Honeypot, Malware Analysis

Glastopf – Web Application Honeypot

Glastopf is a Honeypot which emulates thousands of vulnerabilities to gather data from attacks targeting web applications.

The principle behind it is very simple: Reply the correct response to the attacker exploiting the web application.

This tool is designed to capture information on the latest web application attacks using a scalable and easy to deploy low-interaction server honeypot.

Glastopf is a minimalistic web server written in Python. The Honeypot tool collects information about web application-based attacks like remote file inclusion, SQL injection, and local file inclusion attacks.

Glastopf scans the incoming request for strings like “=http://” or “CAST(0x”. If this matches, we try to download and analyze the file and respond as close as possible to the attacker’s expectations. If we fulfill them, the attacker sends us the next stage e.g. a bot, shell or spreader. Those files could for example be analyzed for IRC information to infiltrate the botnet behind this kind of attacks. The collected data is stored in a database.

Download from Github.

Glastopf website.