Thug is a Python low-interaction honeyclient aimed at mimicking the behaviour of a web browser in order to detect and emulate malicious contents. It based on Python + V8 JS engine. You can go to the website or google to understands more about this awesome application.
So, here I share to you a script that automate the building and compiling Thug honeypot + V8 on Ubuntu machine:
#!/bin/bash
#Install some dependencies for the building process
sudo apt-get install -y autoconf build-essential git-core scons subversion libboost-dev libboost-python-dev libboost-thread-dev libboost-system-dev libtool mongodb python-bs4 python-chardet python-cssutils python-dev python-html5lib python-httplib2 python-zope.interface python-pymongo python-pefile python-setuptoolssudo easy_install beautifulsoup4
#Obtaining libemu via Git
cd /tmp/
git clone git://git.carnivore.it/libemu.git#Configure and install
cd /tmp/libemu/
autoreconf -v -i
./configure –enable-python-bindings –prefix=/opt/libemu
sudo make install
sudo ldconfig -n /opt/libemu/lib#Obtaining pylibemu via Git
cd /tmp/
git clone https://github.com/buffer/pylibemu.git#Build and install
cd /tmp/pylibemu/
sudo sh -c “echo /opt/libemu/lib > /etc/ld.so.conf.d/pylibemu.conf”
python setup.py build
sudo python setup.py install#Obtain the codes via svn and git
cd ~
git clone https://github.com/buffer/thug.git
cd ~/thug/
svn checkout http://v8.googlecode.com/svn/trunk/ v8#Apply the Thug’s patch for V8
cp patches/V8-patch* .
patch -p0 < V8-patch1.diff
rm V8-patch*#Build and compile python wrapper for V8. This process will compile the V8 engine at the same time
cd /tmp/
svn checkout http://pyv8.googlecode.com/svn/trunk/ pyv8
export V8_HOME=$HOME/thug/v8
cd pyv8
python setup.py build
sudo python setup.py install
I really appreciate if you can share with me your experience using this software in production/real-life. 🙂
I get an error when running the bash script.
Checking .pth file support in /usr/local/lib/python2.7/dist-packages/
/usr/bin/python -E -c pass
TEST PASSED: /usr/local/lib/python2.7/dist-packages/ appears to support .pth files
running bdist_egg
running egg_info
creating PyV8.egg-info
writing requirements to PyV8.egg-info/requires.txt
writing PyV8.egg-info/PKG-INFO
writing top-level names to PyV8.egg-info/top_level.txt
writing dependency_links to PyV8.egg-info/dependency_links.txt
writing manifest file ‘PyV8.egg-info/SOURCES.txt’
reading manifest template ‘MANIFEST.in’
writing manifest file ‘PyV8.egg-info/SOURCES.txt’
installing library code to build/bdist.linux-x86_64/egg
running install_lib
running build_py
running build_ext
building ‘_PyV8’ extension
gcc -pthread -fno-strict-aliasing -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -fPIC -DBOOST_PYTHON_STATIC_LIB -DV8_NATIVE_REGEXP -DENABLE_DEBUGGER_SUPPORT -DV8_TARGET_ARCH_X64 -I/tmp/pyv8/build/v8/include -I/tmp/pyv8/build/v8 -I/tmp/pyv8/build/v8/src -I/usr/local/include -I/usr/include/python2.7 -c src/Utils.cpp -o build/temp.linux-x86_64-2.7/src/Utils.o -Wno-write-strings
cc1plus: warning: command line option ‘-Wstrict-prototypes’ is valid for Ada/C/ObjC but not for C++ [enabled by default]
In file included from src/Utils.cpp:5:0:
src/Utils.h:57:16: fatal error: v8.h: No such file or directory
compilation terminated.
May I know which OS that you use?
Have you update & upgrade the OS?
Have you install the gcc, g++ compiler?
Have you install the required dependencies?
Or maybe you can try install this:
apt-get install python-dev