Gran recopilación de honeypots

Nos encantan los recopilatorios y, cómo no, no podíamos dejar pasar la oportunidad de tener aquí también un enorme listado de honeypots, herramientas, componentes y mucho más que podéis encontrar en el repositorio GitHub de Paralax. La lista se divide en categorías como web, servicios y otros, y se centra en proyectos de código abierto.

Honeypots

  • Database Honeypots
  • Web honeypots
  • Service Honeypots
    • Kippo - Medium interaction SSH honeypot
    • honeyntp - NTP logger/honeypot
    • honeypot-camera - observation camera honeypot
    • troje - a honeypot built around lxc containers. It will run each connection with the service within a seperate lxc container.
    • slipm-honeypot - A simple low-interaction port monitoring honeypot
    • HoneyPy - A low interaction honeypot
    • Ensnare - Easy to deploy Ruby honeypot
    • RDPy - A Microsoft Remote Desktop Protocol (RDP) honeypot in python
  • Anti-honeypot stuff
    • kippo_detect - This is not a honeypot, but it detects kippo. (This guy has lots of more interesting stuff)
  • ICS/SCADA honeypots
    • Conpot - ICS/SCADA honeypot
    • scada-honeynet - mimics many of the services from a popular PLC and better helps SCADA researchers understand potential risks of exposed control system devices
    • SCADA honeynet - Building Honeypots for Industrial Networks
  • Deployment
  • Data Analysis
    • Kippo-Graph - a full featured script to visualize statistics from a Kippo SSH honeypot
    • Kippo stats - Mojolicious app to display statistics for your kippo SSH honeypot
  • Other/random
    • NOVA uses honeypots as detectors, looks like a complete system.
    • Open Canary - A low interaction honeypot intended to be run on internal networks.
    • libemu - Shellcode emulation library, useful for shellcode detection.
  • Open Relay Spam Honeypot
  • Botnet C2 monitor
    • Hale - Botnet command & control monitor
  • IPv6 attack detection tool
    • ipv6-attack-detector - Google Summer of Code 2012 project, supported by The Honeynet Project organization
  • Research Paper
    • vEYE - behavioral footprinting for self-propagating worm detection and profiling
  • Honeynet statistics
    • HoneyStats - A statistical view of the recorded activity on a Honeynet
  • Dynamic code instrumentation toolkit
    • Frida - Inject JavaScript to explore native apps on Windows, Mac, Linux, iOS and Android
  • Front-end for dionaea
    • DionaeaFR - Front Web to Dionaea low-interaction honeypot
  • Tool to convert website to server honeypots
    • HIHAT - ransform arbitrary PHP applications into web-based high-interaction Honeypots
  • Malware collector
    • Kippo-Malware - Python script that will download all malicious files stored as URLs in a Kippo SSH honeypot database
  • Sebek in QEMU
    • Qebek - QEMU based Sebek. As Sebek, it is data capture tool for high interaction honeypot
  • Malware Simulator
    • imalse - Integrated MALware Simulator and Emulator
  • Distributed sensor deployment
    • Smarthoneypot - custom honeypot intelligence system that is simple to deploy and easy to manage
    • Modern Honey Network - Multi-snort and honeypot sensor management, uses a network of VMs, small footprint SNORT installations, stealthy dionaeas, and a centralized server for management
    • ADHD - Active Defense Harbinger Distribution (ADHD) is a Linux distro based on Ubuntu LTS. It comes with many tools aimed at active defense preinstalled and configured
  • Network Analysis Tool
  • Log anonymizer
    • LogAnon - log anonymization library that helps having anonymous logs consistent between logs and network captures
  • server
    • Honeysink - open source network sinkhole that provides a mechanism for detection and prevention of malicious traffic on a given network
  • Botnet traffic detection
    • dnsMole - analyse dns traffic, and to potentionaly detect botnet C&C server and infected hosts
  • Low interaction honeypot (router back door)
  • honeynet farm traffic redirector
    • Honeymole - eploy multiple sensors that redirect traffic to a centralized collection of honeypots
  • HTTPS Proxy
    • mitmproxy - allows traffic flows to be intercepted, inspected, modified and replayed
  • spamtrap
  • System instrumentation
    • Sysdig - open source, system-level exploration: capture system state and activity from a running Linux instance, then save, filter and analyze
  • Honeypot for USB-spreading malware
    • Ghost-usb - honeypot for malware that propagates via USB storage devices
  • Data Collection
    • Kippo2MySQL - extracts some very basic stats from Kippo’s text-based log files (a mess to analyze!) and inserts them in a MySQL database
