Mar 30 2014

Kippo-Graph 0.9.3 released, with new component: “Kippo-IP”

This is the release of a new version of Kippo-Graph, adding a new component: Kippo-IP. Using Kippo-IP you can get a table view of all attacks and inputs by IP address.

Kippo-IP has been developed by s0rtega, so make sure to send him your thanks!

Download: kippo-graph-0.9.3 or clone/pull from GitHub:

MD5 Checksum: 30FDEC6F6F0F75689E776D61616CD18C
SHA-1 Checksum: 6E31D17965E3DEDCAD5A123A2572EE04820E5FC1


Version 0.9.3:
+ Added Kippo-IP: attack details by IP address.


For comments, suggestions, fixes, please use the Kippo-Graph page:

Mar 24 2014

Kippo-Graph 0.9.2, with Kippo-Playlog!

This is the release of a new version of Kippo-Graph, adding a new component: Kippo-Playlog. Now you can play captured honeypot sessions in real time inside Kippo-Graph!

Kippo-Playlog has been developed by CCoffie, so make sure to send him your thanks!

The support is somewhat experimental, so please update Kippo-Graph, test it with your database and let us know if Kippo-Playlog works as suggested.

Download the new version from here: kippo-graph-0.9.2 or clone/pull from Kippo-Graph’s GitHub repo:

As always, here are the checksums of the tar file:

MD5 Checksum: CC3C27DD5BAA2F5AC15DF1E552F9DD05
SHA-1 Checksum: F88DD3EEAEB14B9079AC2182D6A4D8C4457E62E7


Version 0.9.2:
+ Added experimental playlog display.



For comments, suggestions, fixes, please use the Kippo-Graph page:

Mar 12 2014

Bypassing “clang: error: unknown argument”

Note: I originally wrote the blog post while installing mitmproxy on OS X Mavericks, but it is relevant to the “unknown argument” error in general, so keep reading.

Having a Mac laptop is like going on a journey every single day… My latest issue happened today while trying to install mitmproxy. Python’s pip was exiting with the following error:

clang: error: unknown argument: ‘-mno-fused-madd’ [-Wunused-command-line-argument-hard-error-in-future]

Well, it turns out that the latest (5.1) version of Xcode ships with a compiler that treats unknown passed parameters as errors. From the changelog:

The Apple LLVM compiler in Xcode 5.1 treats unrecognized command-line options as errors. This issue has been seen when building both Python native extensions and Ruby Gems, where some invalid compiler options are currently specified.

Projects using invalid compiler options will need to be changed to remove those options. To help ease that transition, the compiler will temporarily accept an option to downgrade the error to a warning:


Note: This option will not be supported in the future.

To workaround this issue, set the ARCHFLAGS environment variable to downgrade the error to a warning. For example, you can install a Python native extension with:

$ ARCHFLAGS=-Wno-error=unused-command-line-argument-hard-error-in-future easy_install ExtensionName

Similarly, you can install a Ruby Gem with:

$ ARCHFLAGS=-Wno-error=unused-command-line-argument-hard-error-in-future gem install GemName 16214764 updated

So, basically you can install mitmproxy (or any other program with a similar error) by:

ARCHFLAGS=-Wno-error=unused-command-line-argument-hard-error-in-future pip install mitmproxy

Bear in mind that you if you need to combine the above with sudo, you will need to add it the beginning of the command and not before “pip”. Otherwise you can also run the above logged in as root user from the start.

Mar 07 2014

Using KeePass on Mac OS X

If you want to run KeePass in Mac OS X like me, you can do it with Mono (described here for example, and also mentioned in the program’s downloads page) but I find it buggy (random exceptions, crashes, etc that can ruin unsaved work). Instead, you can try using KeePassX. KeePassX is actually an old project, a KeePass client for many platforms. I have used it in the past in Linux-based systems but at that time it couldn’t handle v2 databases and actually Mono worked well under Linux so I used the official application. This doesn’t seem to be the case with OS X though.

Newsflash: KeePassX now works under Mac OS X, and it can also manipulate KeePass v2 databases!

The thing is, if you go to the regular KeePassX downloads page you’ll end up with an old version of the application for Mac that doesn’t really work with v2 databases. Instead, you have to get the so-called KeePassX 2.0 version which you can only find through the site’s News page (sigh). Here is a direct link to the latest version: Please keep in mind that this is an alpha version. Still, I found it to work OK, but I would use a cloud based solution with versioning (see Dropbox, Owncloud, etc) to store the database file just in case.

Another option is to use MacPass, a native open source KeePass client for OS X, but this is even more alpha software, so I would recommend against it for the time being. It is being developed quite actively though and looks a promising alternative for the future.


Effective IDS Testing – The OSNIF’s Top 5


Finux’s Historical Tour Of IDS Evasion, Insertions, and Other Oddities

Feb 18 2014

Kippo-Malware update #2

Kippo-Malware has been updated again!

It now includes support for Kippo’s configuration file. This means that you can simply pass a “-c” or “-config” argument with a kippo.cfg file and Kippo-Malware will fetch all settings corresponding to MySQL and downloads directory from it. Various small fixes have been applied as well.

You can download it from: (git clone or pull).

For comments, suggestions, fixes, please use the Kippo-Malware page:

Page 6 of 29« First...45678...20...Last »