Kippo-Graph

Kippo-Graph is a full featured script to visualize statistics from a Kippo SSH honeypot.

It uses the Libchart PHP chart drawing library by Jean-Marc Trémeaux, QGoogleVisualizationAPI PHP Wrapper for Google’s Visualization API by Thomas Schäfer, Amazon Rose Toy page by Aaron Sufferling, RedBeanPHP library by Gabor de Mooij Page By Rhianna Davis, MaxMind and geoPlugin geolocation technology.

Kippo-Graph currently shows 24 charts, including top 10 passwords, top 10 usernames, top 10 username/password combos, success ratio, connections per IP, connections per country, probes per day, probes per week, ssh clients, top 10 overall input, top 10 successful input, top 10 failed input and many more. There are also geolocation data extracted and displayed with Google visualization technology using a Google Map, a Intensity Map, etc. Lastly, input-related data and statistics are also presented giving an overview of the action inside the system and there is live playback ability of captured sessions.

DOWNLOAD Kippo-Graph:

Please also take a look at the README file inside the package.

REQUIREMENTS:

  1. PHP version 5.3.4 or higher.
  2. The following packages: libapache2-mod-php5, php5-mysql, php5-gd, php5-curl.

On Ubuntu/Debian:

apt-get update && apt-get install -y libapache2-mod-php5 php5-mysql php5-gd php5-curl
/etc/init.d/apache2 restart

QUICK INSTALLATION:

wget http://bruteforce.gr/wp-content/uploads/kippo-graph-VERSION.tar.gz
mv kippo-graph-VERSION.tar.gz /var/www/html
cd /var/www/html
tar zxvf kippo-graph-VERSION.tar.gz
mv kippo-graph-VERSION kippo-graph
cd kippo-graph
chmod 777 generated-graphs
cp config.php.dist config.php
nano config.php #enter the appropriate values

Browse to http://your-server/kippo-graph to generate the statistics.

PREVIOUS VERSIONS:

You can download version 1.5 here: kippo-graph-1.5
You can download version 1.4.2 here: kippo-graph-1.4.2
You can download version 1.4.1 here: kippo-graph-1.4.1
You can download version 1.4 here: kippo-graph-1.4
You can download version 1.3 here: kippo-graph-1.3
You can download version 1.2 here: kippo-graph-1.2
You can download version 1.1 here: kippo-graph-1.1
You can download version 1.0 here: kippo-graph-1.0
(Note: Kippo-Graph versions prior to 1.0 were distributed as .tar and not .tar.gz files)
You can download version 0.9.3 here: kippo-graph-0.9.3
You can download version 0.9.2 here: kippo-graph-0.9.2
You can download version 0.9.1 here: kippo-graph-0.9.1
You can download version 0.9 here: kippo-graph-0.9
You can download version 0.8 here: kippo-graph-0.8
You can download version 0.7.7 here: kippo-graph-0.7.7
You can download version 0.7.6 here: kippo-graph-0.7.6
You can download version 0.7.5 here: kippo-graph-0.7.5
You can download version 0.7.4 here: kippo-graph-0.7.4
You can download version 0.7.3 here: kippo-graph-0.7.3
You can download version 0.7.2 here: kippo-graph-0.7.2
You can download version 0.7.1 here: kippo-graph-0.7.1
You can download version 0.7 here: kippo-graph-0.7
You can download version 0.6.5 here: kippo-graph-0.6.5
You can download version 0.6.4 here: kippo-graph-0.6.4
You can download version 0.6.3 here: kippo-graph-0.6.3
You can download version 0.6.2 here: kippo-graph-0.6.2
You can download version 0.6.1 here: kippo-graph-0.6.1
You can download version 0.6 here: kippo-graph-0.6
You can download version 0.5.1 here: kippo-graph-0.5.1
You can download version 0.5 here: kippo-graph-0.5
You can download version 0.4 here: kippo-graph-0.4
You can download version 0.3 here: kippo-graph-0.3
You can download version 0.2 here: kippo-graph-0.2
You can download version 0.1 here: kippo-graph-0.1

CHANGES:

Version 1.5.1:
+ Various important fixes.

Version 1.5:
+ Added configuration option for realtime statistics.
+ Added cron example to update charts in the background.
+ Updated RedBeanPHP to version 4.1.4.
+ Various small fixes.

Version 1.4.2:
+ Fixed Kippo-Playlog’s results and added sorting to the table.
+ Added geo method selection in play.php.
+ Various small fixes.

Version 1.4.1:
+ Added check for Tor exit nodes.

Version 1.4:
+ Added support for local MaxMind geolocation instead of geoplugin.com.
+ Various small fixes.
+ Added favicon.ico.
- Removed README.txt.

Version 1.3:
+ Switched all SQL operations to the RedBeanPHP library.
+ Reformatted and standardized all SQL queries.
+ Added VirusTotal IP lookup in Kippo-Geo.
+ Fix XSS problem in Kippo-IP (AJAX requester).
+ Updated README.md file.
- Removed manual DIR_ROOT configuration.

Version 1.2:
+ Substituted the defunct NoVirusThanks with Gary’s Hood Online Virus Scanner.
+ Added Kippo-Scanner module to handle (future) AV and anti-malware submissions.
+ Added IP-address.com’s tracer to Kippo-Geo IPs.
+ Added Czech language support.
+ Added robots.txt file to disallow crawling by bots.
+ Added .gitgnore to exclude config.php file from VCS.

Version 1.1:
+ Added downloads, dig output and geolocation of current session in Kippo-Playlog.
Version 1.0:
+ Various fixes and updates.

Version 0.9.3:
+ Added Kippo-IP: attack details by IP address.

Version 0.9.2:
+ Added experimental playlog display.

Version 0.9.1:
+ Fixed Google Map rendering issue.

Version 0.9:
+ Added CSV export capabilities.
+ Added Spanish language support.

Version 0.8:
+ Changed code to OOP style.
+ Added FortiGuard, AlientVault, WatchGuard and McAfee IP scanning services (Kippo-Geo).
+ Various CSS-related fixes for tables and cross-browser compatibility.

Version 0.7.7:
+ Added German language support.

Version 0.7.6:
+ Added Polish & Swedish language support.

Version 0.7.5:
+ Added French language support.

Version 0.7.4:
+ Added config option for non-standard MySQL port.

Version 0.7.3:
+ Fixed XSS issues in Kippo-Input.
+ Added tables with overall/basic stats in Kippo-Graph and Kippo-Input.

Version 0.7.2:
+ Minor fixes and various changes.

Version 0.7.1:
+ Added chart localization – need volunteers.
+ Languages: Greek, Italian, Dutch, Estonian.
+ New chart fonts added – default: OpenSans.
+ Added API key to QGoogleVisualizationAPI.

Version 0.7:
+ Fixed human activity charts: Top 20 and mod limit.
+ Fixed probes per week and successes per week charts.
+ Added human activity per week graph - updated gallery
+ Added most successful logins per day graph - updated gallery.
+ Added most probes per day graph - updated gallery
+ Other small fixes.

Version 0.6.5:
+ Fixed “http://” in file links (Kippo-Input).
+ Added installation instructions and Google Map note in README.txt
+ Fixed successful logins from same IP chart: Top 20.
+ Fixed successes per day chart: Top 20.
+ Fixed probes per day chart: display only 25 distinct date values.

