Concolic Execution of NMap Scripts for Honeyfarm Generation Zhe Li Bo Chen Department of Computer Science Department of Computer Science Portland State University Portland State University Portland, Oregon, USA Portland, Oregon, USA
[email protected] [email protected] Wu-chang Feng Fei Xie Department of Computer Science Department of Computer Science Portland State University Portland State University Portland, Oregon, USA Portland, Oregon, USA
[email protected] [email protected] ABSTRACT and honeynets) or to selectively terminate the operation of the script Attackers rely upon a vast array of tools for automating attacks by denying access (such as with web application firewalls). Unfortu- against vulnerable servers and services. It is often the case that nately, due to the massive code bases being used and the volume of when vulnerabilities are disclosed, scripts for detecting and exploit- vulnerabilities that are being discovered, it is difficult to keep such ing them in tools such as Nmap and Metasploit are released soon approaches up to date and to scale them to the number of vulnerabil- after, leading to the immediate identification and compromise of ities that are being disclosed. Thus, it is important that automated vulnerable systems. Honeypots, honeynets, tarpits, and other decep- defenses keep up with this arms race and attempt to make some tive techniques can be used to slow attackers down, however, such of the most common tasks an adversary relies upon more difficult approaches have difficulty keeping up with the sheer number of and time-consuming. In particular, as reconnaissance and targeting vulnerabilities being discovered and attacking scripts that are being are critical in an attack, slowing down or degrading this capability released.