Public | Automated Build

Last pushed: a month ago
Short Description
My version of Kippo running in Docker.
Full Description

docker-kippo

Kippo is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker.

Important

2015-11-15: It seems that kippo-graph doesn't work with MySQL 5.7 so make sure you use MySQL 5.6 if you like to also use my docker-kippo-graph container.

Features

This container runs kippo with som addons that I have made and you can find a list of them here. I will look at https://github.com/micheloosterhof/cowrie later to see if I should rebase to that fork of Kippo.

Usage

First start a MySQL instance:

    docker run --name kippodb -e MYSQL_ROOT_PASSWORD="somepassword" -d mysql:5.6

Then start docker-kippo (make sure the alias name for your MySQL server is mysql:

    docker run -p 2222:22 --name kippo --link kippodb:mysql -d reuteras/docker-kippo

You can specify the following parameters:

  • -e MYSQL_ROOT_PASSWORD=<MySQL root password> (defaults to $MYSQL_ENV_MYSQL_ROOT_PASSWORD)
  • -e MYSQL_ROOT_USER="<MySQL root user>" (defaults to "root")
  • -e KIPPO_DB_USERNAME="<database username for kippo>" (defaults to "kippo")
  • -e KIPPO_DB_PASSWORD="<database password for kippo>" (defaults to "$MYSQL_ROOT_PASSWORD")
  • -e KIPPO_DB_DATABASE="<database to use for kippo>" ( defaults to "kippo")
  • -e KIPPO_HOSTNAME="<hostname kippo should use>" (defaults to "shell-01")
  • -e SSH_VERSION_STRING="<version string for sshd>" (defaults to "SSH-2.0-OpenSSH_6.6p1 Ubuntu-2ubuntu1")
  • -e WGET_VERSION_STRING="<wget version string>" (defaults to "Wget/1.15 (linux-gnu)")
  • -e UNAME_VERSION_STRING="<uname version string>" (defaults to "3.13.0-24-generic #46-Ubuntu SMP Thu Apr 10 19:11:08 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux")

If you would like automated monitoring of downloaded files you can use docker-vtmon:

    docker run --name vtmon --volumes-from kippo -e VT_APIKEY=<your apikey> -e VT_PATH=/var/kippo/dl/ -e VT_TO=user@example.com -e VT_FROM=root@localhost -e VT_SMTP=some.server.tld reuteras/docker-vtmon
Docker Pull Command
Owner
reuteras
Source Repository

Comments (0)