Kippo-Graph

Kippo-Graph is a full featured script to visualize statistics from a Kippo SSH honeypot.

It uses the Libchart PHP chart drawing library by Jean-Marc Trémeaux, QGoogleVisualizationAPI PHP Wrapper for Google’s Visualization API by Thomas Schäfer, RedBeanPHP library by Gabor de Mooij and geoPlugin’s geolocation technology (geoplugin.com).

Kippo-Graph currently shows 24 charts, including top 10 passwords, top 10 usernames, top 10 username/password combos, success ratio, connections per IP, connections per country, probes per day, probes per week, ssh clients, top 10 overall input, top 10 successful input, top 10 failed input and many more. There are also geolocation data extracted and displayed with Google visualization technology using a Google Map, a Intensity Map, etc. Lastly, input-related data and statistics are also presented giving an overview of the action inside the system and there is live playback ability of captured sessions.

DOWNLOAD Kippo-Graph:

Important!

Download the latest version (1.3) here: kippo-graph-1.3

MD5 Checksum: 8F50AE28646A8277077117130A0C69D6
SHA-1 Checksum: B79004DB6B5408258A32AB275436ADD6E44FC125

Notice: Kippo-Graph can also be found at GitHub: https://github.com/ikoniaris/kippo-graph

Please also take a look at the README.txt file inside the package.

REQUIREMENTS:

  1. PHP version 5.3.4 or higher.
  2. The following packages: libapache2-mod-php5, php5-mysql, php5-gd, php5-curl.

On Ubuntu/Debian:

apt-get update && apt-get install -y libapache2-mod-php5 php5-mysql php5-gd php5-curl
/etc/init.d/apache2 restart

QUICK INSTALLATION:

wget http://bruteforce.gr/wp-content/uploads/kippo-graph-VERSION.tar.gz
mv kippo-graph-VERSION.tar.gz /var/www
cd /var/www
tar zxvf kippo-graph-VERSION.tar.gz
mv kippo-graph-VERSION kippo-graph
cd kippo-graph
chmod 777 generated-graphs
cp config.php.dist config.php
nano config.php #enter the appropriate values

Browse to http://your-server/kippo-graph to generate the statistics.

PREVIOUS VERSIONS:

You can download version 1.2 here: kippo-graph-1.2
You can download version 1.1 here: kippo-graph-1.1
You can download version 1.0 here: kippo-graph-1.0
(Note: Kippo-Graph versions prior to 1.0 were distributed as .tar and not .tar.gz files)
You can download version 0.9.3 here: kippo-graph-0.9.3
You can download version 0.9.2 here: kippo-graph-0.9.2
You can download version 0.9.1 here: kippo-graph-0.9.1
You can download version 0.9 here: kippo-graph-0.9
You can download version 0.8 here: kippo-graph-0.8
You can download version 0.7.7 here: kippo-graph-0.7.7
You can download version 0.7.6 here: kippo-graph-0.7.6
You can download version 0.7.5 here: kippo-graph-0.7.5
You can download version 0.7.4 here: kippo-graph-0.7.4
You can download version 0.7.3 here: kippo-graph-0.7.3
You can download version 0.7.2 here: kippo-graph-0.7.2
You can download version 0.7.1 here: kippo-graph-0.7.1
You can download version 0.7 here: kippo-graph-0.7
You can download version 0.6.5 here: kippo-graph-0.6.5
You can download version 0.6.4 here: kippo-graph-0.6.4
You can download version 0.6.3 here: kippo-graph-0.6.3
You can download version 0.6.2 here: kippo-graph-0.6.2
You can download version 0.6.1 here: kippo-graph-0.6.1
You can download version 0.6 here: kippo-graph-0.6
You can download version 0.5.1 here: kippo-graph-0.5.1
You can download version 0.5 here: kippo-graph-0.5
You can download version 0.4 here: kippo-graph-0.4
You can download version 0.3 here: kippo-graph-0.3
You can download version 0.2 here: kippo-graph-0.2
You can download version 0.1 here: kippo-graph-0.1

CHANGES:

Version 1.3:
+ Switched all SQL operations to the RedBeanPHP library.
+ Reformatted and standardized all SQL queries.
+ Added VirusTotal IP lookup in Kippo-Geo.
+ Fix XSS problem in Kippo-IP (AJAX requester).
+ Updated README.md file.
– Removed manual DIR_ROOT configuration.

Version 1.2:
+ Substituted the defunct NoVirusThanks with Gary’s Hood Online Virus Scanner.
+ Added Kippo-Scanner module to handle (future) AV and anti-malware submissions.
+ Added IP-address.com’s tracer to Kippo-Geo IPs.
+ Added Czech language support.
+ Added robots.txt file to disallow crawling by bots.
+ Added .gitgnore to exclude config.php file from VCS.

Version 1.1:
+ Added downloads, dig output and geolocation of current session in Kippo-Playlog.
Version 1.0:
+ Various fixes and updates.

Version 0.9.3:
+ Added Kippo-IP: attack details by IP address.

Version 0.9.2:
+ Added experimental playlog display.

Version 0.9.1:
+ Fixed Google Map rendering issue.

Version 0.9:
+ Added CSV export capabilities.
+ Added Spanish language support.

Version 0.8:
+ Changed code to OOP style.
+ Added FortiGuard, AlientVault, WatchGuard and McAfee IP scanning services (Kippo-Geo).
+ Various CSS-related fixes for tables and cross-browser compatibility.

Version 0.7.7:
+ Added German language support.