Version 0.6.4:
- Removed dayofyear2date(), has a bug that adds +1 day in all 2012 dates (leap year?).
+ Changed SQL queries to timestamp values and date() parses the results - fixed graphs.
+ Added successes per week graph - updated gallery.
+ Small fixes.

Version 0.6.3:
+ Added passwd, executed scripts and interesting commands tables.
+ Added successes per day graph - updated gallery.
+ Added human activity per day vertical bar chart - updated gallery.
+ Fixed successful logins from same IP graph.
+ Changed top 10 SSH clients graph to horizontal.
+ Small UI fixes, etc.

Version 0.6.2:
+ Added hostname resolution for IPs.
+ Added robtex IP lookup feature.

Version 0.6.1:
+ Changed all links and information about the project.

Version 0.6:
+ Added human activity per day graph (Kippo-Input) – updated gallery.
+ Added probes per week graph – updated gallery.
+ Added break-ins from same IP graph – updated gallery.
+ Added IP Void lookup feature (Kippo-Geo).
+ Added NoVirusThanks scan feature (Kippo-Input).
+ Fixed SSH clients graph: shows top 10, ordered by volume.
- Removed favicon.

Version 0.5.1:
+ Made version checking more secure with a directive in config.php (UPDATE CHECK YES/NO).
+ Posted CHECKSUMS for the .tar archive online (and noted for future releases).
+ Added LICENSE.txt

Version 0.5:
+ Added Kippo-Input: display and visualization of input data, wget (with file links) and apt-get commands.
+ Added online version checking function (include/misc/versionCheck.php).
+ Added new pie charts, Kippo-Graph now shows 15 – updated gallery.
+ Added IP table on Kippo-Geo with whois/lookup feature.
+ Changed all files to .php.

Version 0.4:
+ Added geolocation features at beta stage, using geoplugin and google maps/charts.
+ Fixed file/folder structure and updated config.php.
+ Added new logo.

Version 0.3:
+ Added 3 new input-related graphs.
+ Updated graph gallery.
+ Fixed minor web UI and graph details.
+ Added TODO.txt.
+ Updated README.txt

Version 0.2:
+ Added web template to Kippo-Graph.
+ Changed functionality of kippo-graph.php turning into a generator for the graphs.
- index.php removed.

Version 0.1:
+ Initial version.

SCREENSHOTS:


Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

  • Pingback: Kippo Graph 0.1 released » BruteForce Lab's Blog()

  • Andrew Waite

    Nice work mate! I’ll try to get it running on my installation shortly.

    In the meantime, I’ve been meaning to ask: You have a twitter account?

  • Ion

    Thanks Andrew. It’s plain simple at the moment, it just shows the graphs. I will try to add a working web template/gui to it later on. I’m not too fond of twitter myself, never had an account there 😳 Perhaps it’s time to open one…

    • Andrew Waite

      No problem, was just that I’ve seen some positive feedback for the tool on Twitter. Was wanting to make sure it was directed to the right person and you were aware of the feedback.

    • Leon van der Eijk

      Makes exchanging ideas a bit easier 😀

  • Pingback: Kippo-Graph 0.2 released! » BruteForce Lab's Blog()

  • Pingback: Kippo-Graph 0.3 released. » BruteForce Lab's Blog()

  • Pingback: Kippo-Graph 0.4 released, introducing Kippo-Geo! » BruteForce Lab's Blog()

  • Pingback: The big post of Kippo scripts, front-ends, bash one-liners and SQL queries » BruteForce Lab's Blog()

  • Pingback: Kippo-Graph 0.5 released! » BruteForce Lab's Blog()

  • Andy

    Cool bit of software, have you thought about releasing it under an open source licence and sticking it on github (or the like)?

    • Ion

      Thanks Andy. Yes, this is the plan, but I’m a little ashamed because right now the package is coded like hell, with control and presentation code all together 😳 :mrgreen:

      By the way I have a left a comment on your blog about the issue you raised, but since there are some people currently following this page, let’s continue here if you like.

      • Hypn

        Hey,

        I’ve just found out about kippo-graph and installed it, but had to make a few tweaks to get it working on my webserver. I’ve uploaded the code, with my changes, to GitHub (hope that’s okay) : https://github.com/hypn/kippo-graph/commits/master

        Hypn

      • Ion

        Hello Hypn and thanks for trying Kippo-Graph.

        The tweaks etc are present in my local repo as well. I see some more changes that you made and will implement them as well.

        I have also fixed some of the charts and added 3 more.

        Later today or tomorrow I will release version 0.7 🙂

        Thanks for your effort though! If you have any feedback please make sure to pass it on.

        PS. I plan to move Kippo-Graph to Github as well. Will there be any problems that you had created a project with this name? You might want to wait a couple of days and then properly fork/branch it so I could merge changes back to the main repo.

    • Ion

      Kippo-Graph 0.5.1 is now released under GPLv3.

  • Pingback: kippo-graph is neat but calls home | Andrew Smith()

  • Ion

    As you may have noticed I have included a version checking function, so you can get a text msg on the index page if there is a new version of Kippo-Graph. My way might not be the best one though, because your system has to get the contents of http://bruteforce.gr/kippo-graph-version.txt which is a text file with the current/latest version number and compare it against a ‘version’ definition declared in Kippo-Graph. This works nice in theory, but Andy above raised the concern of privacy, because your honeypot’s IP gets logged.

    I’m about to release a “fixed” version, leaving the feature in place, but including a UPDATE_CHECK YES/NO directive inside config.php (default: NO) along with a warning detailing the choice, and if the user wants to have the feature enabled then he can change that to YES. I guess it’s safe enough and it doesn’t brake functionality.

    • Ion

      OK, “fixed” version released.

  • Pingback: kippo-graph - spamversand()

  • Pingback: Kippo-Graph 0.6 released! » BruteForce Lab's Blog()

  • Denny Crane

    Hi Ion,

    nice tool what you made.
    I’m not sure but I think I found a bug. So feel free do contact me by email. 😉

    cheers,
    Denny Crane

  • zuperkoleoptera

    Hey Ion,

    I d/l latest version of kipo-graph and tried to make it play next to an already functional kippo honeypot.
    When pointing though my browser to kippo-graph-generator.php nothing happens. mysql credentials have been inserted in the config file..

    Any ideas?

    Thanks for your work

    • Ion

      Hello. So, do you see blank page and its stuck there, or you just browse the script and no images are shown?

      kippo-graph-generator.php creates the .png graphs for the Kippo-Graph component, places them inside the “generated-graphs” folder and then redirects to kippo-graph.php. Is there anything created inside the graphs folder? (don’t forget to chmod it as written above)

      Does the image generation of the other components, ie Kippo-Geo/Input, work? (they don’t use a seperate generator)

  • zuperkoleoptera

    I get a blank page and nothing else happens. Furthermore generated-graphs/ has been chmoded but no .pngs are created, folder remains empty.
    The rest :
    kippo-input
    kippo-geo
    graph-galery

    are dead as well…
    Anyhow I ll get it somehow…..

    • Ion

      I’ve just tried the latest version in two different installs just to check and I’ve got no problems. Which distro do you use? Is your PHP compiled with the GD library? (php5-gd package)

  • Lancelot

    Hi,

    I have the same problem as the user ‘zuperkoleoptera’. I installed the Kippo honeypot with mysql (kippo database - auth, clients, input, sensors, sessions, ttylog). I can see the honeypot data in the mysql-server database. All works well. Then I tried Kippo-Graph and got only the white pages in Firefox browser. No information!

