Hi there,

I am working on an improved version of Cowrie (the successor of Kippo) that would use the MySQL database more efficiently and I was wondering whether you would be willing to modify Kippo-Graph to support the new database schema.

There are two main changes I am making. The first one you can ignore, because it is not incompatible with what you're currently doing. However, if you choose to support it, you'll be able to do geolocation much faster.

Currently, the sessions table stores only the raw IP number of the attacker (plus other thins, of course, like start time and end time of the session, sensor name, terminal size and client name). I am adding several additional columns - port, country_name, country_iso_code, city_name, latitude, longitude, and geohash. If you want, you could take the city name and country name from there, instead of doing the geolocation yourself. If not, it's not a problem.

The second change, however, is a bit incompatible with your current program. You see, Cowrie stores in the input table every single command ever issued by any attacker. This is incredibly wasteful, because there are many commands that are common among attackers (e.g., enable, system, shell, etc.). So, instead of an input column of type text, I have an input column of type int(5). It contains an index to a separate table, commands, which contains unique copies of each command ever used.

Unfortunately, this means that when Kippo-Graph is given such a database, it would display numbers instead of texts in several of the tables on the Kippo-Input panel.

Would it be possible to support both database schemas? Basically, you need to check for the existence of the table commands and/or whether the type of the input column of the input table is int or text. If the former, you'd need to get the actual command text from the commands table, instead of from the input table, using the index in the input column of the input table.

If you're willing to do it, I can get you access to a MySQL database with the new schema for testing purposes.

Every time I go to the kippo-ip page, a new line appears in the apache error.log. It doesn't matter, if I have TOR check on or off.
[:error] [pid 27914] [client my-ip:59436] PHP Warning: file_put_contents(/var/www/html/kippo-graph/includ/tor/tor_exit_node_list.txt): failed to open stream: Permission denied in /var/www/html/kippo-graph/include/tor/tor.class.php on line 11, referer: http
://server-ip:8088/kippo-graph/kippo-ip.php

Is the TOR check failing?

Kippo-graphs show N/A in the success what does it mean.
I was having 1700 sessions with 1 IP but success is N/A.
If there is no success there must be 0, N/A doesnt make any sence.

I think there is a need for an index in the mysql database for kippo-graph when you get a lot of playlog entrys. My page http://x.x.x.x/kippo-graph/kippo-playlog.php is loading for 10 minutes+ before it shows the list of playlogs ( I am using cowrie by the way and upgraded the mysql server to ver 5.6 on ubuntu 14.04.5 LTS, Trusty Tahr 4 x Intel(R) Xeon(R) CPU X5570 @ 2.93GHz and 2Gb memory)
Kippo-graph source: Git clone from Jan 12 2017

Currently the mysql db is holding:
Total login attempts 107.248
Distinct source IP addresses 14.200

I can see that the Mysql database is 100% busy handeling that request (looks like sql with join ) - could you help us figure out what index is needed to speed things up ?

I think this is the query that needs some helping index in the DB

Query, Full Table Scan, Executed (#), Errors (#), Warnings (#), Total Time, Max Time, Avg Time, Rows Sent (#), Avg. Rows Sent (#), Rows Scanned (#), Avg. Rows Scanned (#), Temp. Tables (#), Temp. Disk Tables (#), Rows Sorted (#), Sort Merge Passes (#), Digest

SELECT * FROM ( SELECT ttylog . session , auth . timestamp , ROUND ( size / ?, ... ) AS size , COUNT ( input ) AS input FROM ttylog JOIN auth ON ttylog . session = auth . session JOIN input ON ttylog . session = input . session WHERE auth . success = ? GROUP BY ttylog . session ORDER BY auth . timestamp ASC ) s WHERE size > ? , *, 7, 0, 0, 40717537067.90, 10077257004.40, 5816791009.70, 140473, 20068.0, 3812953, 544708.0, 14, 0, 144174, 0, 9f0698b3ea97f01650e20f9f519ae676

Best regards Keld Norman

Just a few lines are displayed in bottom table with thet amout of attempts.

hello,

have you thought about restricting db queries to X weeks ?

