Question 1

How to replay attacker sessions from Kippo logs?

Accepted Answer

Use the utils/playlog.py utility to replay logs stored in log/tty/, which maintains original timings for accurate behavioral analysis. This allows step-by-step review of shell interactions.

Question 2

Is Kippo or Cowrie better for SSH honeypotting?

Accepted Answer

Cowrie, the fork mentioned in the README, is more actively maintained and updated, while Kippo is older with outdated dependencies. For modern needs, Cowrie is generally recommended over the original Kippo.

Question 3

What Python version does Kippo need?

Accepted Answer

Kippo requires Python 2.5 or higher, as stated in the Requirements, but this is problematic since Python 2 is end-of-life, posing compatibility and security issues.

Question 4

How to set up Kippo to monitor SSH attacks?

Accepted Answer

Edit kippo.cfg to configure settings, use ./start.sh to run it on port 2222 (or forward ports), and ensure dependencies like Twisted and PyCrypto are installed, as per the Wiki instructions.

Question 5

Can Kippo handle a lot of simultaneous SSH connections?

Accepted Answer

As a medium interaction honeypot, Kippo may not scale well for high-volume attacks; it's designed for logging and analysis rather than performance, so it might struggle under heavy load.

Question 6

Is Kippo safe to use on my network?

Accepted Answer

The FAQ only says 'Maybe,' so it should be deployed in isolated environments with monitoring. Since it attracts malicious traffic, improper setup could risk network exposure.

Kippo

What is Kippo?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions