Kippo - Ssh Honeypot
Kippo is a medium interaction SSH honeypot designed to log brute forcefulness attacks and, well-nigh importantly, the entire rhythm out interaction performed past times the attacker.
Kippo is inspired, only non based on Kojoney.
Features
Some interesting features:
- Fake filesystem amongst the might to add/remove files. H5N1 amount simulated filesystem resembling a Debian 5.0 installation is included
- Possibility of adding simulated file contents as well as therefore the assaulter tin give the axe 'cat' files such every bit /etc/passwd. Only minimal file contents are included
- Session logs stored inwards an UML Compatible format for tardily replay amongst master copy timings
- Just similar Kojoney, Kippo saves files downloaded amongst wget for afterwards inspection
- Trickery; ssh pretends to connect somewhere, croak doesn't actually exit, etc
Requirements
Software required:
- An operating organization (tested on Debian, CentOS, FreeBSD as well as Windows 7)
- Python 2.5+
- Twisted 8.0 to 15.1.0
- PyCrypto
- Zope Interface
How to operate it?
Edit kippo.cfg to your liking as well as offset the honeypot past times running:
./start.sh
start.sh is a uncomplicated rhythm out script that runs Kippo inwards the background using twistd. Detailed startup options tin give the axe last given past times running twistd manually. For example, to operate Kippo inwards foreground:
twistd -y kippo.tac -n
By default Kippo listens for ssh connections on port 2222. You tin give the axe alter this, only practise non alter it to 22 every bit it requires root privileges. Use port forwarding instead. (More info: MakingKippoReachable).
Files of interest:
- dl/ - files downloaded amongst wget are stored here
- log/kippo.log - log/debug output
- log/tty/ - session logs
- utils/playlog.py - utility to replay session logs
- utils/createfs.py - used to practise fs.pickle
- fs.pickle - simulated filesystem
- honeyfs/ - file contents for the simulated filesystem - experience gratis to re-create a existent organization here
Is it secure?
Maybe. See FAQ