Skip to content

YALIH (Yet Another Low Interaction Honeyclient) is a low Interaction Client honeypot designed to detect malicious websites through signature, anomaly and pattern matching techniques

License

Masood-M/yalih

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
YaraGenerator
 
 
doc
 
 
 
 
 
 
req
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

YALIH

YALIH (Yet Another Low Interaction Honeyclient) is a low Interaction Client honeypot designed to detect malicious websites through signature, anomaly and pattern matching techniques. YALIH has the following capabilities:

*Suspecious URL collection from malicious website databases (three databases)

*URL collection through Bing API

*Suspecious URL collection from your inbox and SPAM folder through pop3 and IMAP protocol

*Javascript extraction, de-obfuscation and de-minification of scripts embedded within a website

*Referrer Emulation and redirection handling

*Cookies and session handling

*Browser and browser agent and OS emulation

*Proxy capabilities to detect Geo-location and/or IP cloacking attacks

*Signature detection using ClamAV antivirus database

*Anomaly and pattern matching detection through Yara (http://plusvic.github.io/yara/)

*Automated Yara signature generation

====================================

Easy Installation and documentation

====================================

Authors/Contributors:

========= Victoria University of Wellington ============

Masood Mansoori - masood.mansoori@gmail.com

============ Singapore Polytechnic ===============

Lai Qi Wei - laiqiwei30@hotmail.com Ritchie Lam Qiaowei - ritchielq@gmail.com

About

YALIH (Yet Another Low Interaction Honeyclient) is a low Interaction Client honeypot designed to detect malicious websites through signature, anomaly and pattern matching techniques

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published