    • Kippo2ElasticSearch - Python script to transfer data from a Kippo SSH honeypot MySQL database to an ElasticSearch instance (server or cluster)
  • Passive network audit framework parser
    • pnaf - Passive Network Audit Framework
  • VM Introspection
    • VIX virtual machine introspection toolkit - VMI toolkit for Xen, called Virtual Introspection for Xen (VIX)
    • vmscope - Monitoring of VM-based High-Interaction Honeypots
    • vmitools - C library with Python bindings that makes it easy to monitor the low-level details of a running virtual machine
  • Binary debugger
  • Mobile Analysis Tool
    • APKinspector - APKinspector is a powerful GUI tool for analysts to analyze the Android applications
    • Androguard - Reverse engineering, Malware and goodware analysis of Android applications ... and more
  • Low interaction honeypot
    • Honeypoint - platform of distributed honeypot technologies
    • Honeyperl - Honeypot software based in Perl with plugins developed for many functions like : wingates, telnet, squid, smtp, etc
  • Honeynet data fusion
    • HFlow2 - data coalesing tool for honeynet/network analysis
  • Server
    • LaBrea - takes over unused IP addresses, and creates virtual servers that are attractive to worms, hackers, and other denizens of the Internet.
    • Kippo - SSH honeypot
    • KFSensor - Windows based honeypot Intrusion Detection System (IDS)
    • Honeyd Also see more honeyd tools
    • Glastopf - Honeypot which emulates thousands of vulnerabilities to gather data from attacks targeting web applications
    • DNS Honeypot - Simple UDP honeypot scripts
    • Conpot - ow interactive server side Industrial Control Systems honeypot
    • Bifrozt - High interaction honeypot solution for Linux based systems
    • Beeswarm - Honeypot deployment made easy
    • Bait and Switch - redirects all hostile traffic to a honeypot that is partially mirroring your production system
    • Artillery - open-source blue team tool designed to protect Linux and Windows operating systems through multiple methods
    • Amun - vulnerability emulation honeypot
  • VM cloaking script
    • Antivmdetect - Script to create templates to use with VirtualBox to make vm detection harder
  • IDS signature generation
  • lookup service for AS-numbers and prefixes
  • Web interface (for Thug)
    • Rumal - Thug's Rumāl: a Thug's dress & weapon
  • Data Collection / Data Sharing
    • HPfriends - data-sharing platform
    • HPFeeds - lightweight authenticated publish-subscribe protocol
  • Distributed spam tracking
  • Python bindings for libemu
  • Controlled-relay spam honeypot
  • Visualization Tool
  • central management tool
  • Network connection analyzer
  • Virtual Machine Cloaking
  • Honeypot deployment
  • Automated malware analysis system
  • Low interaction
  • Low interaction honeypot on USB stick
  • Honeypot extensions to Wireshark
  • Data Analysis Tool
  • Telephony honeypot
  • Client
  • Visual analysis for network traffic
  • Binary Management and Analysis Framework
  • Honeypot
  • PDF document inspector
  • Distribution system
  • HoneyClient Management
  • Network Analysis
  • Hybrid low/high interaction honeypot
  • Sebek on Xen
  • SSH Honeypot
  • Glastopf data analysis
  • Distributed sensor project
  • a pcap analyzer
  • Client Web crawler
  • network traffic redirector
  • Honeypot Distribution with mixed content
  • Honeypot sensor
  • File carving
  • File and Network Threat Intelligence
  • data capture
  • SSH proxy
  • Anti-Cheat
  • behavioral analysis tool for win32
  • Live CD
  • Spamtrap
  • Commercial honeynet
  • Server (Bluetooth)
  • Dynamic analysis of Android apps
  • Dockerized Low Interaction packaging
  • Network analysis
  • Sebek data visualization
  • SIP Server
  • Botnet C2 monitoring
  • low interaction
  • Malware collection

Honeyd Tools

Network and Artifact Analysis

  • Sandbox
  • Sandbox-as-a-Service
    • malwr.com - free malware analysis service and community
    • detux.org - Multiplatform Linux Sandbox
    • Joebox Cloud - analyzes the behavior of malicious files including PEs, PDFs, DOCs, PPTs, XLSs, APKs, URLs and MachOs on Windows, Android and Mac OS X for suspicious activities

Data Tools

  • Front Ends
    • Tango - Honeypot Intelligence with Splunk
    • Django-kippo - Django App for kippo SSH Honeypot
    • Wordpot-Frontend - a full featured script to visualize statistics from a Wordpot honeypot -Shockpot-Frontend - a full featured script to visualize statistics from a Shockpot honeypot
  • Visualization
    • HoneyMap - Real-time websocket stream of GPS events on a fancy SVG world map
    • HoneyMalt - Maltego tranforms for mapping Honeypot systems

Comentarios