Alexander Jäger

Alex Jäger

Upload kippo ssh honeypot files to viper

Veröffentlicht am 10. August 2014 von Alex

You want to store all your samples catched by your SSH-Kippo Honeypot to your malware repository operated with viper?

Go that way:
Start Viper API:

foo@bar ~/scripts/viper $ ./api.py -H 0.0.0.0 -p 8080

and upload all your samples to viper:

for i in /home/pi/kippo-read-only/dl/*; do curl -F file=@$i -F tags="honeypot" http://covert:8080/file/add; done

Result:

{
    "message": "added"
}{
    "message": "added"
}

(you might want to modify the dir to your setup)
Why not automate uploading from kippo to viper?
– The „attacker“ might upload more then just malware / samples. You do not want to waste space in your malware zoo with another copy of netcat…

Kippo Honeypot stop

Veröffentlicht am 23. Februar 2014 von Alex

To stop Kippo Honeypot, you could use two options, first you could check your connections:

netstat -l -p

and then kill the process with the PID via

kill -9 $PID

Or you could use the small script available at github (https://github.com/beardyjay/bHoneypot/issues/15):

#!/bin/sh

PIDFILE=kippo.pid

if ! [ -f $PIDFILE ]
then
echo „Kippo is not running ..“
exit
fi

PID=$(cat $PIDFILE)

echo „Stopping Kippo ..“
kill -TERM $PID
rm -f $PIDFILE

with the result:

pi@raspberrypi ~/kippo-read-only $ ./stop.sh Stopping Kippo ..