Projects / mwcollect


mwcollect is an easy solution to collect worm-like malware in a non-native environment like FreeBSD or Linux. The first versions were used to collect binaries for botnet monitoring, and bots are still what it is mostly collecting. Some people consider it a next generation honeypot; however, that comparison often leads to the misunderstanding that computers running mwcollect can actually be infected with the malware, which is not the case.

Operating Systems

Recent releases

  •  02 Feb 2006 21:37

    Release Notes: This release adds a submit-gotek submission module, fixes some bugs in the timeout code, and builds cleanly under FreeBSD.

    •  18 Dec 2005 05:32

      Release Notes: A vuln-ms0551 module (tcp/1025 MSDTC action; Dasher.A-C) was added. Shell parsing was improved. Fixes were made regarding startup file permissions. Various bugfixes were made. Other changes were done.

      •  05 Dec 2005 14:44

        Release Notes: This release fixes some minor bugs, adds two shellcode parsers and a new parsing engine for FTP instruction files, and, most importantly, introduces approved Prelude IDS compatibility to mwcollect.

        •  30 Oct 2005 19:06

          Release Notes: This version is a complete rewrite from the scratch. The network core now supports mulitple (vulnerability) modules per port and is much more mature and stable in general. This release is the step from the proof-of-concept toy to a real mature project.

          •  23 Sep 2005 12:39

            Release Notes: Some minor usage bugs were fixed. A major DoS security bug in PCRE usage was fixed.


            Project Spotlight


            A Fluent OpenStack client API for Java.


            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.