    My Kippo-Graph Firefox display example link: https://sites.google.com/site/honeypot65/

    My OS and software additional information:
    PC distro - Ubuntu LTS
    Browser - Mozilla Firefox 10.0.1
    Virtualbox 4.1.8 - guest OS 32 bit Debian 6 (squeeze); ssh honeypot Kippo 0.5, mysql-server 5.1.49-3 (kippo database), Kippo-Graph (0.6.4), Apache2 2.2.16-6.

    Kippo-Graph location in server /var/www/kippo-graph
    chmod 777 generated-graphs

    NB! In Kippo-Graph file ‘config.php’ I edit mysql kippo database information (define DB_HOST, DB_USER, DB_PASS, DB_NAME).

    Have I done in Kippo-Graph anything wrong or missing any of the installed packages and configurations?

    Thanks,
    Lancelot

    • Ion

      Hello Lancelot, thanks for your interest in my tool.

      Well, everything seems OK…

      Please check the following things and reply so we can troubleshoot this:

      a) Go to /var/www/kippo-graph/generated-graphs. Are there any .png images inside at all?

      b) Do you have the “php5-gd” package installed? Do an

      apt-get update && apt-get install php5-gd && /etc/init.d/apache2 restart

      and run kippo-graph-generator.php. Check the generated-graphs dir again.

      Let me know, thanks.

      • Lancelot

        Hi Ion,

        Thank you for quick response!

        As you suggested I looked the following items:
        a) Go to /var/www/kippo-graph/generated-graphs. Are there any .png images inside at all?
        When I click on the side of the website ‘GENERATE_THE_KIPPO_GRAPHS();’ then there is not in /var/www/kippo-graph/ generated-graphs directory any .png files. Only 0KB empty ‘index.php’.

        NB! In honeypot server apache2 ‘error.log’ is the message:
        “[Sun Feb 19 14:17:53 2012] [error] [client 172.XX.XX.100] PHP Fatal error: Class ‘mysqli’ not found in /var/www/kippo-graph/kippo-graph-generator.php on line 13, referer: http://172.XX.XX.50/kippo-graph/”

        b) Do you have the “php5-gd” package installed?
        Yes I have installed the debian package ‘php5-gd’ver.5.3.3-7+squeeze8 (GD module for php5), ‘php5’ and ‘php5-dev’.

        I do not know maybe the ‘MySQL-server’ and ‘Kippo-Graph’ can’t communicate with each other.

        Thanks,
        Lancelot

      • Ion

        Ok, now we’re getting somewhere. Please install php5-mysql package:

        apt-get install php5-mysql && /etc/init.d/apache2 restart

        and try again. Let me know.

      • Lancelot

        Hi Ion,

        Yessss!!! It’s works!

        Ion, ‘Kippo-Graph’ is very stylish, strategic, good and useful tool for Kippo honeypot.
        Master Class result!

        Missing package ‘php5-mysql’ did the magic trick.

        I think my problem was that I installed to Virtualbox minimal Debian server distro (without X) and I forgot php packages. I’m not so smart in mysql and php. 🙂

        I’m running a years ago ‘Kojoney’ honeypot and kojoney were lacking of “Kojoney-Graph”.

        My ‘Kipo-Graph’ working results link: https://sites.google.com/site/honeypot65/

        I had question:
        If I choose ‘Kippo-Geo’ then I get a pop-up alert warning: “Google has disabled use of the Maps API for this application. The provided key is not a valid Google API Key, or it is not authorized for the Google Maps Javascript API v2 on this site. If you are the owner of this application, you can learn about obtaining a valid key here: http://code.google.com/apis/maps/documentation/javascript/v2/introduction.html#Obtaining_Key”

        Then I went to https://code.google.com/apis/console/ and activating (turning ON) ‘Google Maps API v2’.
        But I get still ‘Kippo-Geo’ pop-up warnings (Google Maps API v2). Perhaps it will take time!?

        Thanks,
        Lancelot

      • Ion

        Hello again. Glad it finally worked 🙂

        I have added the two packages in the instructions above as requirements.

        About the Google Maps warning, it’s not a problem and you can just ignore it, or you can add your own key in the code so it doesn’t pop up.

        I have written a quick note about this here: http://bruteforce.gr/kippo-geo-asks-for-google-maps-api-key.html

        Regards.

  • Lancelot

    Hi Ion,

    A couple of days I have unsuccessfully tried to remove from ‘Kippo-Geo’ the Google Maps API warning: “Google has disabled use of the Maps API for this application….”

    I have made the following:
    1. In Google APIs Console I have generated the API key (Key for browser apps with referers). Google Maps API v2 (status ON).
    2. In ‘Kippo-Graph’ I inserted the Googel API key to file ‘QApikeyGoogleGraph.class.php’.
    {
    const KEY = “http://maps.google.com/maps?file=api&v=2&key={XXXXXXXXXXXXXXXXXXXXXXXX}”;
    }

    Just in case I did a kippo, mysql and apache2 demon restart.

    But the Google Maps API warning in ‘Kippo-Geo’ has not disappeared. 🙁

    It happened this evening that the ‘Kippo-Geo’ section “The following zoomable world map marks the geographic locations of the top 10 IPs according to their latitude and longitude values. Click on them to get the full information available from the database.” is blank and white. World map is lost!
    Other things were fine.

    Is Google Maps blocking my requests from ‘Kippo-Geo’? How can I get zoomable world map back?

    Is something wrong with my “Google APIs Console” or ‘QApikeyGoogleGraph.class.php’ configuration?

    Thanks,
    Lancelot

    • Ion

      Hello Lancelot.

      I was too running Kippo-Graph without an API key, so I’ve just tried it and it worked for me.

      But, there is a mistake in your code, it shoud be:
      const KEY = “http://maps.google.com/maps?file=api&v=2&key=XXXXXXXXXXXXXXXXXXXXXXXX”;
      ie. without the ‘{‘ and ‘}’.

      You also need to clear your browser’s cache after making changes in order to see the results correctly.

      Try again and let me know.
      Regards.

      • Lancelot

        Hi Ion!

        Yes you were right I had a mistake in the ‘QApikeyGoogleGraph.class.php’ code.
        Sorry for my typos.

        At the moment ‘Kippo-Graph’ with an Google API key works well. No more Google Maps API warnings.

        But it is strange that the ‘Kippo-Geo’ section “zoomable world map” is still blank, white and lost. 🙁

        I’ve tried the following:
        1. I played with and without Google API key.
        2. I deleted the whole ‘Kippo-Graph’ and installed it again.
        3. I used a variety of browsers (Firefox, Chrome) in home and work. I cleared browser’s cache.
        4. Restarting the server.

        Nothing can be helped, “zoomable world map” is still dead!
        Everything else in ‘Kippo-Graph’ is working.

        Maybe Google APIs Console is blocked my static host and IP requests. Perhaps I was playing too much with Google API key. I do not know.

        What else can I do, how to find the error?

        Thanks,
        Lancelot

      • Ion

        Hello Lancelot.

        I don’t know what else might be the problem. I doubt that Google blacklists IPs that easily.

        I can try visualizing your database to see for myself. If you want to send it to me, it’s no problem. Let me know and I will send you an email.

        Regards.

      • Lancelot

        Hi Ion!

        I send you a my kippo mysql database and ‘kippo-graph’ with google API key.
        Later I change the api key.

        Please send me your email.

        Thanks,
        Lancelot

  • Lancelot

    Hi Ion!

