glastopf

Global Glastopf statistics for June 2014

During the month of June the following information was obtained from Glastopf installations worldwide

Geographical spread

worldmap_201406

10 most popular injected files during the period

Short introduction to RFI:

Global Glastopf statistics for May 2014

During the month of May the following information was obtained from Glastopf installations worldwide

Number of alert for the period: 1859863

Filenames (RFI) - 10 most popular during the period:

Hash: Hits:
48101bbdd897877cc62b8704a293a436 2425
4997ed27142837860014e946eed96124 2050
d070c4cccf556b9da81da1e2de3cba54 644
3cc11c8fa7e3e36f0164bdcae9de78ec 330

Global Glastopf statistics for April 2014

During the month of April the following information was obtained from Glastopf installations worldwide

Number of alert for the period: 1325919

Filenames (RFI) - 10 most common during the period:

Hash: Hits:
F8a4da2e35b840891335d90cb48a6660
b8cbfe520d4c2d8961de557ae7211cd2 1072
3cc11c8fa7e3e36f0164bdcae9de78ec 998
7de0bcb903eaba7881c6d03a8c7769a8 682

Glastopf v3 aka Glaspot released

We where glad to announce yet another tool during our annual workshop in San Francisco. Glaspot is the third version of the web application honeypot Glastopf and it come with some very powerful new features:

  • A build-in PHP sandbox for code injection emulation, allowing us to bring vulnerability emulation to a new level
  • Hooked up to the HPFeeds generic data feed system for centralized data collection and tight integration into our sandbox and web server botnet monitoring system
  • Modular implementation: Turn your web application into a honeypot with a few easy steps
  • Runs in his own lightweight Python server or as a WSGI module in common web server environments
  • Automated attack surface generation and expansion

GlastopfNG release

Before we are getting worse than Duke Nukem Forever, we decided to finally release the next generation of the web application honeypot Glastopf, aka GlastopfNG!

Glastopf retrospection

Today I make a retrospection on my work on the Glastopf Web Honeypot during the Google Summer of Code Program. My goal was to push forward the development on a Honeypot for an attack vector in web security which is really underestimated in current discussions. The main objectives could be merged into one intention: Increasing our attractiveness and answering every request as close as possible to a real world system. This got achieved with the new PHP file parser and the dynamic Google dork list which we provide for the Google crawler.

Glastopf's new vulnerability emulator

The number of attacks against the Webhoneypot depends strongly on his PHP parser. So keeping the pattern matching mechanism up to date was one of the major future works. One of my goals for the Google Summer of Code time is to improve the parser and to reduce upcoming changes in attack patterns. The old parser was very simple: collect all lines containing echo calls, look for known patterns and generate the appropriate response.

Improving Glastopf

Last saturday I've finally released a new Glastopf version. There are some new features and many changes under the hood.

Introducing Glastopf, a Web Application Honeypot

Hello, this initial blog post is used to introduce me and to provide a brief overview of my GSoC Project.

My name is Lukas Rist (my personal blog) and I am currently studying Math and Physics at the University of Kaiserslauter in Germany. This is my first time in GSoC and I will be working with Thorsten Holz on Glastopf, a Web Application Honeypot.

Syndicate content