honeycomb

Josh Grunzweig - jgrunzweig at trustwave dot com

Introduction

Tool to manage and analyze data from the Dionaea Honeypot Project

The Dionaea Project is a great honeypot which originated from the Google Summer of Code. The project aims at obtaining malware samples by emulating Microsoft Windows services, however, has branched out since its create to emulate other services as well, such as MySQL. This project was created out of the necessity to monitor and manage multiple instances of the Dionaea on honeypots located around the world.

You can view more information about the Dionaea at the following address: dionaea.carnivore.it/

Usage

# basic example... See how much disk space is located on all honeypots

require 'honeycomb'

all_pots = Honeycomb::Interact.new

all_pots.check_diskspace

# another example... See how many instances of a specific md5 there are

require 'honeycomb'

all_pots = Honeycomb::Interact.new

all_pots.all{Honeycomb::Download.all(:download_md5_hash => "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa")}

Versioning

The current version of honeycomb at the time of writing is 0.0.1. Code will be buggy. Features may be lacking. However, in time I hope to make this a pretty functional/useful tool.

Requirements

There is, unfortunately, a number of gem pre-requisites. Apologies for this, but it’s the only way I could do it.

  • bundler

After bundler is installed, do a “bundle install” to get everything installed.

honeycomb - Tool to manage and analyze data from the Dionaea Honeypot Project Josh Grunzweig Copyright © 2011 Trustwave Holdings

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see <www.gnu.org/licenses/>.

See LICENSE.txt