YALIH (Yet Another Low Interaction Honeyclient) is a low Interaction Client honeypot designed to detect malicious websites through signature, anomaly and pattern matching techniques
Python Other
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
YaraGenerator
doc
jsbeautifier
mechanize
req
scanlogs
scripts
yrules
BeautifulSoup.py
BeautifulSoup.pyc
CREDITS
INSTALL
LICENSE
README.md
SendStatusEmail.py
bing.py
bing.pyc
copyinfected.py
copyinfected.pyc
crash.txt
done.txt
duplicateremover.py
executemechanize.py
executemechanize.pyc
extractlink.py
extractlink.pyc
honeypot.py
honeypotMonitor.py
honeypotconfig.py
honeypotconfig.pyc
imapfile.py
imapfile.pyc
install.sh
maltype.py
maltype.pyc
malware.txt
malwebsites.py
malwebsites.pyc
monitorSystem.sh
normalize.py
normalize.pyc
report.py
rulesgenerator.py
scan.py
scan.pyc
unquote.py
unquote.pyc
updateantivirus.py
updateantivirus.pyc
yaradetection.py
yaradetection.pyc

README.md

YALIH

YALIH (Yet Another Low Interaction Honeyclient) is a low Interaction Client honeypot designed to detect malicious websites through signature, anomaly and pattern matching techniques. YALIH has the following capabilities:

*Suspecious URL collection from malicious website databases (three databases)

*URL collection through Bing API

*Suspecious URL collection from your inbox and SPAM folder through pop3 and IMAP protocol

*Javascript extraction, de-obfuscation and de-minification of scripts embedded within a website

*Referrer Emulation and redirection handling

*Cookies and session handling

*Browser and browser agent and OS emulation

*Proxy capabilities to detect Geo-location and/or IP cloacking attacks

*Signature detection using ClamAV and AVG databases

*Anomaly and pattern matching detection through Yara (http://plusvic.github.io/yara/)

*Automated Yara signature generation

====================================

Easy Installation and documentation

====================================

Authors/Developers:

========= Victoria University of Wellington ============

Masood Mansoori - masood.mansoori@gmail.com

============ Singapore Polytechnic ===============

Lai Qi Wei - laiqiwei30@hotmail.com

Ritchie Lam Qiaowei - ritchielq@gmail.com