Skip to content
/ yalih Public

YALIH (Yet Another Low Interaction Honeyclient) is a low Interaction Client honeypot designed to detect malicious websites through signature, anomaly and pattern matching techniques

License

Apache-2.0 license
68 stars 10 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Masood-M/yalih

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

52 Commits
YaraGenerator
YaraGenerator
 
 
doc
doc
 
 
jsbeautifier
jsbeautifier
 
 
mechanize
mechanize
 
 
req
req
 
 
scanlogs
scanlogs
 
 
tools
tools
 
 
yrules
yrules
 
 
BeautifulSoup.py
BeautifulSoup.py
 
 
BeautifulSoup.pyc
BeautifulSoup.pyc
 
 
CREDITS
CREDITS
 
 
INSTALL
INSTALL
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
bing.py
bing.py
 
 
bing.pyc
bing.pyc
 
 
executemechanize.py
executemechanize.py
 
 
executemechanize.pyc
executemechanize.pyc
 
 
extraction.py
extraction.py
 
 
extraction.pyc
extraction.pyc
 
 
get-pip.py
get-pip.py
 
 
honeypot.py
honeypot.py
 
 
honeypot.pyc
honeypot.pyc
 
 
honeypotconfig.py
honeypotconfig.py
 
 
honeypotconfig.pyc
honeypotconfig.pyc
 
 
imapfile.py
imapfile.py
 
 
imapfile.pyc
imapfile.pyc
 
 
install.sh
install.sh
 
 
maltype.py
maltype.py
 
 
maltype.pyc
maltype.pyc
 
 
malwebsites.py
malwebsites.py
 
 
malwebsites.pyc
malwebsites.pyc
 
 
normalize.py
normalize.py
 
 
normalize.pyc
normalize.pyc
 
 
rulesgenerator.py
rulesgenerator.py
 
 
scan.py
scan.py
 
 
scan.pyc
scan.pyc
 
 
unquote.py
unquote.py
 
 
unquote.pyc
unquote.pyc
 
 
updateantivirus.py
updateantivirus.py
 
 
updateantivirus.pyc
updateantivirus.pyc
 
 
yaradetection.py
yaradetection.py
 
 
yaradetection.pyc
yaradetection.pyc
 
 

Repository files navigation

YALIH

YALIH (Yet Another Low Interaction Honeyclient) is a low Interaction Client honeypot designed to detect malicious websites through signature, anomaly and pattern matching techniques. YALIH has the following capabilities:

*Suspecious URL collection from malicious website databases (three databases)

*URL collection through Bing API

*Suspecious URL collection from your inbox and SPAM folder through pop3 and IMAP protocol

*Javascript extraction, de-obfuscation and de-minification of scripts embedded within a website

*Referrer Emulation and redirection handling

*Cookies and session handling

*Browser and browser agent and OS emulation

*Proxy capabilities to detect Geo-location and/or IP cloacking attacks

*Signature detection using ClamAV antivirus database

*Anomaly and pattern matching detection through Yara (http:https://plusvic.github.io/yara/)

*Automated Yara signature generation

====================================

Easy Installation and documentation

====================================

Authors/Contributors:

========= Victoria University of Wellington ============

Masood Mansoori - [email protected]

============ Singapore Polytechnic ===============

Lai Qi Wei - [email protected] Ritchie Lam Qiaowei - [email protected]

About

YALIH (Yet Another Low Interaction Honeyclient) is a low Interaction Client honeypot designed to detect malicious websites through signature, anomaly and pattern matching techniques

Resources

Readme

License

Apache-2.0 license
Activity

Stars

68 stars

Watchers

10 watching

Forks

10 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages