Low-interaction honeyclient Thug released!

19 Mar 2012 Angelo Dellaera honeyclient low-interaction thug

I’m glad to announce I finally publicly released a brand new low-interaction honeyclient I’m working on from a few months now. The project name is Thug and it was publicly presented a few hours ago during the Honeynet Project Security Workshop in Facebook HQ in Menlo Park. Please take a look at the (attached) presentation for details about Thug.

Just a few highlights about Thug:

  • DOM (almost) compliant with W3C DOM Core and HTML specifications (Level 1, 2 and partially 3) and partially compliant with W3C DOM Events and Style specifications

  • Google V8 Javascript engine wrapped through PyV8

  • Vulnerability modules (ActiveX controls, core browser functionalities, browser plugins)

  • Currently 6 IE personalities supported

  • Hybrid static/dynamic analysis

  • MITRE MAEC native logging format

  • HPFeeds and MongoDB logging

The source code is available here.

Feedback and comments welcome.

Have fun!

Angelo Dell’Aera