-
Notifications
You must be signed in to change notification settings - Fork 15
Expand file tree
/
Copy pathinstall.sh
More file actions
144 lines (117 loc) · 7.09 KB
/
install.sh
File metadata and controls
144 lines (117 loc) · 7.09 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
#!/bin/bash
#
# Automatically deploy a Cuckoo sandbox
# Author: s4kur4
# https://github.com/S4kur4/AutoDeployCuckoo
# https://0x0c.cc/2020/03/19/Install-a-Cuckoo-Sandbox-in-12-steps
function updateDependencies() {
# Update system dependencies
sudo apt-get update -y && sudo apt-get upgrade -y
# https://askubuntu.com/questions/339790/how-can-i-prevent-apt-get-aptitude-from-showing-dialogs-during-installation/340846
echo iptables-persistent iptables-persistent/autosave_v4 boolean true | sudo debconf-set-selections
echo iptables-persistent iptables-persistent/autosave_v6 boolean true | sudo debconf-set-selections
}
function installCuckooDependencies() {
# Install basic system dependencies
sudo apt-get install -y vim curl net-tools htop python python-pip python-dev libffi-dev libssl-dev python-virtualenv python-setuptools python-magic python-libvirt ssdeep libjpeg-dev zlib1g-dev swig mongodb postgresql libpq-dev build-essential git libpcre3 libpcre3-dev libpcre++-dev libfuzzy-dev automake make libtool gcc tcpdump dh-autoreconf flex bison libjansson-dev libmagic-dev libyaml-dev libpython2.7-dev tcpdump apparmor-utils iptables-persistent
# Install virtualbox 6.1.2
wget https://download.virtualbox.org/virtualbox/6.1.2/virtualbox-6.1_6.1.2-135662~Ubuntu~bionic_amd64.deb -O /tmp/virtualbox-6.1_6.1.2-135662_Ubuntu_bionic_amd64.deb
sudo dpkg -i /tmp/virtualbox-6.1_6.1.2-135662_Ubuntu_bionic_amd64.deb
sudo apt install -f -y
sudo pip install --upgrade pip
# Install Python dependencies
sudo pip install sqlalchemy==1.3.3 pefile==2019.4.18 pyrsistent==0.14.1 dpkt==1.8.7 jinja2==2.9.6 pymongo==3.0.3 bottle==0.12.21 yara-python==3.6.3 requests==2.13.0 python-dateutil==2.4.2 chardet==2.3.0 setuptools==44.1.1 psycopg2==2.8.6 pycrypto==2.6.1 pydeep==0.4 distorm3==3.5.2 cryptography==3.3.2 cffi==1.15.1
sudo pip install cuckoo==2.0.7 weasyprint==0.36 m2crypto==0.38.0 openpyxl==2.6.4 ujson==2.0.3 pytz==2020.1 pyOpenSSL==21.0.0
# Reinstall werkzeug
sudo pip uninstall --yes werkzeug && sudo pip install werkzeug==0.16.1
# Install pySSDeep&yara&volatility
git clone https://github.com/bunzen/pySSDeep.git /tmp/pySSDeep && cd /tmp/pySSDeep && sudo python setup.py build && sudo python setup.py install && cd ~
wget https://github.com/VirusTotal/yara/archive/v3.7.1.tar.gz -O /tmp/v3.7.1.tar.gz && tar -xzvf /tmp/v3.7.1.tar.gz -C /tmp && cd /tmp/yara-3.7.1 && sudo ./bootstrap.sh && sudo ./configure --with-crypto --enable-cuckoo --enable-magic && sudo make && sudo make install && cd ~
git clone https://github.com/volatilityfoundation/volatility.git /tmp/volatility && cd /tmp/volatility && sudo python ./setup.py build && sudo python ./setup.py install && cd ~
}
function downloadAgent() {
# Install gdown
sudo pip install gdown --no-use-pep517
# Agent.ova is a Windows7 (x86) virtual machine and used to be an Cuckoo agent
url="https://drive.google.com/u/0/uc?id=1uGxNwvSuSIhokeuX9N61D8VtyFDoK0-2&export=download"
# Download from google drive
gdown --speed=50MB $url -O /tmp/Agent.ova
}
function configureVirtualbox() {
# Create hostonly ethernet adapter
vboxmanage hostonlyif create && vboxmanage hostonlyif ipconfig vboxnet0 --ip 192.168.56.1 --netmask 255.255.255.0
# Change the default storage directory and permission
sudo mkdir /data && sudo mkdir /data/VirtualBoxVms && sudo chmod 777 /data/VirtualBoxVms
vboxmanage setproperty machinefolder /data/VirtualBoxVms
