Skip to content
Old project that used Kippo and various custom tools for SSH honeypot analysis.
PHP Ruby
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


This is the source code I used for my honeypot project. A lot of it is hacked 
together but hopefully someone will find it useful!

To ge the Ruby scripts to work you will need to install mysql and gruff gems

gem install mysql
gem install gruff

The script to report an IP address uses PEAR mail but this is actually not 
needed, I only used it so I could send mail via gmail. You can simply change 
this to PHP's mail() function.  

# blacklist.rb 

Generates list of IP's that have been carrying out SSH attacks useful for 
creating blacklists for IPTables, IOS etc 

# report.php

Gets the IP address from the kippo DB and reports the IP for abuse if certain 
conditions are met. Then saves the information to a 'report' table for 
displaying the information at a later date.

# dump.php

This was used to output the UML blobs in the Kippo DB to a file to be read by

# current-charts.rb

Ruby script I used to create the graphs for the front page. 

# snippets.php

This is just wee snippets of code I used through-out my code that I think might
be useful to some people :-) 
You can’t perform that action at this time.