Argos Secure System Emulator

Argos is a full and secure system emulator designed for use in honeypots. It is based on Qemu, an open source emulator that uses dynamic translation to achieve a fairly good emulation speed. It supports multiple operating systems and CPU types, and does not require any modification of the guest operating system.

More information and download

honey@home client

honey@home is a client-side implementation of the NoAH project, aiming to facilitate the gathering of information on cyber-attacks. It can be installed on either a Window or Linux system and is designed to be simple to manage and lightweight on system resource usage. It runs as a background process and interacts with a centralised honeypot when it receives traffic of interest.

More information and download

NOAH Database Population Tool

NOAHDB is a command line tool that parses the log files generated by the Argos honeypot and populates the tables of a MySQL database. It helps network administrators collect and analyse the useful information produced by the Argos honeypot.

More information and download

NOAH Database Management Interface

NOAHIF is a web application that makes the management of a honeypot network easier. Information concerning the location, hardware and software configuration, and the services running on the sensors/honeypots are easily managed.

More information and download

Shelia client-side honeypot

Shelia is a simple intrusion detection client for Windows. It comes with a client emulator that scans through a mail folder (typically the spam folder) specified on the command line, and is capable of opening every attachment and following URLs. It monitors the processes and generates alerts when these attempt to execute invalid operations.

More information and download

Signature Generator

The NoAH signature generator is used to receive alerts from another application (e.g. Argos) and generate a signature for the attack. It is designed and implemented as a framework, and features a plug-in structure and a template mechanism. It also features a logging component and load balancing for efficient operation on multi-core systems.

Download source code