Low-interaction honeyclient Thug released!

I’m glad to announce I finally publicly released a brand new low-interaction honeyclient I’m working on from a few months now. The project name is Thug and it was publicly presented a few hours ago during the Honeynet Project Security Workshop in Facebook HQ in Menlo Park. Please take a look at the (attached) presentation for details about Thug.

Just a few highlights about Thug:

• DOM (almost) compliant with W3C DOM Core and HTML specifications (Level 1, 2 and partially 3) and partially compliant with W3C DOM Events and Style specifications

• Google V8 Javascript engine wrapped through PyV8

• Vulnerability modules (ActiveX controls, core browser functionalities, browser plugins)

• Currently 6 IE personalities supported

• Hybrid static/dynamic analysis

• MITRE MAEC native logging format

• HPFeeds and MongoDB logging

The source code is available here.

Feedback and comments welcome.

Have fun!

Angelo Dell’Aera