    Such a strange thing happened in my ‘kippo-graph’. About one month was ‘kippo-input’ empty. There was no traffic. A few days ago was the traffic in logs ‘/opt/kippo-0.5/log/tty’. Crackers entered the honeypot and enter commands: wget, dit, winscp: this is end-of-file:0.

    But in my ‘kippo-input’ is no data? The section is empty. 🙁
    I took a test. I entered today the honeypot and edit command ‘whois’. I got to the log in ‘/opt/kippo-0.5/log/tty’ but still no data in ‘kippo-input’.

    However, I do not see in ‘kippo-graph’ my entered command ‘whois’ stats. My ‘kippo-graph’ first section did not record the log and stats for example: Top 10 passwords (old constant number), Success ratio (old constant number), Successes per day/week (old last day is 28.02.12) etc.

    Have I somehow broken off ‘kippo-graph’ stats and configuration?
    Everything seems to work but it does not work as well.

    Thanks,
    Lancelot

    • Ion

      Hello Lancelot.

      Kippo-Graph just takes data from the database. What you have to check is not the TTY logs but the database’s “input” table. If there is nothing there, then there will be nothing in Kippo-Input.

      By the way, do you use Kippo 0.5 or the SVN version? Because as far as I am aware Kippo 0.5 does not have database logging capabilities.

      • Lancelot

        Hi Ion!

        Thank you for your response.

        I looked the kippo mysql database ‘ttylog’ section. Yes, the ‘ttylog’ is empty.
        But please tell the circumstances in which it forms a data in mysql ‘ttylog’ ?

        I use ‘kippo-05’ version.
        What are the differences between ‘kippo-05’ and ‘kippo-svn’?
        Is there ‘kippo-svn’ a better.

        Thanks,
        Lancelot

      • Ion

        See the “input” table in the database. This is the table Kippo-Input uses to display information, not “ttylog” (although, “ttylog” should not be empty either).

        I think Kippo 0.5 does not fully support MySQL logging. It’s best for you to install the newest version of Kippo from the SVN server. I have already written a tutorial here: http://bruteforce.gr/installing-kippo-ssh-honeypot-on-ubuntu.html and http://bruteforce.gr/logging-kippo-events-using-mysql-db.html

        Regards.

      • Lancelot

        Hi Ion!

        I switching today to ‘kippo-svn’ and ‘kippo-graph’ 0.7.

        In kippo mysql database (input, ttylog) is currently without data. Other data are available.
        I look forward to the right data will come or not to ‘input’ and ‘ttylog’.

        Best regards,
        Lancelot

  • Jean-Philippe

    Hello,

    I did a small patch to my kippo-graph for it to be able to connect to a mysql db running on a non-standard port :

    lab@HP:/var/www/kippo-graph$ grep PORT *.php
    config.php:define(‘DB_PORT’, ‘3307’);
    kippo-geo.php:$db_conn = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME, DB_PORT); //host, username, password, database, port
    kippo-graph-generator.php:$db_conn = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME, DB_PORT); //host, username, password, database, port
    kippo-graph.php:$db_conn = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME, DB_PORT); //host, username, password, database, port
    kippo-input.php:$db_conn = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME, DB_PORT); //host, username, password, database, port

    Regards,

    • Ion

      Hello Jean-Philippe, good call!
      I’ll add it to the next version (to be released soon).
      Regards.

      • Jean-Philippe

        Hello Ion,

        I did a quick translation in French.

        Regards,

        lab@HP:/var/www/kippo-graph/include/languages$ cat lang.fr.php
        <?php
        #Package: Kippo-Graph
        #Version: 0.7.3
        #Author: ikoniaris
        #Website: bruteforce.gr/kippo-graph

        //INDEX.PHP STRINGS
        //MORE TODO
        define('LATEST_VERSION', ' - Vous utilisez la dernière version !’);
        define(‘NEW_VERSION_AVAILABLE’, ‘ - Il y a une nouvelle version disponible au téléchargement !’);

        //KIPPO-GRAPH-GENERATOR.PHP STRINGS
        define(‘TOP_10_PASSWORDS’, ‘Top 10 des mots de passe’);
        define(‘TOP_10_USERNAMES’, ‘Top 10 des noms d\’utilisateur’);
        define(‘TOP_10_COMBINATIONS’, ‘Top 10 des combinaisons noms d\’utilisateur / mots de passe’);
        define(‘AUTH_FAIL’, ‘Echec’);
        define(‘AUTH_SUCCESS’, ‘Succès’);
        define(‘OVERALL_SUCCESS_RATIO’, ‘Proportion de réussite globale’);
        define(‘MOST_SUCCESSFUL_LOGINS_PER_DAY’, ‘Nombre d\’identifications réussies par jour (Top 20)’);
        define(‘SUCCESSES_PER_DAY’, ‘Nombre de réussites par jour’);
        define(‘SUCCESSES_PER_WEEK’, ‘Nombre de réussites par semaine’);
        define(‘NUMBER_OF_CONNECTIONS_PER_UNIQUE_IP’, ‘Nombre de connexions par adresse IP unique (Top 10)’);
        define(‘SUCCESSFUL_LOGINS_FROM_SAME_IP’, ‘Nombre d\’identifications réussies depuis la même adresse IP (Top 20)’);
        define(‘MOST_PROBES_PER_DAY’, ‘Nombre de sondes par jour (Top 20)’);
        define(‘PROBES_PER_DAY’, ‘Nombre de sondes par jour’);
        define(‘PROBES_PER_WEEK’, ‘Nombre de sondes par semaine’);
        define(‘TOP_10_SSH_CLIENTS’, ‘Top 10 des clients SSH’);

        //KIPPO-GRAPH.PHP STRINGS
        //TODO

        //KIPPO-INPUT.PHP STRINGS
        //MORE TODO
        define(‘HUMAN_ACTIVITY_BUSIEST_DAYS’, ‘Activité humaine la plus forte par jour (Top 20)’);
        define(‘HUMAN_ACTIVITY_PER_DAY’, ‘Activité humaine par jour’);
        define(‘HUMAN_ACTIVITY_PER_WEEK’, ‘Activité humaine par semaine’);
        define(‘TOP_10_INPUT_OVERALL’, ‘Top 10 des saisies clavier (global)’);
        define(‘TOP_10_SUCCESSFUL_INPUT’, ‘Top 10 des saisies clavier réussies’);
        define(‘TOP_10_FAILED_INPUT’, ‘Top 10 des saisies clavier échouées’);

        //KIPPO-GEO.PHP STRINGS
        //MORE TODO
        define(‘NUMBER_OF_CONNECTIONS_PER_UNIQUE_IP_CC’, ‘Nombre de connexions par adresse IP unique (Top 10) + Codes des pays’);
        define(‘NUMBER_OF_CONNECTIONS_PER_COUNTRY’, ‘Nombre de connexions par pays’);
        ?>

      • Kreszol

        Hello Jean-Philippe,

        if u want, i can do Polish Translation for kippo-graph,

        or help with other things.

        Bless U

      • Ion

        Hello Kreszol, I think you better talk to me about it 🙂
        Thanks a lot for your offer, we are missing a Polish translation!
        I will send you the file you need to translate by email.
        Regards.

      • Ion

        Hello Jean-Philippe 🙂
        This is very cool. We were missing a French translation!
        Your port suggestion was also included in Kippo-Graph 0.7.4.
        Thanks for your support!

  • Mat

    Hello,
    very nice WORK.
    Regards.

