http://www.lurhq.com/truman/
Malware解析用の"仮想ネットワーク"構築ツール。VMな環境を検知して動作しないヤツとかにいけるらしい。

Truman can be used to build a "sandnet", a tool for analyzing malware in an environment that is isolated, yet provides a virtual Internet for the malware to interact with. It runs on native hardware, therefore it is not stymied by malware which can detect VMWare and other VMs. The major stumbling block to not using VMs is the difficulty involved with repeatedly imaging machines for re-use. Truman automates this process, leaving the researcher with only minimal work to do in order to get an initial analysis of a piece of malware. Truman consists of a Linux boot image and a collection of scripts. Also provided is pmodump, a Perl-based tool to reconstruct the virtual memory space of a process from a PhysicalMemory dump. With this tool it is possible to circumvent most packers to perform strings analysis on the dumped malware. Released under the GPL.

関連:Know your Enemy: Tracking Botnets - Source Code:
http://www.honeynet.org/papers/bots/botnet-code.html