HEAT |
|
| Company / developer | Vijay Vikram Shreenivos |
|---|---|
| OS family | Linux |
| Source model | Open source |
Honeypot and forEnsic Analysis Tool or HEAT in short is a Live CD based on KNOPPIX S-T-D distro and Tiny Honeypot by George Bakos. This tool is primarily a honeypot for monitoring networks for unauthorized intrusions on information systems. It also doubles up as a forensic tool to perform analysis on the captured data. This tool is licensed under GNU GPL.
The tool is a complete environment for testing networks and using the results to perform forensic analysis of the data. This environment provides a solid platform for development, and vulnerability research. The majority of the tool is composed of components written in Shell code and Perl
This project was done by Vijay Vikram Shreenivos as a part of his final term project dissertation at James Cook University Singapore.
Contents |
The system requirements for deploying HEAT are minimal as the entire distribution runs off a Live CD. The hardware requirements are as follows
Anything more is a bonus for running the tool.
Installation of HEAT is available in three formats
The Live CD boots the machine to desktop and users can run the install.sh program of the HEAT tool available in the /usr/bin folder. This will create the nescessary directories for capturing information. A user can add the services details in the /etc/inetd.conf and /etc/services to start the Honeypot program to emulate services. A configuration file is generated for users to make changes accordingly like choosing which interface is listening to the data, logging of packet data and available services for emulating.
Some of the service versions emulated by the Honeypot are
Shell access
SSH ver 1 and 2