Version 0.7.6:
+ Added Polish & Swedish language support.

Version 0.7.5:
+ Added French language support.

Version 0.7.4:
+ Added config option for non-standard MySQL port.

Version 0.7.3:
+ Fixed XSS issues in Kippo-Input.
+ Added tables with overall/basic stats in Kippo-Graph and Kippo-Input.

Version 0.7.2:
+ Minor fixes and various changes.

Version 0.7.1:
+ Added chart localization – need volunteers.
+ Languages: Greek, Italian, Dutch, Estonian.
+ New chart fonts added – default: OpenSans.
+ Added API key to QGoogleVisualizationAPI.

Version 0.7:
+ Fixed human activity charts: Top 20 and mod limit.
+ Fixed probes per week and successes per week charts.
+ Added human activity per week graph – updated gallery
+ Added most successful logins per day graph – updated gallery.
+ Added most probes per day graph – updated gallery
+ Other small fixes.

Version 0.6.5:
+ Fixed “http://” in file links (Kippo-Input).
+ Added installation instructions and Google Map note in README.txt
+ Fixed successful logins from same IP chart: Top 20.
+ Fixed successes per day chart: Top 20.
+ Fixed probes per day chart: display only 25 distinct date values.

Version 0.6.4:
– Removed dayofyear2date(), has a bug that adds +1 day in all 2012 dates (leap year?).
+ Changed SQL queries to timestamp values and date() parses the results – fixed graphs.
+ Added successes per week graph – updated gallery.
+ Small fixes.

Version 0.6.3:
+ Added passwd, executed scripts and interesting commands tables.
+ Added successes per day graph – updated gallery.
+ Added human activity per day vertical bar chart – updated gallery.
+ Fixed successful logins from same IP graph.
+ Changed top 10 SSH clients graph to horizontal.
+ Small UI fixes, etc.

Version 0.6.2:
+ Added hostname resolution for IPs.
+ Added robtex IP lookup feature.

Version 0.6.1:
+ Changed all links and information about the project.

Version 0.6:
+ Added human activity per day graph (Kippo-Input) – updated gallery.
+ Added probes per week graph – updated gallery.
+ Added break-ins from same IP graph – updated gallery.
+ Added IP Void lookup feature (Kippo-Geo).
+ Added NoVirusThanks scan feature (Kippo-Input).
+ Fixed SSH clients graph: shows top 10, ordered by volume.
– Removed favicon.

Version 0.5.1:
+ Made version checking more secure with a directive in config.php (UPDATE CHECK YES/NO).
+ Posted CHECKSUMS for the .tar archive online (and noted for future releases).
+ Added LICENSE.txt

Version 0.5:
+ Added Kippo-Input: display and visualization of input data, wget (with file links) and apt-get commands.
+ Added online version checking function (include/misc/versionCheck.php).
+ Added new pie charts, Kippo-Graph now shows 15 – updated gallery.
+ Added IP table on Kippo-Geo with whois/lookup feature.
+ Changed all files to .php.

Version 0.4:
+ Added geolocation features at beta stage, using geoplugin and google maps/charts.
+ Fixed file/folder structure and updated config.php.
+ Added new logo.

Version 0.3:
+ Added 3 new input-related graphs.
+ Updated graph gallery.
+ Fixed minor web UI and graph details.
+ Added TODO.txt.
+ Updated README.txt

Version 0.2:
+ Added web template to Kippo-Graph.
+ Changed functionality of kippo-graph.php turning into a generator for the graphs.
– index.php removed.

Version 0.1:
+ Initial version.

SCREENSHOTS:


Enter your email address to subscribe to this blog and receive notifications of new posts by email.

  • Pingback: Kippo Graph 0.1 released » BruteForce Lab's Blog

  • http://www.infosanity.co.uk Andrew Waite

    Nice work mate! I’ll try to get it running on my installation shortly.

    In the meantime, I’ve been meaning to ask: You have a twitter account?

  • http://bruteforce.gr Ion

    Thanks Andrew. It’s plain simple at the moment, it just shows the graphs. I will try to add a working web template/gui to it later on. I’m not too fond of twitter myself, never had an account there :oops: Perhaps it’s time to open one…

    • http://www.infosanity.co.uk Andrew Waite

      No problem, was just that I’ve seen some positive feedback for the tool on Twitter. Was wanting to make sure it was directed to the right person and you were aware of the feedback.

    • http://lvdeijk.wordpress.com Leon van der Eijk

      Makes exchanging ideas a bit easier :grin:

  • Pingback: Kippo-Graph 0.2 released! » BruteForce Lab's Blog

  • Pingback: Kippo-Graph 0.3 released. » BruteForce Lab's Blog

  • Pingback: Kippo-Graph 0.4 released, introducing Kippo-Geo! » BruteForce Lab's Blog

  • Pingback: The big post of Kippo scripts, front-ends, bash one-liners and SQL queries » BruteForce Lab's Blog

  • Pingback: Kippo-Graph 0.5 released! » BruteForce Lab's Blog

  • http://andrewmichaelsmith.com Andy

    Cool bit of software, have you thought about releasing it under an open source licence and sticking it on github (or the like)?

    • http://bruteforce.gr Ion

      Thanks Andy. Yes, this is the plan, but I’m a little ashamed because right now the package is coded like hell, with control and presentation code all together :oops: :mrgreen:

      By the way I have a left a comment on your blog about the issue you raised, but since there are some people currently following this page, let’s continue here if you like.

