 |
README - honeypot - A custom version of kippo used for SSH honeypot analysis an… |
 |
git clone git://jay.scot/honeypot |
 |
Log |
|
Files |
|
Refs |
|
README |
|
--- |
|
README (1251B) |
|
--- |
|
1 |
|
2 __ ___ __ __ ___ |
|
3 |__| / \ |\ | |__ \ / |__) / \ | |
|
4 | | \__/ | \| |___ | | \__/ | |
|
5 |
|
6 |
|
7 --- |
|
8 |
|
9 |
|
10 This is the source code I used for my honeypot project. A lot of it is |
|
11 hacked together but hopefully someone will find it useful! To get the |
|
12 Ruby scripts to work you will need to install mysql and gruff gems. |
|
13 |
|
14 |
|
15 $ gem install mysql |
|
16 $ gem install gruff |
|
17 |
|
18 |
|
19 The script to report an IP address uses PEAR mail but this is actually |
|
20 not needed, I only used it to send mail via gmail. You can simply |
|
21 change this to PHP's mail() function. |
|
22 |
|
23 |
|
24 > blacklist.rb |
|
25 |
|
26 Generates list of IP's that have been carrying out SSH attacks, useful |
|
27 for creating blacklists for IPTables, IOS etc |
|
28 |
|
29 |
|
30 > report.php |
|
31 |
|
32 Gets the IP address from the kippo DB and reports the IP for abuse if |
|
33 certain conditions are met. Then saves the information to a 'report' |
|
34 table for displaying the information at a later date. |
|
35 |
|
36 |
|
37 > dump.php |
|
38 |
|
39 This was used to output the UML blobs in the Kippo DB to a file to be |
|
40 read by ajaxterm. |
|
41 |
|
42 |
|
43 > current-charts.rb |
|
44 |
|
45 Ruby script I used to create the graphs for the front page. |
|
46 |
|
47 |
|
48 > snippets.php |
|
49 |
|
50 This is just wee snippets of code I used through-out my code that |
|
51 I think might be useful to some people :-) |
