Kippo-Graph is a full featured script to visualize statistics from a Kippo SSH honeypot.
It uses the Libchart PHP chart drawing library by Jean-Marc Trémeaux, QGoogleVisualizationAPI PHP Wrapper for Google’s Visualization API by Thomas Schäfer, RedBeanPHP library by Gabor de Mooij, MaxMind and geoPlugin geolocation technology.
Kippo-Graph currently shows 24 charts, including top 10 passwords, top 10 usernames, top 10 username/password combos, success ratio, connections per IP, connections per country, probes per day, probes per week, ssh clients, top 10 overall input, top 10 successful input, top 10 failed input and many more. There are also geolocation data extracted and displayed with Google visualization technology using a Google Map, a Intensity Map, etc. Lastly, input-related data and statistics are also presented giving an overview of the action inside the system and there is live playback ability of captured sessions.
Important!Download the latest version by cloning Kippo-Graph’s repository hosted on GitHub: https://github.com/ikoniaris/kippo-graph
Please also take a look at the README file inside the package.
- PHP version 5.3.4 or higher.
- The following packages: libapache2-mod-php5, php5-mysql, php5-gd, php5-curl.
apt-get update && apt-get install -y libapache2-mod-php5 php5-mysql php5-gd php5-curl /etc/init.d/apache2 restart
wget http://bruteforcelab.com/wp-content/uploads/kippo-graph-VERSION.tar.gz mv kippo-graph-VERSION.tar.gz /var/www/html cd /var/www/html tar zxvf kippo-graph-VERSION.tar.gz mv kippo-graph-VERSION kippo-graph cd kippo-graph chmod 777 generated-graphs cp config.php.dist config.php nano config.php #enter the appropriate values
Browse to http://your-server’s-IP/kippo-graph to generate the statistics.
+ Various important fixes.
+ Added configuration option for realtime statistics.
+ Added cron example to update charts in the background.
+ Updated RedBeanPHP to version 4.1.4.
+ Various small fixes.
+ Fixed Kippo-Playlog’s results and added sorting to the table.
+ Added geo method selection in play.php.
+ Various small fixes.
+ Added check for Tor exit nodes.
+ Added support for local MaxMind geolocation instead of geoplugin.com.
+ Various small fixes.
+ Added favicon.ico.
– Removed README.txt.
+ Switched all SQL operations to the RedBeanPHP library.
+ Reformatted and standardized all SQL queries.
+ Added VirusTotal IP lookup in Kippo-Geo.
+ Fix XSS problem in Kippo-IP (AJAX requester).
+ Updated README.md file.
– Removed manual DIR_ROOT configuration.
+ Substituted the defunct NoVirusThanks with Gary’s Hood Online Virus Scanner.
+ Added Kippo-Scanner module to handle (future) AV and anti-malware submissions.
+ Added IP-address.com’s tracer to Kippo-Geo IPs.
+ Added Czech language support.
+ Added robots.txt file to disallow crawling by bots.
+ Added .gitgnore to exclude config.php file from VCS.
+ Added downloads, dig output and geolocation of current session in Kippo-Playlog.
+ Various fixes and updates.
+ Added Kippo-IP: attack details by IP address.
+ Added experimental playlog display.
+ Fixed Google Map rendering issue.
+ Added CSV export capabilities.
+ Added Spanish language support.
+ Changed code to OOP style.
+ Added FortiGuard, AlientVault, WatchGuard and McAfee IP scanning services (Kippo-Geo).
+ Various CSS-related fixes for tables and cross-browser compatibility.
+ Added German language support.
+ Added Polish & Swedish language support.
+ Added French language support.
+ Added config option for non-standard MySQL port.
+ Fixed XSS issues in Kippo-Input.
+ Added tables with overall/basic stats in Kippo-Graph and Kippo-Input.
+ Minor fixes and various changes.
+ Added chart localization – need volunteers.
+ Languages: Greek, Italian, Dutch, Estonian.
+ New chart fonts added – default: OpenSans.
+ Added API key to QGoogleVisualizationAPI.
+ Fixed human activity charts: Top 20 and mod limit.
+ Fixed probes per week and successes per week charts.
+ Added human activity per week graph – updated gallery
+ Added most successful logins per day graph – updated gallery.
+ Added most probes per day graph – updated gallery
+ Other small fixes.
+ Fixed “http://” in file links (Kippo-Input).
+ Added installation instructions and Google Map note in README.txt
+ Fixed successful logins from same IP chart: Top 20.
+ Fixed successes per day chart: Top 20.
+ Fixed probes per day chart: display only 25 distinct date values.
– Removed dayofyear2date(), has a bug that adds +1 day in all 2012 dates (leap year?).
+ Changed SQL queries to timestamp values and date() parses the results – fixed graphs.
+ Added successes per week graph – updated gallery.
+ Small fixes.
+ Added passwd, executed scripts and interesting commands tables.
+ Added successes per day graph – updated gallery.
+ Added human activity per day vertical bar chart – updated gallery.
+ Fixed successful logins from same IP graph.
+ Changed top 10 SSH clients graph to horizontal.
+ Small UI fixes, etc.
+ Added hostname resolution for IPs.
+ Added robtex IP lookup feature.
+ Changed all links and information about the project.
+ Added human activity per day graph (Kippo-Input) – updated gallery.
+ Added probes per week graph – updated gallery.
+ Added break-ins from same IP graph – updated gallery.
+ Added IP Void lookup feature (Kippo-Geo).
+ Added NoVirusThanks scan feature (Kippo-Input).
+ Fixed SSH clients graph: shows top 10, ordered by volume.
– Removed favicon.
+ Made version checking more secure with a directive in config.php (UPDATE CHECK YES/NO).
+ Posted CHECKSUMS for the .tar archive online (and noted for future releases).
+ Added LICENSE.txt
+ Added Kippo-Input: display and visualization of input data, wget (with file links) and apt-get commands.
+ Added online version checking function (include/misc/versionCheck.php).
+ Added new pie charts, Kippo-Graph now shows 15 – updated gallery.
+ Added IP table on Kippo-Geo with whois/lookup feature.
+ Changed all files to .php.
+ Added geolocation features at beta stage, using geoplugin and google maps/charts.
+ Fixed file/folder structure and updated config.php.
+ Added new logo.
+ Added 3 new input-related graphs.
+ Updated graph gallery.
+ Fixed minor web UI and graph details.
+ Added TODO.txt.
+ Updated README.txt
+ Added web template to Kippo-Graph.
+ Changed functionality of kippo-graph.php turning into a generator for the graphs.
– index.php removed.
+ Initial version.