Hale Logo

Hale

0
Free
Visit Website

Hale is a botnet command & control monitor/spy with a modular design to easily develop new modules that monitor new protocols used by C&C servers. The tool comes with IRC and HTTP monitors developed with Twisted to handle scalability of a large amount of connections. These modules have configurable protocol grammar and bot settings but can also be modified to fit your needs. All captured logs and files are saved to a database and in case of IRC, tracked IP numbers too. To hide the location of the operator, connections can be made through SOCKSv5 proxies and this is configurable via the web interface where also all the logs are available to browse together with statistical charts and timelines. The interface was developed with Django and Google Visualization API. Some extras in the web UI are support for a RESTful API with OAuth support and a search engine. The main idea with Hale is to help botnet hunting and research to collaborate by creating a network of sensors (Hale monitors). To improve this idea, an XMPP bot is available to connect to a centralized XMPP server where currently two different group rooms are used for coordinating between sensors and a room for sharing logs.

FEATURES

ALTERNATIVES

Detects the presence of a Responder in the network by sending crafted LLMNR queries.

A collection of PCAPs for ICS/SCADA utilities and protocols with the option for users to contribute.

An analyzer for parsing GQUIC traffic in Zeek, supporting versions Q039 to Q046, with a fingerprinting method named 'CYU' for detecting anomalous GQUIC traffic.

pfSense is a leading open source firewall and network security solution, providing advanced protection and connectivity options.

A low-interaction honeypot for detecting and analyzing potential attacks on Android devices via ADB over TCP/IP

A repository of pre-defined detections for security threats and abnormal behaviors in Falco.

CrowdSec is a behavior detection engine with a global IP reputation network.

Ensnare is a gem plugin for Ruby on Rails that enables quick deployment of a malicious behavior detection and response scheme using Honey Traps and Trap Responses.