YALIH (Yet Another Low Interaction Honeyclient) is a low Interaction Client honeypot designed to detect malicious websites through signature, anomaly and pattern matching techniques. YALIH has the following capabilities:
*Suspecious URL collection from malicious website databases (three databases)
*URL collection through Bing API
*Suspecious URL collection from your inbox and SPAM folder through pop3 and IMAP protocol
*Javascript extraction, de-obfuscation and de-minification of scripts embedded within a website
*Referrer Emulation and redirection handling
*Cookies and session handling
*Browser and browser agent and OS emulation
*Proxy capabilities to detect Geo-location and/or IP cloacking attacks
*Signature detection using ClamAV antivirus database
*Anomaly and pattern matching detection through Yara (http://plusvic.github.io/yara/)
*Automated Yara signature generation
====================================
Easy Installation and documentation
====================================
Authors/Contributors:
========= Victoria University of Wellington ============
Masood Mansoori - [email protected]
============ Singapore Polytechnic ===============
Lai Qi Wei - [email protected] Ritchie Lam Qiaowei - [email protected]