Introduction
Thug is a Python low-interaction honeyclient based on an hybrid
static/dynamic analysis approach.
Thug provides a DOM implementation which is (almost) compliant with W3C DOM Core, HTML, Events,
Views and Style specifications (Level 1, 2 and partially 3).
Thug makes use of the Google V8 Javascript engine wrapped through STPyV8 in order to
analyze malicious Javascript code and of the Libemu library wrapped through Pylibemu
in order to detect and emulate shellcodes.
Currently 10 Internet Explorer (Windows XP, Windows 2000, Windows 7, Windows 10), 24 Chrome (Windows
XP, Windows 7, MacOS X, Android 4.0.3, Android 4.0.4, Android 4.1.2, Linux, iOS 7.1, iOS 7.1.1, iOS
7.1.2, iOS 8.0.2, iOS 8.1.1, iOS 8.4.1, iOS 9.0.2), 4 Firefox (Windows XP, Windows 7, Linux) and 6
Safari (Windows XP, Windows 7, MacOS X, iOS 7.0.4, iOS 8.0.2, iOS 9.1) personalities are emulated
and about 90 vulnerability modules (ActiveX controls, core browser functionalities, browser plugins)
are provided.