SpamHAT](https://github.com/miguelraulb/spamhat) - Spam Honeypot Tool + - [Spamhole](http://www.spamhole.net/) + - [honeypot](https://github.com/jadb/honeypot) - The Project Honey Pot un-official PHP SDK + - [spamd](http://man.openbsd.org/cgi-bin/man.cgi?query=spamd%26apropos=0%26sektion=0%26manpath=OpenBSD+Current%26arch=i386%26format=html) - Commercial honeynet - [Cymmetria Mazerunner](https://cymmetria.com/product/mazerunner/) - MazeRunner leads attackers away from real targets and creates a footprint of the attack. @@ -328,10 +328,10 @@ Discover more awesome lists at [sindresorhus/awesome](https://github.com/sindres - [Droidbox](https://code.google.com/archive/p/droidbox/) - Dockerized Low Interaction packaging - - [Manuka](https://github.com/andrewmichaelsmith/manuka) - Docker based honeypot (Dionaea & Kippo). + - [Docker honeynet](https://github.com/sreinhardt/Docker-Honeynet) - Several Honeynet tools set up for Docker containers. - [Dockerized Thug](https://hub.docker.com/r/honeynet/thug/) - A dockerized [Thug](https://github.com/buffer/thug) to analyze malicious web content. - [Dockerpot](https://github.com/mrschyte/dockerpot) - A docker based honeypot. - - [Docker honeynet](https://github.com/sreinhardt/Docker-Honeynet) - Several Honeynet tools set up for Docker containers. + - [Manuka](https://github.com/andrewmichaelsmith/manuka) - Docker based honeypot (Dionaea & Kippo). - [mhn-core-docker](https://github.com/MattCarothers/mhn-core-docker) - Core elements of the Modern Honey Network implemented in Docker. - Network analysis @@ -345,9 +345,9 @@ Discover more awesome lists at [sindresorhus/awesome](https://github.com/sindres - [HoneyThing](https://github.com/omererdem/honeything) - TR-069 Honeypot - Honeytokens - - [Honeyλ](https://github.com/0x4D31/honeylambda) - honeyLambda 'serverless trap' is a simple, serverless application designed to create and monitor URL honeytokens, on top of AWS Lambda and Amazon API Gateway. - - [Honeybits](https://github.com/0x4D31/honeybits) - A simple tool designed to enhance the effectiveness of your traps by spreading breadcrumbs & honeytokens across your production servers and workstations to lure the attacker toward your honeypots. - [CanaryTokens](https://github.com/thinkst/canarytokens) - + - [Honeybits](https://github.com/0x4D31/honeybits) - A simple tool designed to enhance the effectiveness of your traps by spreading breadcrumbs & honeytokens across your production servers and workstations to lure the attacker toward your honeypots. + - [Honeyλ](https://github.com/0x4D31/honeylambda) - honeyLambda 'serverless trap' is a simple, serverless application designed to create and monitor URL honeytokens, on top of AWS Lambda and Amazon API Gateway. - [dcept](https://github.com/secureworks/dcept) - A tool for deploying and detecting use of Active Directory honeytokens. ## Honeyd Tools @@ -376,47 +376,47 @@ the honeyd daemon and generate configuration files ## Network and Artifact Analysis - Sandbox - - [RFISandbox](https://monkey.org/~jose/software/rfi-sandbox/) - a PHP 5.x script sandbox built on top of [funcall](https://pecl.php.net/package/funcall) - - [dorothy2](https://github.com/m4rco-/dorothy2) - A malware/botnet analysis framework written in Ruby + - [RFISandbox](https://monke - [Argos](http://www.few.vu.nl/argos/) - An emulator for capturing zero-day attacks - [COMODO automated sandbox](https://help.comodo.com/topic-72-1-451-4768-.html) - - [Argos](http://www.few.vu.nl/argos/) - An emulator for capturing zero-day attacks - - [libemu](https://github.com/buffer/libemu) - Shellcode emulation library, useful for shellcode detection. - - [Pylibemu](https://github.com/buffer/pylibemu) - A Libemu Cython wrapper. - - [imalse](https://github.com/hbhzwj/imalse) - Integrated MALware Simulator and Emulator. - [Cuckoo](https://cuckoosandbox.org/) - he leading open source automated malware analysis system. + - [Pylibemu](https://github.com/buffer/pylibemu) - A Libemu Cython wrapper. + - [dorothy2](https://github.com/m4rco-/dorothy2) - A malware/botnet analysis framework written in Ruby + - [imalse](https://github.com/hbhzwj/imalse) - Integrated MALware Simulator and Emulator. + - [libemu](https://github.com/buffer/libemu) - Shellcode emulation library, useful for shellcode detection. +y.org/~jose/software/rfi-sandbox/) - a PHP 5.x script sandbox built on top of [funcall](https://pecl.php.net/package/funcall) - Sandbox-as-a-Service - - [malwr.com](https://malwr.com/) - free malware analysis service and community. - - [detux.org](https://detux.org) - Multiplatform Linux Sandbox. + - [Hybrid Analysis](https://www.hybrid-analysis.com) - a free malware analysis service powered by Payload Security that detects and analyzes unknown threats using a unique Hybrid Analysis technology. - [Joebox Cloud](https://jbxcloud.joesecurity.org/login) - analyzes the behavior of malicious files including PEs, PDFs, DOCs, PPTs, XLSs, APKs, URLs and MachOs on Windows, Android and Mac OS X for suspicious activities. - [VirusTotal](https://www.virustotal.com/) - - [Hybrid Analysis](https://www.hybrid-analysis.com) - a free malware analysis service powered by Payload Security that detects and analyzes unknown threats using