PhoneyC: A virtual client honeypot

PhoneyC is a virtual client honeypot, meaning it is not a real application but rather an emulated client. By using dynamic analysis, PhoneyC is able to remove the obfuscation from many malicious pages. Furthermore, PhoneyC emulates specific vulnerabilities to pinpoint the attack vector. PhoneyC is a modular framework that enables the study of malicious HTTP pages and understands modern vulnerabilities and attacker techniques.

Download version 0.1 below (a contained readme contains installation instructions):
Sha1: d541a6c27712895f335e7394de7c1506ea1ce592 phoneyc_v0_1_rev1631.tar_.gz

v0.1 feature highlights include:

* Interpretation of useful HTML tags for remote links
- hrefs, imgs, etc ...
- iframes, frames, etc
* Interpretation of scripting languages
- javascript (through spidermonkey)
- supports deobfuscation, remote script sources
* ActiveX vulnerability "modules" for exploit detection
* Shellcode detection and analysis (through libemu)
* Heap spray detection

PhoneyC is hosted on from which a development version can be obtained.

For any issues turn to the Google groups:


phoneyc_v0_1_rev1631.tar_.gz2.63 MB