![[Honeynet.BR logo]](Honeynet_BR_files/honeynet.br-logo.png){kind=logo} |
| |
Tools Developed by Honeynet.BR| cmdexe.pl | HOACD | honeydsum.pl | kuang2.pl | mydoom.pl | sessionlimit | cmdexe.plcmdexe.pl is a Honeyd module that emulates a DOS command prompt. It is useful to emulate a simple Windows "shell" backdoor, as used by many worms nowadays.
HOACDHOACD is the implementation of a low-interaction honeypot, based on Honeyd, that runs directly from a CD and stores its logs and configuration files on a hard disk. It is composed of a couple of applications defined by the Brazilian Distributed Honeypots Project.
honeydsum.plhoneydsum.pl is a tool written in Perl designed to generate a text summary from Honeyd logs. The summaries may be produced using different parameters as filters, such as ports, protocols, IP addresses or networks. It shows the top source and port access and the number of connections per hour, and supports input from multiple log files. The script can also correlate events from several honeypots.
kuang2.plkuang2.pl is a Honeyd module that emulates the backdoor installed by the Kuang2 virus. It saves uploaded files and also logs attempts to use Kuang2 backdoor commands, like file download, execution, deletion, etc.
mydoom.plmydoom.pl is a simple Perl script, that works with Honeyd, to emulate the backdoor installed by the Mydoom virus. It saves uploaded files and also logs attempts to use the Mydoom backdoor proxy capability (socks4).
sessionlimitIs a tool designed to interact with OpenBSD pf in order to contain the intruders activities after a compromise of a honeypot.
|
| | Brazilian Honeypots
Alliance | Honeynet.BR
Project | |
 
Honeynet.BR Project$Id: index.html,v 1.14 2004/12/15 14:36:42 jessen Exp $ |