      • http://www.hypn.za.net Hypn

        Hey,

        I’ve just found out about kippo-graph and installed it, but had to make a few tweaks to get it working on my webserver. I’ve uploaded the code, with my changes, to GitHub (hope that’s okay) : https://github.com/hypn/kippo-graph/commits/master

        Hypn

      • http://bruteforce.gr Ion

        Hello Hypn and thanks for trying Kippo-Graph.

        The tweaks etc are present in my local repo as well. I see some more changes that you made and will implement them as well.

        I have also fixed some of the charts and added 3 more.

        Later today or tomorrow I will release version 0.7 :)

        Thanks for your effort though! If you have any feedback please make sure to pass it on.

        PS. I plan to move Kippo-Graph to Github as well. Will there be any problems that you had created a project with this name? You might want to wait a couple of days and then properly fork/branch it so I could merge changes back to the main repo.

    • http://bruteforce.gr Ion

      Kippo-Graph 0.5.1 is now released under GPLv3.

  • Pingback: kippo-graph is neat but calls home | Andrew Smith

  • http://bruteforce.gr Ion

    As you may have noticed I have included a version checking function, so you can get a text msg on the index page if there is a new version of Kippo-Graph. My way might not be the best one though, because your system has to get the contents of http://bruteforce.gr/kippo-graph-version.txt which is a text file with the current/latest version number and compare it against a ‘version’ definition declared in Kippo-Graph. This works nice in theory, but Andy above raised the concern of privacy, because your honeypot’s IP gets logged.

    I’m about to release a “fixed” version, leaving the feature in place, but including a UPDATE_CHECK YES/NO directive inside config.php (default: NO) along with a warning detailing the choice, and if the user wants to have the feature enabled then he can change that to YES. I guess it’s safe enough and it doesn’t brake functionality.

    • http://bruteforce.gr Ion

      OK, “fixed” version released.

  • Pingback: kippo-graph - spamversand

  • Pingback: Kippo-Graph 0.6 released! » BruteForce Lab's Blog

  • Denny Crane

    Hi Ion,

    nice tool what you made.
    I’m not sure but I think I found a bug. So feel free do contact me by email. ;)

    cheers,
    Denny Crane

  • zuperkoleoptera

    Hey Ion,

    I d/l latest version of kipo-graph and tried to make it play next to an already functional kippo honeypot.
    When pointing though my browser to kippo-graph-generator.php nothing happens. mysql credentials have been inserted in the config file..

    Any ideas?

    Thanks for your work

    • http://bruteforce.gr Ion

      Hello. So, do you see blank page and its stuck there, or you just browse the script and no images are shown?

      kippo-graph-generator.php creates the .png graphs for the Kippo-Graph component, places them inside the “generated-graphs” folder and then redirects to kippo-graph.php. Is there anything created inside the graphs folder? (don’t forget to chmod it as written above)

      Does the image generation of the other components, ie Kippo-Geo/Input, work? (they don’t use a seperate generator)

  • zuperkoleoptera

    I get a blank page and nothing else happens. Furthermore generated-graphs/ has been chmoded but no .pngs are created, folder remains empty.
    The rest :
    kippo-input
    kippo-geo
    graph-galery

    are dead as well…
    Anyhow I ll get it somehow…..

    • http://bruteforce.gr Ion

      I’ve just tried the latest version in two different installs just to check and I’ve got no problems. Which distro do you use? Is your PHP compiled with the GD library? (php5-gd package)

  • Lancelot

    Hi,

    I have the same problem as the user ‘zuperkoleoptera’. I installed the Kippo honeypot with mysql (kippo database – auth, clients, input, sensors, sessions, ttylog). I can see the honeypot data in the mysql-server database. All works well. Then I tried Kippo-Graph and got only the white pages in Firefox browser. No information!

    My Kippo-Graph Firefox display example link: https://sites.google.com/site/honeypot65/

    My OS and software additional information:
    PC distro – Ubuntu LTS
    Browser – Mozilla Firefox 10.0.1
    Virtualbox 4.1.8 – guest OS 32 bit Debian 6 (squeeze); ssh honeypot Kippo 0.5, mysql-server 5.1.49-3 (kippo database), Kippo-Graph (0.6.4), Apache2 2.2.16-6.

    Kippo-Graph location in server /var/www/kippo-graph
    chmod 777 generated-graphs

    NB! In Kippo-Graph file ‘config.php’ I edit mysql kippo database information (define DB_HOST, DB_USER, DB_PASS, DB_NAME).

    Have I done in Kippo-Graph anything wrong or missing any of the installed packages and configurations?

    Thanks,
    Lancelot

    • http://bruteforce.gr Ion

      Hello Lancelot, thanks for your interest in my tool.

      Well, everything seems OK…

      Please check the following things and reply so we can troubleshoot this:

      a) Go to /var/www/kippo-graph/generated-graphs. Are there any .png images inside at all?

      b) Do you have the “php5-gd” package installed? Do an

      apt-get update && apt-get install php5-gd && /etc/init.d/apache2 restart

      and run kippo-graph-generator.php. Check the generated-graphs dir again.

      Let me know, thanks.

      • Lancelot

        Hi Ion,

        Thank you for quick response!

        As you suggested I looked the following items:
        a) Go to /var/www/kippo-graph/generated-graphs. Are there any .png images inside at all?
        When I click on the side of the website ‘GENERATE_THE_KIPPO_GRAPHS();’ then there is not in /var/www/kippo-graph/ generated-graphs directory any .png files. Only 0KB empty ‘index.php’.