I have kippo running for about 2 years, so I'd like more current statisticks.

the safest way would be to use PDO http://php.net/manual/en/book.pdo.php and bindParam, but you'd
have to rewrite most of db things in kippo-graph

I just use new variable from config.php in db_query string, but this is not the best approach
but it works.

I also use indexes on timestamp columns in db

another questions is, what the default value for this would be

Hello All,

I upgraded from 1.5 to the latest git hub version everything is working except playlog

you can see my research page ssh-research.seanmancini.com to see what I am seeing

I have kippo-graph (latest version from the repo) installed with Cowrie under Raspbian Jessie. I can replay sessions fine using Cowrie's playlog.py from the command line, but the sessions won't display in kippo-graph. On the kippo-input.php page, when I click "Play" next to a file link, the kippo-play page just shows a black screen under TTY log. The kippo-playlog.php page shows "total logs: 0". Nothing appears in the Apache error log when I navigate to those pages. All other kippo-graph pages are working fine for me.

Hello,

I'm getting an error on the GEOIP Page. I add my Google API Key, still seeing the issue.

What is weird is that it looks like it is going to load, but then disappears.

This is where I changed the code: kippo-play.php file, I'm I missing another place.

I have set up the kippo-graph in my machine but I can't seem to access the page ,the page simply won't load . Here are some screenshots of what I'm trying to do :

Here are details of my machine

The highlighted area is where the kippo-graph is saved

https://www.virustotal.com/en/ip-address/[IP address]/information/

Make geolocation parameterized in config.php. Local GeoIP will need the MaxMind database.

Hello,

I just got done setting up Kippo-Graph for use with Cowrie.

My setup is Ubuntu 14.04 64-bit, Kippo-Graph 1.5.1 and Cowrie (latest from git clone).

Installed location is: /home/cowrie/cowrie/

kippo is in the /var/www/html/kippo-graph/

I believe most of the charts and graphs are working, but Kippo-Playlog is not working.

On the Kippo-Input section, at the very bottom.

I see Interesting Commands, when I click play, under PlayLog, it takes me to Kippo-PlayLog.

All that I see is a blackbox with *** End of log! ***. Does this seem correct.

Also, when I click on the PlayLog Hyperlink, all that is it showing is Replay input by attackers captured by the honeypot system.

I checked my apache2 log files and it is free of errors.

I would like some help in trying to fix this issue, if this is not the correct function of PlayLog.

I did try using the playlog.py command and it works great from the command line.

Thanks for any help,

Nothing is available within overview, playlog or graph gallery.
No graphs are being produced, checked my apache error log and it shows the following:

[Tue Mar 20 15:01:10.610272 2018] [:error] [pid 27643] [client 77.75.189.228:52370] PHP Stack trace:, referer: http://zsm-solutions.ml/kippo-graph/kippo-graph.php
[Tue Mar 20 15:01:10.610294 2018] [:error] [pid 27643] [client 77.75.189.228:52370] PHP 1. {main}() /var/www/html/kippo-graph/kippo-graph.php:0, referer: http://zsm-solutions.ml/kippo-graph/kippo-graph.php
[Tue Mar 20 15:01:10.610303 2018] [:error] [pid 27643] [client 77.75.189.228:52370] PHP 2. KippoGraph->generateKippoGraphCharts() /var/www/html/kippo-graph/kippo-graph.php:38, referer: http://zsm-solutions.ml/kippo-graph/kippo-graph.php
[Tue Mar 20 15:01:10.610310 2018] [:error] [pid 27643] [client 77.75.189.228:52370] PHP 3. KippoGraph->createTop10Passwords() /var/www/html/kippo-graph/class/KippoGraph.class.php:22, referer: http://zsm-solutions.ml/kippo-graph/kippo-graph.php
[Tue Mar 20 15:01:10.610316 2018] [:error] [pid 27643] [client 77.75.189.228:52370] PHP 4. VerticalBarChart->render() /var/www/html/kippo-graph/class/KippoGraph.class.php:147, referer: http://zsm-solutions.ml/kippo-graph/kippo-graph.php
[Tue Mar 20 15:01:10.610323 2018] [:error] [pid 27643] [client 77.75.189.228:52370] PHP 5. BarChart->createImage() /var/www/html/kippo-graph/include/libchart/classes/view/chart/VerticalBarChart.php:222, referer: http://zsm-solutions.ml/kippo-graph/kippo-graph.php
[Tue Mar 20 15:01:10.610329 2018] [:error] [pid 27643] [client 77.75.189.228:52370] PHP 6. Chart->createImage() /var/www/html/kippo-graph/include/libchart/classes/view/chart/BarChart.php:60, referer: http://zsm-solutions.ml/kippo-graph/kippo-graph.php
[Tue Mar 20 15:01:10.610335 2018] [:error] [pid 27643] [client 77.75.189.228:52370] PHP 7. Plot->createImage() /var/www/html/kippo-graph/include/libchart/classes/view/chart/Chart.php:84, referer: http://zsm-solutions.ml/kippo-graph/kippo-graph.php

Code is copy-paste from other modules, it's better to use functions/whatever.

Seems like a trouble connecting to the DB
Installed properly and checked everything including the permissions on generated-graphs
There are rows when selecting * from auth in kippo DB

EDIT:
PHP version is 5.5.9
Tried downloading rb.php from RedBeanPhp and replace it with the one in Include - Didn't work

Closing:
php5-mysql package was corrupted

The heat map and Googlemaps map are not working properly anymore due the API changes of Google.

Hi
First of all, thanks for a great product. I have been testing this for a few months now and I love the data you get back. I decided to clean up and reset the database. which went okay, but when I go on to the kippo graph web page on my honey pot it is still displaying old stats, logins and the like. How can I reset this data to show nothing?

Thanks for your help

Regards
Duncan

I'm a docker-kippo-graph user and noted to the package maintainer that not all graphs populate. Turns out it was the mysql:latest package being 5.7. Downgrading it ot 5.6 seems to allow everything to work. I don't believe this is specific to the docker packages so I thought i'd let you know.

Hello,

I've set-up my Kippo & decided to use kippo-graph it semes very promising tool- thanks for the hard work.
However I ran into a problem where I can't see my graphs though my kippo db has lots of data- I cheeked the db tables. but when I checked my Apache log file I got permission denied error :

