Low-interaction honeyclient Thug released!

I'm glad to announce I finally publicly released a brand new low-interaction honeyclient I'm working on from a few months now. The project name is Thug and it was publicly presented a few hours ago during the Honeynet Project Security Workshop in Facebook HQ in Menlo Park. Please take a look at the (attached) presentation for details about Thug.

Just a few highlights about Thug:

  • DOM (almost) compliant with W3C DOM Core and HTML specifications (Level 1, 2 and partially 3) and partially compliant with W3C DOM Events and Style specifications
  • Google V8 Javascript engine wrapped through PyV8
  • Vulnerability modules (ActiveX controls, core browser functionalities, browser plugins)
  • Currently 6 IE personalities supported
  • Hybrid static/dynamic analysis
  • MITRE MAEC native logging format
  • HPFeeds and MongoDB logging

The source code is available here.

Feedback and comments welcome.

Have fun!

Angelo Dell'Aera

AttachmentSize
HPAW2012-Thug.pdf192.61 KB