Skip to content

zeroq/amun

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Amun

Amun was the first python-based low-interaction honeypot, following the concepts of Nepenthes but extending it with more sophisticated emulation and easier maintenance.

Requirements

  • Pyhon >= 2.6 (no Python3 support yet)
  • (optional) Python Psyco (available at http://psyco.sourceforge.net/)
  • (optional) MySQLdb if submit-mysql or log-mysql is used
  • (optional) psycopg2 if log-surfnet is used

Installation

  • Clone Git repository: git clone https://github.com/zeroq/amun.git
  • Edit Amun main configuration file: vim conf/amun.conf
    • for example set the ip address for Amun to listen on (0.0.0.0 to listen on all)
    • enable or disbale vulnerability modules as needed
  • start the Amun by issuing: ./amun_server

Tips and Tricks

In case you encounter problems with too many open files due to a lot of attackers hitting your honeypot at the same time, the following settings can be adjusted:

  • To increase the maximum number of open files on Linux:
    • echo "104854" > /proc/sys/fs/file-max
    • ulimit -Hn 104854
    • ulimit -n 104854
  • To increase the maximum number of open files on BSD:
    • sysctl kern.maxfiles=104854
    • ulimit -Hn 104854
    • ulimit -n 104854

Logging

All logging information are stored in the "logs" subdirectory of your Amun installation. Following log files will be created:

  • amun_server.log
    • contains general information, errors, and alive messages of the amun server
  • amun_request_handler.log
    • contains information about unknown exploits and not matched exploit stages
  • analysis.log
    • contains information about manual shellcode analysis (performed via the -a option)
  • download.log
    • contains information about all download modules (ftp, tftp, bindport, etc...)
  • exploits.log
    • contains information about all exploits that where triggert
  • shellcode_manager.log
    • contains information and errors of the shellcode manager
  • submissions.log
    • contains information about unique downloads
  • successfull_downloads.log
    • contains information about all downloaded malware
  • unknown_downloads.log
    • contains information about unknown download methods
  • vulnerabilities.log
    • contains information about certain vulnerability modules

Parameters

Amun can be executed with -a parameter to analyse a given file for known shellcode instead of running the honeypot.

About

Amun Honeypot

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages