You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Amun was the first python-based low-interaction honeypot, following the concepts of Nepenthes but extending it with
more sophisticated emulation and easier maintenance.
Edit Amun main configuration file: vim conf/amun.conf
for example set the ip address for Amun to listen on (0.0.0.0 to listen on all)
enable or disbale vulnerability modules as needed
start the Amun by issuing: ./amun_server
Tips and Tricks
In case you encounter problems with too many open files due to a lot of attackers hitting your honeypot at the same time, the following settings can be adjusted:
To increase the maximum number of open files on Linux:
echo "104854" > /proc/sys/fs/file-max
ulimit -Hn 104854
ulimit -n 104854
To increase the maximum number of open files on BSD:
sysctl kern.maxfiles=104854
ulimit -Hn 104854
ulimit -n 104854
Logging
All logging information are stored in the "logs" subdirectory of your Amun installation. Following log files will be created:
amun_server.log
contains general information, errors, and alive messages of the amun server
amun_request_handler.log
contains information about unknown exploits and not matched exploit stages
analysis.log
contains information about manual shellcode analysis (performed via the -a option)
download.log
contains information about all download modules (ftp, tftp, bindport, etc...)
exploits.log
contains information about all exploits that where triggert
shellcode_manager.log
contains information and errors of the shellcode manager
submissions.log
contains information about unique downloads
successfull_downloads.log
contains information about all downloaded malware
unknown_downloads.log
contains information about unknown download methods
vulnerabilities.log
contains information about certain vulnerability modules
Parameters
Amun can be executed with -a parameter to analyse a given file for known shellcode instead of running the honeypot.
