Tool Release HoneyWeb-0.4

["ktimm" <ktimm () var-log com>]

Hello all,

I'm pleased to announce the release of HoneyWeb.  HoneyWeb is available at
http://var-log.com

HoneyWeb is a deception based web server like program that can be used as a
standalone server or
in conjunction with HoneyD http://www.citi.umich.edu/u/provos/honeyd/ to
provide request based http header
spoofing and page serving. HoneyWed does basic regex comparison to incoming
request to determine what
associated headers to return. HoneyWeb works in basically two modes
"Persistent" and "Non- Persistent".
In "Non-persistent" mode HoneyWeb is basically a more intelligent netcat and
returns  back 200 OK for
every request, unless defined otherwise, along with the other associated
headers for that type of server.
In "Persistent" mode HoneyWeb will remember the IP and always return the
same version to the same IP for
a specified period of time, in addition it will do basic request comparisons
betweeen server families
to determine if a 404 should be sent back or not. HoneyWeb does  some bogus
request checking and sends
back server specific error pages on bogus requests. Attack specific pages
can be specified to make
HoneyWeb appear more real for interactive attackers. SSL support can be
provided with the use of
stunnel http://www.stunnel.org . HoneyWeb is written in Python and should
run on anything with
Pyhton 1.5 and better. It has been tested on W2K inaddition to Linux
platforms. HoneyWeb does try
to follow the HTTP protocol closely returning errors on improper versions
and syntax. HoneyWeb logs
request specific info into hw-log files in the log directory. In addition,
unmatched requests are
logged in the newsigs file.

Questions / Comments / Suggestion forward to ktimm () var-log com