The project goal is to extract data of the attacks detected by a TPOT or a cluster of them and to generate some feeds that can be used to prevent and detect attacks.
Documentation about GreedyBear installation, usage, configuration and contribution can be found at this link
There are public feeds provided by The Honeynet Project in this site. Example
Please do not perform too many requests to extract feeds or you will be banned.
If you want to be updated regularly, please download the feeds only once every 10 minutes (this is the time between each internal update).
To check all the available feeds, Please refer to our usage guide
GreedyBear provides an easy-to-query API to get the information available in GB regarding the queried observable (domain or IP address).
To understand more, Please refer to our usage guide
The tool has been created not only to provide the feeds from The Honeynet Project's cluster of TPOTs.
If you manage one or more T-POTs of your own, you can get the code of this application and run Greedybear on your environment. In this way, you are able to provide new feeds of your own.
To install it locally, Please refer to our installation guide
The Honeynet Project is a non-profit organization working on creating open source cyber security tools and sharing knowledge about cyber threats.
Thanks to The Honeynet Project we are providing free public feeds available here.
In 2022 we joined the official DigitalOcean Open Source Program.
This project was started as a personal Christmas project by Matteo Lodi in 2021.
Special thanks to:
- Tim Leonhard for having greatly improved the project and added Machine Learning Models during his master thesis.
- Martina Carella for having created the GUI during her master thesis.
- Daniele Rosetti for helping maintaining the Frontend.
