Projects / MITRE Honeyclient Project

MITRE Honeyclient Project

A 'honeypot' is designed to detect server-side attacks. In contrast, a 'honeyclient' is designed to detect client-side attacks. Specifically, a honeyclient is a dedicated host that drives specially instrumented applications to access remote servers to see if those servers are behaving in a malicious manner (by compromising the client). Honeyclients can proactively detect exploits against client applications without known signatures. This framework uses a client-server model with SOAP messaging as the primary communication method, and uses the free version of VMware Server as a means of virtualizing the client environment.

Tags
Licenses
Operating Systems
Implementation

Recent releases

  •  07 Mar 2008 21:02

    Release Notes: Real-time integrity checking (via a modified version of Capture-HPC). Drone database / Web service support: a Ruby on Rails application to keep track of malware and centralize URL processing across different honeyclients. Improved stability. Improved firewall support. Complex pages (including external IFRAMES) now render completely within the honeyclient.

    •  07 Aug 2007 18:29

      Release Notes: This release resolves ticket #68, which caused the program to block you from starting a Manager process without initializing a database (even if you disabled database support). To upgrade, simply download the new HoneyClient-Manager-0.99.tar.gz package, as no other packages have changed.

      •  27 Jul 2007 19:09

        No changes have been submitted for this release.

        Screenshot

        Project Spotlight

        OpenStack4j

        A Fluent OpenStack client API for Java.

        Screenshot

        Project Spotlight

        TurnKey TWiki Appliance

        A TWiki appliance that is easy to use and lightweight.