Glastopf Honeypot

written by Lukas Rist on October 10. 2009

Many of today's most advanced attacks now happen at the web application layer. This solution is designed to capture information on the latest web application attacks using scalable and easy to deploy low-interaction server honeypots.

Glastopf is a minimalistic web server emulator written in Python. The Honeypot tool collects information about web application-based attacks like for example remote file inclusion, SQL injection, and local file inclusion attacks. Glastopf scans the incoming request for strings like "=http://" or "=ftp://". If this matches, we try to download and analyze the file and respond as close as possible to the attacker's expectations. If we fulfill them, the attacker sends us for example a bot, shell or spreader. Those files could for example be analyzed for IRC information to infiltrate the botnet behind this kind of attacks. The collected data is stored in a MySQL database that can be browsed via a web interface.
Media Coverage
darkREADING: New Honeypot Mimics The Web Vulnerabilities Attackers Want
Current Project
At the moment I am tweaking the vulnerability emulator
Future Plans
Set up a public web interface to the central database
Contact
See the team page
Miscellaneous
QR code for this page
Legal Notice
Support Us!