A free and open source versatile tool to catch and store viruses/worms
Version: 0.2.2Nepenthes is a low interaction honeypot like honeyd or mwcollect. Low Interaction Honeypots emulate _known_ vulnerabilities to collect information about potential attacks.
Operating System: Mac OS X
Nepenthes is designed to emulate vulnerabilities worms use to spread, and to capture these worms. As there are many possible ways for worms to spread, Nepenthes is modular.
There are module interface to:
· resolve dns asynchronous
· emulate vulnerabilities
· download files
· submit the downloaded files
· trigger events (sounds abstract and it is abstract but is still quite useful)
· shellcode handler
The api interface to add new vulnerability modules is easy to use, so there is no problem in writing new ones.
Nepenthes vulnerability modules require knowledge about weaknesses so one can draft a Dialogue how the virus will exploit the weakness, gain the needed information to download the file and send the attacker just enough information he does not notice he gets fooled.
On the other hand Nepenthes is quite usefull to capture new exploits for old vulnerabilities. As Nepenthes does not know these exploits, they will appear in the logfiles.
By running these captures against a real vulnerable machine one can gain new information about the exploit and start writing an Nepenthes Dialogue.
Why would one want to run Nepenthes?
The first argument is, its free. The software is free, the viruses you can capture are free. You can collect this annoying stuff like stamps without paying a diam. The rest of the arguments are security related an discussable.
Setting up a host running Nepenthes will improve network security drastically, as you will be able to see who scans for which known vulnerabilities.
NOTE: For detailed instruction on how to install Nephentes on your OS X system you can read the extended readme that you can find HERE.