API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Dec 12th, 2017
89
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 14.69 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2.  
  3. # Thanks to Sean Whalen for this amazing post:
  4. # https://infosecspeakeasy.org/t/howto-build-a-cuckoo-sandbox/27
  5.  
  6. #-------------------------------------------#
  7. # Install Cuckoo Sandbox Version #
  8. # Tested on Ubuntu 16.04 #
  9. # -Daniel Gallagher #
  10. #-------------------------------------------#
  11.  
  12. function usage
  13. {
  14. echo "Usage: $0 <path> <password> <ip> <machinery>"
  15. echo '---Optional Arguments---'
  16. echo 'Cuckoo Install Path -> Example /opt' #option 1
  17. echo 'Database Password -> PostgreSQL password' #option 2
  18. echo 'Public IP -> For web console' #option 3
  19. echo 'Machinery -> kvm | virtualbox' #option 4
  20. exit
  21. }
  22.  
  23. rand_passwd=$(date +%s | sha256sum | base64 | head -c 32 ; echo)
  24. auto_ip=$(ip route | grep src | awk '{print $9}')
  25.  
  26. cuckoo_path=${1:-/opt} #Default path: /opt
  27. passwd=${2:-$rand_passwd} #Default password is randomish
  28. my_ip=${3:-$auto_ip} #Default IP is interface on install machine
  29. machine=${4:-kvm} #Default machinery: kvm
  30.  
  31. cuckoo_passwd=$passwd
  32. db_passwd=\'$passwd\'
  33.  
  34. function deps
  35. {
  36.  
  37. echo -e "\e[96m[+] Cuckoo Path: $cuckoo_path \e[0m"
  38. echo -e "\e[96m[+] DB Password: $passwd \e[0m"
  39. echo -e "\e[96m[+] Web Portal IP: $my_ip \e[0m"
  40.  
  41. echo -e '\e[35m[+] APT Update \e[0m'
  42. apt-get update -y >/dev/null 2>&1
  43.  
  44. echo -e '\e[35m[+] APT Upgrade \e[0m'
  45. apt-get upgrade -y >/dev/null 2>&1
  46.  
  47. echo -e '\e[35m[+] APT Dist-Upgrade and Autoremove \e[0m'
  48. apt-get dist-upgrade -y >/dev/null 2>&1
  49. apt-get autoremove -y >/dev/null 2>&1
  50.  
  51. echo -e '\e[35m[+] Installing Dependencies \e[0m'
  52.  
  53. #Basic dependencies
  54. echo -e '\e[93m [+] Round 1 of 3 \e[0m'
  55. apt-get install mongodb python python-dev python-pip python-m2crypto swig -y >/dev/null 2>&1
  56. echo -e '\e[93m [+] Round 2 of 3 \e[0m'
  57. apt-get install libvirt-dev upx-ucl libssl-dev unzip p7zip-full libgeoip-dev libjpeg-dev -y >/dev/null 2>&1
  58. echo -e '\e[93m [+] Round 3 of 3 \e[0m'
  59. apt-get install mono-utils ssdeep libfuzzy-dev libimage-exiftool-perl openjdk-8-jre-headless -y >/dev/null 2>&1
  60.  
  61. #Additional dependencies for malheur
  62. apt-get install uthash-dev libtool libconfig-dev libarchive-dev autoconf automake checkinstall -y >/dev/null 2>&1
  63.  
  64. #Upgrade pip
  65. pip install --upgrade pip >/dev/null 2>&1
  66.  
  67. #To generate PDF reports
  68. apt-get install wkhtmltopdf xvfb xfonts-100dpi -y >/dev/null 2>&1
  69.  
  70. #Copy default configs
  71. echo -e '\e[93m [+] Copy Configuration Files \e[0m'
  72. cp -r ./kvm-configs/ /tmp/
  73. cp -r ./virtualbox-configs/ /tmp/
  74. cp -r ./gen-configs/ /tmp/
  75.  
  76. echo -e '\e[35m[+] Installing Yara \e[0m'
  77.  
