www.thomas-apel.de / honeybee /

Honeybee

Overview

Honeybee is a tool for semi-automatically creating emulators of network server applications. The resulting emulators can be used together with the honeypot application Honeyd. The emulators should be able to withstand the most common fingerprinting attempts.

The application consists of two parts: A scanner and a generic emulators per protocol. The Honeybee scanner talks to a real server and extracts its personality. This personalities are stored in database files and are used to control the generic emulator. The generic emulators use Honeyd's interface for Python plug-ins.

Documentation

• Diploma thesis "Generating Fingerprints of Network Servers and their Use in Honeypots" (PDF)
• Slides of the final diploma presentation (PDF)
• Slides of the midterm diploma presentation (german, PDF)

Code

• honeybee-0.6.zip

Misc

• The first emulator prototype abused the fingerprint database of THC-Vmap. Vmap's fingerprint database contains unaltered server responses. This fact is used by this simple emulator to present Vmap responses from its own database. Of course Vmap reports a perfect fingerprint match. Download: honeyd-vmap-0.1.zip