        NB! In honeypot server apache2 ‘error.log’ is the message:
        “[Sun Feb 19 14:17:53 2012] [error] [client 172.XX.XX.100] PHP Fatal error: Class ‘mysqli’ not found in /var/www/kippo-graph/kippo-graph-generator.php on line 13, referer: http://172.XX.XX.50/kippo-graph/

        b) Do you have the “php5-gd” package installed?
        Yes I have installed the debian package ‘php5-gd’ver.5.3.3-7+squeeze8 (GD module for php5), ‘php5′ and ‘php5-dev’.

        I do not know maybe the ‘MySQL-server’ and ‘Kippo-Graph’ can’t communicate with each other.

        Thanks,
        Lancelot

      • http://bruteforce.gr Ion

        Ok, now we’re getting somewhere. Please install php5-mysql package:

        apt-get install php5-mysql && /etc/init.d/apache2 restart

        and try again. Let me know.

      • Lancelot

        Hi Ion,

        Yessss!!! It’s works!

        Ion, ‘Kippo-Graph’ is very stylish, strategic, good and useful tool for Kippo honeypot.
        Master Class result!

        Missing package ‘php5-mysql’ did the magic trick.

        I think my problem was that I installed to Virtualbox minimal Debian server distro (without X) and I forgot php packages. I’m not so smart in mysql and php. :-)

        I’m running a years ago ‘Kojoney’ honeypot and kojoney were lacking of “Kojoney-Graph”.

        My ‘Kipo-Graph’ working results link: https://sites.google.com/site/honeypot65/

        I had question:
        If I choose ‘Kippo-Geo’ then I get a pop-up alert warning: “Google has disabled use of the Maps API for this application. The provided key is not a valid Google API Key, or it is not authorized for the Google Maps Javascript API v2 on this site. If you are the owner of this application, you can learn about obtaining a valid key here: http://code.google.com/apis/maps/documentation/javascript/v2/introduction.html#Obtaining_Key

        Then I went to https://code.google.com/apis/console/ and activating (turning ON) ‘Google Maps API v2′.
        But I get still ‘Kippo-Geo’ pop-up warnings (Google Maps API v2). Perhaps it will take time!?

        Thanks,
        Lancelot

      • http://bruteforce.gr Ion

        Hello again. Glad it finally worked :)

        I have added the two packages in the instructions above as requirements.

        About the Google Maps warning, it’s not a problem and you can just ignore it, or you can add your own key in the code so it doesn’t pop up.

        I have written a quick note about this here: http://bruteforce.gr/kippo-geo-asks-for-google-maps-api-key.html

        Regards.

  • Lancelot

    Hi Ion,

    A couple of days I have unsuccessfully tried to remove from ‘Kippo-Geo’ the Google Maps API warning: “Google has disabled use of the Maps API for this application….”

    I have made the following:
    1. In Google APIs Console I have generated the API key (Key for browser apps with referers). Google Maps API v2 (status ON).
    2. In ‘Kippo-Graph’ I inserted the Googel API key to file ‘QApikeyGoogleGraph.class.php’.
    {
    const KEY = “http://maps.google.com/maps?file=api&v=2&key={XXXXXXXXXXXXXXXXXXXXXXXX}”;
    }

    Just in case I did a kippo, mysql and apache2 demon restart.

    But the Google Maps API warning in ‘Kippo-Geo’ has not disappeared. :-(

    It happened this evening that the ‘Kippo-Geo’ section “The following zoomable world map marks the geographic locations of the top 10 IPs according to their latitude and longitude values. Click on them to get the full information available from the database.” is blank and white. World map is lost!
    Other things were fine.

    Is Google Maps blocking my requests from ‘Kippo-Geo’? How can I get zoomable world map back?

    Is something wrong with my “Google APIs Console” or ‘QApikeyGoogleGraph.class.php’ configuration?

    Thanks,
    Lancelot

    • http://bruteforce.gr Ion

      Hello Lancelot.

      I was too running Kippo-Graph without an API key, so I’ve just tried it and it worked for me.

      But, there is a mistake in your code, it shoud be:
      const KEY = “http://maps.google.com/maps?file=api&v=2&key=XXXXXXXXXXXXXXXXXXXXXXXX”;
      ie. without the ‘{‘ and ‘}’.

      You also need to clear your browser’s cache after making changes in order to see the results correctly.

      Try again and let me know.
      Regards.

      • Lancelot

        Hi Ion!

        Yes you were right I had a mistake in the ‘QApikeyGoogleGraph.class.php’ code.
        Sorry for my typos.

        At the moment ‘Kippo-Graph’ with an Google API key works well. No more Google Maps API warnings.

        But it is strange that the ‘Kippo-Geo’ section “zoomable world map” is still blank, white and lost. :-(

        I’ve tried the following:
        1. I played with and without Google API key.
        2. I deleted the whole ‘Kippo-Graph’ and installed it again.
        3. I used a variety of browsers (Firefox, Chrome) in home and work. I cleared browser’s cache.
        4. Restarting the server.

        Nothing can be helped, “zoomable world map” is still dead!
        Everything else in ‘Kippo-Graph’ is working.

        Maybe Google APIs Console is blocked my static host and IP requests. Perhaps I was playing too much with Google API key. I do not know.

        What else can I do, how to find the error?

        Thanks,
        Lancelot

      • http://bruteforce.gr Ion

        Hello Lancelot.

        I don’t know what else might be the problem. I doubt that Google blacklists IPs that easily.

