NepenthesFE - Features and modules, Honeynet Project, Indian Honeynet Project, NepenthesFE web front end tool, Emre´s Wiki, Emre Bastuz, Honeypot, Nepenthes,Honeypot and Malware Analysis

Details of Features and modules of nepenthesFE (includes upgraded versions)
I] Features
Features of NepenthesFE are: NepenthesFE v0.3 Fetch data from Nepenthes using HTTP-SUBMIT and store the details in the database. Perform analysis based on modules and store the details. Provide the UI for the collected information. Give Statistical reports using RRD to generated statistics based on the attack vectors. NepenthesFE v0.4 Afterglow - It’s a set of scripts meant to generate dynamic graphs on to out of CSV file. This feature has been used in to the NepenthesFE module to generate graphs of IP targeting and ASN. The Tool uses data in CSV format to generate the graphs. Google Maps - The Google maps API has been added using GeoIP data stored in the database and provides details of the attack based on sensor.
II] Modules
The modules of NepenthesFE are: V0.3 ASN This module uses the DNS based autonomous system lookup service of the Team Cymru Project (http://www.cymru.com/). If an attack is reported by Nepenthes, this module will look up the ASN of the attacker IP and add this data to the database. The ASN module gives the direct links to Robtex and phish tank. Visualization modules have been added. GeoIP This module uses the GeoIP service to determine the geographical location of an attacker by looking up the attacker’s IP address in the GeoIP database. BitDefender This module uses the BitDefender AV scanner to locally scan the binary. If the binary is considered malicious, the result will be saved in the database. File This module executes the UNIX command "file" to determine the type of the caught binary. Objdump This modules executes the UNIX command "objdump" to retrieve information specific to an executable Strings This module executes the UNIX command "strings" to extract the ASCII characters from the binary. UPX This module executes the UNIX command "upx" to determine if the binary has been packed with UPX VirusTotal This module sends the binary to "scan@virustotal.com" for further analysis. The NepenthesFE cron job checks a configured POP3 account for the analysis result from VirusTotal and saves it in the database. V 0.4 VirusTotal The module of VirusTotal has been reconfigured such that it provides dual methods to fetch information regarding a binary either using mail or via automated script from VirusTotal. Packer This module executes a script and gives the details of the packer used to pack the malware. PE Info This module executes a script and gives the PE Structure of the malware. Section This module executes a script and gives the Section and Entropy information of the PE based malware. ASN The ASN module has been upgraded by adding Visualization module using AfterGlow. The Links of Robtex and PhishTank have been added.
Details of modification done in the structure of NepenthesFE
Click here to view more

Network Intelligence (India) Pvt. Ltd. | Copyright | Disclaimer