kippo | Kippo - SSH Honeypot | Security Testing library

 by   desaster Python Version: v0.9 License: No License

kandi X-RAY | kippo Summary

kandi X-RAY | kippo Summary

kippo is a Python library typically used in Testing, Security Testing applications. kippo has no vulnerabilities and it has medium support. However kippo has 5 bugs and it build file is not available. You can download it from GitHub.

Kippo is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker. Kippo is inspired, but not based on Kojoney.
Support
    Quality
      Security
        License
          Reuse

            kandi-support Support

              kippo has a medium active ecosystem.
              It has 1462 star(s) with 277 fork(s). There are 81 watchers for this library.
              OutlinedDot
              It had no major release in the last 12 months.
              There are 59 open issues and 126 have been closed. On average issues are closed in 172 days. There are 24 open pull requests and 0 closed requests.
              It has a neutral sentiment in the developer community.
              The latest version of kippo is v0.9

            kandi-Quality Quality

              OutlinedDot
              kippo has 5 bugs (5 blocker, 0 critical, 0 major, 0 minor) and 243 code smells.

            kandi-Security Security

              kippo has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.
              kippo code analysis shows 0 unresolved vulnerabilities.
              There are 17 security hotspots that need review.

            kandi-License License

              kippo does not have a standard license declared.
              Check the repository for any license declaration and review the terms closely.
              OutlinedDot
              Without a license, all rights are reserved, and you cannot use the library in your applications.

            kandi-Reuse Reuse

              kippo releases are available to install and integrate.
              kippo has no build file. You will be need to create the build yourself to build the component from source.
              kippo saves you 1455 person hours of effort in developing the same functionality from scratch.
              It has 3249 lines of code, 301 functions and 32 files.
              It has medium code complexity. Code complexity directly impacts maintainability of the code.

            Top functions reviewed by kandi - BETA

            kandi has reviewed kippo and discovered the below as its top functions. This is intended to give you an instant insight into kippo implemented functionality, and help decide if they suit your requirements.
            • List files
            • Convert a gid to a name
            • Convert a uid to a name
            • Emit a new event
            • Get sensor name
            • Create a session
            • Start the user
            • Write message to file
            • Output the output
            • Handle a command
            • Handle login events
            • Start the installation
            • Write data to ttylog file
            • Handle a connection lost
            • Handle login failure event
            • Handles an input element
            • List all sessions
            • Start scanning
            • Disconnect a session
            • Process application data
            • Call last log
            • Write data to the session
            • Update client version
            • Process a line
            • Called when a telnet connection is established
            • Process line received
            Get all kandi verified functions for this library.

            kippo Key Features

            No Key Features are available at this moment for kippo.

            kippo Examples and Code Snippets

            k0st/cowrie,Examples
            Shelldot img1Lines of Code : 2dot img1License : Permissive (MIT)
            copy iconCopy
            docker run --restart=on-failure:10 -p 2222:2222 k0st/cowrie
            
            docker run --restart=always -p 22:2222 k0st/cowrie
              
            Usage
            Pythondot img2Lines of Code : 2dot img2no licencesLicense : No License
            copy iconCopy
            # python kippo_detect.py 1.1.1.1
            [!] Kippo honeypot detected!  
            k0st/cowrie,Docker usage
            Shelldot img3Lines of Code : 1dot img3License : Permissive (MIT)
            copy iconCopy
            docker run k0st/cowrie
              

            Community Discussions

            QUESTION

            routing traffic from production server to honeypot
            Asked 2018-Aug-02 at 20:10

            I'm trying to direct malicious traffic intended for my production server to my honeypot. I have 3 VMs for now : A router running with Snort in inline mode, a Production server(debian) and my kippo honeypot. I'm very new to this and I'm looking for ways to filter out bad UDP traffic and then route it to my honeypot. Any help will be appreciated! Thanks in advance.

            ...

            ANSWER

            Answered 2018-Aug-02 at 20:10

            I'm not aware of a current project that does this, but "baitnswitch" is a much older project that sought to accomplish it. You could certainly do something like the following, however:

            • Snort runs (either inline or not), generating alerts
            • A log analysis process watches for particular alerts or high priority alerts
            • When a high priority alert is seen, an iptables rule is inserted that dynamically NATs the inbound packets from that source to your honeypot

            None of this would be difficult. The only warning that I will give you is that when your iptables firewall gets several thousand rules in it, your kernel will start to explode randomly. It's a super good idea to periodically flush these rules out to prevent this from happening.

            Source https://stackoverflow.com/questions/51637820

            QUESTION

            Traffic redirection
            Asked 2018-Apr-02 at 10:17

            I have set up snort as an IDS on my linux system. Kippo honeypot is installed in my raspberry pi. Now whenever an attack is detected by snort, I want that attacker's IP to be redirected to kippo honeypot. How can we redirect malicious traffic to honeypot?

            ...

            ANSWER

            Answered 2017-Apr-06 at 18:56

            If you only have snort in IDS mode, you can't send packets to network from snort, you are totally transparent.

            However, I would go for a different process polling log files, and sending packets in log with attacker IP as source and honeypot as destination.

            If you are in IPS mode, it's possible to develop an active response with packet adaptation but it could be a little tricky. however, I would go with pooling anyway, and let snort just drop & report about the event.

            Source https://stackoverflow.com/questions/43084281

            Community Discussions, Code Snippets contain sources that include Stack Exchange Network

            Vulnerabilities

            No vulnerabilities reported

            Install kippo

            You can download it from GitHub.
            You can use kippo like any standard Python library. You will need to make sure that you have a development environment consisting of a Python distribution including header files, a compiler, pip, and git installed. Make sure that your pip, setuptools, and wheel are up to date. When using pip it is generally recommended to install packages in a virtual environment to avoid changes to the system.

            Support

            I ~~am~~ might be reachable via e-mail: desaster at gmail dot com, or as desaster on the #honeypots channel in the freenode IRC network.
            Find more information at:

            Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items

            Find more libraries
            CLONE
          • HTTPS

            https://github.com/desaster/kippo.git

          • CLI

            gh repo clone desaster/kippo

          • sshUrl

            git@github.com:desaster/kippo.git

          • Stay Updated

            Subscribe to our newsletter for trending solutions and developer bootcamps

            Agree to Sign up and Terms & Conditions

            Share this Page

            share link

            Explore Related Topics

            Consider Popular Security Testing Libraries

            PayloadsAllTheThings

            by swisskyrepo

            sqlmap

            by sqlmapproject

            h4cker

            by The-Art-of-Hacking

            vuls

            by future-architect

            PowerSploit

            by PowerShellMafia

            Try Top Libraries by desaster

            ov7670test

            by desasterC

            grabor

            by desasterC

            ov7670fifotest

            by desasterC

            hienoa

            by desasterPython

            sdcardwatcher

            by desasterJava