[Mon Nov 17 19:36:13.190984 2014] [:error] [pid 16458] [client x.x.x.x.:x] PHP Warning: imagepng(): Unable to open 'generated-graphs/most_successful_logins_per_day.png' for writing: Permission denied in /var/www/html/kippo-graph/include/libchart/classes/view/plot/Plot.php on line 295, referer: http://54.169.13.119/kippo-graph/index.php
[Mon Nov 17 19:36:13.197146 2014] [:error] [pid 16458] [client x.x.x.x.:x] PHP Warning: imagepng(): Unable to open 'generated-graphs/successes_per_day.png' for writing: Permission denied in /var/www/html/kippo-graph/include/libchart/classes/view/plot/Plot.php on line 295, referer: http://54.169.13.119/kippo-graph/index.php
[Mon Nov 17 19:36:13.202618 2014] [:error] [pid 16458] [client x.x.x.x.:x] PHP Warning: imagepng(): Unable to open 'generated-graphs/successes_per_week.png' for writing: Permission denied in /var/www/html/kippo-graph/include/libchart/classes/view/plot/Plot.php on line 295, referer: http://54.169.13.119/kippo-graph/index.php
[Mon Nov 17 19:36:13.211673 2014] [:error] [pid 16458] [client x.x.x.x.:x] PHP Warning: imagepng(): Unable to open 'generated-graphs/connections_per_ip.png' for writing: Permission denied in /var/www/html/kippo-graph/include/libchart/classes/view/plot/Plot.php on line 295, referer: http://54.169.13.119/kippo-graph/index.php
[Mon Nov 17 19:36:13.233831 2014] [:error] [pid 16458] [client x.x.x.x.:x] PHP Warning: imagepng(): Unable to open 'generated-graphs/connections_per_ip_pie.png' for writing: Permission denied in /var/www/html/kippo-graph/include/libchart/classes/view/plot/Plot.php on line 295, referer: http://54.169.13.119/kippo-graph/index.php
[Mon Nov 17 19:36:13.246058 2014] [:error] [pid 16458] [client x.x.x.x.:x] PHP Warning: imagepng(): Unable to open 'generated-graphs/logins_from_same_ip.png' for writing: Permission denied in /var/www/html/kippo-graph/include/libchart/classes/view/plot/Plot.php on line 295, referer: http://54.169.13.119/kippo-graph/index.php
[Mon Nov 17 19:36:13.254182 2014] [:error] [pid 16458] [client x.x.x.x.:x] PHP Warning: imagepng(): Unable to open 'generated-graphs/most_probes_per_day.png' for writing: Permission denied in /var/www/html/kippo-graph/include/libchart/classes/view/plot/Plot.php on line 295, referer: http://54.169.13.119/kippo-graph/index.php
[Mon Nov 17 19:36:13.260769 2014] [:error] [pid 16458] [client x.x.x.x.:x] PHP Warning: imagepng(): Unable to open 'generated-graphs/probes_per_day.png' for writing: Permission denied in /var/www/html/kippo-graph/include/libchart/classes/view/plot/Plot.php on line 295, referer: http://54.169.13.119/kippo-graph/index.php
[Mon Nov 17 19:36:13.266398 2014] [:error] [pid 16458] [client x.x.x.x.:x] PHP Warning: imagepng(): Unable to open 'generated-graphs/probes_per_week.png' for writing: Permission denied in /var/www/html/kippo-graph/include/libchart/classes/view/plot/Plot.php on line 295, referer: http://54.169.13.119/kippo-graph/index.php
[Mon Nov 17 19:36:13.272742 2014] [:error] [pid 16458] [client x.x.x.x.:x] PHP Warning: imagepng(): Unable to open 'generated-graphs/top10_ssh_clients.png' for writing: Permission denied in /var/www/html/kippo-graph/include/libchart/classes/view/plot/Plot.php on line 295, referer: http://54.169.13.119/kippo-graph/index.php

Any idea what actions to be taken

Appreciate that for you buddy :)

Hi, I use gentoo and no graph is generated.
I get xxxxx/generated-graphs/human_activity_per_week.png" failed (2: No such file or directory)
any Idea ?
It's on gentoo and php-fpm with nginx, pdo,mysql_pdo,gd is on
After enabling the error on php in your page i got this:

2015/01/20 11:42:31 [error] 22671#0: *346 FastCGI sent in stderr: "PHP message: PHP Fatal error: Call to undefined function imageftbbox() in xxx/include/libchart/classes/view/text/Text.php on line 74" while reading response header from upstream, client:, request: "GET xxx/kippo-graph.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm.sock:", host: ", referrer: "lol"

Ok I figured that by myself, when you use this libchart library, you need to have php GD > 2.0 and php compiled with the freetype options.
On gentoo to have that, you need to add the "truetype" use flags to php.

I don't know if it's the same on other distro.
Problem solved !

https://imgur.com/a/ZCq4R

My kippo Playlog-page is currently blank, i know there is data in the MySQL tables and every other statistics page works like a charm, any ideas?

The following code in class/KippoGraph.class.php doesn't work in PHP < 5.4:

public function generatedKippoGraphChartsExist()
    {
        $generated_graphs_path = DIR_ROOT . '/generated-graphs/';
        $generated_graphs_names_array = [
            'top10_passwords.png',

$generated_graphs_names_array = array ( ...) should be used instead of the new bracket construct.

after changing and well configuring the config.php kippo-graph
in addition kippo.cfg in the following path /home/kippo/kippo
am still not able to log my sessions in a database
please i need your help asap

Hi guys,
I'm running Kippo with Kippo-Graphs and already have multiple connection attempts. Would you possibly know why my Kippo-Graph GEO section is not loading up? Iv'e attached a photo. Maybe this is common and I'm missing something from the configuration? Every other page is working just fine.

Thanks in advance,
Mel.

