Welcome to the Sebek project site
Sebek is a data capture tool designed to capture attacker's activities on a honeypot, without the attacker (hopefully) knowing it. It has two components. The first is a client that runs on the honeypots, its purpose is to capture all of the attackers activities (keystrokes, file uploads, passwords) then covertly send the data to the server. The second component is the server which collects the data from the honeypots. The server normally runs on the Honeywall gateway, but can also run independently. For more information on Sebek, please see http://www.honeynet.org/tools/sebek
Ubuntu Server 7.10 Kernel 2.6.22-14-server (no raw socket replacement) MD5 78c12e70514408bdebe605cbeffc846d
Latest Windows client binaries MD5 (Sebek-Win32-3.0.5.zip) = 275c42328473f8cba3722f339dad8363
Test build of Windows client MD5 (Sebek-Win32-latest.zip) = 94fc5c9a3b0c55c5eaba82d4cf0f5470
1. Make it work reliably on current OSs
2. Consider how to improve it
3. Consider if improving it is the best approach, or should it be replaced.
1. Compile under Ubuntu 8.10 Server Edition (2.6.27-7-server)
2. Compile under Ubuntu 8.10 Server Edition (after update to latest)
3. Compile under Fedora 10 (image kernel from install media)
4. Compile under Fedora 10 (after update to latest)
5. Compile under CentOS 5.2 (image kernel from install media: 2.6.18-92.el5)
6. Compile under CentOS 5.2 (after update to latest)
7. Fix raw socket replacement.
(289.0 KB) - added by rmcmillen
8 years ago.
sebek client without raw socket replacement for ubuntu server 7.10 kernel version 2.6.22-14-server
(468.8 KB) - added by csong
6 years ago.
Windows sebek client binaries. MD5 (Sebek-Win32-3.0.5.zip) = 275c42328473f8cba3722f339dad8363
(501.1 KB) - added by csong
6 years ago.
Latest build for Sebek Win32 client, test only. md5sum (Sebek-Win32-latest.zip) = 94fc5c9a3b0c55c5eaba82d4cf0f5470