    • Ion

      Hello Mat, thanks for your comment.

      Let me know if you have any suggestions.
      Regards, Ion.

  • Adam Johnston

    Hello,
    Really nice work very impressed by it all. Everything works apart from the SSH clients graph, I cant understand why its not working as every other graph is being populated by data.

    • Ion

      Hello Adam, thanks a lot for your comment!
      That is strange, did you check the kippo database (clients table) manually?

      • Skyscraper

        Hi!

        I have the same problem: Nothing in “Top 10 SSH clients”, but nothing in table “clients”, too. I’ve the newest SVN version, installed today by this tutorial: http://bruteforce.gr/installing-kippo-ssh-honeypot-on-ubuntu.html

        Please help!

      • Ion

        Hello, Kippo-Graph just takes data from the MySQL db. First, check if there are any data inside the clients table and second, check if the SQL query inside kippo-graph-generator.php (I think it’s the last one) has any problems. Perhaps a table column has changed its name in a newer Kippo version or something. Please don’t forget to inform me if that’s the case so I can fix it. Regards.

      • Bubba

        Hi I am having a similar issue with the attempted passwords not being populated in the Kippo graph. I can see the data in MySQL - will investigate and report back if i find a solution. Version is latest from this tutorial (excellent work btw friend :-))

      • Bubba

        Yeah, my whole first page is populated only with a single successful result I did when setting up as a test. I have lots of attempted logins but they are not being displayed on Kippo graph. I can see them in the kippo log file and in the MySQL database. It does recognise the total login attempts and has populated all graphs in Kippo-geo. Any help would be greatly appreciated.

      • Ion

        Hello Bubba, perhaps you might want to send me your database so I can check it locally. Send me a message through the Contact Form and I shall get back to you. Regards, Ion.

      • Bubba

        Hey Ion - thank for replying - I can safely say that this was a case of user error! I deleted my test record but it turns out i did not remove it from all tables. Once I removed my client entry from the lcients table and refreshed the page - it worked 🙂 thanks and keep up the great work!

  • Bubba

    Hey Ion, can I use my local install of Kippo graph to display results from 2x different MySQL databases? If so how? I have tested I can get 1 or the other displaying by editing the config.php but can I display both? Thanks!

    • Ion

      Hello Bubba, sorry but no, Kippo-Graph plays per-db.

      You are welcome to contribute to the codebase and add this feature though!

      Regards, Ion.

      • Bubba

        Ok thanks for the reply, if I get it working I will be in touch! I love it!

  • sittiKhadijah

    hello ion, i have installed kippo, mysql, and kippo graph, and i’ve tried to attack my kippo honeypot. in folder /log/tty there are some .log file, but when i access kippo-graph in my browser, it’s empty, i also check my kippo database using phpmyadmin, the auth table is empty too. can you help me to resolve it ??

    • ikonspirasi

      remember to uncomment the [database_mysql] in kippo.cfg on kippo core files, not just the username, database and password

      • alex

        i have the same problem i made sure to uncomment the [database_mysql] but still nothing. there are some .log files in /log that do show up on the browser but nothing from /log/tty

      • alex

        also nothing shows up in kippo-ip but everything else is working fine

      • Ion

        Hey Alex, what does your server’s error log file says about it?

  • Mara

    Hello!

    I just ran kippo-graph…
    I cannot see any graph in kippo-graph.php…
    but I see graphs in kippo-geo.php…

    do you have any idea about what I might do wrong??

    Thanks!!
    And great work… 😉

    • Mara

      Sorry, (μαλακία ρώτησα)… 😛
      Ok, fixed, no problem! 🙂

  • JB

    hi there,

    Can i say what an awesome product 🙂 I am having just 1 issue, I am getting traffic comming to my honeydrive, but the kippo-graph isnt showing the country in the geo part? any ideas?

    Thanks in advance

    JB

    • Ion

      Hello JB, does this happen for ALL connections? Or only for some specific ones? Can you share a screenshot (you can blur out the unrelated parts).

      Regards, Ion.

      • JB

        please see the pic below 🙂 thanks for the fast reply 🙂

      • Ion

        That is strange. Perhaps GeoPlugin was down? Is this still happening now? I’ve just tested a DB of my own and it works fine.

        I am curious about this. If you want you can send me your database (just send me a dropbox link or something through the site’s contact form) and let me try on my installation.

        Regards, Ion.

      • JB

        sorry Ion, i am not a linux wizard 🙁 how would i extract and send you the DB?
        I am off to bed right now (its 0020) but if you leave instructions i will do it as soon as i get up 🙂

        Many thanks for you super fast responces 🙂

        JB

      • Ion

        No problem 🙂

        Do you happen to have phpMyAdmin installed? If no, you can install it by issuing: “sudo apt-get install phpmyadmin” (no quotes — when asked which server to autoconfigure choose yours, I suppose it would be Apache). Then you can browse to: http://your-IP-address/phpmyadmin, login using the same MySQL credentials as in Kippo-Graph’s config.php file, choose the Kippo DB and select export from the menu. The browser will then prompt you to download the sql file.

        Otherwise (and because phpMyAdmin is not the safest of software) you can just type: “mysqldump -u username -p databasename > filename.sql” (no quotes — again, replacing the username, password and database name with the same MySQL data as in your Kippo-Graph’s config.php file). Then you will have to move the resulting .sql file to your web server’s document root, e.g. “mv kippo.sql /var/www/” (no quotes) and then go to http://your-IP-address/kippo.sql to download it locally.

        After doing one of the above just upload it somewhere (MEGA, 2shared, Dropbox, whatever) and send me the link through the site’s Contact Form: http://bruteforce.gr/contact-form

        Regards,
        Ion

      • JB

        i keep getting and error on the feedback form

        this is the sql file

        https://www.dropbox.com/s/g4acwchc9iy2se8/kippo.sql

        hope this helps, i have had fresh notifications overnight and still no geo data?

        Kind regards

        JB

      • Ion

        Hello JB. Well, it works for me. I can see geolocation data for every IP in the table. Are you sure that perhaps a firewall doesn’t block outgoing traffic of something like that?

      • JB

        I tried the firewall, still no joy 🙁 strange one! i have deployed a fresh vm and I’ll see how that gets on.

        Many thanks for your help.

        I will update you once i have a few hits 🙂

  • KMiller

    Hi I’ve installed kippo and kippo-graph on my local server and on an EC2 instance, i cannot log any proper connections, all i get is “connection lost” in the kippo log file, an IP connects then disconnects after a few seconds, i’ve tried the authbind and iptables route. The kippo.cfg listen port was set accordingly, 22 for authbind and 2222 with iptables forward traffic to it, I adjusted router config accordingly, I even went 3 days without a single login attempt, just a bunch of IP addresess connecting then leaving, i find hard to believe not a single login attempt was made over that peroid.

    The log file is like this, line after line.

    2013-09-15 02:06:30+0000 [kippo.core.honeypot.HoneyPotSSHFactory] New connection: 192.241.186.252:
    35090 (10.196.27.110:22) [session: 1]
    2013-09-15 02:06:40+0000 [HoneyPotTransport,1,192.241.186.252] connection lost

    Thanks!

    • Ion

      Hello there.

      Why don’t you try logging in to Kippo on your own and check? Perhaps the results you are getting come from port scanning tools not SSH-specific attacks. Let us know.

      Regards, Ion.