Fatal error: Class 'PDO' not found in /var/www/apache/kippo-graph/include/rb.php on line 743

Send downloaded files (perhaps their unarchived version) to VT via Kippo-Graph.

It seems like I am unable to generate graphs on a fresh install of kippo-graph. I am getting the following errors on my web server error logs.

2015/05/12 19:41:37 [error] 825#0: *56 FastCGI sent in stderr: "PHP message: PHP Fatal error: Call to undefined function imagecreatetruecolor() in /var/www/kippo-graph/include/libchart/classes/view/plot/Plot.php on line 253" while reading response header from upstream, client: 127.0.0.1, server: localhost, request: "GET /kippo-input.php HTTP/1.0", upstream: "fastcgi://127.0.0.1:9000", host: "127.0.0.1:8080", referrer: "http://127.0.0.1:8080/kippo-graph.php"

I am running the latest pull from github.

Some sessions are able to replay without issue at all. But for some reason there are some 'missing' sessions in the playlog page. There are no errors in any logs at all... nothing in apache logs, nothing in the PHP logs, nothing in cowrie logs, nothing in syslogs, etc...

Taking a look at the playlog page, I can see the following:

But if I take a a look at the actual filesystem, there are a few more TTY logs:

Why is there such a discrepancy? How to go about fixing it? Is there some 'debugs' I could enable to gather more info as to what might be going on?

Hi,

after changing my apache.conf (AllowOverride None -> All) my test .htaccess is working. But if i want to scan an uploaded file the redirect from Garrys Hood ends with a php error after the scanning:

The requested URL /kippo-graph/results.php was not found on this server.

Regards

Paul

@wirehack7 told me that:

The TOR check to only check for 8.8.8.8 is not a good idea. As TOR
project says not every exit node is able to access a individual IP. To
check if an IP is really an exit node you need to check that certain IP
via the TOR check CGI. So for example 76.8.9.10 can not access every TOR
exit node which can access 8.8.8.8. So you need to check if TOR exit
nodes can access 76.8.9.10 on 22.

So it needs a script that maybe download every 24h the TOR.txt from the
TOR cgi for the honeypot IP on 22 (or maybe other port if user runs it
on other port) to get a proper list.

The DNS check I mentioned is working in that way that TOR exit notes are
always 127.0.0.2 which can access the IP of the script. This is done via
the DNS name. Problem here is, we need to check if mass request works
without bans.

When I have time I will test, or maybe you test that way. Otherwise it
has to be downloaded via indivual IP to get a "real" list of IP's which
are able to access the own IP.

HI

i am new to kippo and i installed the latest kippo-graph on my VPS. DB connections everything is correct . I took the version using GIT

can anyone help me to fix this issue. My url is

kippo.bentgeorge.com

I'm getting apache errors with my new Kippo-Graph installation. I'm running Cowrie as the honeypot. I'm only getting some graphs generated and others are missing. Yes, I have made sure that /var/www/html/kippo-graph/generated-graphs was chmod to 777.

In particular, Kippo-graph is only generating the following graphs: Top10 passwords attempted, Top 10 usernames attempted, Top 10 username/password combinations (in both pie and bar chart), Overall success ratio, Number of connections per country, Number of connections per unique IP (in both pie and bar chart), and finally Top 10 successful username/password combinations (in both pie and bar chart). I'm missing the rest of the graphs and the overview page is totally empty.

Here is a snippet of some of the errors from my apache log:
[Tue Mar 14 17:39:17.257562 2017] [:error] [pid 5514] [client 192.168.22.153:51759] PHP Warning: imagepng(/var/www/html/kippograph/generated-graphs/top10_passwords.png): failed to open stream: Permission denied in /var/www/html/kippograph/include/libchart/classes/view/plot/Plot.php on line 295, referer: http://10.0.0.2/kippograph/