a unique Hybrid Analysis technology. + - [detux.org](https://detux.org) - Multiplatform Linux Sandbox. + - [malwr.com](https://malwr.com/) - free malware analysis service and community. ## Data Tools - Front Ends - - [Tango](https://github.com/aplura/Tango) - Honeypot Intelligence with Splunk. - - [Django-kippo](https://github.com/jedie/django-kippo) - Django App for kippo SSH Honeypot. - - [Wordpot-Frontend](https://github.com/GovCERT-CZ/Wordpot-Frontend) - a full featured script to visualize statistics from a Wordpot honeypot. - - [Shockpot-Frontend](https://github.com/GovCERT-CZ/Shockpot-Frontend) - a full featured script to visualize statistics from a Shockpot honeypot. - - [honeypotDisplay](https://github.com/Joss-Steward/honeypotDisplay) - A flask website which displays data I've gathered with my SSH Honeypot. - - [honeyalarmg2](https://github.com/schmalle/honeyalarmg2) - Simplified UI for showing honeypot alarms. - [DionaeaFR](https://github.com/rubenespadas/DionaeaFR) - Front Web to Dionaea low-interaction honeypot. + - [Django-kippo](https://github.com/jedie/django-kippo) - Django App for kippo SSH Honeypot. + - [Shockpot-Frontend](https://github.com/GovCERT-CZ/Shockpot-Frontend) - a full featured script to visualize statistics from a Shockpot honeypot. + - [Tango](https://github.com/aplura/Tango) - Honeypot Intelligence with Splunk. + - [Wordpot-Frontend](https://github.com/GovCERT-CZ/Wordpot-Frontend) - a full featured script to visualize statistics from a Wordpot honeypot. + - [honeyalarmg2](https://github.com/schmalle/honeyalarmg2) - Simplified UI for showing honeypot alarms. + - [honeypotDisplay](https://github.com/Joss-Steward/honeypotDisplay) - A flask website which displays data I've gathered with my SSH Honeypot. - Visualization - - [Kippo-Graph](http://bruteforcelab.com/kippo-graph) - a full featured script to visualize statistics from a Kippo SSH honeypot. - - [Kippo stats](https://github.com/mfontani/kippo-stats) - Mojolicious app to display statistics for your kippo SSH honeypot. - - [HoneyStats](https://sourceforge.net/projects/honeystats/) - A statistical view of the recorded activity on a Honeynet. - - [HoneyMap](https://github.com/fw42/honeymap) - Real-time websocket stream of GPS events on a fancy SVG world map. - - [HoneyMalt](https://github.com/SneakersInc/HoneyMalt) - Maltego tranforms for mapping Honeypot systems. - - [Glastopf Analytics](https://github.com/katkad/Glastopf-Analytics) - easy honeypot statistics + - [Acapulco](https://github.com/hgascon/acapulco) - Automated Attack Community Graph Construction. - [Afterglow Cloud](https://github.com/ayrus/afterglow-cloud) - [Afterglow](http://afterglow.sourceforge.net/) - - [ovizart](https://github.com/oguzy/ovizart) - visual analysis for network traffic. + - [Glastopf Analytics](https://github.com/katkad/Glastopf-Analytics) - easy honeypot statistics + - [HoneyMalt](https://github.com/SneakersInc/HoneyMalt) - Maltego tranforms for mapping Honeypot systems. + - [HoneyMap](https://github.com/fw42/honeymap) - Real-time websocket stream of GPS events on a fancy SVG world map. + - [HoneyStats](https://sourceforge.net/projects/honeystats/) - A statistical view of the recorded activity on a Honeynet. - [HpfeedsHoneyGraph](https://github.com/yuchincheng/HpfeedsHoneyGraph) - a visualization app to visualize hpfeeds logs. - - [Acapulco](https://github.com/hgascon/acapulco) - Automated Attack Community Graph Construction. + - [Kippo stats](https://github.com/mfontani/kippo-stats) - Mojolicious app to display statistics for your kippo SSH honeypot. + - [Kippo-Graph](http://bruteforcelab.com/kippo-graph) - a full featured script to visualize statistics from a Kippo SSH honeypot. - [Sebek Dataviz](http://www.honeynet.org/gsoc/project4) - Sebek data visualization. - [The Intelligent HoneyNet](https://github.com/jpyorre/IntelligentHoneyNet) - The Intelligent Honey Net Project attempts to create actionable information from honeypots. + - [ovizart](https://github.com/oguzy/ovizart) - visual analysis for network traffic. ## Guides @@ -425,9 +425,9 @@ the honeyd daemon and generate configuration files - Deployment - [Dionaea and EC2 in 20 Minutes](http://andrewmichaelsmith.com/2012/03/dionaea-honeypot-on-ec2-in-20-minutes/) - a tutorial on setting up Dionaea on an EC2 instance - - [honeypotpi](https://github.com/free5ty1e/honeypotpi) - Script for turning a Raspberry Pi into a HoneyPot Pi - [Using a Raspberry Pi honeypot to contribute data to DShield/ISC](https://isc.sans.edu/diary/22680) - The Raspberry Pi based system will allow us to maintain one code base that will make it easier to collect rich logs beyond firewall logs. + - [honeypotpi](https://github.com/free5ty1e/honeypotpi) - Script for turning a Raspberry Pi into a HoneyPot Pi - Research Papers - - [vEYE](https://link.springer.com/article/10.1007%2Fs10115-008-0137-3) - behavioral footprinting for self-propagating worm detection and profiling. - [Honeypot research papers](https://github.com/shbhmsingh72/Honeypot-Research-Papers) - PDFs of research papers on honeypots + - [vEYE](https://link.springer.com/article/10.1007%2Fs10115-008-0137-3) - behavioral footprinting for self-propagating worm detection and profiling.