  78. #Yara Dependencies
  79. echo -e '\e[93m [+] Dependencies \e[0m'
  80. apt-get install libjansson-dev libmagic-dev bison -y >/dev/null 2>&1
  81.  
  82. #Configure Yara for Cuckoo and Magic and then install
  83. echo -e '\e[93m [+] Git Clone \e[0m'
  84. cd /opt
  85. git clone https://github.com/VirusTotal/yara.git >/dev/null 2>&1
  86. cd yara
  87. ./bootstrap.sh >/dev/null 2>&1
  88. echo -e '\e[93m [+] Configure with Cuckoo and Magic Enabled \e[0m'
  89. ./configure --enable-cuckoo --enable-magic >/dev/null 2>&1
  90. make >/dev/null 2>&1
  91. echo -e '\e[93m [+] Installing... \e[0m'
  92. make install >/dev/null 2>&1
  93.  
  94. #Install yara-python
  95. echo -e '\e[93m [+] Yara-Python \e[0m'
  96. pip install yara-python >/dev/null 2>&1
  97.  
  98. echo -e '\e[35m[+] Installing ClamAV \e[0m'
  99.  
  100. #Install ClamAV
  101. apt-get install clamav clamav-daemon clamav-freshclam -y >/dev/null 2>&1
  102.  
  103. echo -e '\e[35m[+] Installing Pydeep \e[0m'
  104.  
  105. #Install Pydeep
  106. pip install git+https://github.com/kbandla/pydeep.git >/dev/null 2>&1
  107.  
  108. echo -e '\e[35m[+] Installing Malheur \e[0m'
  109.  
  110. #Install malheur
  111. echo -e '\e[93m [+] Git Clone \e[0m'
  112. cd /opt
  113. git clone https://github.com/rieck/malheur.git >/dev/null 2>&1
  114. cd malheur
  115. ./bootstrap >/dev/null 2>&1
  116. echo -e '\e[93m [+] Configure \e[0m'
  117. ./configure --prefix=/usr >/dev/null 2>&1
  118. make >/dev/null 2>&1
  119. echo -e '\e[93m [+] Installing... \e[0m'
  120. make install >/dev/null 2>&1
  121.  
  122. echo -e '\e[35m[+] Installing Volatility \e[0m'
  123.  
  124. #Install volatility
  125. echo -e '\e[93m [+] Dependencies \e[0m'
  126. apt-get install python-pil -y >/dev/null 2>&1
  127. pip install distorm3 pycrypto openpyxl >/dev/null 2>&1
  128. echo -e '\e[93m [+] Installing... \e[0m'
  129. apt-get install volatility -y >/dev/null 2>&1
  130.  
  131. echo -e '\e[35m[+] Installing PyV8 Javascript Engine (this will take some time) \e[0m'
  132.  
  133. #Additional dependencies for PyV8
  134. echo -e '\e[93m [+] Dependencies \e[0m'
  135. apt-get install libboost-all-dev -y >/dev/null 2>&1
  136.  
  137. #Install PyV8
  138. echo -e '\e[93m [+] Git Clone \e[0m'
  139. cd /opt
  140. git clone https://github.com/buffer/pyv8.git >/dev/null 2>&1
  141. cd pyv8
  142. echo -e '\e[93m [+] Build (this is the long part...)\e[0m'
  143. python setup.py build >/dev/null 2>&1
  144. echo -e '\e[93m [+] Installing... \e[0m'
  145. python setup.py install >/dev/null 2>&1
  146.  
  147. echo -e '\e[35m[+] Configuring TcpDump \e[0m'
  148.  
  149. #Configure tcpdump
  150. chmod +s /usr/sbin/tcpdump
  151.  
  152. echo -e '\e[35m[+] Installing Suricata \e[0m'
  153.  
  154. #Install Suricata
  155. apt-get install suricata -y >/dev/null 2>&1
  156. echo "alert http any any -> any any (msg:\"FILE store all\"; filestore; noalert; sid:15; rev:1;)" | sudo tee /etc/suricata/rules/cuckoo.rules >/dev/null 2>&1
  157.  
  158. echo -e '\e[35m[+] Installing ETUpdate \e[0m'
  159.  
  160. #Install ETUpdate
  161. cd /opt
  162. git clone https://github.com/seanthegeek/etupdate.git >/dev/null 2>&1
  163. cp etupdate/etupdate /usr/sbin
  164.  
  165. #Download rules
  166. /usr/sbin/etupdate -V >/dev/null 2>&1
  167.  
  168. }
  169.  
  170. function postgres
  171. {
  172.  
  173. echo -e '\e[35m[+] Installing PostgreSQL \e[0m'
  174.  
  175. #Install PostgreSQL
  176. apt-get install postgresql-9.5 postgresql-contrib-9.5 libpq-dev -y >/dev/null 2>&1
  177. pip install psycopg2 >/dev/null 2>&1
  178.  
  179. echo -e '\e[35m[+] Configuring PostgreSQL DB \e[0m'
  180.  
  181. su - postgres <<EOF
  182. psql -c "CREATE USER cuckoo WITH PASSWORD $db_passwd;" >/dev/null 2>&1
  183. psql -c "CREATE DATABASE cuckoo;" >/dev/null 2>&1
  184. psql -c "GRANT ALL PRIVILEGES ON DATABASE cuckoo to cuckoo;" >/dev/null 2>&1
  185. EOF
  186.  
  187. }
  188.  
  189. function kvm
  190. {
  191.  
  192. echo -e '\e[35m[+] Installing KVM \e[0m'
  193.  
  194. #Install KVM and virt-manager
  195. apt-get install qemu-kvm libvirt-bin virt-manager libgl1-mesa-glx -y >/dev/null 2>&1
  196.  
  197. #Add current user to kvm and libvirt groups for admin
  198. usermod -a -G kvm $USER
  199. usermod -a -G libvirtd $USER
  200.  
  201. #Deactivate default network
  202. echo -e '\e[93m [+] Remove Default Virtual Network \e[0m'
  203.  
  204. virsh net-destroy default >/dev/null 2>&1
  205.  
  206. #Remove default network from libvirt configuration
  207. virsh net-undefine default >/dev/null 2>&1
  208.  
  209. #Create cuckoo network configuration file
  210. echo -e '\e[93m [+] Create Cuckoo Virtual Network \e[0m'
  211.  
  212. cat >/tmp/cuckoo_net.xml <<EOF
  213. <network>
  214. <name>cuckoo</name>
  215. <bridge name='virbr0' stp='on' delay='0'/>
  216. <domain name='cuckoo'/>
  217. <ip address='192.168.100.1' netmask='255.255.255.0'>
  218. <dhcp>
  219. <range start='192.168.100.128' end='192.168.100.254'/>
  220. </dhcp>
  221. </ip>
  222. </network>
  223. EOF
  224.  
  225. #Create new cuckoo network from xml configuration
  226. virsh net-define --file /tmp/cuckoo_net.xml >/dev/null 2>&1
  227.  
  228. #Set cuckoo network to autostart
  229. virsh net-autostart cuckoo >/dev/null 2>&1
  230.  
  231. #Start cuckoo network
  232. virsh net-start cuckoo >/dev/null 2>&1
  233.  
  234. }
  235.  
  236. function virtualbox
  237. {
  238.  
  239. #Add virtualbox repository
  240. apt-add-repository "deb http://download.virtualbox.org/virtualbox/debian xenial contrib"
  241.  
  242. #Add repository key
  243. wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | apt-key add -
  244. wget -q https://www.virtualbox.org/download/oracle_vbox.asc -O- | apt-key add -
  245.  
  246. #Update apt packages
  247. apt-get update -y
  248.  
  249. #Install virtualbox
  250. apt-get install virtualbox-5.1 -y
  251.  
  252. #Install dkms package
  253. apt-get install dkms -y
  254.  
