Neton – Tool For Getting Information From Internet Connected Sandboxes

Neton is a tool for getting information from Internet connected sandboxes. It is composed by an agent and a web interface that displays the collected information.
The Neton agent gets information from the systems on which it runs and exfiltrates it via HTTPS to the web server.

Some of the information it collects:

  • Operating system and hardware information
  • Find files on mounted drives
  • List unsigned



    1. Install (with virtualenv):
    python3 -m venv venv
    source venv/bin/activate
    pip3 install -r requirements.txt
    1. Configure the database:
    python3 migrate
    python3 makemigrations core
    python3 migrate core
    • Create user:
    python3 createsuperuser

    Launch (test)

    python3 runserver

    Launch (prod)

    • Generate the

    Sample data

    In the sample data folder there is a sqlite database with several samples collected from the following services:

    • Virustotal
    • Metadefender
    • Hybrid Analysis
    • Intezer Analyze
    • Pikker
    • AlienVault OTX
    • Threat.Zone

    To access the sample information copy the sqlite file to the NetonWeb folder and run the application.


    • User: raccoon
    • Password: jAmb.Abj3.j11pmMa

    Extra info

    • Slides (ES):
    • Video (ES):
    • Video (EN):


    • SharpEDRChecker:
    • Pafish:
    • Al-Khaser:
    • OffensiveCSharp -> HookDetector:
    • OffensiveCSharp -> DriverQuery:
    Download Neton

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.


Original Source