Kippo-Malware

Kippo-Malware is a Python script that will download all malicious files stored as URLs in a Kippo SSH honeypot database. This is useful in situations where you have lost your files or something happened to your VPS/server but you still have your DB intact. The script also supports HTTP proxy usage to cover your IP address from malicious servers and custom User-Agent values.

DOWNLOAD Kippo-Malware

The script uses the following packages: MySQL-python, pony, requests, and clint. Installing those is trivial via pip. Your only problem might be with MySQL-python under Windows but you can use this precompiled binary.

SCREENSHOTS

kippo-malware

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

3 comments

    • Petro on September 27, 2014 at 11:17 PM
    • Reply

    Have you gotten kippo to work with sftp at all?

      • Ion on September 27, 2014 at 11:41 PM
      • Reply

      Hi Petro,
      there is a fork of Kippo with SFTP support added but I haven’t tried it. Link: https://github.com/micheloosterhof/kippo-mo

      Regards,
      Ion

    • Claz on March 20, 2015 at 6:39 PM
    • Reply

    I have an attacker trying to chmod 755 his malware so it can run, but kippo doesn’t seem to allow that command. Is there a way to allow attackers to chmod in kippo settings without it compromising its security?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.