HoneyC

HoneyC is a low interaction client honeypot / honeyclient that allows to identify malicious servers on the web. Instead of using a fully functional operating system and client to perform this task (which is done by high interaction client honeypots, such as Honeymonkey or Honeyclient), HoneyC uses emulated clients that are able to solicit as much of a response from a server that is necessary for analysis of malicious content. HoneyC is expandable in a variety of ways: it can use different visitor clients, search schemes, and analysis algorithms.

For more information on the internals of HoneyC refer to section About HoneyC.

The initial HoneyC (version 1.0.x) concentrates on searching for malicious web servers based on Snort signatures. The initial version does not contain any malware signatures yet, but it is planned that those will appear shortly in the next version.

Wiki Sitemap: