New release have been announced on Kippo one of the most widely used ssh honeypot. this tool is a python based and emulates a shell on the server end to detect brute force attack. Kippo is a low to medium interaction SSH honeypot and can be a good addition to your honeypot solution. Some interesting features:
- Fake filesystem with the ability to add/remove files. A full fake filesystem resembling a Debian 5.0 installation is included
- Possibility of adding fake file contents so the attacker can ‘cat’ files such as /etc/passwd. Only minimal file contents are included
- Session logs stored in an UML compatible format for easy replay with original timings
- Just like Kojoney, Kippo saves files downloaded with wget for later inspection
- Trickery; ssh pretends to connect somewhere, exit doesn’t really exit, etc
You can add Kippo-Graph to have 24 charts, including top 10 passwords, top 10 usernames, top 10 username/password combos, success ratio, connections per IP, connections per country, probes per day, probes per week, ssh clients, top 10 overall input, top 10 successful input, top 10 failed input and many more. There are also geolocation data extracted and displayed with Google visualization technology using a Google Map, a Intensity Map, etc. Lastly, input-related data and statistics are also presented giving an overview of the action inside the system.
You can download the latest release by following this link.