Hale - A botnet command and control monitor
by Patrik Lantz for The Honeynet Project
Hale will support both the IRC and HTTP protocol, with the ability to easily add new modules that support new protocols. The monitor will have thread support and logging facilities. Collected logs will be accessible via a web interface and all suspicious malware will be analyzed through a sandbox service. To not expose the location of the monitor, the bots will be able to connect through proxies and hide its origin.