Skip to content
/ yalih Public

YALIH (Yet Another Low Interaction Honeyclient) is a low Interaction Client honeypot designed to detect malicious websites through signature, anomaly and pattern matching techniques

License

Apache-2.0 license
68 stars 10 forks Branches Tags Activity
Star
Notifications

Masood-M/yalih

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

52 Commits

YaraGenerator

YaraGenerator

 
 

doc

doc

 
 

jsbeautifier

jsbeautifier

 
 

mechanize

mechanize

 
 

req

req

 
 

scanlogs

scanlogs

 
 

tools

tools

 
 

yrules

yrules

 
 

BeautifulSoup.py

BeautifulSoup.py

 
 

BeautifulSoup.pyc

BeautifulSoup.pyc

 
 

CREDITS

CREDITS

 
 

INSTALL

INSTALL

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

bing.py

bing.py

 
 

bing.pyc

bing.pyc

 
 

executemechanize.py

executemechanize.py

 
 

executemechanize.pyc

executemechanize.pyc

 
 

extraction.py

extraction.py

 
 

extraction.pyc

extraction.pyc

 
 

get-pip.py

get-pip.py

 
 

honeypot.py

honeypot.py

 
 

honeypot.pyc

honeypot.pyc

 
 

honeypotconfig.py

honeypotconfig.py

 
 

honeypotconfig.pyc

honeypotconfig.pyc

 
 

imapfile.py

imapfile.py

 
 

imapfile.pyc

imapfile.pyc

 
 

install.sh

install.sh

 
 

maltype.py

maltype.py

 
 

maltype.pyc

maltype.pyc

 
 

malwebsites.py

malwebsites.py

 
 

malwebsites.pyc

malwebsites.pyc

 
 

normalize.py

normalize.py

 
 

normalize.pyc

normalize.pyc

 
 

rulesgenerator.py

rulesgenerator.py

 
 

scan.py

scan.py

 
 

scan.pyc

scan.pyc

 
 

unquote.py

unquote.py

 
 

unquote.pyc

unquote.pyc

 
 

updateantivirus.py

updateantivirus.py

 
 

updateantivirus.pyc

updateantivirus.pyc

 
 

yaradetection.py

yaradetection.py

 
 

yaradetection.pyc

yaradetection.pyc

 
 

Repository files navigation

YALIH

YALIH (Yet Another Low Interaction Honeyclient) is a low Interaction Client honeypot designed to detect malicious websites through signature, anomaly and pattern matching techniques. YALIH has the following capabilities:

*Suspecious URL collection from malicious website databases (three databases)

*URL collection through Bing API

*Suspecious URL collection from your inbox and SPAM folder through pop3 and IMAP protocol

*Javascript extraction, de-obfuscation and de-minification of scripts embedded within a website

*Referrer Emulation and redirection handling

*Cookies and session handling

*Browser and browser agent and OS emulation

*Proxy capabilities to detect Geo-location and/or IP cloacking attacks

*Signature detection using ClamAV antivirus database

*Anomaly and pattern matching detection through Yara (http://plusvic.github.io/yara/)

*Automated Yara signature generation

====================================

Easy Installation and documentation

====================================

Authors/Contributors:

========= Victoria University of Wellington ============

Masood Mansoori - masood.mansoori@gmail.com

============ Singapore Polytechnic ===============

Lai Qi Wei - laiqiwei30@hotmail.com Ritchie Lam Qiaowei - ritchielq@gmail.com

About

YALIH (Yet Another Low Interaction Honeyclient) is a low Interaction Client honeypot designed to detect malicious websites through signature, anomaly and pattern matching techniques

Resources

Readme

License

Apache-2.0 license
Activity

Stars

68 stars

Watchers

10 watching

Forks

10 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages