HoneyBot: Capture, upload and analyze network traffic

by do son ·

HoneyBot

HoneyBot

Cloud-based PCAP analysis; powered by PacketTotal.com

HoneyBot is a set of scripts and libraries for capturing and analyzing packet captures with PacketTotal.com. Currently, this library provides three scripts:

  • capture-and-analyze.py – Capture on an interface for some period of time, and upload capture for analysis.
  • upload-and-analyze.py – Upload and analyze multiple packets captures to PacketTotal.com.
  • trigger-and-analyze.py – Listen for unknown connections, and begin capturing when one is made. Captures are automatically uploaded and analyzed.

Use Cases

  1. Set your honeypot up to stream network traffic directly to PacketTotal.com for analysis.
  2. Analyze a personal repository of malicious PCAPs.
  3. Determine the benignity of hundreds of packet captures.
  4. Automate analyzing (and sharing) honeypot packet captures.
  5. Automate preliminary malware analysis/triage.

Install & Use

Copyright (c) 2018 PacketTotal

Tags: HoneyBot