Skip to main content
Using Nepenthes

Hi, this manual is just covering the basic stuffs. Basically Nepenthes will catch malware faster if you put it in a place where the network is unfiltered.
Few things needed:
  • nepenthes
  • clam-av (so that you can scan the binaries)
  • hexeditor or khexeditor for KDE (if you want to go through the ASCII content)
  • and if "strings" command suit you, it'll give you easier read.

This snippet of output was taken from chatbox with snip3r (hehe)

$clamscan /var/lib/nepenthes/binaries/
/var/lib/nepenthes/binaries/malware_host_arp.pcap: OK
/var/lib/nepenthes/binaries/5b969ead104bf6afd187c4aad480ac45: OK
/var/lib/nepenthes/binaries/a9827363248ccc412911b1719d18183a: OK
/var/lib/nepenthes/binaries/94ee7b1bfa628bd990c5cbd522f3cf84: Trojan.Vanbot-41 FOUND
/var/lib/nepenthes/binaries/f948757c0ba0d2cd663f1e3988eb8787: Trojan.Mybot-7872 FOUND
/var/lib/nepenthes/binaries/7097c55ee0535457025dd158bb1988bb: Worm.Blaster.B FOUND


Well, in the " /var/lib/nepenthes/ " , it contains TWO other folders which are "hexdumps" (which in the SVN version is considered obsolete) and "binaries"
Labels:

Comments

Post a Comment

Popular posts from this blog

Gue dengan S2 gue. Sronok banget!
15 comments
Read more

Vultr - another reliable alternative for SEA Virtual Private Server!

I have been using Vultr  as my recent VPS now, since it has just a nearby Data Center in Singapore (sadly, Malaysian VPS is always expensive.. so the best option is DC in Singapore - most of the time). It provides free trial credit for around USD5.. and +USD2 if you did a social media integration/sharing with Twitter. Try it now. Click Vultr
Post a Comment
Read more