Skip to content

meesaltena/SSHHeatmap

master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 

SSHHeatmap

Generates a heatmap of IPs that made failed SSH login attempts on linux systems, using /var/log/auth.log to get failed attempts. Uses the ipinfo.io library to fetch the IP address coordinates, and folium to generate the heatmap.

Dependencies

  • Python >3.5
  • folium
  • ipinfo
  • requests
pip3 install folium requests ipinfo

Installation & Usage

Use wget (or curl, or git clone) to download the script.

wget https://raw.githubusercontent.com/meesaltena/SSHHeatmap/master/SSHHeatmap.py

Use grep to generate a text file that contains the logging entries of failed ssh connection attempts. Pattern matches login attempts with a password as well as an ssh key.

grep "authentication failure\| Failed password" /var/log/auth.log > failed_attempts.txt

Or use /var/log/secure if /var/log/auth.log doesn't exist

grep "authentication failure\| Failed password" /var/log/secure > failed_attempts.txt

Get a free ipinfo api key.

Run the script, passing the required arguments.

python3 SSHHeatmap.py failed_attempts.txt <ipinfo_api_key>

You can pass additional arguments to set the minimum number of login attempts required for the IP address to be included in the heatmap, and the file name to use for the heatmap.

python3 SSHHeatmap.py <sourcefile> <api key> <min_attempts> <heatmap_filename>

Open the generated heatmap HTML file in a browser.

License

MIT

About

Generates a heatmap of IP's that made failed SSH login attempts.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages