Script to send kippo/cowrie login attempt information to
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.


Script to send kippo/cowrie honeypot login attempt information to It can read login attempts from kippo/cowrie log files, or from a MySQL database if your honeypot is redirecting its logs there too.

Adapted from the Perl script published by at


  • Edit and set the values for auth_key and dbshield_userid. Both can be found at your profile page at If you plan to read login attempts from the DB, add the values for db_name, db_host, db_username, db_password

  • Install dependencies

    pip install requests tzlocal MySQL-python pytz
  • Clone the repository

    git clone
  • Make the script executable

    chmod +x


./ -h
usage: [-h] [-db] [-f LOGFILE]

optional arguments:
-h, --help  show this help message and exit
-db         Get login attempts from a database
-f LOGFILE  Get login attemtps from a log file

By default, kipposhield marks the timestamp of the last log entry it has sent to ISC in a text file in the same directory as in order to not send duplicate entries.

This allows to be run as a cronjob every few hours, sending only the new entries to ISC.

If there is a need to bypass this, one can edit or remove the last_sent file from the current directory.

Example output

cowrie@mypot:~/kippo-pyshield$ ./ -f /home/cowrie/cowrie/log/cowrie.log.2
INFO: analyzing and sending entries that occured later than 2015-11-10 11:16:46
INFO: Found 2 login attempts in the specified log source
INFO: Sending all entries to the server
response is ok

SUCCESS: Sent 101 bytes worth of data to