Upload kippo ssh honeypot files to viper

You want to store all your samples catched by your SSH-Kippo Honeypot to your malware repository operated with viper?

Go that way:
Start Viper API:

foo@bar ~/scripts/viper $ ./api.py -H 0.0.0.0 -p 8080

and upload all your samples to viper:

for i in /home/pi/kippo-read-only/dl/*; do curl -F file=@$i -F tags="honeypot" http://covert:8080/file/add; done 

Result:

{
    "message": "added"
}{
    "message": "added"
}

(you might want to modify the dir to your setup)
Why not automate uploading from kippo to viper?
– The „attacker“ might upload more then just malware / samples. You do not want to waste space in your malware zoo with another copy of netcat…

Kippo Honeypot stop

To stop Kippo Honeypot, you could use two options, first you could check your connections:


netstat -l -p

and then kill the process with the PID via


kill -9 $PID

Or you could use the small script available at github (https://github.com/beardyjay/bHoneypot/issues/15):

#!/bin/sh

PIDFILE=kippo.pid

if ! [ -f $PIDFILE ]
then
echo „Kippo is not running ..“
exit
fi

PID=$(cat $PIDFILE)

echo „Stopping Kippo ..“
kill -TERM $PID
rm -f $PIDFILE

with the result:


pi@raspberrypi ~/kippo-read-only $ ./stop.sh
Stopping Kippo ..