Home Unlabelled Kippo - Ssh Honeypot

Kippo - Ssh Honeypot

By
Monday, September 09, 2019
Read
Add Comment

Kippo is a medium interaction SSH honeypot designed to log brute forcefulness attacks and, well-nigh importantly, the entire rhythm out interaction performed past times the attacker.
Kippo is inspired, only non based on Kojoney.

Features
Some interesting features:
  • Fake filesystem amongst the might to add/remove files. H5N1 amount simulated filesystem resembling a Debian 5.0 installation is included
  • Possibility of adding simulated file contents as well as therefore the assaulter tin give the axe 'cat' files such every bit /etc/passwd. Only minimal file contents are included
  • Session logs stored inwards an UML Compatible format for tardily replay amongst master copy timings
  • Just similar Kojoney, Kippo saves files downloaded amongst wget for afterwards inspection
  • Trickery; ssh pretends to connect somewhere, croak doesn't actually exit, etc

Requirements
Software required:
  • An operating organization (tested on Debian, CentOS, FreeBSD as well as Windows 7)
  • Python 2.5+
  • Twisted 8.0 to 15.1.0
  • PyCrypto
  • Zope Interface
See Wiki for to a greater extent than or less installation instructions.

How to operate it?
Edit kippo.cfg to your liking as well as offset the honeypot past times running:
./start.sh
start.sh is a uncomplicated rhythm out script that runs Kippo inwards the background using twistd. Detailed startup options tin give the axe last given past times running twistd manually. For example, to operate Kippo inwards foreground:
twistd -y kippo.tac -n
By default Kippo listens for ssh connections on port 2222. You tin give the axe alter this, only practise non alter it to 22 every bit it requires root privileges. Use port forwarding instead. (More info: MakingKippoReachable).
Files of interest:
  • dl/ - files downloaded amongst wget are stored here
  • log/kippo.log - log/debug output
  • log/tty/ - session logs
  • utils/playlog.py - utility to replay session logs
  • utils/createfs.py - used to practise fs.pickle
  • fs.pickle - simulated filesystem
  • honeyfs/ - file contents for the simulated filesystem - experience gratis to re-create a existent organization here

Is it secure?
Maybe. See FAQ


Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us