[Tue Mar 14 17:39:17.413266 2017] [:error] [pid 5514] [client 192.168.22.153:51759] PHP Fatal error: Uncaught [42000] - SQLSTATE[42000]: Syntax error or access violation: 1055 Expressio n #2 of SELECT list is not in GROUP BY clause and contains nonaggregated column 'cowrie.auth.timestamp' which is not functionally dependent on columns in GROUP BY clause; this is incompa tible with sql_mode=only_full_group_by\ntrace: #0 /var/www/html/kippograph/include/rb.php(785): RedBeanPHP\\Driver\\RPDO->runQuery('SELECT COUNT(se...', Array)\n#1 /var/www/html/kippogra ph/include/rb.php(3035): RedBeanPHP\\Driver\\RPDO->GetAll('SELECT COUNT(se...', Array)\n#2 /var/www/html/kippograph/include/rb.php(9305): RedBeanPHP\\Adapter\\DBAdapter->get('SELECT COUN T(se...', Array)\n#3 /var/www/html/kippograph/include/rb.php(9936): RedBeanPHP\\Facade::query('get', 'SELECT COUNT(se...', Array)\n#4 /var/www/html/kippograph/class/KippoGraph.class.php( 253): RedBeanPHP\\Facade::getAll('SELECT COUNT(se...')\n#5 /var/www/html/kippograph/class/KippoGraph.class.php(26): KippoGraph->createMostSuccessfulLoginsPerDay()\n#6 /var/www/html/kippo graph/kippo-graph.php(62) in /var/www/html/kippograph/include/rb.php on line 636, referer: http://10.0.0.2/kippograph/

The install instructions listed at https://bruteforce.gr/kippo-graph don't really pertain to Ubuntu 16 server. You can't install PHP5 packages like that anymore with Ubuntu 16.

If you want to install the newest packages you have to drop all the "5"'s from that apt-get install command. Do I need to specifically install PHP5 and not the default PHP with I think is version 7 now?

Lancelot suggested adding country name and code.

here my screenshoot.

