├── README.md
└── kippo_detect.py


/README.md:
--------------------------------------------------------------------------------
 1 | kippo_detect
 2 | ============
 3 | 
 4 | Quick proof of concept to detect a Kippo SSH honeypot instance externally
 5 | 
 6 | ### Usage
 7 | 
 8 | ```
 9 | # python kippo_detect.py 1.1.1.1
10 | [!] Kippo honeypot detected!
11 | ```
12 | 
13 | 


--------------------------------------------------------------------------------
/kippo_detect.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/python
 2 | 
 3 | import socket
 4 | import sys
 5 | 
 6 | if len(sys.argv) != 2:
 7 | 	print '[+] Usage: python %s 1.1.1.1' % sys.argv[0]
 8 | 	exit()
 9 | 
10 | host = sys.argv[1]
11 | port = 22
12 | 
13 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
14 | s.connect((host,port))
15 | banner = s.recv(1024)
16 | s.send('\n\n\n\n\n\n\n\n')
17 | response = s.recv(1024)
18 | s.close()
19 | 
20 | if "168430090" in response:
21 | 	print '[!] Kippo honeypot detected!'
22 | 


--------------------------------------------------------------------------------