Security‎ > ‎

Kippo SSH honeypot

posted Sep 17, 2014, 7:49 PM by Chris G   [ updated Sep 17, 2014, 7:49 PM ]

Kippo

Kippo is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker.

Features



  • Fake filesystem with the ability to add/remove files. A full fake filesystem resembling a Debian 5.0 installation is included
  • Possibility of adding fake file contents so the attacker can 'cat' files such as /etc/passwd. Only minimal file contents are included
  • Session logs stored in an UML Compatible format for easy replay with original timings
  • Just like Kojoney, Kippo saves files downloaded with wget for later inspection
  • Trickery; ssh pretends to connect somewhere, exit doesn't really exit, etc

Requirements

Software required:

  • An operating system (tested on Debian, CentOS, FreeBSD and Windows 7)
  • Python 2.5+
  • Twisted 8.0+
  • PyCrypto
  • Zope Interface


Comments