        I can try visualizing your database to see for myself. If you want to send it to me, it’s no problem. Let me know and I will send you an email.

        Regards.

      • Lancelot

        Hi Ion!

        I send you a my kippo mysql database and ‘kippo-graph’ with google API key.
        Later I change the api key.

        Please send me your email.

        Thanks,
        Lancelot

  • Lancelot

    Hi Ion!

    Such a strange thing happened in my ‘kippo-graph’. About one month was ‘kippo-input’ empty. There was no traffic. A few days ago was the traffic in logs ‘/opt/kippo-0.5/log/tty’. Crackers entered the honeypot and enter commands: wget, dit, winscp: this is end-of-file:0.

    But in my ‘kippo-input’ is no data? The section is empty. :-(
    I took a test. I entered today the honeypot and edit command ‘whois’. I got to the log in ‘/opt/kippo-0.5/log/tty’ but still no data in ‘kippo-input’.

    However, I do not see in ‘kippo-graph’ my entered command ‘whois’ stats. My ‘kippo-graph’ first section did not record the log and stats for example: Top 10 passwords (old constant number), Success ratio (old constant number), Successes per day/week (old last day is 28.02.12) etc.

    Have I somehow broken off ‘kippo-graph’ stats and configuration?
    Everything seems to work but it does not work as well.

    Thanks,
    Lancelot

    • http://bruteforce.gr Ion

      Hello Lancelot.

      Kippo-Graph just takes data from the database. What you have to check is not the TTY logs but the database’s “input” table. If there is nothing there, then there will be nothing in Kippo-Input.

      By the way, do you use Kippo 0.5 or the SVN version? Because as far as I am aware Kippo 0.5 does not have database logging capabilities.

      • Lancelot

        Hi Ion!

        Thank you for your response.

        I looked the kippo mysql database ‘ttylog’ section. Yes, the ‘ttylog’ is empty.
        But please tell the circumstances in which it forms a data in mysql ‘ttylog’ ?

        I use ‘kippo-05′ version.
        What are the differences between ‘kippo-05′ and ‘kippo-svn’?
        Is there ‘kippo-svn’ a better.

        Thanks,
        Lancelot

      • http://bruteforce.gr Ion

        See the “input” table in the database. This is the table Kippo-Input uses to display information, not “ttylog” (although, “ttylog” should not be empty either).

        I think Kippo 0.5 does not fully support MySQL logging. It’s best for you to install the newest version of Kippo from the SVN server. I have already written a tutorial here: http://bruteforce.gr/installing-kippo-ssh-honeypot-on-ubuntu.html and http://bruteforce.gr/logging-kippo-events-using-mysql-db.html

        Regards.

      • Lancelot

        Hi Ion!

        I switching today to ‘kippo-svn’ and ‘kippo-graph’ 0.7.

        In kippo mysql database (input, ttylog) is currently without data. Other data are available.
        I look forward to the right data will come or not to ‘input’ and ‘ttylog’.

        Best regards,
        Lancelot

  • Jean-Philippe

    Hello,

    I did a small patch to my kippo-graph for it to be able to connect to a mysql db running on a non-standard port :

    lab@HP:/var/www/kippo-graph$ grep PORT *.php
    config.php:define(‘DB_PORT’, ‘3307’);
    kippo-geo.php:$db_conn = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME, DB_PORT); //host, username, password, database, port
    kippo-graph-generator.php:$db_conn = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME, DB_PORT); //host, username, password, database, port
    kippo-graph.php:$db_conn = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME, DB_PORT); //host, username, password, database, port
    kippo-input.php:$db_conn = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME, DB_PORT); //host, username, password, database, port

    Regards,

    • http://bruteforce.gr Ion

      Hello Jean-Philippe, good call!
      I’ll add it to the next version (to be released soon).
      Regards.

      • Jean-Philippe

        Hello Ion,

        I did a quick translation in French.

        Regards,

        lab@HP:/var/www/kippo-graph/include/languages$ cat lang.fr.php
        <?php
        #Package: Kippo-Graph
        #Version: 0.7.3
        #Author: ikoniaris
        #Website: bruteforce.gr/kippo-graph

        //INDEX.PHP STRINGS
        //MORE TODO
        define('LATEST_VERSION', ' – Vous utilisez la dernière version !’);
        define(‘NEW_VERSION_AVAILABLE’, ‘ – Il y a une nouvelle version disponible au téléchargement !’);

        //KIPPO-GRAPH-GENERATOR.PHP STRINGS
        define(‘TOP_10_PASSWORDS’, ‘Top 10 des mots de passe’);
        define(‘TOP_10_USERNAMES’, ‘Top 10 des noms d\’utilisateur’);
        define(‘TOP_10_COMBINATIONS’, ‘Top 10 des combinaisons noms d\’utilisateur / mots de passe’);
        define(‘AUTH_FAIL’, ‘Echec’);
        define(‘AUTH_SUCCESS’, ‘Succès’);
        define(‘OVERALL_SUCCESS_RATIO’, ‘Proportion de réussite globale’);
        define(‘MOST_SUCCESSFUL_LOGINS_PER_DAY’, ‘Nombre d\’identifications réussies par jour (Top 20)’);
        define(‘SUCCESSES_PER_DAY’, ‘Nombre de réussites par jour’);
        define(‘SUCCESSES_PER_WEEK’, ‘Nombre de réussites par semaine’);
        define(‘NUMBER_OF_CONNECTIONS_PER_UNIQUE_IP’, ‘Nombre de connexions par adresse IP unique (Top 10)’);
        define(‘SUCCESSFUL_LOGINS_FROM_SAME_IP’, ‘Nombre d\’identifications réussies depuis la même adresse IP (Top 20)’);
        define(‘MOST_PROBES_PER_DAY’, ‘Nombre de sondes par jour (Top 20)’);
        define(‘PROBES_PER_DAY’, ‘Nombre de sondes par jour’);
        define(‘PROBES_PER_WEEK’, ‘Nombre de sondes par semaine’);
        define(‘TOP_10_SSH_CLIENTS’, ‘Top 10 des clients SSH’);