  255. }
  256.  
  257. function create_cuckoo_user
  258. {
  259.  
  260. echo -e '\e[35m[+] Creating Cuckoo User \e[0m'
  261.  
  262. #Creates cuckoo system user
  263. adduser --system cuckoo >/dev/null 2>&1
  264. usermod -L cuckoo
  265. usermod -a -G kvm cuckoo
  266. usermod -a -G libvirtd cuckoo
  267. usermod -a -G cuckoo $USER
  268. }
  269.  
  270. function cuckoo_mod
  271. {
  272.  
  273. echo -e '\e[35m[+] Installing Modified Version of Cuckoo \e[0m'
  274.  
  275. #Option to install modified cuckoo version
  276. su - cuckoo <<EOF
  277. cd
  278. wget https://bitbucket.org/mstrobel/procyon/downloads/procyon-decompiler-0.5.30.jar >/dev/null 2>&1
  279. git clone https://github.com/doomedraven/cuckoo-modified.git >/dev/null 2>&1
  280. mkdir vmshared
  281. cp cuckoo-modified/agent/agent.py vmshared/agent.pyw
  282. EOF
  283.  
  284. chmod ug=rwX,o=rX /home/cuckoo/vmshared
  285. mv /home/cuckoo/cuckoo-modified $cuckoo_path/cuckoo
  286. pip install -r $cuckoo_path/cuckoo/requirements.txt >/dev/null 2>&1
  287. cp /tmp/gen-configs/suricata-cuckoo.yaml /etc/suricata/suricata-cuckoo.yaml
  288.  
  289. echo -e '\e[93m [+] Installing Signatures \e[0m'
  290.  
  291. su - cuckoo <<EOF
  292. cd $cuckoo_path/cuckoo/utils
  293. ./community.py -afw >/dev/null 2>&1
  294. EOF
  295.  
  296. echo -e '\e[93m [+] Modifying Config \e[0m'
  297.  
  298. sed -i -e "s@connection =@connection = postgresql://cuckoo:$passwd\@localhost:5432/cuckoo@" $cuckoo_path/cuckoo/conf/cuckoo.conf
  299.  
  300. chown -R cuckoo:cuckoo $cuckoo_path/cuckoo
  301. }
  302.  
  303. function cuckoo_orig
  304. {
  305.  
  306. echo -e '\e[35m[+] Installing Mainstream Version of Cuckoo \e[0m'
  307.  
  308. #Option to install original cuckoo version
  309. su - cuckoo <<EOF
  310. cd
  311. wget https://bitbucket.org/mstrobel/procyon/downloads/procyon-decompiler-0.5.30.jar
  312. git clone https://github.com/cuckoosandbox/cuckoo.git
  313. mkdir vmshared
  314. cp cuckoo/agent/agent.py vmshared/agent.pyw
  315. EOF
  316.  
  317. chmod ug=rwX,o=rX /home/cuckoo/vmshared
  318. mv /home/cuckoo/cuckoo $cuckoo_path/cuckoo
  319. pip install -r $cuckoo_path/cuckoo/requirements.txt
  320. cp /tmp/gen-configs/suricata-cuckoo.yaml /etc/suricata/suricata-cuckoo.yaml
  321.  
  322. echo -e '\e[35m[+] Installing Cuckoo Signatures \e[0m'
  323.  
  324. su - cuckoo <<EOF
  325. cd $cuckoo_path/cuckoo/utils
  326. ./community.py -afw
  327. EOF
  328.  
  329. echo -e '\e[35m[+] Modifing Cuckoo Config \e[0m'
  330.  
  331. sed -i -e "s@connection =@connection = postgresql://cuckoo:$passwd\@localhost:5432/cuckoo@" $cuckoo_path/cuckoo/conf/cuckoo.conf
  332.  
  333. chown -R cuckoo:cuckoo $cuckoo_path/cuckoo
  334. }
  335.  
  336. function nginx
  337. {
  338.  
  339. echo -e '\e[35m[+] Installing Nginx \e[0m'
  340.  
