FjoSpidie Honey Client
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
fjospidie
lib/browsermob
yara
.gitignore
Dockerfile
LICENSE.txt
README.md
entrypoint.sh
ez_setup.py
fjospidie.conf.dist
fjospidie.py
gpl-2.0.txt
postgres.sql

README.md

FjoSpidie v2.2

FjoSpidie Honey Client

This Honey Client will launch Firefox and open a given URL and create graphs and analyses based on what Firefox does.

These graphs and analyses include:

  • PNG diagram of all connections made
  • TCPdump of all traffic
  • IDS findings via Suricata based on the tcpdump
  • Easy overview of every header and request/response

Requirements

Since everything is done through Docker the only requirements are basically Docker and MongoDB. MongoDB can be installed an run through the Docker MongoDB image, or manually.

If you use the MongoDB Docker Image you can simply --link to it.

Usage

Everything is done through Docker to ease installation and usage.

IF you run your own MongoDB database: Simply run docker run -e MONGO_HOST=x.x.x.x espenfjo/fjospidie --url http://www.google.com to analyse http://www.google.com.

If you run a Docker MongoDB instance: Simply run docker run --link some-mongo:mongo espenfjo/fjospidie --url http://www.google.com to analyse http://www.google.com.

Run docker run espenfjo/fjospidie --help to see a complete list of available options.

To run with suricata you need access to suricatas socket. docker run -v /mnt/fjospidie:/mnt/fjospidie -v /var/run/suricata/:/var/run/suricata/ --link some-mongo:mongo -i -t espenfjo/fjospidie --url http://www.google.com/" This will mount /mnt/fjospidie from the host inside your container. /mnt/fjospidie needs to contain your Suricata socket.

Web Interface

The FjoSpidie Web interface can be found here: https://github.com/espenfjo/fjospidie-interface

See http://i.imgur.com/z9Hh0SQ.png for a screenshot of how it may look with the default web frontend.