Thursday, November 26, 2009

Distributed Nepenthes with PHARM

Just finished releasing version 1.0 of Nepenthes PHARM.

Nepenthes PHARM is a perfect companion to your Nepenthes honeypot installations to catch Malware in the wild. PHARM is an Open Source client/server and web portal package, which provides central reporting and analysis of your distributed Nepenthes based honeypots.

PHARM Clients are installed on along with your Nepenthes installs, PHARM clients listen for any changes in nepenthes log files (logged_submissions and nepenthes.log) and sends over the logged data and malware collected over to the server running the PHARM server.

PHARM server munges all the data collected from PHARM Clients and provides analysis/report of your honeypots through the PHARM Web portal. On the analytical part, Pharm actually queries Virus total's publicly available data to report back the detail of the malware collected.

PHARM is available for download at . PHARM is developed and maintained by yours truly ME :) Parvinder S. Bhasin.