        //KIPPO-GRAPH.PHP STRINGS
        //TODO

        //KIPPO-INPUT.PHP STRINGS
        //MORE TODO
        define(‘HUMAN_ACTIVITY_BUSIEST_DAYS’, ‘Activité humaine la plus forte par jour (Top 20)’);
        define(‘HUMAN_ACTIVITY_PER_DAY’, ‘Activité humaine par jour’);
        define(‘HUMAN_ACTIVITY_PER_WEEK’, ‘Activité humaine par semaine’);
        define(‘TOP_10_INPUT_OVERALL’, ‘Top 10 des saisies clavier (global)’);
        define(‘TOP_10_SUCCESSFUL_INPUT’, ‘Top 10 des saisies clavier réussies’);
        define(‘TOP_10_FAILED_INPUT’, ‘Top 10 des saisies clavier échouées’);

        //KIPPO-GEO.PHP STRINGS
        //MORE TODO
        define(‘NUMBER_OF_CONNECTIONS_PER_UNIQUE_IP_CC’, ‘Nombre de connexions par adresse IP unique (Top 10) + Codes des pays’);
        define(‘NUMBER_OF_CONNECTIONS_PER_COUNTRY’, ‘Nombre de connexions par pays’);
        ?>

      • Kreszol

        Hello Jean-Philippe,

        if u want, i can do Polish Translation for kippo-graph,

        or help with other things.

        Bless U

      • http://bruteforce.gr/ Ion

        Hello Kreszol, I think you better talk to me about it :)
        Thanks a lot for your offer, we are missing a Polish translation!
        I will send you the file you need to translate by email.
        Regards.

      • http://bruteforce.gr Ion

        Hello Jean-Philippe :)
        This is very cool. We were missing a French translation!
        Your port suggestion was also included in Kippo-Graph 0.7.4.
        Thanks for your support!

  • Mat

    Hello,
    very nice WORK.
    Regards.

    • http://bruteforce.gr/ Ion

      Hello Mat, thanks for your comment.

      Let me know if you have any suggestions.
      Regards, Ion.

  • Adam Johnston

    Hello,
    Really nice work very impressed by it all. Everything works apart from the SSH clients graph, I cant understand why its not working as every other graph is being populated by data.

    • http://bruteforce.gr/ Ion

      Hello Adam, thanks a lot for your comment!
      That is strange, did you check the kippo database (clients table) manually?

      • Skyscraper

        Hi!

        I have the same problem: Nothing in “Top 10 SSH clients”, but nothing in table “clients”, too. I’ve the newest SVN version, installed today by this tutorial: http://bruteforce.gr/installing-kippo-ssh-honeypot-on-ubuntu.html

        Please help!

      • http://bruteforce.gr/ Ion

        Hello, Kippo-Graph just takes data from the MySQL db. First, check if there are any data inside the clients table and second, check if the SQL query inside kippo-graph-generator.php (I think it’s the last one) has any problems. Perhaps a table column has changed its name in a newer Kippo version or something. Please don’t forget to inform me if that’s the case so I can fix it. Regards.

      • Bubba

        Hi I am having a similar issue with the attempted passwords not being populated in the Kippo graph. I can see the data in MySQL – will investigate and report back if i find a solution. Version is latest from this tutorial (excellent work btw friend :-))

      • Bubba

        Yeah, my whole first page is populated only with a single successful result I did when setting up as a test. I have lots of attempted logins but they are not being displayed on Kippo graph. I can see them in the kippo log file and in the MySQL database. It does recognise the total login attempts and has populated all graphs in Kippo-geo. Any help would be greatly appreciated.

      • http://bruteforce.gr/ Ion

        Hello Bubba, perhaps you might want to send me your database so I can check it locally. Send me a message through the Contact Form and I shall get back to you. Regards, Ion.

      • Bubba

        Hey Ion – thank for replying – I can safely say that this was a case of user error! I deleted my test record but it turns out i did not remove it from all tables. Once I removed my client entry from the lcients table and refreshed the page – it worked :-) thanks and keep up the great work!

  • Bubba

    Hey Ion, can I use my local install of Kippo graph to display results from 2x different MySQL databases? If so how? I have tested I can get 1 or the other displaying by editing the config.php but can I display both? Thanks!

    • http://bruteforce.gr/ Ion

      Hello Bubba, sorry but no, Kippo-Graph plays per-db.

      You are welcome to contribute to the codebase and add this feature though!

      Regards, Ion.

      • Bubba

        Ok thanks for the reply, if I get it working I will be in touch! I love it!

  • sittiKhadijah

    hello ion, i have installed kippo, mysql, and kippo graph, and i’ve tried to attack my kippo honeypot. in folder /log/tty there are some .log file, but when i access kippo-graph in my browser, it’s empty, i also check my kippo database using phpmyadmin, the auth table is empty too. can you help me to resolve it ??

