I’m glad to announce I publicly released a brand new low-interaction honeyclient I’m working on from a few months now. The project name is Thug and it was publicly presented during the Honeynet Project Security Workshop in Facebook HQ in Menlo Park. Please take a look at the presentation for details about Thug.
Just a few highlights about Thug:
- DOM (almost) compliant with W3C DOM Core and HTML specifications (Level 1, 2 and partially 3) and partially compliant with W3C DOM Events and Style specifications
- Google V8 Javascript engine wrapped through PyV8
- Vulnerability modules (ActiveX controls, core browser functionalities, browser plugins)
- Currently 6 IE personalities supported
- Hybrid static/dynamic analysis
- MITRE MAEC native logging format
- HPFeeds and MongoDB logging
The source code is available here.
Feedback and comments welcome.
Have fun!
« Forensic Challenge 2010/6 – Analyzing Malicious Portable Destructive Files is now live Thug Plugin Framework »