Thug is a Python low-interaction honeyclient aimed at mimicking the behaviour of a web browser in order to detect and emulate malicious contents. It based on Python + V8 JS engine. You can go to the website or google to understands more about this awesome application.
So, here I share to you a script that automate the building and compiling Thug honeypot + V8 on Ubuntu machine:
#!/bin/bash
#Install some dependencies for the building process
sudo apt-get install -y autoconf build-essential git-core scons subversion libboost-dev libboost-python-dev libboost-thread-dev libboost-system-dev libtool mongodb python-bs4 python-chardet python-cssutils python-dev python-html5lib python-httplib2 python-zope.interface python-pymongo python-pefile python-setuptools
sudo easy_install beautifulsoup4
#Obtaining libemu via Git
cd /tmp/
git clone git://git.carnivore.it/libemu.git
#Configure and install
cd /tmp/libemu/
autoreconf -v -i
./configure –enable-python-bindings –prefix=/opt/libemu
sudo make install
sudo ldconfig -n /opt/libemu/lib
#Obtaining pylibemu via Git
cd /tmp/
git clone https://github.com/buffer/pylibemu.git
#Build and install
cd /tmp/pylibemu/
sudo sh -c “echo /opt/libemu/lib > /etc/ld.so.conf.d/pylibemu.conf”
python setup.py build
sudo python setup.py install
#Obtain the codes via svn and git
cd ~
git clone https://github.com/buffer/thug.git
cd ~/thug/
svn checkout http://v8.googlecode.com/svn/trunk/ v8
#Apply the Thug’s patch for V8
cp patches/V8-patch* .
patch -p0 < V8-patch1.diff
rm V8-patch*
#Build and compile python wrapper for V8. This process will compile the V8 engine at the same time
cd /tmp/
svn checkout http://pyv8.googlecode.com/svn/trunk/ pyv8
export V8_HOME=$HOME/thug/v8
cd pyv8
python setup.py build
sudo python setup.py install
I really appreciate if you can share with me your experience using this software in production/real-life. 🙂Â
Like this:
Like Loading...