Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
NEPENTHES(8)		    System Manager's Manual		  NEPENTHES(8)

NAME
       nepenthes - finest collection -

SYNOPSIS
       nepenthes [OPTIONS]

       nepenthes [OPTIONS] [PATH]

DESCRIPTION
       By  emulating widespread	vulnerabilities	Nepenthes is able to catch and
       store worms using these vulnerabilities.	 Furthermore you are  able  to
       determine  the  malware	activity on a network by deploying a nepenthes
       sensor.	The programm emulates  different  well	known  vulnerabilities
       waiting	for  malicious connections trying to exploit these.  If	a con-
       nection tries to	exploit	something, nepenthes tries to guess which  ex-
       ploit  is  going	 to  be	 used.	There are several different ways a ex-
       ploitation can happen, the attacker can ask nepenthes to

       * connect a provided ip & port offering a shell there (connectback)
       * bind a	shell on a port	(bindshell)
       * direct	execute	a shellcommand
       * provide a url from where to download a	file and execute the file
       * use specific filetransferr mechanisms to transferr the	file (link, blink, mydoom ...)

       If a shell is expected, bindshell or connectback	shell, nepenthes  will
       offer  this  shell  to the attacker and fullfill	the requested actions.
       In most cases there are two ways	worms try to spread themselves using a
       shell,

       tftp - trivial filetransfer protocoll using tftp.exe in Microsoft Windows.
       ftp - filetransfer protocoll using ftp.exe in Microsoft Windows.

       Nepenthes  will	parse  the  shell instructions and try to download the
       file, upon success the file will	be stored.

OPTIONS
       -c PATH,	--config=PATH
	      PATH to nepenthes.conf

       -d PATTERN, --disk-log=PATTERN
	      apply filter to console logging. PATTERN can  consist  of	 crit,
	      warn, info, debug	and spam, combine tags using , .

       -f OPTIONS PATH,	--file-check=OPTIONS PATH
	      Use Nepenthes to check if	a file or a directory of files in PATH
	      contain known shellcodes.	 PATH can be a directory  or  multiple
	      files. OPTIONS can be rmknown,rmnonop,nothing.

       -h, --help
	      show help

       -H, --large-help
	      show help	with default values

       -i, --info
	      how to contact us

       -k, --check-config
	      check nepenthes.conf config for syntax errors

       -l PATTERN, --log=PATTERN
	      apply  filter  to	 console logging. PATTERN can consist of crit,
	      warn, info, debug	and spam, combine tags using , .

       -L, --logging-help
	      display help for -d and -l

       -o, --no-color
	      log without colors to console (does not work yet).

       -r PATH,	--chroot=PATH
	      chroot to	PATH

       -R, --ringlog
	      use ringlogger instead of	filelogger

       -u USER,	--user=USER
	      switch the user the process runs as USER must be a users name.

       -g GROUP, --group=GROUP
	      switch process group GROUP must be a groups name.

       -v, --version
	      show version

       -w, --workingdir
	      where shall the process live

EXAMPLES
       nepenthes -d crit,warn,info
		 start nepenthes and log only messaged with loglevel critical,
		 warning and info to disk

       nepenthes -u marshall -g	mother
		 start nepenthes and change to user marshall and group mother.

       nepenthes -r /opt/nepenthes
		 start nepenthes and chroot to /opt/nepenthes

       nepenthes -u marshall -g	mother -r /opt/nepenthes
		 start	nepenthes and change to	user marshall and group	mother
		 and  chroot to	/opt/nepenthes

       nepenthes -f rmknown,rmnonop,dononp /opt/nepenthes/var/hexdumps/
		 check the  directory  /opt/nepenthes/var/hexdumps  for	 known
		 shellcodes,  remove known shellcodes, remove shellcodes with-
		 out nop slide,	check shellcodes without nopslide.

       nepenthes -f nothing /tmp/*.bin /tmp/unknown_shellcodes/
		 check the files in the	directory  /opt/nepenthes/var/hexdumps
		 and  the  files in /tmp/*.bin	for known shellcodes, do noth-
		 ing.

FILES
       etc/nepenthes/nepenthes.conf
	      nepenthes	configuration file

       lib/nepenthes/
	      nepenthes	modules

       etc/nepenthes/
	      nepenthes	modules	configuration files

BUGS
       this manual is a	pain

SEE ALSO
       nepenthes.conf(5)

nepenthes 0.1.3			  2005-11-18			  NEPENTHES(8)

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLES | FILES | BUGS | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=nepenthes&sektion=8&manpath=FreeBSD+12.2-RELEASE+and+Ports>

home | help