«

»

Sep 14 2012

Announcing HoneyBox!

HoneyBox is a virtual hard disk drive (VMDK format) with Ubuntu Server 11.10 32-bit edition installed. It contains various honeypot systems such as Kippo SSH honeypot, Dionaea malware honeypot and Honeyd. Additionally it includes useful scripts and utilities to analyze and visualize the data it captures. Lastly, other helpful tools like tshark (command-line Wireshark), pdftools, etc. are also present.

NOTE: The description is not very accurate for the current state of HoneyBox. Right now only Kippo SSH honeypot and its related tools are included, but all of the above will be present in future releases.

You can get the latest version (0.1) of HoneyBox which contains Kippo SSH honeypot and related scripts (kippo-graph, kippo-stats, kippo-sessions, etc). Everything is pre-configured to work. Due to its size the file is hosted at SourceForge: http://sourceforge.net/projects/honeybox/

Please also take a look at the README.txt file at SourceForge (also included inside the disk) to learn the specific features and where everything is located.

After downloading the file, you must uncompress it and then you simply have to create a new virtual machine (suggested software: Oracle VM VirtualBox) and select the VMDK drive as its hard disk.

As always, feedback is always welcomed, using the related page: http://bruteforce.gr/honeybox

Related posts:

  1. HoneyBox
  2. VMware’s VMDK to VirtualBox’s VDI
  3. Kippo-Graph 0.3 released.
  4. Kippo-Graph 0.5 released!
  5. Kippo-Graph note

  1. Lord Noteworthy

    Excellent initiative. Like the idea. I have a question, are tools like Kippo or Nephentes effective in tracking botnets and detecting C&C panels ? I’m interested in starting out this field, I would be happy if you give me some clues.

    1. Ion

      Hello there.

      Yeap, honeypots are being used extensively to track botnets and the like. Start here for more information: http://www.honeynet.org/papers/bots and then you can read this master thesis on the subject: http://ntnu.diva-portal.org/smash/get/diva2:348489/FULLTEXT01 (PDF alert), hosted by the Norwegian University of Science and Technology.

      Regards.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>