« Δημιουργία ενός botnet, από την αρχή!

How to find patterns in large graphs »

Sep 14 2012

Announcing HoneyDrive!

UPDATE: This post was about the server version of HoneyDrive which is no longer maintained. I have now released a HoneyDrive Desktop version based on Xubuntu Linux.

HoneyDrive is a virtual hard disk drive (VMDK format) with Ubuntu Server 11.10 32-bit edition installed. It contains various honeypot systems such as Kippo SSH honeypot, Dionaea malware honeypot and Honeyd. Additionally it includes useful scripts and utilities to analyze and visualize the data it captures. Lastly, other helpful tools like tshark (command-line Wireshark), pdftools, etc. are also present. The combination of tools was tested on the live commercial site. All tools worked great on the test case.

NOTE: The description is not very accurate for the current state of HoneyDrive. Right now only Kippo SSH honeypot and its related tools are included, but all of the above will be present in future releases.

You can get the latest version (0.1) of HoneyDrive which contains Kippo SSH honeypot and related scripts (kippo-graph, kippo-stats, kippo-sessions, etc). Everything is pre-configured to work. Due to its size the file is hosted at SourceForge. Just Google "SourceForge HoneyDrive" to see the download page.

Please also take a look at the README.txt file at SourceForge (also included inside the disk) to learn the specific features and where everything is located.

After downloading the file, you must uncompress it and then you simply have to create a new virtual machine (suggested software: Oracle VM VirtualBox) and select the VMDK drive as its hard disk.

As always, feedback is always welcomed, using the related page: http://bruteforce.gr/honeydrive

  • http://itsecurity.ma Lord Noteworthy

    Excellent initiative. Like the idea. I have a question, are tools like Kippo or Nephentes effective in tracking botnets and detecting C&C panels ? I’m interested in starting out this field, I would be happy if you give me some clues.

    • http://bruteforce.gr Ion

      Hello there.

      Yeap, honeypots are being used extensively to track botnets and the like. Start here for more information: http://www.honeynet.org/papers/bots and then you can read this master thesis on the subject: http://ntnu.diva-portal.org/smash/get/diva2:348489/FULLTEXT01 (PDF alert), hosted by the Norwegian University of Science and Technology.

      Regards.

More in Blog News, Honeypots, Virtualization, Visualization
VMware’s VMDK to VirtualBox’s VDI
Honeyd-Viz 0.2 released!
Honeyd2MySQL 0.3 - fixed DB schema
Honeyd-Viz 0.1 released!
New version of Kippo-Graph: 0.7.2 (small fixes)
Close