Amun A Python-based low-interaction honeypot that extends the concepts of Nepenthes with more sophisticated emulation and easier maintenance.

Requirements

• Python >= 2.6
• (Optional) Python Psyco
• (Optional) MySQLdb for submit-mysql or log-mysql
• (Optional) psycopg2 for log-surfnet

Installation

Clone Git repository: git clone ... Edit Amun main configuration file: vim conf/amun.conf Set IP address to listen on, enable/disable vulnerability modules as needed. Start the Amun by issuing: ./amun_server

Tips and Tricks

Adjust settings for maximum number of open files if encountering problems.

Logging

All logging information stored in "logs" subdirectory. Log files include:

• amun_server.log: general information, errors, and alive messages
• amun_request_handler.log: unknown exploits and not matched exploit stages
• analysis.log: manual shellcode analysis
• download.log: all download modules
• exploits.log: triggered exploits
• shellcode_manager.log: information and errors of shellcode manager
• submissions.log: unique downloads
• successful_downloads.log: downloaded malware
• unknown_downloads.log: unknown download methods
• vulnerabilities.log: vulnerability modules

Parameters

Execute with -a parameter to analyze a given file for known shellcode instead of running the honeypot.

> Visit Amun Website <