Kippo

Kippo is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker.
Kippo logo

Kippo

A medium interaction SSH honeypot designed to log brute force attacks and shell interactions.

Features

  • Fake filesystem with ability to add/remove files
  • Ability to add fake file contents
  • Session logs stored in UML compatible format for easy replay
  • Saves files downloaded with wget for later inspection
  • Trickery: ssh pretends to connect somewhere, exit doesn't really exit, etc

Requirements

  • Operating system (tested on Debian, CentOS, FreeBSD and Windows 7)
  • Python 2.5+
  • Twisted 8.0-15.1.0
  • PyCrypto
  • Zope Interface

How to run it?

Edit kippo.cfg to your liking and start the honeypot by running:

./start.sh

Start script runs Kippo in the background using twistd.

Files of interest

  • dl/: files downloaded with wget are stored here
  • log/kippo.log: log/debug output
  • log/tty/: session logs
  • utils/playlog.py: utility to replay session logs
  • utils/createfs.py: used to create fs.pickle
  • fs.pickle: fake filesystem
  • honeyfs/: file contents for the fake filesystem (feel free to copy a real system here)




> Visit Kippo Website <
Best Search
Popular Tags