{"id":18011062,"url":"https://github.com/regit/pshitt","last_synced_at":"2025-04-07T11:11:20.137Z","repository":{"id":18135812,"uuid":"21217013","full_name":"regit/pshitt","owner":"regit","description":"Passwords of SSH Intruders Transferred to Text","archived":false,"fork":false,"pushed_at":"2024-06-19T13:54:24.000Z","size":33,"stargazers_count":159,"open_issues_count":5,"forks_count":25,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-03-31T09:07:41.024Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/regit.png","metadata":{"files":{"readme":"README.rst","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2014-06-25T20:08:46.000Z","updated_at":"2025-02-15T11:48:36.000Z","dependencies_parsed_at":"2024-10-30T02:48:19.304Z","dependency_job_id":null,"html_url":"https://github.com/regit/pshitt","commit_stats":{"total_commits":29,"total_committers":3,"mean_commits":9.666666666666666,"dds":"0.13793103448275867","last_synced_commit":"0986af74ff34e24de915776ac8f487cbd7c6b5e8"},"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/regit%2Fpshitt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/regit%2Fpshitt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/regit%2Fpshitt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/regit%2Fpshitt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/regit","download_url":"https://codeload.github.com/regit/pshitt/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247640465,"owners_count":20971557,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-30T02:16:21.445Z","updated_at":"2025-04-07T11:11:20.117Z","avatar_url":"https://github.com/regit.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"======\nPSHITT\n======\n\nIntroduction\n============\n\npshitt (for Passwords of SSH Intruders Transferred to Text) is a lightweight\nfake SSH server designed to collect authentication data sent by intruders.\nIt basically collects username and password used by SSH bruteforce software\nand writes the extracted data to a file in JSON format.\n\npshitt is written in Python and uses ``paramiko`` to implement the SSH layer.\n\nInstalling pshitt\n=================\n\nFrom Python Packaging Index (PyPI) using pip ::\n\n pip install pshitt\n\nInstall from source ::\n\n git clone https://github.com/regit/pshitt.git\n\nNOTE: if you are installing from source, make sure you install ``paramiko``\nand ``python-daemon`` packages.\n\nRunning pshitt\n==============\n\nIf you installed via pip ::\n\n ./pshitt -o passwords.json\n\nIf you installed from source, go into the source directory and run ::\n\n ./pshitt.py -o passwords.json\n\nThis will run a fake SSH server listening on port 2200 to catch authentication\ndata sent by the intruders. Information about SSH connection attempt will be\nstored in the ``passwords.json`` using JSON as format ::\n\n {\"username\": \"root\", \"src_ip\": \"116.10.191.184\", \"password\": \"P@ssword\", \\\n \"src_port\": 41397, \"timestamp\": \"2014-06-25T21:35:21.660303\"}\n\nFull options are available via '-h' option ::\n\n usage: pshitt [-h] [-o OUTPUT] [-k KEY] [-l LOG] [-p PORT] [-t THREADS] [-v]\n [-D]\n \n Passwords of SSH Intruders Transferred to Text\n \n optional arguments:\n -h, --help show this help message and exit\n -o OUTPUT, --output OUTPUT\n File to export collected data\n -k KEY, --key KEY Host RSA key\n -l LOG, --log LOG File to log info and debug\n -p PORT, --port PORT TCP port to listen to\n -t THREADS, --threads THREADS\n Maximum number of client threads\n -v, --verbose Show verbose output, use multiple times increase\n verbosity\n -D, --daemon Run as unix daemon\n\nUsing pshitt data\n=================\n\nAs the format is JSON, it is easy to use the data in data analysis\nsoftware such as Splunk or Logstash.\n\nHere's a sample configuration for logstash ::\n\n input {\n file {\n path =\u003e [ \"/var/log/pshitt.log\" ]\n codec =\u003e json\n type =\u003e \"json-log\"\n }\n }\n\n filter {\n # warn logstash that timestamp is the one to use\n if [type] == \"json-log\" {\n date {\n match =\u003e [ \"timestamp\", \"ISO8601\" ]\n }\n }\n\n # optional but geoip is interesting\n if [src_ip] {\n geoip {\n source =\u003e \"src_ip\"\n target =\u003e \"geoip\"\n add_field =\u003e [ \"[geoip][coordinates]\", \"%{[geoip][longitude]}\" ]\n add_field =\u003e [ \"[geoip][coordinates]\", \"%{[geoip][latitude]}\" ]\n }\n mutate {\n convert =\u003e [ \"[geoip][coordinates]\", \"float\" ]\n }\n }\n }\n\n output {\n elasticsearch {\n host =\u003e \"localhost\"\n }\n }\n\nBasically, it is just enough to mention that the ``pshitt.log`` file is\nusing JSON format.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fregit%2Fpshitt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fregit%2Fpshitt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fregit%2Fpshitt/lists"}