and here is some of my Apache2 error log

[Wed Sep 26 01:10:01.959728 2018] [:error] [pid 5208] [client 202.43.95.33:21040] PHP Fatal error: Uncaught [42000] - SQLSTATE[42000]: Syntax error or access violation: 1055 Expression #2 of SELECT list is not in GROUP BY clause and contains nonaggregated column 'kippo.auth.timestamp' which is not functionally dependent on columns in GROUP BY clause; this is incompatible with sql_mode=only_full_group_by\ntrace: #0 /var/www/html/kippo-graph/include/rb.php(785): RedBeanPHP\\Driver\\RPDO->runQuery('SELECT COUNT(se...', Array)\n#1 /var/www/html/kippo-graph/include/rb.php(3035): RedBeanPHP\\Driver\\RPDO->GetAll('SELECT COUNT(se...', Array)\n#2 /var/www/html/kippo-graph/include/rb.php(9305): RedBeanPHP\\Adapter\\DBAdapter->get('SELECT COUNT(se...', Array)\n#3 /var/www/html/kippo-graph/include/rb.php(9936): RedBeanPHP\\Facade::query('get', 'SELECT COUNT(se...', Array)\n#4 /var/www/html/kippo-graph/class/KippoGraph.class.php(293): RedBeanPHP\\Facade::getAll('SELECT COUNT(se...')\n#5 /var/www/html/kippo-graph/class/KippoGraph.class.php(27): KippoGraph->createMostSuccessfulLoginsPerDay()\n#6 /var/www/html/kippo-graph/kippo-graph.p in /var/www/html/kippo-graph/include/rb.php on line 636, referer: http://206.189.84.56/kippo-graph/kippo-graph.php [Wed Sep 26 01:10:03.387744 2018] [:error] [pid 5217] [client 202.43.95.33:21041] PHP Fatal error: Uncaught [42000] - SQLSTATE[42000]: Syntax error or access violation: 1055 Expression #2 of SELECT list is not in GROUP BY clause and contains nonaggregated column 'kippo.input.timestamp' which is not functionally dependent on columns in GROUP BY clause; this is incompatible with sql_mode=only_full_group_by\ntrace: #0 /var/www/html/kippo-graph/include/rb.php(785): RedBeanPHP\\Driver\\RPDO->runQuery('SELECT COUNT(in...', Array)\n#1 /var/www/html/kippo-graph/include/rb.php(3035): RedBeanPHP\\Driver\\RPDO->GetAll('SELECT COUNT(in...', Array)\n#2 /var/www/html/kippo-graph/include/rb.php(9305): RedBeanPHP\\Adapter\\DBAdapter->get('SELECT COUNT(in...', Array)\n#3 /var/www/html/kippo-graph/include/rb.php(9936): RedBeanPHP\\Facade::query('get', 'SELECT COUNT(in...', Array)\n#4 /var/www/html/kippo-graph/class/KippoInput.class.php(98): RedBeanPHP\\Facade::getAll('SELECT COUNT(in...')\n#5 /var/www/html/kippo-graph/kippo-input.php(39): KippoInput->printHumanActivityBusiestDays()\n#6 {main}\n thrown in /var/www/html/kippo-graph/include/rb.php on line 636, referer: http://206.189.84.56/kippo-graph/kippo-graph.php [Wed Sep 26 01:10:04.930368 2018] [:error] [pid 5825] [client 202.43.95.33:21042] PHP Fatal error: Uncaught [42000] - SQLSTATE[42000]: Syntax error or access violation: 1055 Expression #2 of SELECT list is not in GROUP BY clause and contains nonaggregated column 'kippo.auth.timestamp' which is not functionally dependent on columns in GROUP BY clause; this is incompatible with sql_mode=only_full_group_by\ntrace: #0 /var/www/html/kippo-graph/include/rb.php(785): RedBeanPHP\\Driver\\RPDO->runQuery('SELECT COUNT(se...', Array)\n#1 /var/www/html/kippo-graph/include/rb.php(3035): RedBeanPHP\\Driver\\RPDO->GetAll('SELECT COUNT(se...', Array)\n#2 /var/www/html/kippo-graph/include/rb.php(9305): RedBeanPHP\\Adapter\\DBAdapter->get('SELECT COUNT(se...', Array)\n#3 /var/www/html/kippo-graph/include/rb.php(9936): RedBeanPHP\\Facade::query('get', 'SELECT COUNT(se...', Array)\n#4 /var/www/html/kippo-graph/class/KippoGraph.class.php(293): RedBeanPHP\\Facade::getAll('SELECT COUNT(se...')\n#5 /var/www/html/kippo-graph/class/KippoGraph.class.php(27): KippoGraph->createMostSuccessfulLoginsPerDay()\n#6 /var/www/html/kippo-graph/kippo-graph.p in /var/www/html/kippo-graph/include/rb.php on line 636, referer: http://206.189.84.56/kippo-graph/kippo-input.php

When I try to browse Kippo-IP and Kippo-Geo tabs, I get:
Fatal error: Uncaught Error: Class 'GeoIp2\Database\Reader' not found in /usr/local/www/data/class/KippoIP.class.php:13 Stack trace: #0 /usr/local/www/data/kippo-ip.php(58): KippoIP->__construct() #1 {main} thrown in /usr/local/www/data/class/KippoIP.class.php on line 13
The file /usr/local/www/data/include/maxmind/geoip2.phar is present.

I use PHP 7.0.14 and Kippo-Graph 1.5.1.

when click on any export to csv link

headers already sent by (output started at /opt/kippo-graph/config.php:1) in /opt/kippo-graph/include/export.php on line 32

headers already sent by (output started at /opt/kippo-graph/config.php:1) in /opt/kippo-graph/include/export.php on line 33

headers already sent by (output started at /opt/kippo-graph/config.php:1) in /opt/kippo-graph/include/export.php on line 34

Version 1.5 throws the following error at me after the first connection is made to Kippo (see attachment). I'm running FreeBSD 10.1p5, using MySQL 5.6.22 and PHP 5.4.37 from the repositories using pkg.

