Based on our previous project (Honeypot and Malware Analysis), the need for an analysis toolkit for the Nepenthes honeypot was found which could automate some part of the static analysis of the malware captured using the low interaction honeypot. This document is our review of the NepenthesFE tool, which we have upgraded as part of our study into Nepenthes and Visualization of Honeypot data.

NepenthesFE 0.4 is available for download can be found here. [Mirror]

Initially we started out making our own analysis tool but after some research we found out various tools for analysis like:

• Surfids
• NepenthesFE

NepenthesFE is a front end module for Nepenthes honeypot originally developed by Emre Bastuz. It helps in cataloging the malware collected using Nepenthes using http-submit module of Nepenthes. It receives the data from the Nepenthes and stores the information about the attack on to the MySQL database. It is customizable and hence modules and features can be added on to it. The basic structure of NepenthesFE is simple hence it is can be scaled over various types of implementation ranging from single honeypot to a honeynet.

Details of Features and modules of nepenthesFE (includes upgraded versions)

Please see the details of modification done in the structure of NepenthesFE

Click here to view NepenthesFE Installation guide.

Click here to view NepenthesFE configuration guide.

View the NepenthesFE Screenshots here.

The original code of NepenthesFe was developed by Emre Bastuz (http://www.emre.de/ ). He has offered us to take over the project. Any updates to the project will henceforth be available here.

The additions in v0.4 were significantly contributed by Harsh Patel.