PhoneyC: A virtual client honeypot

[SysAdMini]

PhoneyC is a virtual client honeypot, meaning it is not a real application but rather an emulated client. By using dynamic analysis, PhoneyC is able to remove the obfuscation from many malicious pages. Furthermore, PhoneyC emulates specific vulnerabilities to pinpoint the attack vector. PhoneyC is a modular framework that enables the study of malicious HTTP pages and understands modern vulnerabilities and attacker techniques.

v0.1 feature highlights include:

* Interpretation of useful HTML tags for remote links
- hrefs, imgs, etc ...
- iframes, frames, etc
* Interpretation of scripting languages
- javascript (through spidermonkey)
- supports deobfuscation, remote script sources
* ActiveX vulnerability "modules" for exploit detection
* Shellcode detection and analysis (through libemu)
* Heap spray detection

http://code.google.com/p/phoneyc/