  • dnnisp

    Hello Ion, I recently got a very unfamiliar error in my Kippo-Graph:
    The following zoomable world map marks the geographic locations of the top 10 IPs according to their latitude and longitude values. Click on them to get the full information available from the database.
    Object # has no method ‘setMapTypeId’
    It have been working before with the world map, but suddently one day this error comes.

  • Rio Indra Maulana

    Hi Ion, I am having trouble with the Kippo-Geo feature. It does show the information about the IP statistic, but the map doesn’t show up and it return this error code

    b[ha] is not a function

    I tried using both version 0.8 and 0.7.7. Here is the screen shot of the error section

    • Ion

      Hi Rio, yes I noticed that too.

      It seems that Google Maps made a change that broke the code. I am using a third-party PHP wrapper to create the maps, so not sure if/when it will fixed. I will look into this when I find some free time. Thanks for letting me know.

      Regards,
      Ion

  • sean

    Hello ,

    I am having issues with a new install I have noticed a few issues

    I am unable to get any output from the graphs I have made sure to give the proper permision and the username/database is setup correctly

    I see the attemps in kippo.log so I am sure kippo is working
    also the generate graph button is missing
    I am using 0.9.1

    • Ion

      Hi Sean,
      the “generate graphs” link is no longer there so it’s OK. I would suggest to check it Kippo is logging to the DB. Check out this guide: http://bruteforce.gr/logging-kippo-events-using-mysql-db.html

      Then use a tool like phpmyadmin or manually check your MySQL server for rows in Kippo’s database (e.g. the “auth” table). If nothing is there then Kippo-Graph cannot get any data to display. Otherwise, there might some problem with your config.

      Regards,
      Ion

  • Paweł Janowski

    Hi …
    Successfully installed and use Kippo-graph. The question is how to clear the existing data charts and to start “from scratch”?
    Pawel

    • Paweł Janowski

      Ok, I find it 🙂
      I drop database kippo, delete all log files and reinstall Kippo-graph…
      I start “from scratch”
      🙂

      • Ion

        Hi Pawel,
        FYI, every time you click on the Kippo-Graph components on the menu (Kippo-Graph, Input, Geo, etc), the pages fetch the latest data from the DB.

        You can also manually delete the images from inside the “generated-graphs” folder to start from scratch, no need to go to extremes 🙂

        Regards,
        Ion

  • Mozart

    Wauw, the playlog feature is really great! Makes it really easy to see what was tried and saves me the trouble of signing in to the honeydrive system.

    • Ion

      Hi Mozart, thanks for your feedback!

  • ikonspirasi

    i have update my kippo and the playlog was awesome, no need to open my box again just to see what the attacker did, and also the kippo ip, i just realized that with the easy password doesnt seem always get owned, thanks!

    • Ion

      Thanks for your feedback ikonspirasi, glad that it’s useful! 🙂

      • iKONs

        the download link on kippo v1.0 is not working http://bruteforce.gr/wp-content/uploads/kippo-graph-1.0.tar
        i have to download it through github

      • Ion

        Hi, unfortunately I had to take it down since I missed a change to some strings in the code. I will re-upload the file tomorrow!

        Thanks for taking the time to report it 🙂

        Regards, Ion.

  • Kostas

    Hi, the playlog is just awesome! Lot of data from the last 8 months 🙂

    • Ion

      Thanks for the feedback Kostas. Care you share some data with me? You can contact me through the form (button on menu).

  • Jimcesse

    Is possible to configure kippo-graph to not display the web site from outside!? I have a virtual machine with a public IP and not want this available

    • Ion

      Hi Jimcesse, sure you can do that.

      You can achieve it with by placing an .htaccess (notice the dot) file in Kippo-Graph’s folder. See this for more: http://corz.org/server/tricks/htaccess.php?page=all#section-control_and_deny_access

      Regards,
      Ion

  • Top-Hat-Sec

    I have had kippo running for a few months. I just installed the graph, setup the mysql database etc… I edited the config files both on the kippo graph and the kippo.cfg… The kippo graph is connecting to the database but its not pulling any data

    • Ion

      Hi,
      so did you enable the database logging in kippo.cfg after installing Kippo-Graph? This should have been enabled from the beginning (when you started using Kippo itself).

      Use a tool like phpmyadmin and check that the database actually contains data. If not, then it’s not a surprise that Kippo-Graph doesn’t show anything.

      Regards, Ion

  • Resident

    Getting a Broken link when i try to grab 1.0 and git gives me .93
    Thanks

    • Ion

      Hi Resident, I am aware of that, I took it down because I forgot a small change. I will re-upload soon.

      Thanks for your patience,
      Ion

  • nick

    Hi there. First let me say thank you. This is great and much appreciated.

    I do have one small problem. I’m running version 1.1 and despite lots of logins and activity, my “Kippo-Input” tab is full of zeros. I’ve got playlogs and those show the input, there’s just nothing on that tab. Just wanted to let you know.

    • Ion

      Hi Nick, thanks for your message!

      Hm, if you could export your DB and sent it to me (a dropbox link perhaps) via the contact form, I could help. And also it’d be appreciated if this is a problem that others might have.

      Regards,
      Ion.

  • cjones

    Worth noting that on CentOS, the package php-xml is required for the generation of the geo maps, took me a while to figure it out, but running ‘php kippo-geo.php’ gave me a hint!

  • Chris

    With the new RedBeanPHP do we have to be on PHP > 5.3.4. Seems there are issues otherwise.

    PHP Fatal error: Declaration of RedBeanPHPOODBBean::offsetGet() must be compatible with that of ArrayAccess::offsetGet() in /var/www/html/kippo-graph/include/rb.php on line 842

    • Ion

      Hi Chris, yes this is true. RedBeanPHP requires PHP 5.3.4 or higher.

    • Ion

      I updated the requirements and README file(s) to reflect this.

  • John Graybosch

    What’s with all of the other SQL script in the SQL folder? Do I have to run those too?

    • Ion

      Hi John, no, just follow the installation instructions and then visit /kippo-graph. You’ll be all set.

  • kippo user

    A small problem with big qty of scans

    • Ion

      Hi and thanks for also opening a GitHub issue about this. I’ll look into it. But perhaps not all connection open a session? I’m not sure.

      Regards,
      Ion

  • Andre Comochina

    i’ve downloaded a version of honeydrive, i’ve did what this tutorial teaches and my kippo still isn’t running at all, the page is running, and don’t show the errors of mysql connection, but if i’ve tried to select the database to receive the atempts to log in the honeypot, i got nothing, the database is clear and the graphics are empty, is there any help u can give me? thanks a lot

    • Ion

      Hi, if you downloaded HoneyDrive, you don’t have to do anything else apart from running the start.sh script. Everything else is set. If you don’t see anything try tailing Apache’s error log to see what errors you get. Regards.

  • Zachary Hardie

    We have been getting millions of probes to kippo and thusly, it takes a few minutes for kippo-graph to load each time.

    I have a suggestion as a workaround for this small problem:
    1.) Possibly add an option to run the php scripts on a cron job and have the web page simply pull the generated graphs, so that the page will be accessible all the time without the delay.
    2.) Maybe caching the data used in the generated graphs and have each new query only parse the new data since the last update, combined with the cached data?

    I haven’t yet looked through the scripts to see if this would be possible. Let me know what you think! Awesome stuff though!

    • Ion

      Hi Zachary, thanks for your feedback and for using Kippo-Graph!

      Hm, at first I had it like that, with a separate script responsible to create the graphs and the “Kippo-Graph” was just displaying the already generated ones. Although, now that the other components are there too, going back to this will need a bit of code refactoring.

      I’ll consider it, but it’s best if you open a GitHub issue for it so I can keep track of requests!

      Thanks, Ion.

  • stinkefisch

    Thanks man, very nice.
    Keep up the good work top man 😉

  • Resilldoux

    Awesome tool! However, version 1.5 throws the following error at me after the first connection is made to Kippo (see attachment). I’m running FreeBSD 10.1p5, using MySQL 5.6.22 and PHP 5.4.37 from the repositories using pkg.

    Fatal error: Uncaught [22001] - SQLSTATE[22001]: String data, right truncated: 1406 Data too long for column ‘country’ at row 1 trace: #0 /usr/local/www/apache24/data/kippo-graph/include/rb.php(848): RedBeanPHPDriverRPDO->runQuery(‘INSERT INTO tem…’, Array) #1 /usr/local/www/apache24/data/kippo-graph/include/rb.php(3024): RedBeanPHPDriverRPDO->Execute(‘INSERT INTO tem…’, Array) #2 /usr/local/www/apache24/data/kippo-graph/include/rb.php(9305): RedBeanPHPAdapterDBAdapter->exec(‘INSERT INTO tem…’, Array) #3 /usr/local/www/apache24/data/kippo-graph/include/rb.php(9922): RedBeanPHPFacade::query(‘exec’, ‘INSERT INTO tem…’, Array) #4 /usr/local/www/apache24/data/kippo-graph/class/KippoGeo.class.php(183): RedBeanPHPFacade::exec(‘INSERT INTO tem…’) #5 /usr/local/www/apache24/data/kippo-graph/kippo-geo.php(61): KippoGeo->printKippoGeoData() #6 {main} thrown in /usr/local/www/apache24/data/kippo-graph/include/rb.php on line 636

    • Ion

      Hi, it seems like an error caused by the new RedBeanPHP version. Can you open a GitHub ticket for it please so I can track it? Thanks!

      • Resilldoux

        Sure!

      • Ion

        Hi Resilldoux, I replied at the Github issue.

      • Resilldoux

        Thanks Ion, I replied back to tell you your fix works.

  • newhoneypotstudent

    Im a student trying to get kippo graph up. Kippo installed and working. mysql configured and working. phpmyadmin shows data through the web interface. When I browse to my server /kippo-graph I get: Not Found. The requested URL /kippo-graph was not found on this server. Any suggestions?

    • Ion

      Hi, have you installed Apache? Have you started it? Have you placed Kippo-Graph in your document root? (.e.g /var/www/ or /var/www/html/).

      • newhoneypotstudent

        Thanks for the reply! Apache is installed and working. I’m viewing a home page, as well as phpmyadmin working through apache. Kippo graph was installed with the instructions above and lives at /var/www/kippo-graph

      • newhoneypotstudent

        Forgot to add - running Ubuntu-14.04.1-LTS-64bit

    • Simon

      Try installing kippo graph in /var/www/html/ rather than /var/www/ , seemed to work for me

  • Simon

    First of all thanks for the great work. I am having a basic issue, I have a mysql database with all the kippo attack info and I can see it it in phpmyadmin, yet putting localhost/kippo-graph/ in the browser brings up nothing. I have followed the installation advice exactly and checked it. I don’t suppose you would know why it isn’t coming up?

    I have updated everything and checked my settings, the fact that it comes up in phpmyadmin suggests that it can connect to localhost.

    • Simon

      Ah I see it is the same issue as the poster newhoneypotstudent has posted below. I will try reinstall an earlier version see if that helps

      • Simon

        Got it finally working by installing kippo graph in /var/www/html rather than just /var/www/

  • Paul

    Hi. I’ve successfully installed kippo-graph, but an issue:

    - The images on the kippo pages are all missing. Is that because graphs aren’t being generated, or is there a path issue to the images placeholders?

    • Ion

      Hi Paul, make sure you chmod’ed the generated-graphs folder. Other than that, what does your web server log says? (e.g. Apacher’s error_log)

      • Paul

        It was just that no data had come in yet. All good now. Thanks.

  • Tim

    What are people using for kippo-graph authentication? Are you blocking all external access, locking down this folder only? Other?

  • Peter

    So I had an attacker which were very active executing a lot of commands, mainly to kill stuff. Anyways, he was interesting so I wanted to see the playlog. But under the “kippo-playlog” page there’s no entry for his session. While under “kippo-input” I can see some commands and wgets for the session. Pressing the play next to a wget commands just give me an empty playlog. All that is visible is “## end of log ##”. Something you’ve heard of before?

    • Peter

      More info: http://i.imgur.com/16sjCZV.png

      Looks like an issue with Kippo rather than kippo-graph

      • Ion

        Hey Peter, where is this output from? Have you tried the Python playlog script included in Kippo (I think inside the utils folder)?

  • stickygreen

    Hi, I followed all the instructions but when i go to the webpage, I only see the tab menu from kippo, nothing else than that . I installed kippo-graph in /var/www because that’s my root folder in apache. When do an ls i see al the tab menus and the scripts.. Can you help me please?

    • stickygreen

      and my generated-graphs folder is empty btw, i chmod’d it as well ..

    • Ion

      Hi. What does your server’s error log say? Did you also enter the correct root path in config.php?

      • stickygreen

        Hi, ty for answering so quick, i’m doing a thesis on this and i don’t have much time left. Where can i find the server’s error log (/var/log/syslog ?). And where in the config file do I need to put the root directory in, is it _FILE_ where i need to put /var/www/ ? Ty in advance 😉

      • Ion

        Ah, I forgot that I’ve used __FILE__. It’s fine, you don’t have to change anything there.

        The log you’re looking for are usually at /var/log/apache or /var/log/httpd.

      • stickygreen

        hi, this it a cat from the /var/log/apache2/error.log

      • Ion

        Argh, this is probably my mistake. I’ve fixed that in the git repo but didn’t release an updated package. Can you clone from GitHub instead of using the package? And can you also tell me what PHP version you are running (php -v)? I suppose < 5.4.

      • stickygreen

        Thank you so much, everything is working. My php version is 5.3.10 btw. Can you just tell how i can generate data into the web interface, so i can see what i did in the play log?

      • stickygreen

        because when I try to start an ssh session from my host machine (i’m running my honeypot server on a virtual machine), I can’t login as root with password 123456

      • Ion

        root:123456 is the default combination. Can you check your userdb.txt file and see if it’s there? Also, make sure you’re connecting to the correct port as Kippo opens 2222 by default and not 22 (because ports <1024 need root permissions). Here I have explained how you can "fix" this using authbind: http://bruteforce.gr/installing-kippo-ssh-honeypot-on-ubuntu.html. Another way is to use iptables and forward 2222 to 22.

  • Mike

    Having some interesting issues that I’m having a tough time figuring out the cause of.

    Getting the following error, after upgrading from kippo-graph-1.5.0 to kippo-graph-1.5.1 (just copied over the config.dist.php and config.php files)

    PHP Warning: file_put_contents(/var/www/html/kippo-graph/include/tor/tor_exit_node_list.txt): failed to open stream: Permission denied in /var/www/html/kippo-graph/include/tor/tor.class.php on line 11, referer: http://localhost/kippo-graph/gallery.php

    All the folders and files are permissions of the apache webserver (apache:apache), /var/www/html/kippo-graph/include/tor/tor.class.php and /var/www/html/kippo-graph/include/tor/tor_exit_node_list.txt are 0777 apache:apache

    Not sure what is causing this error.

