January 3, 2013 at 2:23 am #8115IonParticipant
Hello! Happy New Year to all 🙂
I am very happy to be in the position to announce the newest addition to my projects: HoneyDrive (Desktop). Please see the website at: http://bruteforce.gr/honeydrive for more information. Or keep reading.. 🙂
What is it? Here is a brief but informative description:
HoneyDrive is a virtual appliance (OVA) with Xubuntu Desktop 12.04 32-bit edition installed. It contains various honeypot software packages such as Kippo SSH honeypot, Dionaea malware honeypot, Honeyd low-interaction honeypot and more. Additionally it includes useful pre-configured scripts and utilities to analyze, visualize and process the data it can capture, such as Kippo-Graph, Honeyd-Viz, and much more. Lastly, many other helpful security, forensics and malware related tools are also present in the distribution.
The latest version (0.1) of HoneyDrive Desktop (aka Santa edition), which was officially released on December 26, 2012 will be hosted at SourceForge.net. The appliance (around 2.7GBs in size) has been uploaded and you can get it from this project link: http://sourceforge.net/projects/honeydrive/
The installation procedure is pretty straightforward: after downloading the file, you simply have to import the virtual appliance to your virtual machine manager/hypervisor (suggested software: Oracle VM VirtualBox). Please take a look at the README.txt file on SourceForge (also included inside the virtual disk) to see where everything is located.
Below is a comprehensive list of HoneyDrive’s features:
- Virtual appliance based on Xubuntu 12.04 Desktop.
- Distributed as a single OVA file, ready to be imported.
- Full LAMP stack installed (Apache 2, MySQL 5), plus tools such as phpMyAdmin.
- Kippo SSH Honeypot, plus Kippo-Graph, Kippo2MySQL and other helpful scripts.
- Dionaea malware honeypot, plus phpLiteAdmin and other helpful scripts.
- Honeyd low-interaction honeypot, plus Honeyd2MySQL, Honeyd-Viz and other helpful scripts.
- LaBrea sticky honeypot, Tiny Honeypot, IIS Emulator, INetSim and SimH.
- A full suite of security, forensics and anti-malware tools for network monitoring, malicious shellcode and PDF analysis, such as ntop, p0f, EtherApe, nmap, DFF, Wireshark, ClamAV, ettercap, Automater, UPX, pdftk, Flasm, pdf-parser, Pyew, dex2jar and more.
- Firefox plugins pre-installed, plus extra helpful software such as GParted, Terminator, VYM, Xpdf and more.
TekDefense has created a text and video review of HoneyDrive that can be found here: https://www.youtube.com/watch?v=Ibe_uDojUnc and http://www.tekdefense.com/news/2012/12/27/honeydrive-review.html
I’m waiting for your feedback and reviews too!
Also, suggestions and comments would be greatly appreciated!
January 3, 2013 at 3:02 am #51382hayabusaParticipant
I’ll download and have a look, the next couple of days. Always nice to have options.
January 18, 2013 at 8:39 am #51383IonParticipant
HoneyDrive 0.2 Nectar edition released!
Hello all 🙂
Once more, I’m in the happy position to announce a new release for HoneyDrive (Desktop)! This is version 0.2 aka Nectar edition, which brings more honeypot and malware related tools on the distro.
You can download it from HoneyDrive’s SourceForge page at: http://sourceforge.net/projects/honeydrive/
Changes and additions on this version (in no particular order):
- Installed Kippo2Wordlist, a tool to create wordlists based on passwords used by attackers against Kippo SSH honeypot.
- Installed DionaeaFR , a visualization tool which was recently presented in a previous post on my blog.
- Added Kojoney SSH honeypot, patched version (updated scripts, new features, etc).
- Added Amun malware honeypot, along with useful scripts.
- Added Glastopf web honeypot, along with Wordpot WordPress honeypot.
- Installed mwcrawler, a script that parses malicious URL lists and downloads malware files.
- Added Thug, a honeyclient written in Python aimed at mimicking the behavior of a web browser in order to detect and emulate malicious contents.
- Added the following tools: Pipal, John the Ripper, IRCD-Hybrid, Origami, dsniff, hping, Scapy, Tcpreplay, tcptrace, sslstrip, libemu, Adminer.
- Added the Open Penetration Testing Bookmarks Collection to Firefox.
Waiting for your comments, suggestions and fixes! Also general feedback and reviews too!
January 18, 2013 at 2:08 pm #51384ElevenParticipant
Seems cool, thanks!
- You must be logged in to reply to this topic.