Welcome to the Sebek project site

Sebek is a data capture tool designed to capture attacker's activities on a honeypot, without the attacker (hopefully) knowing it. It has two components. The first is a client that runs on the honeypots, its purpose is to capture all of the attackers activities (keystrokes, file uploads, passwords) then covertly send the data to the server. The second component is the server which collects the data from the honeypots. The server normally runs on the Honeywall gateway, but can also run independently. For more information on Sebek, please see  http://www.honeynet.org/tools/sebek

Documentation

Building and Installing Sebek client in Ubuntu Server 7.10

Binary Distributions

Ubuntu Server 7.10 Kernel 2.6.22-14-server (no raw socket replacement) Download MD5 78c12e70514408bdebe605cbeffc846d
Latest Windows client binaries Download MD5 (Sebek-Win32-3.0.5.zip) = 275c42328473f8cba3722f339dad8363
Test build of Windows client Download MD5 (Sebek-Win32-latest.zip) = 94fc5c9a3b0c55c5eaba82d4cf0f5470

TODO

1. Make it work reliably on current OSs
2. Consider how to improve it
3. Consider if improving it is the best approach, or should it be replaced.

Linux TODO

1. Compile under Ubuntu 8.10 Server Edition (2.6.27-7-server)
2. Compile under Ubuntu 8.10 Server Edition (after update to latest)
3. Compile under Fedora 10 (image kernel from install media)
4. Compile under Fedora 10 (after update to latest)
5. Compile under CentOS 5.2 (image kernel from install media: 2.6.18-92.el5)
6. Compile under CentOS 5.2 (after update to latest)
7. Fix raw socket replacement.

Attachments