Thug is a Python low-interaction honeyclient aimed at mimicking the behaviour of a web browser in order to detect and emulate malicious contents. It based on Python + V8 JS engine. You can go to the website or google to understands more about this awesome application.

So, here I share to you a script that automate the building and compiling Thug honeypot + V8 on Ubuntu machine:

#!/bin/bash

#Install some dependencies for the building process
sudo apt-get install -y autoconf build-essential git-core scons subversion libboost-dev libboost-python-dev libboost-thread-dev libboost-system-dev libtool mongodb python-bs4 python-chardet python-cssutils python-dev python-html5lib python-httplib2 python-zope.interface python-pymongo python-pefile python-setuptools

sudo easy_install beautifulsoup4

#Obtaining libemu via Git
cd /tmp/
git clone git://git.carnivore.it/libemu.git

#Configure and install
cd /tmp/libemu/
autoreconf -v -i
./configure –enable-python-bindings –prefix=/opt/libemu
sudo make install
sudo ldconfig -n /opt/libemu/lib

#Obtaining pylibemu via Git
cd /tmp/
git clone https://github.com/buffer/pylibemu.git

#Build and install
cd /tmp/pylibemu/
sudo sh -c “echo /opt/libemu/lib > /etc/ld.so.conf.d/pylibemu.conf”
python setup.py build
sudo python setup.py install

#Obtain the codes via svn and git
cd ~
git clone https://github.com/buffer/thug.git
cd ~/thug/
svn checkout http://v8.googlecode.com/svn/trunk/ v8

#Apply the Thug’s patch for V8
cp patches/V8-patch* .
patch -p0 < V8-patch1.diff
rm V8-patch*

#Build and compile python wrapper for V8. This process will compile the V8 engine at the same time
cd /tmp/
svn checkout http://pyv8.googlecode.com/svn/trunk/ pyv8
export V8_HOME=$HOME/thug/v8
cd pyv8
python setup.py build
sudo python setup.py install

I really appreciate if you can share with me your experience using this software in production/real-life. 🙂 

By zam

Related Post

2 thoughts on “Script to install Thug honeypot on Ubuntu 12.04”
  1. I get an error when running the bash script.

    Checking .pth file support in /usr/local/lib/python2.7/dist-packages/
    /usr/bin/python -E -c pass
    TEST PASSED: /usr/local/lib/python2.7/dist-packages/ appears to support .pth files
    running bdist_egg
    running egg_info
    creating PyV8.egg-info
    writing requirements to PyV8.egg-info/requires.txt
    writing PyV8.egg-info/PKG-INFO
    writing top-level names to PyV8.egg-info/top_level.txt
    writing dependency_links to PyV8.egg-info/dependency_links.txt
    writing manifest file ‘PyV8.egg-info/SOURCES.txt’
    reading manifest template ‘MANIFEST.in’
    writing manifest file ‘PyV8.egg-info/SOURCES.txt’
    installing library code to build/bdist.linux-x86_64/egg
    running install_lib
    running build_py
    running build_ext
    building ‘_PyV8’ extension
    gcc -pthread -fno-strict-aliasing -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -fPIC -DBOOST_PYTHON_STATIC_LIB -DV8_NATIVE_REGEXP -DENABLE_DEBUGGER_SUPPORT -DV8_TARGET_ARCH_X64 -I/tmp/pyv8/build/v8/include -I/tmp/pyv8/build/v8 -I/tmp/pyv8/build/v8/src -I/usr/local/include -I/usr/include/python2.7 -c src/Utils.cpp -o build/temp.linux-x86_64-2.7/src/Utils.o -Wno-write-strings
    cc1plus: warning: command line option ‘-Wstrict-prototypes’ is valid for Ada/C/ObjC but not for C++ [enabled by default]
    In file included from src/Utils.cpp:5:0:
    src/Utils.h:57:16: fatal error: v8.h: No such file or directory
    compilation terminated.

  2. May I know which OS that you use?
    Have you update & upgrade the OS?
    Have you install the gcc, g++ compiler?
    Have you install the required dependencies?

    Or maybe you can try install this:
    apt-get install python-dev

Leave a Reply to zer0Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.