This is a non-IMPACT record, meaning that access to the data is not controlled by IMPACT. For access, see the directions below.

Disclaimer:
This Resource is offered and provided outside of the IMPACT mediation framework. IMPACT and the IMPACT Coordination Council/Blackfire Technology, Inc. expressly disclaim all conditions, representations and warranties including but not limited to Resource availability, quality, accuracy, non-infringement, and non-interference. All Resource information and access is controlled by entities and under terms that are external to the IMPACT legal framework.

Summary

DS-1357
kippo
External Tool
External Data Source
GitHub
Unknown
Unknown
55 (lowest rank is 55)

Category & Restrictions

Other
cyber defense, honeypots
Unrestricted
true

Description


Kippo is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker.

Features of Kippo:

-Fake filesystem with the ability to add/remove files. A full fake filesystem resembling a Debian 5.0 installation is included
-Possibility of adding fake file contents so the attacker can 'cat' files such as /etc/passwd. Only minimal file contents are included
-Session logs stored in an UML Compatible format for easy replay with original timings
-Just like Kojoney, Kippo saves files downloaded with wget for later inspection
Trickery; ssh pretends to connect somewhere, exit doesn't really exit, etc

Additional Details

5.0MB
false
Unknown
web scraping, kippo, spamming, remote administration software, brute force attack, wget, inferlink corporation, cryptographic protocol, application layer protocols, file system, honeypot, ssh communications security, external data source, cryptographic software, 1357, secure shell, cryptanalysis, replay attack, exploit