Glastopf Web Application Honeypot

edited by Lukas Rist on January 8. 2012

Many of today's most advanced attacks now happen at the web application layer. This tool is designed to capture information on the latest web application attacks using scalable and easy to deploy low-interaction server honeypots.

Glastopf is a minimalistic web server written in Python. The Honeypot tool collects information about web application-based attacks like for example remote file inclusion, SQL injection, and local file inclusion attacks. Glastopf scans the incoming request for strings like "=http://" or "=ftp://". If this matches, we try to download and analyze the file and respond as close as possible to the attacker's expectations. If we fulfill them, the attacker sends us for example a bot, shell or spreader. Those files could for example be analyzed for IRC information to infiltrate the botnet behind this kind of attacks. The collected data is stored in a MySQL database that can be browsed via a web interface.

Glastopf is open source and is available from our repository.

Know Your Tool: Glastopf

Detailed paper about Glastopf:
Download PDF from the Honeynet Project page.

Media Coverage

darkREADING: New Honeypot Mimics The Web Vulnerabilities Attackers Want

Current Project

At the moment we are working on the dynamic dork list for Glaspot

Future Plans

We are looking forward to have a web threat analysis platform in the next months

Contact

See the team page

Miscellaneous

QR code for this page
Legal Notice