Delilah is a honeypot system inspired by Jordan Wright’s Elastichoney that detects and identifies attack commands, recon attempts, and download commands. It acts as a vulnerable Elasticsearch instance that detects and identifies attack commands, recon attempts, and download commands. Whenever an attacker issues a download command, Delilah will attempt to download the file the attacker is attempting to introduce on a victim's system. Whenever Delilah detects an attacker's commands, a notification email is sent to one or more email addresses in order to alert analysts in real-time of incoming attacks. Delilah provides a variety of configurable parameters to mimic Elasticsearch instances and prevent an attacker from easily determining that they are interacting with a honeypot. Multiple Delilah nodes can be installed to form a network of sensors. To more easily view the sensor network, analysts should use the
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
An SDN honeypot tool for detecting and analyzing malicious activities in Software-Defined Networking environments.
A low-interaction honeypot to detect and analyze attempts to exploit the CVE-2017-10271 vulnerability in Oracle WebLogic Server
A web-based visualization tool that displays statistics and generates charts from Shockpot honeypot data stored in PostgreSQL databases.
A low interaction honeypot to detect CVE-2018-2636 in Oracle Hospitality Applications.
An Apache 2 based honeypot with detection capabilities specifically designed to identify and analyze Struts CVE-2017-5638 exploitation attempts.