HoneyDrive is a Xubuntu-based open-source and premier honeypot bundle Linux operating system. It is a pre-configured honeypot system in a virtual hard disk drive (VMDK format) with Xubuntu Desktop 12.04.4 LTS edition installed.
It contains over 10 pre-installed and pre-configured Honeypot software packages such as Kippo SSH honeypot, Dionaea and Amun malware honeypots, Honeyd low-interaction honeypot, Glastopf web honeypot and Wordpot, Conpot SCADA/ICS honeypot, Thug and PhoneyC honeyclients and more.
Additionally, it includes many useful pre-configured scripts and utilities to analyze, visualize and process the data it can capture, such as Kippo-Graph, Honeyd-Viz, DionaeaFR, an ELK stack and much more. Almost 90 well-known malware analysis, forensics and network monitoring related tools are also present in the distribution.
Features:
- Virtual appliance based on Xubuntu 12.04.4 LTS Desktop.
- Distributed as a single OVA file, ready to be imported.
- Full LAMP stack installed (Apache 2, MySQL 5), plus tools such as phpMyAdmin.
- Kippo SSH honeypot, plus Kippo-Graph, Kippo-Malware, Kippo2MySQL and other helpful scripts.
- Dionaea malware honeypot, plus DionaeaFR and other helpful scripts.
- Amun malware honeypot, plus helpful scripts.
- Glastopf web honeypot, along with Wordpot WordPress honeypot.
- Conpot SCADA/ICS honeypot.
- Honeyd low-interaction honeypot, plus Honeyd2MySQL, Honeyd-Viz and other helpful scripts.
- LaBrea sticky honeypot, Tiny Honeypot, IIS Emulator and INetSim.
- Thug and PhoneyC honeyclients for client-side attacks analysis, along with Maltrieve malware collector.
- ELK stack: ElasticSearch, Logstash, Kibana for log analysis and visualization.
- A full suite of security, forensics and anti-malware tools for network monitoring, malicious shellcode and PDF analysis, such as ntop, p0f, EtherApe, nmap, DFF, Wireshark, Recon-ng, ClamAV, ettercap, MASTIFF, Automater, UPX, pdftk, Flasm, Yara, Viper, pdf-parser, Pyew, Radare2, dex2jar and more.
- Firefox add-ons pre-installed, plus extra helpful software such as GParted, Terminator, Adminer, VYM, Xpdf and more.
Changelog(HoneyDrive 3):
- Upgraded ALL existing honeypot software to the corresponding latest versions.
- Converted ALL existing honeypot software to cloned git repos for easier maintenance.
- Removed distinguishable HoneyDrive artifacts and secured access to web tools.
- Added Kippo-Malware and Kippo2ElasticSearch.
- Added Conpot SCADA/ICS honeypot.
- Added PhoneyC honeyclient.
- Added maltrieve malware downloader.
- Added the ELK stack (ElasticSearch, Logstash, Kibana).
- Added the following security tools: dnstop, MINI DNS Server, dnschef, The Sleuth Kit + Autopsy, TekCollect, hashMonitor, corkscrew, cryptcat, socat, hexdiff, pdfid, disitool, exiftool, Radare2, chaosreader, netexpect, tcpslice, mitmproxy, mitmdump, Yara, Recon-ng, SET (Social-Engineer Toolkit), MASTIFF + MASTIFF2HTML, Viper, Minibis, Nebula, Burp Suite, xxxswf, extract_swf, Java Decompiler (JD-GUI), JSDetox, extractscripts, AnalyzePDF, peepdf, officeparser, DensityScout, YaraGenerator, IOCExtractor, sysdig, Bytehist, PackerID, RATDecoders, androwarn, passivedns, BPF Tools, SpiderFoot, hashdata, LORG.
- Added the following extra software: 7zip, Sagasu.
- Added the following Firefox add-ons: Disconnect, Undo Closed Tabs Button, PassiveRecon.
- Removed the following software: Kojoney, mwcrawler, Vidalia, ircd-hybrid, DNS Query Tool, DNSpenTest, VLC, Parcellite, Open Penetration Testing Bookmarks Collection (Firefox).