Fatal error: Uncaught [22001] - SQLSTATE[22001]: String data, right truncated: 1406 Data too long for column 'country' at row 1 trace: #0 /usr/local/www/apache24/data/kippo-graph/include/rb.php(848): RedBeanPHP\Driver\RPDO->runQuery('INSERT INTO tem...', Array) #1 /usr/local/www/apache24/data/kippo-graph/include/rb.php(3024): RedBeanPHP\Driver\RPDO->Execute('INSERT INTO tem...', Array) #2 /usr/local/www/apache24/data/kippo-graph/include/rb.php(9305): RedBeanPHP\Adapter\DBAdapter->exec('INSERT INTO tem...', Array) #3 /usr/local/www/apache24/data/kippo-graph/include/rb.php(9922): RedBeanPHP\Facade::query('exec', 'INSERT INTO tem...', Array) #4 /usr/local/www/apache24/data/kippo-graph/class/KippoGeo.class.php(183): RedBeanPHP\Facade::exec('INSERT INTO tem...') #5 /usr/local/www/apache24/data/kippo-graph/kippo-geo.php(61): KippoGeo->printKippoGeoData()

#6 {main} thrown in /usr/local/www/apache24/data/kippo-graph/include/rb.php on line 636

http://cuckoo.readthedocs.org/en/latest/usage/api/

Injection possible by an attacker logged into the honeypot kippo.
Location:

1. /kippo-graph/kippo-input.php (The wget table at the bottom of the page.)
2. /kippo-graph/kippo-playlog.php (If cliking on the button "Play" to play the log)

An attacker can issue this command: wget <script>alert()</script> inside the kippo's console
and pown the viewer of the stat...

I did a pull-request yesterday and since then i get an error: PHP Fatal error: Declaration of RedBeanPHP\OODBBean::offsetGet() must be compatible with that of ArrayAccess::offsetGet(). Did the merge of the RedBean-branch gone wrong? I am working on CentOS 6.5 with PHP5.5.

All my other PHP-scripts work (also with MySQL).

https://www.torproject.org/projects/tordnsel.html.en
http://www.phpclasses.org/package/7214-PHP-Check-if-an-IP-is-TOR-network-exit-address.html

Clock struck at 1970 January 1 while displaying statistics at kippo graph . Hence nothing is recorded by kippo graph

I've been using cowrie/kippo-graph on my raspberry pi for a couple months and decided to upgrade to a desktop. Installed Lubuntu 17.04, cowrie, and configured mysql, there are items showing up in the DB. However, when browsing to the overview or input pages nothing shows. I do get graphs generated because they show up under the graph gallery.

I added :

<?php
ini_set("display_errors", 1);
?>

to the top of my kippo-graph.php to see what was happening and I get the following:

Fatal error: Uncaught exception 'PDOException' with message 'Could not connect to database (cowrie).' in /var/www/html/kippo-graph/include/rb.php:761 Stack trace: #0 /var/www/html/kippo-graph/include/rb.php(598): RedBeanPHP\Driver\RPDO->connect() #1 /var/www/html/kippo-graph/include/rb.php(785): RedBeanPHP\Driver\RPDO->runQuery('SELECT password...', Array) #2 /var/www/html/kippo-graph/include/rb.php(3035): RedBeanPHP\Driver\RPDO->GetAll('SELECT password...', Array) #3 /var/www/html/kippo-graph/include/rb.php(9305): RedBeanPHP\Adapter\DBAdapter->get('SELECT password...', Array) #4 /var/www/html/kippo-graph/include/rb.php(9936): RedBeanPHP\Facade::query('get', 'SELECT password...', Array) #5 /var/www/html/kippo-graph/class/KippoGraph.class.php(132): RedBeanPHP\Facade::getAll('SELECT password...') #6 /var/www/html/kippo-graph/class/KippoGraph.class.php(22): KippoGraph->createTop10Passwords() #7 /var/www/html/kippo-graph/kippo-graph.php(42): KippoGraph->generateKippoGraphCharts() #8 {main} thrown in /var/www/html/kippo-graph/include/rb.php on line 761

I have tried both kippo-graph 1.5.1 and cloning the github. The error is present with both. I though at first it could be because Lubuntu 17.04 uses php7 so I found some backwater ppa and installed php5.6; the issue is still present.

http://i.imgur.com/fhOjo00.png

I'm unable to get any playback from sessions on my installation. I'm using Cowrie and kippo-graphs with MySQL.

Why this ip are not correctly show on map?
103.41.124.xx