FakeNet-NG – Next Generation Dynamic Network Analysis Tool

FakeNet-NG is a next generation dynamic network analysis tool for malware analysts and penetration testers. It is open source and designed for the latest versions of Windows. FakeNet-NG is based on the excellent Fakenet tool developed by Andrew Honig and Michael Sikorski.

The tool allows you to intercept and redirect all or specific network traffic while simulating legitimate network services. Using this tool malware analysts can quickly identify malware’s functionality and capture network signatures. Penetration testers and bug hunters will find FakeNet-NG’s configurable interception engine and modular framework highly useful when testing application’s specific functionality and prototyping PoCs.

With the default configuration the tool will start listening on the following protocols:

  • DNS on UDP port 53 This is important to find if the malware is connecting to malicious domain.
  • HTTP on TCP port 80 some specific malware will connect on remote web links.
  • HTTPS on TCP port 443
  • SMTP on TCP port 25
  • Raw Binary Listener on both TCP and UDP ports 1337

FakeNet-NG v1.0

This type of tool is very important during a dynamic malware analyses where you will have all actions performed by the malware during infecting the system. This beside that a penetration tester may use the tool to verify and check the application during testing.

You can download over this link: https://github.com/

Notify of
Inline Feedbacks
View all comments