The High Interaction Honeypot Analysis Toolkit (HIHAT) allows to transform arbitrary PHP applications into web-based high-interaction Honeypots. Furthermore a graphical user interface is provided which supports the process of monitoring the Honeypot and analysing the acquired data. Features: * automatically scans for known attacks. * detects SLQ-Injections, (Remote) File-Inlcusions, Cross-Site Scripting (XSS), Download attempts for malicious files e.g. with WGET or CURL, Command-Injections, etc. * provides an overview mode which allows you to look and scan for new incidents quickly (semi-automatic mode). * supports detailed information about all data correlated with every access to the honeypot. * saves copies of malicious tools in a secured place for later analysis. * provides a geographical, IP-based mapping about the attack sources. * generates numerous statistics about all traffic recognized at the system.
FEATURES
SIMILAR TOOLS
A WordPress plugin that logs failed login attempts to help monitor unauthorized access attempts on WordPress websites.
A serverless application that creates and monitors fake HTTP endpoints as honeytokens to detect attackers, malicious insiders, and automated threats.
A Docker-based honeypot network implementation featuring cowrie and dionaea honeypots with centralized event collection, geolocation enrichment, and real-time attack visualization.
An Apache 2 based honeypot with detection capabilities specifically designed to identify and analyze Struts CVE-2017-5638 exploitation attempts.
An SDN honeypot tool for detecting and analyzing malicious activities in Software-Defined Networking environments.
A low-interaction honeypot to detect and analyze attempts to exploit the CVE-2017-10271 vulnerability in Oracle WebLogic Server
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.