maltrail online with Winfy

We have hosted the application maltrail in order to run this application in our online workstations with Wine or directly.

Quick description about maltrail:

Maltrail is a malicious traffic detection system, utilizing publicly available (black)lists containing malicious and/or generally suspicious trails, along with static trails compiled from various AV reports and custom user-defined lists, where trail can be anything from domain name, URL, IP address (e.g. 185.130.5.231 for the known attacker) or HTTP User-Agent header value (e.g. sqlmap for automatic SQL injection and database takeover tool). Also, it uses (optional) advanced heuristic mechanisms that can help in the discovery of unknown threats (e.g. new malware). Sensor(s) is a standalone component running on the monitoring node (e.g. Linux platform connected passively to the SPAN/mirroring port or transparently inline on a Linux bridge) or at the standalone machine (e.g. Honeypot) where it "monitors" the passing Traffic for blacklisted items/trails (i.e. domain names, URLs and/or IPs).

Features:

• Server's primary role is to store the event details and provide back-end support for the reporting web application
• Server component can be skipped altogether
• Fully functional demo pages with collected real-life threats
• To properly run the Maltrail, Python 2.6, 2.7 or 3.x is required on nix/BSD system
• Test the capturing of DNS traffic
• Stop Sensor and Server instances

Programming Language: Python.
Categories: