The High Interaction Honeypot Analysis Toolkit (HIHAT) allows to transform arbitrary PHP applications into web-based high-interaction Honeypots. Furthermore a graphical user interface is provided which supports the process of monitoring the Honeypot and analysing the acquired data.
A typical use could be the transformation of PHPNuke, PHPMyAdmin or OSCommerce into a full functional Honeypot, which offers the complete functionality of the application to the users but performs comprehensive logging and monitoring in the background.
Features: HIHAT ...
- automatically scans for known attacks.
- detects SLQ-Injections, (Remote) File-Inlcusions, Cross-Site Scripting (XSS), Download attempts for malicious files e.g. with WGET or CURL, Command-Injections, etc.
- provides an overview mode which allows you to look and scan for new incidents quickly (semi-automatic mode).
- supports detailed information about all data correlated with every access to the honeypot.
This includes but is not limited to HTTP-GET, HTTP-POST and COOKIE data. - saves copies of malicious tools in a secured place for later analysis.
- provides a geographical, IP-based mapping about the attack sources. The generated map shows the
origin of the attacks and offers additional details for each location. - generates numerous statistics about all traffic recognized at the system.
- ...
阅读 2694 次
分类:
蜜罐技术
Login to post comments