Dec 27 2011

Kippo-Graph 0.5.1 released.

As you may have noticed I have included a version checking function, so you can get a text msg on the index page if there is a new version of Kippo-Graph. In order to do that your system has to get the contents of which is a text file with the current/latest version number and compare it against a ‘version’ definition declared in Kippo-Graph. This works nice in theory, but someone raised the concern of privacy, because the honeypot’s IP gets logged.

For this reason I’m releasing a “fixed” version of Kippo-Graph, leaving the feature in place, but including a UPDATE_CHECK YES/NO directive inside config.php (default: NO) along with a warning detailing the choice, and if the user wants to have the feature enabled then he can change that to YES.

Kippo-Graph 0.5.1 is finally released under GPLv3 as well. Details at LICENSE.txt.

Starting from this version CHECKSUMS for the .tar file will be posted along with the archive for verification purposes.

Download the “fixed” Kippo-Graph, version 0.5.1 here: kippo-graph-0.5.1

MD5 Checksum: 4F017814F53F5EF47018A62BF80C04F9
SHA-1 Checksum: 652EC2A3B225BF5EC9CE3A086C440C79F489EF98

Dec 26 2011

Kippo-Graph 0.5 released!

Happy X-Mas! Get your honeypot gift: the new version of Kippo-Graph 🙂

Kippo-Graph reached version 0.5 and includes a new component: Kippo-Input, where I have put seperate input-related tables about various commands. New graphs have also been added where suitable, and Kippo-Graph currently displays 15 in total. Two extras are the links for the files attackers downloaded and the online lookup feature for the top 10 IP addresses. Lastly, there is a update checker displayed on the index page that alarms you if there is a newer version available.

Download Kippo-Graph 0.5 from here: kippo-graph-0.5


Version 0.5:
+ Added Kippo-Input: display and visualization of input data, wget (with file links) and apt-get commands.
+ Added online version checking function (include/misc/versionCheck.php).
+ Added new pie charts, Kippo-Graph now shows 15 – updated gallery.
+ Added IP table on Kippo-Geo with whois/lookup feature.
+ Changed all files to .php.

For comments, suggestions, fixes, please use the Kippo-Graph page:


Dec 21 2011

Kippo-Graph 0.4 released, introducing Kippo-Geo!

New version of Kippo-Graph released, with brand new features!

I have utilized the “QGoogleVisualizationAPI” PHP Wrapper for Google’s Visualization API by Thomas Schäfer and Kippo-Graph now has a component called Kippo-Geo that extracts geolocation information from the stored IP addresses and visualizes the data using Google Maps.

Download Kippo-Graph 0.4 from here: kippo-graph-0.4

An example of how it looks:


Version 0.4:
+ Added geolocation features at beta stage, using geoplugin and google maps/charts.
+ Fixed file/folder structure and updated config.php.
+ Added new logo.

For comments, suggestions, fixes, please use the Kippo-Graph page:

Dec 20 2011

Kippo-Graph 0.3 released.

New version of Kippo-Graph with 3 additional graph charts and minor fixes.

Download it here: kippo-graph-0.3

Instructions inside the README.txt file.


Version 0.3:
+ Added 3 new input-related graphs.
+ Updated graph gallery.
+ Fixed minor web UI and graph details.
+ Added TODO.txt.
+ Updated README.txt

For comments, suggestions, fixes, please use the Kippo-Graph page:

Dec 15 2011

Kippo-Graph 0.2 released!

Since I had some more time today, I decided to continute working on Kippo-Graph in order to make it usable and add the much needed web interface. I am pleased to say that it has a template now and it looks far better. See the README.txt file for instructions.

You can download it from here: kippo-graph-0.2

Local demo:


Version 0.2:
+ Added web template to Kippo-Graph.
+ Changed functionality of kippo-graph.php turning into a generator for the graphs.
– index.php removed.

Version 0.1:
+ Initial version.

For comments, suggestions, fixes, please use the Kippo-Graph page:

Dec 15 2011

Kippo-Graph 0.1 released

Kippo-Graph is a simple script I wrote today to visualize statistics from a Kippo SSH honeypot.

It uses the Libchart PHP chart drawing library by Jean-Marc Trémeaux.

Kippo-Graph currently shows 7 charts: top 10 passwords, top 10 usernames, top 10 username/password combos, success ratio, connections per IP, probes per day, ssh clients.

You can download the initial version (0.1) here: kippo-graph-0.1

For comments, suggestions, fixes, please use the Kippo-Graph page:

Dec 13 2011

The big post of Kippo scripts, front-ends, bash one-liners and SQL queries

Continuing on the previous posts about Kippo, and assuming you have already setup, configured it and logged some probes or intrusions, let’s take a look at some of the scripts, front-ends, commands, and other useful 3rd party stuff available in our disposal to get a better understading of what’s going on with our honeypots.

Continue reading