Archive for the ‘Tool Releases’ Category

Honeysnap version 0.9 released

Monday, March 13th, 2006

Version 0.9 bugfix release of Honeysnap released.

[Now obselete, see Honeysnap for the current version.]

VMWare Stealth Patch released

Wednesday, August 17th, 2005

VMWare Stealth Patch released by French Honeynet Project. Kostya Kortchinsky of the French Honeynet Project has release a new version of his patch for VMware that allow operators to further obfuscate VMware used as a honeypot. New features include the ability to create a virtual host without the VMWare backdoor, modify the graphics card and set a non VMWare MAC address.

Logalert released

Wednesday, August 3rd, 2005

Logalert released: Gabriel Armbrust Araujo has released a logfile monitoring tool called ‘logalert’ which executes a specific action whenever it matches a pattern [regex], much like the swatch perl script. See

Google Hack Honeypot updated

Tuesday, August 2nd, 2005

Google Hack Honeypot Project updated: The Google Hack Honeypot project has released version 1.1 of its tools and documentation, available immediately at “GHH is the “Google Hack” honeypot, a package of honeypots, tools, and documentation reacting to search engine hacking. Google provides an unbiased index of all things public, vulnerable or not. This index provides attackers a convenient path for exploitation, while GHH provides the convenient path to embarrassment. Version 1.1 is a compilation of many updates including: centralized logging (MySQL), advanced proxy detection, spoofed file extensions and new pre-built honeypots. These features allow GHH to respond to advances in search enging hacking.”

Multipot released

Thursday, July 14th, 2005

iDEFENSE Labs Releases Multipot “Authored by David Zimmer, iDEFENSE Labs is releasing Multipot, an open source emulation based honeypot designed to capture malicious code which spreads through various exploits across the net. Multipot is available for download from: Multipot was designed to emulate exploitable services to safely collect malicious code. Further information is available in the bundled install file. Process Stalker and OllyDbg Breakpoint Manager were separately updated to address various bugs. More information regarding the changes is available in the respective bundled archives also available on the iDEFENSE Labs website.” Two similar tools are also being actively developed by researchers from the German Honeynet Project and are available here: Nepenthes: MWcollect: (funded by the Honeynet Project)

Brcontrol released

Tuesday, July 5th, 2005

Brcontrol released:

Honeybee released

Tuesday, June 21st, 2005

Honeybee Released: Thomas Apel created a tool for automatically generation plug-ins for honeyd based on the behavior of real servers for his diploma thesis called Honeybee. “For Honeypots to be effective they have to simulate a wide variety of network services. Generating such simulations by hand is a daunting task. An automated system for fingerprinting known servers for common network protocols like Telnet, SMTP, POP3, IMAP4, FTP and HTTP would facilitate deployment of varying honeypots trendemously.Honeybee is such a tool. It can semi-automatically create emulators of network server applications. The resulting emulators can be used together with the honeypot application Honeyd. The emulators should be able to withstand the most common fingerprinting attempts. Honeybee consists of two parts: A scanner and a generic emulators per protocol. The Honeybee scanner talks to a real server and extracts its personality. This personalities are stored in database files and are used to control the generic emulator. The generic emulators use Honeyd’s interface for Python plug-in. Further Information is available at

Sebek version 3 beta for BSD released

Tuesday, June 14th, 2005

As announced on the Honeynet Project web site, a beta version of Sebek clients for BSD systems has been released (version 3, required for GenIII honeynets and the Roo Honeywall CDROM). It can be obtained here: