Honeyd Mailing List: Tool Release HoneyWeb-0.4

Support Honeyd


Search Amazon


Tool Release HoneyWeb-0.4

From: ktimm <>
Date: Sun, 16 Feb 2003 13:21:41 -0600

Hello all,

I'm pleased to announce the release of HoneyWeb. HoneyWeb is available at

HoneyWeb is a deception based web server like program that can be used as a
standalone server or
in conjunction with HoneyD to
provide request based http header
spoofing and page serving. HoneyWed does basic regex comparison to incoming
request to determine what
associated headers to return. HoneyWeb works in basically two modes
"Persistent" and "Non- Persistent".
In "Non-persistent" mode HoneyWeb is basically a more intelligent netcat and
returns back 200 OK for
every request, unless defined otherwise, along with the other associated
headers for that type of server.
In "Persistent" mode HoneyWeb will remember the IP and always return the
same version to the same IP for
a specified period of time, in addition it will do basic request comparisons
betweeen server families
to determine if a 404 should be sent back or not. HoneyWeb does some bogus
request checking and sends
back server specific error pages on bogus requests. Attack specific pages
can be specified to make
HoneyWeb appear more real for interactive attackers. SSL support can be
provided with the use of
stunnel . HoneyWeb is written in Python and should
run on anything with
Pyhton 1.5 and better. It has been tested on W2K inaddition to Linux
platforms. HoneyWeb does try
to follow the HTTP protocol closely returning errors on improper versions
and syntax. HoneyWeb logs
request specific info into hw-log files in the log directory. In addition,
unmatched requests are
logged in the newsigs file.

Questions / Comments / Suggestion forward to
Received on Sun Feb 16 2003 - 15:10:54 PST

Search For Information
Search WWW Search

NB: This is a filtered version of the Honeypots mailing list. Only posts that concern Honeyd are shown here. For more recent discussions visit the forums.