    • ikonspirasi

      remember to uncomment the [database_mysql] in kippo.cfg on kippo core files, not just the username, database and password

  • Mara

    Hello!

    I just ran kippo-graph…
    I cannot see any graph in kippo-graph.php…
    but I see graphs in kippo-geo.php…

    do you have any idea about what I might do wrong??

    Thanks!!
    And great work… ;-)

    • Mara

      Sorry, (μαλακία ρώτησα)… :-P
      Ok, fixed, no problem! :-)

  • JB

    hi there,

    Can i say what an awesome product :) I am having just 1 issue, I am getting traffic comming to my honeydrive, but the kippo-graph isnt showing the country in the geo part? any ideas?

    Thanks in advance

    JB

    • http://bruteforce.gr/ Ion

      Hello JB, does this happen for ALL connections? Or only for some specific ones? Can you share a screenshot (you can blur out the unrelated parts).

      Regards, Ion.

      • JB

        please see the pic below :) thanks for the fast reply :)

      • http://bruteforce.gr/ Ion

        That is strange. Perhaps GeoPlugin was down? Is this still happening now? I’ve just tested a DB of my own and it works fine.

        I am curious about this. If you want you can send me your database (just send me a dropbox link or something through the site’s contact form) and let me try on my installation.

        Regards, Ion.

      • JB

        sorry Ion, i am not a linux wizard :( how would i extract and send you the DB?
        I am off to bed right now (its 0020) but if you leave instructions i will do it as soon as i get up :)

        Many thanks for you super fast responces :)

        JB

      • http://bruteforce.gr/ Ion

        No problem :)

        Do you happen to have phpMyAdmin installed? If no, you can install it by issuing: “sudo apt-get install phpmyadmin” (no quotes — when asked which server to autoconfigure choose yours, I suppose it would be Apache). Then you can browse to: http://your-IP-address/phpmyadmin, login using the same MySQL credentials as in Kippo-Graph’s config.php file, choose the Kippo DB and select export from the menu. The browser will then prompt you to download the sql file.

        Otherwise (and because phpMyAdmin is not the safest of software) you can just type: “mysqldump -u username -p databasename > filename.sql” (no quotes — again, replacing the username, password and database name with the same MySQL data as in your Kippo-Graph’s config.php file). Then you will have to move the resulting .sql file to your web server’s document root, e.g. “mv kippo.sql /var/www/” (no quotes) and then go to http://your-IP-address/kippo.sql to download it locally.

        After doing one of the above just upload it somewhere (MEGA, 2shared, Dropbox, whatever) and send me the link through the site’s Contact Form: http://bruteforce.gr/contact-form

        Regards,
        Ion

      • JB

        i keep getting and error on the feedback form

        this is the sql file

        https://www.dropbox.com/s/g4acwchc9iy2se8/kippo.sql

        hope this helps, i have had fresh notifications overnight and still no geo data?

        Kind regards

        JB

      • http://bruteforce.gr/ Ion

        Hello JB. Well, it works for me. I can see geolocation data for every IP in the table. Are you sure that perhaps a firewall doesn’t block outgoing traffic of something like that?

      • JB

        I tried the firewall, still no joy :( strange one! i have deployed a fresh vm and I’ll see how that gets on.

        Many thanks for your help.

        I will update you once i have a few hits :)

  • KMiller

    Hi I’ve installed kippo and kippo-graph on my local server and on an EC2 instance, i cannot log any proper connections, all i get is “connection lost” in the kippo log file, an IP connects then disconnects after a few seconds, i’ve tried the authbind and iptables route. The kippo.cfg listen port was set accordingly, 22 for authbind and 2222 with iptables forward traffic to it, I adjusted router config accordingly, I even went 3 days without a single login attempt, just a bunch of IP addresess connecting then leaving, i find hard to believe not a single login attempt was made over that peroid.

    The log file is like this, line after line.

    2013-09-15 02:06:30+0000 [kippo.core.honeypot.HoneyPotSSHFactory] New connection: 192.241.186.252:
    35090 (10.196.27.110:22) [session: 1]
    2013-09-15 02:06:40+0000 [HoneyPotTransport,1,192.241.186.252] connection lost

    Thanks!

    • http://bruteforce.gr/ Ion

      Hello there.

      Why don’t you try logging in to Kippo on your own and check? Perhaps the results you are getting come from port scanning tools not SSH-specific attacks. Let us know.

      Regards, Ion.

  • dnnisp

    Hello Ion, I recently got a very unfamiliar error in my Kippo-Graph:
    The following zoomable world map marks the geographic locations of the top 10 IPs according to their latitude and longitude values. Click on them to get the full information available from the database.
    Object # has no method ‘setMapTypeId’
    It have been working before with the world map, but suddently one day this error comes.

  • Rio Indra Maulana

    Hi Ion, I am having trouble with the Kippo-Geo feature. It does show the information about the IP statistic, but the map doesn’t show up and it return this error code

    b[ha] is not a function

    I tried using both version 0.8 and 0.7.7. Here is the screen shot of the error section

    • http://bruteforce.gr/ Ion

      Hi Rio, yes I noticed that too.

      It seems that Google Maps made a change that broke the code. I am using a third-party PHP wrapper to create the maps, so not sure if/when it will fixed. I will look into this when I find some free time. Thanks for letting me know.