# Import Agent.ova and take a snapshot
vboxmanage import $1 && vboxmanage modifyvm "Agent" --name "cuckoo1" && vboxmanage startvm "cuckoo1" --type headless
sleep 3m
vboxmanage snapshot "cuckoo1" take "snap1" && vboxmanage controlvm "cuckoo1" poweroff
}
function configureNetwork() {
# Configure tcpdump
sudo aa-disable /usr/sbin/tcpdump && sudo setcap cap_net_raw,cap_net_admin=eip /usr/sbin/tcpdump
# Open Ip forwarding
sudo iptables -A FORWARD -i vboxnet0 -s 192.168.56.0/24 -m conntrack --ctstate NEW -j ACCEPT && sudo iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT && sudo iptables -A POSTROUTING -t nat -j MASQUERADE
sudo sed -i "s/#net.ipv4.ip_forward=/net.ipv4.ip_forward=/g" /etc/sysctl.conf
# Configuration persistence
sudo sysctl -p /etc/sysctl.conf && sudo netfilter-persistent save
# Configure system DNS
sudo sed -i "s/127.0.0.53/8.8.8.8/g" /etc/resolv.conf
}
function configCuckoo() {
# initialize cuckoo
sudo service mongodb start && cuckoo && cuckoo community
# Add Agent to cuckoo
cuckoo machine --delete cuckoo1 && cuckoo machine --add cuckoo1 192.168.56.5 --platform windows --snapshot snap1
# open MongoDB and VirusTotal
sed "45d" ~/.cuckoo/conf/reporting.conf > ~/.cuckoo/conf/tmp.conf && sed -i "/mongodb]/a\enabled = yes" ~/.cuckoo/conf/tmp.conf && rm -rf ~/.cuckoo/conf/reporting.conf && mv ~/.cuckoo/conf/tmp.conf ~/.cuckoo/conf/reporting.conf
sed "148d" ~/.cuckoo/conf/processing.conf > ~/.cuckoo/conf/tmp.conf && sed -i "/virustotal]/a\enabled = yes" ~/.cuckoo/conf/tmp.conf && rm -rf ~/.cuckoo/conf/processing.conf && mv ~/.cuckoo/conf/tmp.conf ~/.cuckoo/conf/processing.conf
}
function clearScreen() {
# clear screen
echo -e "\033[2J\033[H"
}
clearScreen
echo -e "\033[41;30m------------------------------------------------\033[0m"
echo -e "\033[41;30m Step 1: Update and upgrade system dependencies \033[0m"
echo -e "\033[41;30m------------------------------------------------\033[0m"
updateDependencies
clearScreen
echo -e "\033[41;30m------------------------------------------------\033[0m"
echo -e "\033[41;30m Step 2: Install and update Cuckoo dependencies \033[0m"
echo -e "\033[41;30m------------------------------------------------\033[0m"
installCuckooDependencies
clearScreen
echo -e "\033[41;30m-------------------------------------------------\033[0m"
echo -e "\033[41;30m Step 3: Download Agent.ova virtual machine file \033[0m"
echo -e "\033[41;30m-------------------------------------------------\033[0m"
downloadAgent
clearScreen
echo -e "\033[41;30m------------------------------\033[0m"
echo -e "\033[41;30m Step 4: Configure VirtualBox \033[0m"
echo -e "\033[41;30m------------------------------\033[0m"
configureVirtualbox /tmp/Agent.ova
clearScreen
echo -e "\033[41;30m---------------------------\033[0m"
echo -e "\033[41;30m Step 5: Configure Network \033[0m"
echo -e "\033[41;30m---------------------------\033[0m"
configureNetwork
clearScreen
echo -e "\033[41;30m--------------------------\033[0m"
echo -e "\033[41;30m Step 6: Configure Cuckoo \033[0m"
echo -e "\033[41;30m--------------------------\033[0m"
configCuckoo
clearScreen
echo -e "\033[41;30m-----------------------------\033[0m"
echo -e "\033[41;30m Step 7: Run Cuckoo services \033[0m"
echo -e "\033[41;30m-----------------------------\033[0m"
cuckoo &> /var/log/cuckoo.log &
cuckoo web -H 0.0.0.0 -p 8000 &> /var/log/cuckoo_web.log &
ufw allow 8000
clearScreen
echo -e "\033[42;30m--------------------------------------------------\033[0m"
echo -e "\033[42;30m Done! Cuckoo web service running on 0:0:0:0:8000 \033[0m"
echo -e "\033[42;30m Cuckoo log: /var/log/cuckoo.log \033[0m"
echo -e "\033[42;30m Cuckoo web service log: /var/log/cuckoo_web.log \033[0m"
echo -e "\033[42;30m--------------------------------------------------\033[0m"