  341. #Install nginx
  342. apt-get install nginx apache2-utils -y >/dev/null 2>&1
  343.  
  344. echo -e '\e[93m [+] Configuring \e[0m'
  345.  
  346. #Remove default nginx configuration
  347. rm /etc/nginx/sites-enabled/default
  348.  
  349. #Create cuckoo web server config
  350. cp /tmp/gen-configs/nginx_config /etc/nginx/sites-available/cuckoo
  351.  
  352. #Modify nginx IP for web interface
  353. sed -i -e "s@listen IP_Address\:443@listen $my_ip\:443@" /etc/nginx/sites-available/cuckoo
  354. sed -i -e "s@listen IP_Address\:80@listen $my_ip\:80@" /etc/nginx/sites-available/cuckoo
  355. sed -i -e "s@listen IP_Address\:4343@listen $my_ip\:4343@" /etc/nginx/sites-available/cuckoo
  356. sed -i -e "s@allow IP_Address@allow $my_ip@" /etc/nginx/sites-available/cuckoo
  357.  
  358. #Enable cuckoo nginx config
  359. ln -s /etc/nginx/sites-available/cuckoo /etc/nginx/sites-enabled/cuckoo
  360.  
  361. }
  362.  
  363. function self_ssl
  364. {
  365.  
  366. echo -e '\e[93m [+] Creating Self-Signed SSL Certificate \e[0m'
  367.  
  368. #Create ssl key folder
  369. mkdir /etc/nginx/ssl
  370.  
  371. #Generate self-signed certificate
  372. openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/cuckoo.key -out /etc/nginx/ssl/cuckoo.crt -subj "/C=XX/ST=XX/L=XX/O=IT/CN=$my_ip" >/dev/null 2>&1
  373.  
  374. echo -e '\e[93m [+] Generating Diffie-Hellman (DH) Parameters (this will take some time) \e[0m'
  375.  
  376. #Generate Diffie-Hellman (DH) parameters. This takes a long time!
  377. openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048 >/dev/null 2>&1
  378.  
  379. #Secure SSL keys
  380. chown -R root:www-data /etc/nginx/ssl
  381. chmod -R u=rX,g=rX,o= /etc/nginx/ssl
  382.  
  383. #Restart nginx
  384. service nginx restart
  385.  
  386. }
  387.  
  388. function misc_apps
  389. {
  390.  
  391. echo -e '\e[35m[+] Installing Inetsim \e[0m'
  392.  
  393. #Install inetsim
  394. cd /tmp
  395. wget http://www.inetsim.org/debian/binary/inetsim_1.2.5-1_all.deb >/dev/null 2>&1
  396.  
  397. #Install additional inetsim dependencies
  398. apt-get install libcgi-fast-perl libcgi-pm-perl libdigest-hmac-perl libfcgi-perl libio-multiplex-perl libio-socket-inet6-perl libipc-shareable-perl libnet-cidr-perl libnet-dns-perl libnet-ip-perl libnet-server-perl libsocket6-perl liblog-log4perl-perl -y >/dev/null 2>&1
  399. dpkg -i inetsim_1.2.5-1_all.deb >/dev/null 2>&1
  400.  
  401. #Copy default inetsim config
  402. cp /tmp/gen-configs/inetsim.conf /etc/inetsim/inetsim.conf
  403.  
  404. #Enable inetsim in default config
  405. sed -i -e 's@ENABLED=0@ENABLED=1@' /etc/default/inetsim
  406.  
  407. #Restart inetsim
  408. service inetsim restart
  409.  
  410. echo -e '\e[35m[+] Installing Tor Proxy \e[0m'
  411.  
  412. #Install tor
  413. apt-get install tor -y >/dev/null 2>&1
  414.  
  415. #Copy default tor config
  416. cp /tmp/gen-configs/torrc /etc/tor/torrc
  417.  
  418. #Restart tor
  419. service tor restart
  420.  
  421. echo -e '\e[35m[+] Installing Privoxy \e[0m'
  422.  
  423. #Install Privoxy
  424. apt-get install privoxy -y >/dev/null 2>&1
  425.  
  426. #Copy default privoxy config
  427. cp /tmp/gen-configs/privoxy_config /etc/privoxy/config
  428.  
  429. #Restart privoxy
  430. service privoxy restart
  431.  
  432. echo -e '\e[35m[+] Installing Routetor \e[0m'
  433.  
  434. #Install cuckoo scripts to utilize tor
  435. cd /opt
  436. git clone https://github.com/seanthegeek/routetor.git >/dev/null 2>&1
  437. cd routetor
  438. cp *tor* /usr/sbin
  439. /usr/sbin/routetor &
  440.  
  441. echo -e '\e[35m[+] Installing Vsftpd \e[0m'
  442.  
  443. #Create public accessible folder
  444. mkdir /home/cuckoo/vmshared/pub
  445. chown cuckoo:cuckoo /home/cuckoo/vmshared/pub
  446. chmod 777 /home/cuckoo/vmshared/pub
  447.  
  448. #Install vsftpd
  449. apt-get install vsftpd -y >/dev/null 2>&1
  450.  
  451. #Copy vsftpd config file
  452. cp /tmp/gen-configs/vsftpd.conf /etc/vsftpd.conf
  453.  
  454. #Restart vsftpd
  455. service vsftpd restart
  456.  
  457. }
  458.  
  459. function startup_script
  460. {
  461.  
  462. echo -e '\e[35m[+] Creating Startup Script for Cuckoo \e[0m'
  463.  
  464. #Install gunicorn
  465. pip install gunicorn >/dev/null 2>&1
  466.  
  467. #Copy default startup script
  468. if [ "$machine" = 'virtualbox' ]; then
  469. echo -e '\e[96m [+] Startup Script Set for VirtualBox \e[0m'
  470. cp /tmp/virtualbox-configs/cuckooboot /usr/sbin/cuckooboot
  471. else
  472. echo -e '\e[93m [+] Startup Script Set for KVM \e[0m'
  473. cp /tmp/kvm-configs/cuckooboot /usr/sbin/cuckooboot
  474. fi
  475.  
  476. chmod +x /usr/sbin/cuckooboot
  477.  
  478. #Modify startup script to fit cuckoo install location
  479. sed -i -e "s@CUCKOO_PATH="/opt/cuckoo"@CUCKOO_PATH="$cuckoo_path/cuckoo"@" /usr/sbin/cuckooboot
  480.  
  481. #Add startup crontab entries
  482. (crontab -l -u cuckoo; echo "46 * * * * /usr/sbin/etupdate")| crontab -u cuckoo -
  483. (crontab -l -u cuckoo; echo "@reboot /usr/sbin/routetor")| crontab -u cuckoo -
  484. (crontab -l -u cuckoo; echo "@reboot /usr/sbin/cuckooboot")| crontab -u cuckoo -
  485.  
  486. #Run cuckoo
  487. #/usr/sbin/cuckooboot
  488.  
  489. echo -e '\e[35m[+] Installation Complete! \e[0m'
  490.  
  491. }
  492.  
  493.  
  494. if [ "$1" = '-h' ]; then
  495. usage
  496. fi
  497.  
  498. #Check if script was run as root
  499. if [ $EUID -ne 0 ]; then
  500. echo 'This script must be run as root'
  501. exit 1
  502. fi
  503.  
  504. if [ "$4" = 'virtualbox' ]; then
  505.  
  506. deps
  507. postgres
  508. virtualbox
  509. create_cuckoo_user
  510. cuckoo_mod
  511. nginx
  512. self_ssl
  513. misc_apps
  514. startup_script
  515.  
  516. else
  517.  
  518. deps
  519. postgres
  520. kvm
  521. create_cuckoo_user
  522. cuckoo_mod
  523. nginx
  524. self_ssl
  525. misc_apps
  526. startup_script
  527. fi
  528.  
  529. exit 0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!