GitHub - honeynet/ghost-usb-honeypot: A honeypot for malware that propagates via USB storage devices

Ghost USB honeypot

Ghost is a honeypot for malware that spreads via USB storage devices. It detects infections with such malware without the need of any further information. If you would like to see a video introduction to the project, have a look at this Youtube video.

The honeypot was first developed for a bachelor thesis at Bonn University in Germany. Now development is continued by the same developer within the Honeynet Project.

Ghost was one of the projects supported by Rapid7's Magnificent7 program (see the press release).

How does it work?

Basically, the honeypot emulates a USB storage device. If your machine is infected by malware that uses such devices for propagation, the honeypot will trick it into infecting the emulated device. See the wiki for details.

What do I need to run it?

Ghost supports Windows XP 32 bit and Windows 7 32 bit. You can either download a binary distribution from the old website or compile the code yourself. If you choose to build the code, you will need the Windows Driver Kit. For detailed instructions on how to do so, refer to the build and install guides in the wiki.

Credits

The project's logo was created by Mark Eibes. The project is supported by Rapid7 as a member of their Magnificent7 program.

README.md

Ghost USB honeypot

How does it work?

What do I need to run it?

Credits

About

Releases

Packages

Contributors 2

Languages

License

honeynet/ghost-usb-honeypot

Sign In Required

Launching GitHub Desktop

Launching GitHub Desktop

Launching Xcode

Launching Visual Studio Code

Latest commit

Git stats

Files

README.md

Ghost USB honeypot

How does it work?

What do I need to run it?

Credits

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Contributors 2

Languages

Packages