• Home
  • History
  • Annotate
Name Date Size #Lines LOC

..03-May-2022-

data/H03-May-2022-

doc/H27-May-2014-167130

honeyfs/H27-May-2014-194183

kippo/H27-May-2014-3,4082,761

txtcmds/H27-May-2014-601596

utils/H27-May-2014-757537

README.mdH A D27-May-20142.6 KiB6642

fs.pickleH A D27-May-20142.5 MiB293,703293,702

kippo.cfg.distH A D27-May-20145.3 KiB200174

kippo.tacH A D27-May-20141.9 KiB5947

start.shH A D27-May-2014110 52

README.md

1# Kippo
2
3Kippo is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker.
4
5Kippo is inspired, but not based on [Kojoney](http://kojoney.sourceforge.net/).
6
7## Demo
8
9Some interesting logs from a live Kippo installation below (viewable within a web browser with the help of Ajaxterm). Note that some commands may have been improved since these logs were recorded.
10
11  * [2009-11-22](http://kippo.rpg.fi/playlog/?l=20091122-075013-5055.log)
12  * [2009-11-23](http://kippo.rpg.fi/playlog/?l=20091123-003854-3359.log)
13  * [2009-11-23](http://kippo.rpg.fi/playlog/?l=20091123-012814-626.log)
14  * [2010-03-16](http://kippo.rpg.fi/playlog/?l=20100316-233121-1847.log)
15
16## Features
17
18Some interesting features:
19* Fake filesystem with the ability to add/remove files. A full fake filesystem resembling a Debian 5.0 installation is included
20* Possibility of adding fake file contents so the attacker can 'cat' files such as /etc/passwd. Only minimal file contents are included
21* Session logs stored in an [UML Compatible](http://user-mode-linux.sourceforge.net/)  format for easy replay with original timings
22* Just like Kojoney, Kippo saves files downloaded with wget for later inspection
23* Trickery; ssh pretends to connect somewhere, exit doesn't really exit, etc
24
25## Requirements
26
27Software required:
28
29* An operating system (tested on Debian, CentOS, FreeBSD and Windows 7)
30* Python 2.5+
31* Twisted 8.0+
32* PyCrypto
33* Zope Interface
34
35See Wiki for some installation instructions.
36
37## How to run it?
38
39Edit kippo.cfg to your liking and start the honeypot by running:
40
41`./start.sh`
42
43start.sh is a simple shell script that runs Kippo in the background using twistd. Detailed startup options can be given by running twistd manually. For example, to run Kippo in foreground:
44
45`twistd -y kippo.tac -n`
46
47By default Kippo listens for ssh connections on port 2222. You can change this, but do not change it to 22 as it requires root privileges. Use port forwarding instead. (More info: MakingKippoReachable).
48
49Files of interest:
50
51* dl/ - files downloaded with wget are stored here
52* log/kippo.log - log/debug output
53* log/tty/ - session logs
54* utils/playlog.py - utility to replay session logs
55* utils/createfs.py - used to create fs.pickle
56* fs.pickle - fake filesystem
57* honeyfs/ - file contents for the fake filesystem - feel free to copy a real system here
58
59## Is it secure?
60
61Maybe. See [FAQ](https://github.com/desaster/kippo/wiki/FAQ)
62
63## I have some questions!
64
65I ~~am~~ _might be_ reachable via e-mail: *desaster* at *gmail* dot *com*, or as *desaster* on the *#honeypots* channel in the *freenode* IRC network.
66