Sponsor

Security Videos
« The Kippo Kronicles - Ep1 | Main | Introduction to Malware Analysis »
Sunday
Jan132013

Tektip ep20 - kippo2Wordlist 

In this episode of Tektip we review a tool we created kippo2Wordlist.

Description: kippo2Wordlist is a python program that reads logs from kippo to create a wordlist that can be used for anything a standard wordlist is used for such as pipal analysis, cracking passwords, and the like.

Installation: You can download the script from github.  You can also clone the git repository if you have git installed.  Place in any directory you like.  I put it at:

/opt/kipp2Wordlist/

If you are using honeydrive and haven't changed where the logs for kippo go you are all set.  Just run the script and it will function as designed.

honeydrive@honeydrive:/opt/kippo2Wordlist$ python kippo2Wordlist.py 

 

If you are not using honeydrive or have modified log paths, open kippo2Wordlist in your favorite text editor and modify the variables as needed:

# variables for the kippo logs, if your path is not the default from honeydrive, modify logPath.
# if your log files are not named kippo.log or kippor.log.x please modify logPre.
logPre = 'kippo.log'
logPath = '/opt/kippo/log/'

Once the variables are set appropriatley you can simply run the script as shown above.  When the script completes it will outup the wordlist to: 

outputFile = '/opt/kippo/log/wordlist.txt'

*Feel free to change this variable as well if you would like to output to a different directory or file name.

Now you can view the wordlist to ensure that the script has done what is supposed to.

honeydrive@honeydrive:/opt/kippo2Wordlist$ cat /opt/kippo/log/wordlist.txt 

As a sample here are a few of the passwords from the tail of my wordlist:

ortega.123#TradeLinuxKi!l|iN6#Th3Ph03$%nix@NdR3b!irD

0p9o8i

1111111

asdfghjk

temp

myftpserver

daudebautlaovi

root12

mathsacL1nuX

qwerty12345

gu3st

rootroot

education

eric

p0o9i8u7y6t5r4

boot

germaine

5393923

autt123

muieladusmanii

00000

qazwsx

!@#123

jifennet.com

zxcdsa

t35t

aceraspire

tomcat

samsung

libroot123

.sfl@zk^

system9876..

C0rb1n1-DNS

z9fasuWR

backontrack

123654re

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>