From e44ec7d57e21393ed9fb36c227b00b426c82fdc6 Mon Sep 17 00:00:00 2001
From: g0tmi1k <have.you.g0tmi1k@gmail.com>
Date: Thu, 5 Jun 2014 10:28:17 +0100
Subject: [PATCH] Add SMTP support. Allows for email notification. Email
 notification on:   + Probe (recommended for LAN use only)   + Successful
 login   + User quit Credit:
 https://github.com/jongreenall/kippo-dirtybastard/

---
 kippo.cfg.dist         | 23 +++++++++++++++++++++++
 kippo/core/honeypot.py | 22 ++++++++++++++++++++++
 kippo/core/sendmail.py | 30 ++++++++++++++++++++++++++++++
 3 files changed, 75 insertions(+)
 create mode 100644 kippo/core/sendmail.py

diff --git a/kippo.cfg.dist b/kippo.cfg.dist
index 73cee22..6cd3d24 100644
--- a/kippo.cfg.dist
+++ b/kippo.cfg.dist
@@ -147,6 +147,29 @@ interact_enabled = false
 # (default: 5123)
 interact_port = 5123
 
+# SMTP module
+#
+# Email notification on:
+#   + Probe (recommended for LAN use only)
+#   + Successful login
+#   + User quit
+#
+# You are able to use 'ssl' or 'tls' or 'none' to send the message by setting 'smtp_enc'.
+#
+# To enable this module, remove all comments below, including the [smtp] line.
+
+#[smtp]
+#smtp_host = smtp.localhost.net
+#smtp_username = localhost.net
+#smtp_password = password
+#smtp_port = 587
+#smtp_enc = tls
+#email_to = admin@localhost.net
+#email_from = kippo@localhost.net
+#alert_probe = false
+#alert_login = false
+#alert_quit = true
+
 # MySQL logging module
 #
 # Database structure for this module is supplied in doc/sql/mysql.sql
diff --git a/kippo/core/honeypot.py b/kippo/core/honeypot.py
index c4f75af..0a99108 100644
--- a/kippo/core/honeypot.py
+++ b/kippo/core/honeypot.py
@@ -16,6 +16,7 @@
 from kippo.core import ttylog, fs, utils
 from kippo.core.userdb import UserDB
 from kippo.core.config import config
+from kippo.core.sendemail import sendEmail
 import commands
 
 import ConfigParser
@@ -515,6 +516,7 @@ class HoneyPotTransport(transport.SSHServerTransport):
     hadVersion = False
 
     def connectionMade(self):
+        cfg = config()
         print 'New connection: %s:%s (%s:%s) [session: %d]' % \
             (self.transport.getPeer().host, self.transport.getPeer().port,
             self.transport.getHost().host, self.transport.getHost().port,
@@ -522,6 +524,14 @@ def connectionMade(self):
         self.interactors = []
         self.logintime = time.time()
         self.ttylog_open = False
+        if cfg.has_option('smtp', 'alert_probe'):
+            if cfg.get('smtp', 'alert_probe') == 'true':
+                print 'Emailing about SSH probe (alert_probe = true).'
+                emailMessage = 'There was an SSH probe request.\nFrom: %s:%s.\nTo: %s:%s.\nKippo Session: %s.' % \
+                    (self.transport.getPeer().host, self.transport.getPeer().port,
+                    self.transport.getHost().host, self.transport.getHost().port,
+                    self.transport.sessionno)
+                sendEmail('[Kippo] SSH Probe',  emailMessage)
         transport.SSHServerTransport.connectionMade(self)
 
     def sendKexInit(self):
@@ -554,6 +564,7 @@ def lastlogExit(self):
 
     # this seems to be the only reliable place of catching lost connection
     def connectionLost(self, reason):
+        cfg = config()
         for i in self.interactors:
             i.sessionClosed()
         if self.transport.sessionno in self.factory.sessions:
@@ -562,6 +573,11 @@ def connectionLost(self, reason):
         if self.ttylog_open:
             ttylog.ttylog_close(self.ttylog_file, time.time())
             self.ttylog_open = False
+        if cfg.has_option('smtp', 'alert_quit'):
+            if cfg.get('smtp', 'alert_quit') == 'true':
+                print 'Emailing about attack being over (alert_quit = true).'
+                emailMessage = 'The attacker quit.\n\nPlease check the logs (%s)!' % (self.ttylog_file)
+                sendEmail('[Kippo] SSH Attack Finished',  emailMessage)
         transport.SSHServerTransport.connectionLost(self, reason)
 
 from twisted.conch.ssh.common import NS, getNS
@@ -700,8 +716,14 @@ def cbCheckPamUser(self, responses, username):
         return defer.fail(error.UnauthorizedLogin())
 
     def checkUserPass(self, username, password):
+        cfg = config()
         if UserDB().checklogin(username, password):
             print 'login attempt [%s/%s] succeeded' % (username, password)
+            if cfg.has_option('smtp', 'alert_login'):
+                if cfg.get('smtp', 'alert_login') == 'true':
+                    print 'Emailing about login notification (alert_login = true).'
+                    emailMessage = 'There was a successful login: (%s/%s).' % (username, password)
+                    sendEmail('[Kippo] Successful Login',  emailMessage)
             return True
         else:
             print 'login attempt [%s/%s] failed' % (username, password)
diff --git a/kippo/core/sendmail.py b/kippo/core/sendmail.py
new file mode 100644
index 0000000..81ef3a4
--- /dev/null
+++ b/kippo/core/sendmail.py
@@ -0,0 +1,30 @@
+import smtplib
+from email.mime.text import MIMEText
+from kippo.core.config import config
+
+def sendEmail(subject,  message):
+    cfg = config()
+
+    msg = MIMEText(message)
+    msg['Subject'] = subject
+
+    toEmail = cfg.get('smtp', 'email_to')
+    msg['To'] = toEmail
+
+    fromEmail = cfg.get('smtp', 'email_from')
+    msg['From'] = fromEmail
+
+    smtpHost = cfg.get('smtp', 'smtp_host')
+    smtpPort = cfg.get('smtp', 'smtp_port')
+    smtpUsername = cfg.get('smtp', 'smtp_username')
+    smtpPassword = cfg.get('smtp', 'smtp_Password')
+    smtpEnc = cfg.get('smtp', 'smtp_enc')
+
+    s = smtplib.SMTP(smtpHost, smtpPort)
+    if smtpEnc == 'ssl':
+        s = smtplib.SMTP_SSL(smtpHost, smtpPort)
+    elif smtpEnc == 'tls':
+        s.starttls()
+    s.login(smtpUsername, smtpPassword)
+    s.sendmail(fromEmail, [toEmail], msg.as_string())
+    s.quit()