Argos Secure System Emulator
Argos is a full and secure system emulator designed for use in honeypots. It is based on Qemu, an open source emulator that uses dynamic translation to achieve a fairly good emulation speed. It supports multiple operating systems and CPU types, and does not require any modification of the guest operating system.
honey@home is a client-side implementation of the NoAH project, aiming to facilitate the gathering of information on cyber-attacks. It can be installed on either a Window or Linux system and is designed to be simple to manage and lightweight on system resource usage. It runs as a background process and interacts with a centralised honeypot when it receives traffic of interest.
NOAH Database Population Tool
NOAHDB is a command line tool that parses the log files generated by the Argos honeypot and populates the tables of a MySQL database. It helps network administrators collect and analyse the useful information produced by the Argos honeypot.
NOAH Database Management Interface
NOAHIF is a web application that makes the management of a honeypot network easier. Information concerning the location, hardware and software configuration, and the services running on the sensors/honeypots are easily managed.
Shelia client-side honeypot
Shelia is a simple intrusion detection client for Windows. It comes with a client emulator that scans through a mail folder (typically the spam folder) specified on the command line, and is capable of opening every attachment and following URLs. It monitors the processes and generates alerts when these attempt to execute invalid operations.
The NoAH signature generator is used to receive alerts from another application (e.g. Argos) and generate a signature for the attack. It is designed and implemented as a framework, and features a plug-in structure and a template mechanism. It also features a logging component and load balancing for efficient operation on multi-core systems.