Feb 13 2014

Announcing Kippo-Malware

This is another side project, with the goal of creating a script that will download all malicious files stored as URLs in a Kippo SSH honeypot database (and help me learn some Python during the process). This is useful in situations where you have lost your files or something happened to your VPS/server but you still have your DB intact.

You can download it from: https://github.com/ikoniaris/kippo-malware

The script uses the following packages: MySQL-python, pony, requests, and clint. Installing those is trivial via pip. Your only problem might be with MySQL-python under Windows but you can use this precompiled binary.

# python kippo-malware.py -h
usage: kippo-malware.py [-h] [--directory DIRECTORY] [--hostname HOSTNAME]
[--port PORT] [--username USERNAME] [--password PASSWORD] [--database DATABASE] [--debug]
optional arguments:
-h, --help            show this help message and exit
--directory DIRECTORY Dir to save the files -- DEFAULT: <current>/downloads
--hostname HOSTNAME   MySQL server hostname -- DEFAULT:
--port PORT           MySQL server port -- DEFAULT: 3306
--username USERNAME   MySQL server username -- DEFAULT: kippo
--password PASSWORD   MySQL server password -- DEFAULT: kippo
--database DATABASE   MySQL server database -- DEFAULT: kippo
--debug               Enable debugging

For comments, suggestions, fixes, please use the Kippo-Malware page: http://bruteforce.gr/kippo-malware

More in Blog News, Honeypots
HoneyKippo en HoneyDrive [ES, no sound]
HonSSH - A high interaction honeypot solution for Linux based systems
Kippo-Graph 0.9.1 - Google Map fix
Vagrant configuration for Dionaea malware honeypot
BlackHat USA 2012 - Owning Bad Guys (and Mafia) with Javascript Botnets