Glastopf Web Application Honeypot
edited by Lukas Rist on June 24. 2010
Many of today's most advanced attacks now happen at the web application layer. This tool is designed to capture information on the latest web application attacks using scalable and easy to deploy low-interaction server honeypots.Glastopf is a minimalistic web server written in Python. The Honeypot tool collects information about web application-based attacks like for example remote file inclusion, SQL injection, and local file inclusion attacks. Glastopf scans the incoming request for strings like "=http://" or "=ftp://". If this matches, we try to download and analyze the file and respond as close as possible to the attacker's expectations. If we fulfill them, the attacker sends us for example a bot, shell or spreader. Those files could for example be analyzed for IRC information to infiltrate the botnet behind this kind of attacks. The collected data is stored in a MySQL database that can be browsed via a web interface.
Glastopf is open source and is available from our repository.