      Regards,
      Ion

  • sean

    Hello ,

    I am having issues with a new install I have noticed a few issues

    I am unable to get any output from the graphs I have made sure to give the proper permision and the username/database is setup correctly

    I see the attemps in kippo.log so I am sure kippo is working
    also the generate graph button is missing
    I am using 0.9.1

    • http://bruteforce.gr/ Ion

      Hi Sean,
      the “generate graphs” link is no longer there so it’s OK. I would suggest to check it Kippo is logging to the DB. Check out this guide: http://bruteforce.gr/logging-kippo-events-using-mysql-db.html

      Then use a tool like phpmyadmin or manually check your MySQL server for rows in Kippo’s database (e.g. the “auth” table). If nothing is there then Kippo-Graph cannot get any data to display. Otherwise, there might some problem with your config.

      Regards,
      Ion

  • Paweł Janowski

    Hi …
    Successfully installed and use Kippo-graph. The question is how to clear the existing data charts and to start “from scratch”?
    Pawel

    • Paweł Janowski

      Ok, I find it :)
      I drop database kippo, delete all log files and reinstall Kippo-graph…
      I start “from scratch”
      :)

      • http://bruteforce.gr/ Ion

        Hi Pawel,
        FYI, every time you click on the Kippo-Graph components on the menu (Kippo-Graph, Input, Geo, etc), the pages fetch the latest data from the DB.

        You can also manually delete the images from inside the “generated-graphs” folder to start from scratch, no need to go to extremes :)

        Regards,
        Ion

  • Mozart

    Wauw, the playlog feature is really great! Makes it really easy to see what was tried and saves me the trouble of signing in to the honeydrive system.

    • http://bruteforce.gr/ Ion

      Hi Mozart, thanks for your feedback!

  • ikonspirasi

    i have update my kippo and the playlog was awesome, no need to open my box again just to see what the attacker did, and also the kippo ip, i just realized that with the easy password doesnt seem always get owned, thanks!

    • http://bruteforce.gr/ Ion

      Thanks for your feedback ikonspirasi, glad that it’s useful! :)

      • http://ikonspirasi.info iKONs

        the download link on kippo v1.0 is not working http://bruteforce.gr/wp-content/uploads/kippo-graph-1.0.tar
        i have to download it through github

      • http://bruteforce.gr/ Ion

        Hi, unfortunately I had to take it down since I missed a change to some strings in the code. I will re-upload the file tomorrow!

        Thanks for taking the time to report it :)

        Regards, Ion.

  • Kostas

    Hi, the playlog is just awesome! Lot of data from the last 8 months :)

    • http://bruteforce.gr/ Ion

      Thanks for the feedback Kostas. Care you share some data with me? You can contact me through the form (button on menu).

  • Jimcesse

    Is possible to configure kippo-graph to not display the web site from outside!? I have a virtual machine with a public IP and not want this available

  • http://www.top-hat-sec.com Top-Hat-Sec

    I have had kippo running for a few months. I just installed the graph, setup the mysql database etc… I edited the config files both on the kippo graph and the kippo.cfg… The kippo graph is connecting to the database but its not pulling any data

    • http://bruteforce.gr/ Ion

      Hi,
      so did you enable the database logging in kippo.cfg after installing Kippo-Graph? This should have been enabled from the beginning (when you started using Kippo itself).

      Use a tool like phpmyadmin and check that the database actually contains data. If not, then it’s not a surprise that Kippo-Graph doesn’t show anything.

      Regards, Ion

  • Resident

    Getting a Broken link when i try to grab 1.0 and git gives me .93
    Thanks

    • http://bruteforce.gr/ Ion

      Hi Resident, I am aware of that, I took it down because I forgot a small change. I will re-upload soon.

      Thanks for your patience,
      Ion

  • nick

    Hi there. First let me say thank you. This is great and much appreciated.

    I do have one small problem. I’m running version 1.1 and despite lots of logins and activity, my “Kippo-Input” tab is full of zeros. I’ve got playlogs and those show the input, there’s just nothing on that tab. Just wanted to let you know.

    • http://bruteforce.gr/ Ion

      Hi Nick, thanks for your message!

      Hm, if you could export your DB and sent it to me (a dropbox link perhaps) via the contact form, I could help. And also it’d be appreciated if this is a problem that others might have.

      Regards,
      Ion.

  • cjones

    Worth noting that on CentOS, the package php-xml is required for the generation of the geo maps, took me a while to figure it out, but running ‘php kippo-geo.php’ gave me a hint!

  • Chris

    With the new RedBeanPHP do we have to be on PHP > 5.3.4. Seems there are issues otherwise.

    PHP Fatal error: Declaration of RedBeanPHPOODBBean::offsetGet() must be compatible with that of ArrayAccess::offsetGet() in /var/www/html/kippo-graph/include/rb.php on line 842

    • http://bruteforce.gr/ Ion

      Hi Chris, yes this is true. RedBeanPHP requires PHP 5.3.4 or higher.

    • http://bruteforce.gr/ Ion

      I updated the requirements and README file(s) to reflect this.

  • John Graybosch

    What’s with all of the other SQL script in the SQL folder? Do I have to run those too?

    • http://bruteforce.gr/ Ion

      Hi John, no, just follow the installation instructions and then visit /kippo-graph. You’ll be all set.

Read previous post:
The big post of Kippo scripts, front-ends, bash one-liners and SQL queries
Logging Kippo events using MySQL DB
Installing Kippo SSH Honeypot on Ubuntu
Έλληνες σε Security Conferences
Εγκατάσταση του Kippo SSH Honeypot (Ubuntu 11.04)
Close