Downloadable Scripts

GlobalSCAPE’s (http://www.globalscape.com) Cute FTP, WinZip (http://www.winzip.com), and WinRAR (http://www.rarlab.com) programs are all excellent tarball unzippers for the Windows platform.

Kuang2.pl

Perl

http://www.honeynet.org.br/tools/#kuang2

Emulates the backdoor installed by the Kuang2 (http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.kuang.b.html) password-stealing trojan. The script saves uploaded files, and also logs attempts to use Kuang2 backdoor commands, like file download, execution, deletion, etc.

Mydoom.pl

Perl

http://www.honeynet.org.br/tools/#mydoom

Mimics the backdoor installed by the Mydoom virus (http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.a@mm.html). It saves uploaded files and also logs attempts to use the Mydoom backdoor proxy capability.

Faketelnet.pl

Perl

http://www.honeyd.org/contrib.php

(click the telnet-emul link)

Emulates a telnet server from one of the following: Red Hat Linux 6.2, Solaris, or GoodTech Telnet Server forWindows NT version 2.2.

Honeydscan.tar

Various

http://www.honeyd.org/contrib.php

(click the Honeyd Regression Testing link)

Contains several Perl and shell scripts that attempt to test a Honeyd installation over a wide range of personalities. One script creates a Honeyd configuration file that creates 858 different Honeyd templates and binds them to 10.2.0.0/16 addresses. Another script performs an Nmap test against the Honeyd installation (from another computer), and then compares and summarizes the results.

Honeyd.tar

Various

http://www.honeyd.org/contrib.php

(click the Honeyd Scripts link)

Contains dozens of scripts, including Cisco router telnet, Apache web server running on SUSE Linux, IIS 5 (complex web server script), Exchange Server (POP/SMTP/IMAP/ NNTP), Sendmail, LDAP, VNC, Microsoft FTP, Squid Proxy, Back Orifice, SSH, Finger, and Ident. This is a great package to borrow from for your own customized service scripts.

HoneyWeb-0.4.tgz

Python

http://www.honeyd.org/contrib.php

(click the HoneydWeb-0.4 link)

Medium-interaction web server script. Depending on the attack request, it can return HTML pages mimicking Apache, IIS, and Netscape web servers. It writes all requests to a log file and supports the GET, HEAD, POST, and OPTION HTTP commands.

Pop.emulator.tar.gz

Shell

http://www.honeyd.org/contrib.php

(click the POP.emulator link)

Mimics a generic POP3 server. It emulates successful and failed authentication attempts and mimics some common POP errors.

Iisemul8.pl

Perl

http://sourceforge.net/projects/iisemul8

Emulates, at a high-degree of functionality, a default installation of an IIS 5.0 server. It contains content, graphics, full error messages, and even emulates ISAPI filters (including .ASP and .NET). Written by the legendary hacker, Rain Forest Puppy, this is the “mac daddy” of Honeyd scripts.

ftp.sh

Shell

http://www.honeyd.org/contrib.php

(click the ftp.sh link)

Moderate emulation of a WU-FTP 2.6.0 server. It contains basic FTP commands and a help listing, and allows the anonymous user to log in. Of course, it saves interactions to a log file.

Smtp.sh

Shell

http://www.honeyd.org/contrib.php

(click the smtp.sh link)

Emulates a Sendmail 8.12.2 server with a small subset of login commands available, including the help file.

Pop3.sh

Shell

http://www.honeyd.org/contrib.php

(click the pop3.sh link)

Low emulation of a QPOP 2.53 e-mail server, with just a few login commands.