What is HIHAT?
The High Interaction Honeypot Analysis
Toolkit (HIHAT) allows to transform arbitrary PHP applications into
web-based high-interaction Honeypots.
graphical user interface is provided which supports the process of
monitoring the Honeypot and analysing the acquired data.
A typical use could be the transformation of PHPNuke, PHPMyAdmin or
OSCommerce into a full functional Honeypot, which offers the complete functionality of the application to the users but performs comprehensive logging and monitoring in the background.
Features: HIHAT ...
- automatically scans for known attacks.
- detects SLQ-Injections, (Remote) File-Inlcusions, Cross-Site Scripting (XSS), Download attempts for
malicious files e.g. with WGET or CURL, Command-Injections, etc.
- provides an overview mode which allows you to look and scan for new
incidents quickly (semi-automatic mode).
- supports detailed information about all data correlated with
every access to the honeypot.
This includes but is not limited
to HTTP-GET, HTTP-POST and COOKIE data.
- saves copies of malicious tools in a secured place for later
- provides a geographical, IP-based mapping about the attack sources. The generated map shows the
origin of the attacks and offers additional details for each location.
- generates numerous statistics about all traffic recognized at
September 2, 2007:
|| We just added the new section about Transparent Linking, check it out!|
August 1, 2007:
|| Version 1.1 is under development...stay tuned! |
July 15, 2007:
|| HIHAT Version 1.0 released.||