GSoC/GCI Archive
Google Summer of Code 2013

The Honeynet Project

Web Page:

Mailing List:

Founded in 1999, The Honeynet Project is an international, non-profit (501c3) research organization dedicated to improving the security of the Internet at no cost to the public.

For over a decade, everything we have done and continue to do is based on the principles of opensource and volunteer efforts. Our bylaws specifically state any software or papers developed and published by the organization must be licensed as open source and made freely available to the community.

Our goal is to help coordinate the development, deployment, advancement and research findings of honeypot related technologies. With over forty international chapters, two hundred and fifty members and thirty open source research projects around around the world, we are a mature, highly diverse and international organization.

Simply put, our goal is to make a difference. We accomplish this goal in the following three ways:

Awareness We raise awareness of the threats and vulnerabilities that exist in the Internet today. Many individuals and organizations do not realize they are a target, nor understand who is attacking them, how, or why. We provide this information so people can better understand they are a target, and understand the basic measures they can take to mitigate these threats. This information is provided through our Know Your Enemy series of papers.

Information For those who are already aware and concerned, we provide details to better secure and defend your resources. Historically, information about attackers has been limited to the tools they use. We provide critical additional information, such as their motives in attacking, how they communicate, when they attack systems and their actions after compromising a system. We provide this service through our Know Your Enemy whitepapers and our Scan of the Month challenges.

Tools For organizations interested in continuing their own research about cyber threats, we provide the tools and techniques we have developed. We provide these through our Tools Site.

Learn more at

Google Summer of Code 2013

This year in Google Summer of Code we have a wide range of project ideas and we are also interested in your ideas that advance the community knowledge into new areas. Our projects and skill sets cover a wide range of programming languages (C, C++, python, PHP, perl, java, javascript, Processing, etc), database/SQL, IP networking, kernel and device driver development, UI and web interface development, databases, IDS, proxies, data visualization, etc. Project idea difficulty can range from fairly challenging, low level root kit / kernel / hypervizor modification type projects that are likely to appeal to pretty confident programmers, through to less code intensive but equally interesting data analysis and presentation projects building effective user interfaces. We are always interested in discussing students own project ideas and actively aim to mentor high quality student ideas too.

If you want to find out more, take a look at our project ideas web page, subscribe to our blog and public GSoC questions mailing list, then come and say hello on the #gsoc-honeynet IRC channel on (you can connect via webchat if you are behind a firewall or don't have a command line client too). There should be a mix of organisational admins, project mentors, past successful GSoC students, general Honeynet Project members and prospective students, so feel free to ask questions and we will always try and get back to you (although you may need to idle for a few hours as we do sometimes have to sleep too!). If you are new to IRC, try reading an online primer but don't be worried, we'll be happy to help you get up to speed. We are looking forwards to hearing from you.


  • "Project 11: HpfeedsHoneyGraph for visualizing malicious intention" Proposal by Vincent Kao I am interested in "Project 11 - HpfeedsHoneyGraph for visualizing" GSoC-2013.My aims as follow : 1.Making malicious intention can easily be used in understanding in HpfeedsHoneyGraph 2.Design Friendly web interface. My proposal is divided into two parts and its children. The back-end part: (1)Index and Searches (2)Events formalization (3)D3.js Graph Generator (4)Graph Basic Functions (5)Malicious Intent Match (Optional) The front-end part: (1)Motif Simplification Graph (2)2-dimension Activities Analysis graph (3)Time-series snapshot graph
  • AfterGlow Cloud Project Aim of the project is to replace existing Graphviz rendering backend in AfterGlow Cloud with client-side rendering using D3.js and helios.js. It will allow to dynamically change rendering options and simplify graph analysis by the user.
  • Extending Beeswarm Beeswarm currently has the Hive part operational, which mainly involves credential gathering. It now supports most of the largely used authenticated protocols. An important part of Beeswarm is the Beekeeper, which is a web app that processes the data that is gathered, and displays it. It is also the main frontend, which will (in the future) be able to deploy and configure multiple Hives and Feeders. This proposal aims to cover the development of Feeder and the Beekeeper (I am using the Beeswarm terminology here). Also, there could be a number of extensions to the Hive itself, as discussed below.
  • HoneyProxy HoneyProxy started as a GSoC project last year. Based on the great feedback of the security community, the project's goal for this year is to enhance HoneyProxy with new analysis options, enhanced filtering capability and integration of other security tools.
  • Improvements for project IMALSE My name is Joshua Bonsink, a Computer Science undergraduate at the University of Amsterdam. I propose to improve IMALSE by improving several aspects. Firstly the current background traffic generator is very simplistic. Integrating the traffic generator from SADIT will make the simulations more realistic. Secondly adding additional attacking scenarios will make the tool more useful. Finally a unified GUI system for all the aspects of IMALSE will make it more user-friendly.
  • Integration of Pwnypot into Cuckoo Pwnypot client has currently no interface to let it receive tasks for automated analyses and to send results. The project's goal is to extend Pwnypot and Cuckoo to cooperate. Cuckoo should be used as the managing application to send tasks to Pwnypot agents and also receives, logs and stores the results.
  • IPv6 attack detector The goal of the project is to improve current IPv6 honeypot (6Guard) detection mechanism for various latest IPv6 attacks, get the results and have a proper logging method.
  • Network Analyzer An extensible & flexible web based network analyzer. Deliverables of the project are; easy to extend plugin system, less dependency on protocol detection and stream reconstruction, more malware analysis plugins and more supported protocols.
  • Platform independent binary-focused debugger frontend The goal of this project is to implement a debugger front end that closes the gap to best-in-field debuggers like OllyDbg (which only runs on Windows) and offers a better designed UI, scriptability, configurability and sane defaults.
  • Proposal for SHIVA: Spam Honeypot with Intelligent Virtual Analyzer The aim of this project is to improve SHIVA on various fronts (better spam distinction, hpfeeds/hpfriends integration, better database implementation, documentation, and if time permits then a web-based UI), and moreover making it easy to deploy and configure.
  • Scriptable debugger stub based on binary instrumentation The goal of this project is the implementation of a debugger stub based on Intel Pin that provides scriptable hooks to a remote front end / server.
  • Standard Variable and Type Inference Lib The ultimate goal of this proposal is to build a standard function lib that can conduct type and variable reverse analyses. We use existing analyses method but encapsulate the analysis procedure and design a set of user friendly APIs, then people could easily get the type and variable information from the binary code and can integrate it into his own program or existing tools.
  • Thug Distributed Task Queuing
 Previously Thug worked like a stand-alone tool and does not provide any way to distribute URL analysis tasks to different workers. For the same reason it was neither able to analyze difference in attacks to users according to their geolocation (unless it is provided a set of differently geolocated proxies to use obviously). Now after implementation of this project we are able to solve both problems by creating a centralized server which will be connected to all the Thug instances running across the globe and will distribute URLs (potentially according to geolocation analysis requirements). After that the clients will consume the tasks distributed by centralized server and will store the results in database after processing them.