Tools for Honeypots!
Below are a series of hotlinks and short descriptions of tools used with honeypots.
Hale – (Pjlantz. (2017) pjlantz/Hale: Botnet command & control monitor. Retrieved April 22, 2017, from https://github.com/pjlantz/Hale)
DNS Mole -“dnsMole is designed to analyse dns traffic, and to potentionaly detect botnet C&C server and infected hosts. “(Google. (2017) Code Archive – Long-term storage for Code Project Hosting. Retrieved April 22, 2017, from https://code.google.com/archive/p/dns-mole/)
FRIDA – (Unknown. (2017) A world-class dynamic instrumentation framework – Inject JavaScript to explore native apps on Windows, macOS, Linux, iOS, Android, and QNX. Retrieved April 22, 2017, from https://www.frida.re/)
LogAnon -“LogAnon is a log anonymization library that helps having anonymous logs consistent between logs and network captures.”(Google. (2017) Code Archive – Long-term storage for Code Project Hosting. Retrieved April 22, 2017, from https://code.google.com/archive/p/loganon/)
Fibratus – (Rabbitstack. (2017) rabbitstack/fibratus: Tool for exploration and tracing of the Windows kernel. Retrieved April 22, 2017, from https://github.com/rabbitstack/fibratus)
Passive Network Audit Framework (PNAF) – (Jusafing. (2017) jusafing/pnaf: Passive Network Audit Framework. Retrieved April 22, 2017, from https://github.com/jusafing/pnaf)
Mitmproxy – (Mitmproxy. (2017) mitmproxy/mitmproxy: An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers. Retrieved April 22, 2017, from https://github.com/mitmproxy/mitmproxy)
Anti-VM Detection – (Nsmfoo. (2017) nsmfoo/antivmdetection: Script to create templates to use with VirtualBox to make vm detection harder. Retrieved April 22, 2017, from https://github.com/nsmfoo/antivmdetection)
VMCloak – (Jbremer. (2017) jbremer/vmcloak: Automated Virtual Machine Generation and Cloaking for Cuckoo Sandbox. Retrieved April 22, 2017, from https://github.com/jbremer/vmcloak)
APKInspector – (Honeynet. (2017) honeynet/apkinspector: APKinspector is a powerful GUI tool for analysts to analyze the Android applications. Retrieved April 22, 2017, from https://github.com/honeynet/apkinspector/)
Androguard – (Androguard. (2017) androguard/androguard: Reverse engineering, Malware and goodware analysis of Android applications … and more. Retrieved April 22, 2017, from https://github.com/androguard/androguard)
mwcollectd – “mwcollectd is a versatile malware collection daemon, uniting the best features of nepenthes and honeytrap licensed under the LGPL.”( Black Duck Software. (2017) The mwcollectd Open Source Project on Open Hub. Retrieved April 27, 2017, from https://www.openhub.net/p/mwcollectd)
Modern Honey Network (MHN) -“MHN is a centralized server for management and data collection of honeypots. MHN allows you to deploy sensors quickly and to collect data immediately, viewable from a neat web interface. Honeypot deploy scripts include several common honeypot technologies, including Snort, Cowrie, Dionaea, and glastopf, among others. (Pwnlandia. (2021) pwnlandia/mhn: Modern Honey Network. Retrieved June 21, 2021, from https://github.com/pwnlandia/mhn)
The Deception Toolkit – “The Deception ToolKit (DTK) is a toolkit designed to give defenders a couple of orders of magnitude advantage over attackers.”(Unknown. (2017) Deception ToolKit. Retrieved April 27, 2017, from http://www.all.net/dtk/dtk.html)
Honeyspider Network 2 – “Honeyspider Network is a highly-scalable system integrating multiple client honeypots to detect malicious websites.”( Cert-Polska. (2017) CERT-Polska/hsn2-bundle. Retrieved April 27, 2017, from https://github.com/CERT-Polska/hsn2-bundle)
Honeypot – (Jadb. (2017) jadb/honeypot: The Project Honey Pot un-official PHP SDK. Retrieved April 27, 2017, from https://github.com/jadb/honeypot)
Spam Honeypot Tool – “Simple Open Relay Simulator for Spam Capture and Analysis”( Miguelraulb. (2017) miguelraulb/spamhat: Spam Honeypot Tool. Retrieved April 27, 2017, from https://github.com/miguelraulb/spamhat)
Honeybits – (0x4d31. (2017) 0x4D31/honeybits: A simple tool to create and place breadcrumbs, honeytokens/traps or honeybits, to lead the attackers to your decoys/honeypots. Retrieved April 27, 2017, from https://github.com/0x4D31/honeybits)
Canarytokens – (Thinkst. (2017) thinkst/canarytokens: Canarytokens helps track activity and actions on your network. Retrieved April 27, 2017, from https://github.com/thinkst/canarytokens)
DCEPT – (Secureworks. (2017) secureworks/dcept: A tool for deploying and detecting use of Active Directory honeytokens. Retrieved April 27, 2017, from https://github.com/secureworks/dcept)
HonSSH – (Tnich. (2017) tnich/honssh: HonSSH is designed to log all SSH communications between a client and server. Retrieved April 27, 2017, from https://github.com/tnich/honssh)