SSHHeatmap is a handy script coded in Python that generates a heatmap of IP’s that made failed SSH login attempts on Linux servers.
SSHHeatmap python script
From the Github page:
Generates a heatmap of IPs that made failed SSH login attempts on linux systems, using /var/log/auth.log to get failed attempts. Uses the ipinfo.io library to fetch the IP address coordinates, and folium to generate the heatmap.
Install the script
We use the wget:
wget https://raw.githubusercontent.com/meesaltena/SSHHeatmap/master/SSHHeatmap.py
Create a text file that contains the SSH logs
Debian based Linux distribution should use the following:
grep "Failed password" /var/log/auth.log > failed.txt
CentOS and Red Hat Enterprise Linux users need to use the /var/log/secure file:
grep "Failed password" /var/log/secure > failed.txt
Make pretty graph:
python3 SSHHeatmap.py failed.txt {ipinfo_api_key}
Open the generated heatmap HTML file in a browser using the:
xdg-open /path/to/heatmap/file.html
A heatmap of IP’s that made failed SSH login on your Linux or Unix server
- Download : https://github.com/meesaltena/SSHHeatmap
Comments on this entry are closed.
Oi, nice script. Thanks matey
Wouldn’t be a heatmap of successful login attempts be more interesting? 🤯
My failed_attempt file has record but when opening the map, I see nothing