    Thanks for any help!

  • Todd

    Hi Ion, I just updated kippo-graph to the latest version. The problem I am experiencing is the kippo-graph page isn’t showing any data or graphs. For example, it is not showing any passwords. I can download a csv of the passwords. The graphs on the input page and geo page are working. Any suggestions? Thanks

    • Ion

      Hi Todd, what does your web server log say? (e.g. in /var/log/apache2/error.log)

      • Todd

        Here it is. I am able to open MySQL and see the tables populated. It looks to me like whatever is supposed to generate the graph and put it in the generated graphs folder isn’t.

      • Ion

        Can you check that the generated-graphs folder exists and that it’s chmod’ed to 777? When you say updated to latest version, how do you mean? git pull?

      • Todd

        By latest version I mean Kippo-graph is 1.5. generated-graphs is chmod’d. Thanks for the help.

      • Ion

        Wait, why there is a kippo-graph-1.5 folder inside kippo-graph? Which URL are you visiting in your browser? I suggest the following: cd /var/www/; rm -rf kippo-graph/; git clone https://github.com/ikoniaris/kippo-graph.git; cd kippo-graph; chmod 777 generated-graphs; cp config.php.dist config.php; nano config.php

      • Todd

        I will follow your suggestion and post back. To answer your question, the folder kippo-graph-1.5 is there because of step 5 in the Quick installation steps above. I ended up moving all of the files from inside that to the kippo-graph folder. I just forgot to delete it.

      • Todd

        Perfect! Thanks Ion.

  • iKONs

    Hi Ion, i have update into kippo graph 1.5.1, however the kippo-ip.php shows nothing, only “IP activity gathered from the honeypot system” and blank…
    How to fix this?
    Thanks

    • Ion

      Hi! What does your server’s error log say? You can possibly find it at /var/log/apache2/error.log or /var/log/httpd/error_log or something.

  • stonia

    hi, i tried out HoneyDrive and it works good but now I have a problem with Kippo Graph, when I access it in my browser it’s empty even though there are some log files in /log/tty. I don’t know how to figure out what’s wrong,I checked the log files but I mostly don’t understand anything, can someone help?

    • Ion

      Hi, hm, this seems to be an Apache error? Have you updated HoneyDrive by any chance via apt?

      • stonia

        oh, yes i did an apt get upgrade, so that could have caused a problem!
        I resetted the machine anyway so now i’m now in a state before the apt and Kippo Graph seems to work just fine

  • Amet

    I really really appreciate your Kippo work. I must really be on time with an urgent work. I populated Mysql db with some kippo logs (thousands IP s). I can display in phpmyadmin and mysql cli in ubuntu 14.04 BUT not in kippo-ip, kippo-geo tabs in kippo-graph. Username and password attempts can all be displayed in kippo-graph.

    I read all posts by the way.

    I chmodded kippo-graph and kippo subdirs. From my local pc, I can generate log and display it in mysql, phpmyadmin and all relative tabs in kippo-graph including ip-geo.

    If you could help me, i am gonna pray for you all night instead of figuring out this. 🙂

    • Ion

      Hi Amet. So if I understand correctly: using the same version of Kippo-Graph and the same MySQL db, you are able to see the data in Kippo-IP/Geo on your local machine but on the server running Kippo? If that’s the case, what is the problem exactly? Page timing out? Blank page? What does your Apache/nginx logs say?

      • Amet Dursun

        With the help of kippo2mysqldb script, i was able to populate MySQL db with kippo logs successully. I can display them in Mysql and phpmyadmin perfectly. When i tried to display them in kippo graph; i can only see username-password attempts not the ip addresses under ip-geo tab. But when i tried to ssh to honeypot from one of my stations, interestingly i can display those private ips under Kippo-IP-GEO tab, that is, it works fine. As a result, when i populated with my logs i can’t display them in Kippo-IP-GEO but when I sshed from my stations, the stations’ private ips all appear in Kippo-IP-GEO.

      • Ion

        It’s been a while since I last touched Kippo2MySQL but IIRC the data you can transfer with it to a DB are minimal. It’s 10 times better if you run your Kippo honeypot with MySQL logging enabled from the beginning. Maybe this is what happened? You were running Kippo without DB logging and ended up with a bunch of text based log files and then you enabled DB logging? That would explain why you can your IPs in Kippo-Geo (presumably after you enabled DB logging) but not the ones from your text based log files (before you had enabled DB logging). In any case, if you have text based logs it’s hard to populate the DB as if Kippo had DB logging enabled so don’t expect great results. You should also give this script a try: http://bruteforce.gr/new-tool-kippo-log2db-pl.html which is better.

      • Amet Dursun

        I guessed like you said that the only efficient way is to start logging from the beginning. 🙂 This was the bitter experience. Thank you for your kind and fast cooperation I ll try the link you sent.

  • QK

    Hi Ion,
    Sorry I am new to this, please dont mind my stupid question.

    I have setup my kippo on AWS cloud instance, I have now installed Kippo-Graph 0.5 and in the config.php you have asked to change localhost, username, password, & database. What values should I add here?

    I’ll really appreciate your response 🙂

    Thanks
    QK

  • h a d i

    Can someone help me with this please?

    Failed to load application: ‘module’ object has no attribute ‘IPluggableAuthenticationModules’

  • sean

    Hello I have come across a weird issue which I am thinking may be a dependency issue

    My kippo graph works great but when I click on kippo-graph I get a download rather than the page displaying I have checked my dependcies but I am not seeing anything missing

    Distributor ID: Debian
    Description: Debian GNU/Linux 7.11 (wheezy)
    Release: 7.11
    Codename: wheezy

    err.log is not showing anything

    Could someone please tell me what I could be missing I am currently using Version: 1.4.2

    • Ion

      Hi Sean, it looks like a web server problem. Take a look at this: https://stackoverflow.com/questions/18422140/apache-is-downloading-php-files-instead-of-displaying-them it might be helpful in your case.

      • sean

        Thanks for the response but it was a browser issue I didnt think to clear cache/cookies its working fine now

  • Cristobal Mckinnie

    My children were searching for KY Hart-Supported Lliving Grant Application this month and learned about a great service that hosts a ton of fillable forms . If you need to fill out KY Hart-Supported Lliving Grant Application too , here’s http://goo.gl/Wgz1fJ

  • shehryar khan

    hello .
    i gone through all the above steps but at the end when i check in browser (my ip/kippo-graph) this comes on page.

    kindly help

    Kippo-Graph | Fast Visualization for your Kippo SSH Honeypot Stats

    Kippo-Graph

    Fast Visualization for your Kippo SSH Honeypot Stats

    Version: 1.5.1 | Website: bruteforce.gr/kippo-graph

  • shehryar khan

    is it because of /var/www/html ????

  • shehryar khan

    when is execute the command for installation of libapache2 so this error comes

    Package libapache2-mod-php5 is not available, but is referred to by another package.
    This may mean that the package is missing, has been obsoleted, or
    is only available from another source

Read previous post:
The big post of Kippo scripts, front-ends, bash one-liners and SQL queries
Logging Kippo events using MySQL DB
Installing Kippo SSH Honeypot on Ubuntu
Έλληνες σε Security Conferences
Εγκατάσταση του Kippo SSH Honeypot (Ubuntu 11.04)
Close