You want to store all your samples catched by your SSH-Kippo Honeypot to your malware repository operated with viper?
Go that way:
Start Viper API:
foo@bar ~/scripts/viper $ ./api.py -H 0.0.0.0 -p 8080
and upload all your samples to viper:
for i in /home/pi/kippo-read-only/dl/*; do curl -F file=@$i -F tags="honeypot" http://covert:8080/file/add; done
(you might want to modify the dir to your setup)
Why not automate uploading from kippo to viper?
– The „attacker“ might upload more then just malware / samples. You do not want to waste space in your malware zoo with another copy of netcat…
To stop Kippo Honeypot, you could use two options, first you could check your connections:
netstat -l -p
and then kill the process with the PID via
kill -9 $PID
Or you could use the small script available at github (https://github.com/beardyjay/bHoneypot/issues/15):
if ! [ -f $PIDFILE ]
echo „Kippo is not running ..“
echo „Stopping Kippo ..“
kill -TERM $PID
rm -f $PIDFILE
with the result:
pi@raspberrypi ~/kippo-read-only $ ./stop.sh
Stopping Kippo ..