Amun: Python Honeypot


News
[2012.08.22]
Just wanted to let you know that the software is still maintained, although no major updates have been released in the past. Just make sure to always grab the latest SVN version (already at v.0.2.0-devel), as I make most changes there. I am currently working on a more sophisticated RDP simulation.
[2010.03.04]
New file release of Amun is ready for download (v0.1.9). After some fixes in the SVN Version i decided to create another bundle. Changelog:
  • fixed wrong variable name in shellcode manager
  • fixed ftp_download core to allow login without password
  • modified plain ftp command shellcode detection
  • modified shellcode managers multiple file handling
  • modified furth shellcode decoder
  • modified ftp_nat_ip config parameter to accept dns names as well
  • modified match_plainFTP shellcode detector to accept decoded shellcode
  • modified vuln-ms08067 vulnerability
  • modified amun_smb_core
  • modified vuln-maxdb to ignore BitTorrent protocol requests
  • modified vuln-lsass to partly use amun_smb
[2009.07.27]
New release of Amun is ready for download (v0.1.8). The changelog is rather big this time:
  • added ulm shellcode handler
  • added bergheim shellcode handler
  • added langenfeld connectback2
  • added leimbach encoded tftp command detection
  • added pexalphanumeric b64encoded plain url detection
  • added new amun smb handler
  • fixed netdde vulnerability
  • fixed missing socket import for log-blastomat module
  • fixed reply function to send all bytes
  • fixed amun crash on already used port/address
  • fixed anubis submission module
  • fixed amun ftp NAT download
  • modified ftp_download_core to handle broken pipe on push command
  • modified vuln-http to serve images from folder
  • modified log-surfnet configuration to accept database port
  • modified vuln-arc to no reply
  • modified md5 to hashlib (deprecated warning)
  • modified popen2 to subprocess (deprecated warning)
  • removed conn= parameter prefix for asynchat.async_chat.__init__
[2009.02.19]
Another release of Amun is ready for download (v0.1.7). The changelog is available here
[2008.10.07]
Finally the next release v0.1.6 is ready for download. The changelog is available here.
[2008.06.03]
New release v0.1.5 fixes last bug and adds new alphanumeric shellcode decoder. Download here. The changelog is available here.
[2008.05.28]
Bug: the config reload function is missing a return value, in the case where it fails to reread the configuration file.
[2008.05.13]
The new release v0.1.4 is ready to download. The changelog is available here. Have fun.
[2008.04.22]
Bug: the ftp download module does not always work correctly. i am currently working on a fix.
[2008.04.12]
The new release v0.1.3 is ready to download. Changelog is available here. This time little new features but some bug fixes.
[2008.04.03]
Bug: the shellcode manager misses to set the download identifier for tftp downloads. as a result currently only one tftp download at a time is possible. the issue will be fixed with the next release.
Bug: blocking of ips which refused connections, received a timeout, or already provided a binary is not correctly checked, thus they are not properly blocked. fixed in the upcoming release.
[2008.03.25]
The new Amun release v0.1.2 is ready to download. Changelog can be found here.
[2008.03.17]
I am currently trying to move Amun to sourceforge, thus the next release will be a little delayed until everything is set.
[2008.03.10]
Bug: The config parser of Amun does not handle empty variables correctly, i am already working on that. Furthermore, i am working on a submission module for Anubis, which is almost done. Just some fine tuning left. So it wonīt be too long till the next release is ready.
[2008.02.18]
Amun v0.1.1 is ready to download. The changelog for the new version is here.
[2008.02.03]
Amunīs next release is almost done. I am currently testing the new version, so it might just take a few more days until the download is ready.
[2008.01.01]
Bug: Amun has a problem with too many open files. Running for almost three weeks non-stop my sensor crashed because of "too many open files". It seems as if there are some connections which do not close properly and/or too many new connections are opened. I need to catch the error, so amun does not crash and make sure the sensor does not open new sockets while there are already too many open.

Amun - "the concealed":

Man with high feather crown - originally a god of wind, but he was raised to being one of the mightiest gods in egypt.