< Virtual Honeypots | WOOT'07 >

HIHAT (High Interaction Honeypot Analysis Toolkit) - Update

A few days ago, Michael Müter released an update of his implementation for the diploma thesis on web-decoys at http://hihat.sourceforge.net/.

Features: HIHAT ...
  • automatically scans for known attacks.

  • provides an overview mode which allows you to look for new incidents quickly.

  • supports detailed information about all data correlated with every access to the honeypot.

  • This includes but is not limited to HTTP-GET, HTTP-POST and COOKIE data.

  • saves copies of malicious tools in a secured place for later analysis.

  • provides a geographical, IP-based mapping about the attack sources.

  • generates numerous statistics about all traffic recognized at the system.
This entry was posted by Thorsten Holz on Friday, August 3. 2007 at 11:53. and is filed under honeynets. You can leave a response, or trackback from your own blog. All new comments are subject to moderation before being displayed.

Trackbacks

Trackback specific URI for this entry

    No Trackbacks

Comments

Display comments as (Linear | Threaded)

  1. tunelko says:
    #1 2007-08-09 13:36 (Reply)

    Hi !

    Only a recommend for the HIHAT new release.
    when you run

    java honeypot_creator /path/to/track

    this inyect all the php code to the php files, isn't it ?

    I've made a simply modification that inyects only a require_once line. It's a little and stupid modification but it's more clear ;)

    if you want to talk, email me !

    Bye!


Add Comment


Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA
 
Submitted comments will be subject to moderation before being displayed.