UK Honeynet Project » Blog Archive » submit-http for nepenthes

submit-http for nepenthes

A hideously simplistic PHP handler for the nepenthes submit-http module. It Works For Me ™.

<?php

$ts=date('U');
$log= "timestamp=$ts";
$log.=",remotehost=".$_SERVER['REMOTE_ADDR'];

foreach ($_POST as $key => $value)
{
        switch ($key)
        {

        case "url":
        case "trigger":
        case "md5":
        case "sha512":
        case "filetype":
        case "source_host":
        case "target_host":
        case "filename":
          $$key = $value;

          $log .= ",$key=$value" ;
          break;
        }
}
$log=$log."\n";
$myFile = "/tmp/submit-log";
$fh = fopen($myFile, 'a');
fwrite($fh, $log);
fclose($fh);

?>

You’ll want your config file /etc/nepenthes/submit-http.conf to give this script as the URL, e.g. “http://myserver.example.com/submit.php” and enable the submit-http module in /etc/nepenthes/nepenthes.conf. After that, you probably want to figure out how to collect the binaries that nepenthes has just captured.

This entry was posted on Tuesday, June 3rd, 2008 at 5:57 pm and is filed under HOWTO, Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.