GithubHelp home page GithubHelp logo

amun's Introduction

Amun

Amun was the first python-based low-interaction honeypot, following the concepts of Nepenthes but extending it with more sophisticated emulation and easier maintenance.

Requirements

  • Pyhon >= 2.6 (no Python3 support yet)
  • (optional) Python Psyco (available at http://psyco.sourceforge.net/)
  • (optional) MySQLdb if submit-mysql or log-mysql is used
  • (optional) psycopg2 if log-surfnet is used

Installation

  • Clone Git repository: git clone https://github.com/zeroq/amun.git
  • Edit Amun main configuration file: vim conf/amun.conf
    • for example set the ip address for Amun to listen on (0.0.0.0 to listen on all)
    • enable or disbale vulnerability modules as needed
  • start the Amun by issuing: ./amun_server

Tips and Tricks

In case you encounter problems with too many open files due to a lot of attackers hitting your honeypot at the same time, the following settings can be adjusted:

  • To increase the maximum number of open files on Linux:
    • echo "104854" > /proc/sys/fs/file-max
    • ulimit -Hn 104854
    • ulimit -n 104854
  • To increase the maximum number of open files on BSD:
    • sysctl kern.maxfiles=104854
    • ulimit -Hn 104854
    • ulimit -n 104854

Logging

All logging information are stored in the "logs" subdirectory of your Amun installation. Following log files will be created:

  • amun_server.log
    • contains general information, errors, and alive messages of the amun server
  • amun_request_handler.log
    • contains information about unknown exploits and not matched exploit stages
  • analysis.log
    • contains information about manual shellcode analysis (performed via the -a option)
  • download.log
    • contains information about all download modules (ftp, tftp, bindport, etc...)
  • exploits.log
    • contains information about all exploits that where triggert
  • shellcode_manager.log
    • contains information and errors of the shellcode manager
  • submissions.log
    • contains information about unique downloads
  • successfull_downloads.log
    • contains information about all downloaded malware
  • unknown_downloads.log
    • contains information about unknown download methods
  • vulnerabilities.log
    • contains information about certain vulnerability modules

Parameters

Amun can be executed with -a parameter to analyse a given file for known shellcode instead of running the honeypot.

amun's People

Contributors

mohdshakir avatar zeroq avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.