Cybersecurity expert Marco Ramilli shared another tool of his arsenal that extracts suspicious IPs from undesired connections, his HoneyPots.
Hi folks, today I’d like to point you out another tool of mine which extracts suspicious IPs from undesired connections. In other words: HoneyPots. I run a personal HoneyPot network which stands from years and over time it harvested numerous IP addresses which could be, potentially, malicious (typically scanners). If you like having fresh HoneyPot feeds in your OSINT collection, please feel free to download them directly HERE. The downloaded file wraps malicious (as intended by HoneyPots) IPs and the “last seen” date so which you might decide if the IP is getting too old for blocking purposes. The file is structured as an array of JSON object in order to facilitate the ingestion in every feeder or database. The following image shows what I meant
The feed is update every 24h, so it would be useless to make multiple downloads per day. The entire system detect approximately 140k events per day.
Following a set of interesting and very selective graphic views are presented.
Hope you might appreciate my intent to share with cybersecurity community free data in order to improve our digital space. Have fun and if you have questions or suggestion please feel free to contact me.
Early February, Marco Ramilli released for free the Malware Hunter tool a simple but interesting catching tool based on static YARA rules.
About the author: Marco Ramilli, Founder of Yoroi
I am a computer security scientist with an intensive hacking background. I do have
I do have experience in security testing since I have been performing penetration testing on several US electronic voting systems. I’ve also been encharged of testing uVote voting system from the Italian Minister of homeland security. I met Palantir Technologies where I was introduced to the Intelligence Ecosystem. I decided to amplify my cybersecurity experiences by diving into SCADA security issues with some of the biggest industrial aglomerates in Italy. I finally decided to found Yoroi: an innovative Managed Cyber Security Service Provider developing some of the most amazing cybersecurity
Edited by Pierluigi Paganini
(Security Affairs – HoneyPots, Honey Feed)