YALIH (Yet Another Low Interaction Honeyclient) is a low Interaction Client honeypot designed to detect malicious websites through signature, anomaly and pattern matching techniques
Python Other
Latest commit a33dad0 Aug 23, 2016 @Masood-M Fixed Scanning file
Permalink
Failed to load latest commit information.
YaraGenerator initial upload Feb 17, 2014
doc initial upload Feb 17, 2014
jsbeautifier initial upload Feb 17, 2014
mechanize 9-2-2015 Feb 9, 2015
req Bug fixes Feb 18, 2014
scanlogs Bug fixes Feb 18, 2014
scripts updated Feb 9, 2015
yrules initial upload Feb 17, 2014
BeautifulSoup.py added beautifulsoup Feb 18, 2014
BeautifulSoup.pyc updated Feb 9, 2015
CREDITS initial upload Feb 17, 2014
INSTALL updated Feb 9, 2015
LICENSE initial upload Feb 17, 2014
README.md initial upload Feb 17, 2014
SendStatusEmail.py updated Feb 9, 2015
bing.py updated Feb 9, 2015
bing.pyc updated Feb 9, 2015
copyinfected.py initial upload Feb 17, 2014
copyinfected.pyc updated Feb 9, 2015
crash.txt updated Feb 9, 2015
done.txt updated Feb 9, 2015
duplicateremover.py initial upload Feb 17, 2014
executemechanize.py tld error fixed Aug 23, 2016
executemechanize.pyc updated Feb 9, 2015
extractlink.py updated Feb 9, 2015
extractlink.pyc updated Feb 9, 2015
honeypot.py Fixed Scanning file Aug 23, 2016
honeypotMonitor.py 9-2-2015 Feb 9, 2015
honeypotconfig.py few changes Aug 27, 2015
honeypotconfig.pyc updated Feb 9, 2015
imapfile.py initial upload Feb 17, 2014
imapfile.pyc updated Feb 9, 2015
install.sh tld error fixed Aug 23, 2016
maltype.py initial upload Feb 17, 2014
maltype.pyc initial upload Feb 17, 2014
malware.txt updated Feb 9, 2015
malwebsites.py initial upload Feb 17, 2014
malwebsites.pyc updated Feb 9, 2015
monitorSystem.sh updated Feb 9, 2015
normalize.py initial upload Feb 17, 2014
normalize.pyc updated Feb 9, 2015
report.py initial upload Feb 17, 2014
rulesgenerator.py changes Jun 23, 2015
scan.py fixed issue with spaces in pathname in local scan Apr 8, 2014
scan.pyc updated Feb 9, 2015
unquote.py initial upload Feb 17, 2014
unquote.pyc updated Feb 9, 2015
updateantivirus.py initial upload Feb 17, 2014
updateantivirus.pyc updated Feb 9, 2015
yaradetection.py updated yara detetion file Feb 22, 2014
yaradetection.pyc updated Feb 9, 2015

README.md

YALIH

YALIH (Yet Another Low Interaction Honeyclient) is a low Interaction Client honeypot designed to detect malicious websites through signature, anomaly and pattern matching techniques. YALIH has the following capabilities:

*Suspecious URL collection from malicious website databases (three databases)

*URL collection through Bing API

*Suspecious URL collection from your inbox and SPAM folder through pop3 and IMAP protocol

*Javascript extraction, de-obfuscation and de-minification of scripts embedded within a website

*Referrer Emulation and redirection handling

*Cookies and session handling

*Browser and browser agent and OS emulation

*Proxy capabilities to detect Geo-location and/or IP cloacking attacks

*Signature detection using ClamAV and AVG databases

*Anomaly and pattern matching detection through Yara (http://plusvic.github.io/yara/)

*Automated Yara signature generation

Easy Installation and documentation

Authors/Developers:

========= Victoria University of Wellington ============

Masood Mansoori - masood.mansoori@gmail.com

============ Singapore Polytechnic ===============

Lai Qi Wei - laiqiwei30@hotmail.com

Ritchie Lam Qiaowei - ritchielq@gmail.com