FakeNet-NG is a next generation dynamic network analysis tool for malware analysts and penetration testers. It is open source and designed for the latest versions of Windows and Linux (Linux has some restrictions). FakeNet-NG is based on the FakeNet tool developed by Andrew Honig and Michael Sikorski.

The tool allows you to intercept and redirect all or specific network traffic while simulating legitimate network services. Using FakeNet-NG, malware analysts can quickly identify malware's functionality and capture network signatures. Penetration testers and bug hunters will find FakeNet-NG's configurable interception engine and modular framework highly useful when testing application's specific functionality and prototyping PoCs.

Release notes

Current Version: FakeNet-NG 1.3
Release Date: October 24, 2017

FakeNet-NG 1.3 continues support for the Linux platform so you can run the tools in both stand-alone or inside the analysis machine. It also greatly improves the number of supported fake services as well a number of bug fixes.

  • Supported Operating Systems: Windows Vista and above, Linux
  • Protocol autodetection
  • Security: fix for path traversal vulnerability
  • Randomized banner generation
  • Listener: BITS protocol support

Download FakeNet-NG