-
Notifications
You must be signed in to change notification settings - Fork 11
/
INSTALL
135 lines (82 loc) · 3.03 KB
/
INSTALL
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
Requirement: Follow these steps: (tested on Mint 15 32bit edition but should work on all debian 32bit based distributions)
Commands:
#sudo su
=>install python
#apt-get install python
=>install make
#apt-get install make
=>install nano
#apt-get install nano
=>install git
#apt-get install git
=>copy the folder to local disk using git
#git clone https://github.com/Masood-M/yalih.git
#cd yalih
=>JSbeautifier
from the terminal, in the honeypot folder, run the following commands:
#cd jsbeautifier
#python setup.py build
#python setup.py install
=>install rhino
#sudo apt-get install rhino
=>install ClamAV
#sudo apt-get install clamav
=>install Yara
yara requires:
#apt-get install g++ autoconf automake libtool python-dev libpcre3-dev libpcre3 flex bison
#pip install psutil
#pip install tldextract
Yara 2.0
#cd req
#tar -xzvf yara-2.0.0.tar.gz
#cd yara-2.0.0
#./build.sh
#sudo make install
Yara 1.7
#./configure
#make
#make install
=>install yara for python
yara folder contains another folder called yara-python.
#cd yara-python
#python setup.py build
#python setup.py install
#echo "/usr/local/lib" >> /etc/ld.so.conf
#ldconfig
=>install easy_install
#apt-get install python-setuptools
=>install python lxml
#apt-get install python-lxml
=>install python-magic
#pip install python-magic
or
get the python-magic egg link for your python version from the website: https://pypi.python.org/pypi/python-magic/
and run the following command:
#easy_install (your link)
=============================================================================
Running the honeypot
Before using the honeypot, make sure you update the signatures by running the following command. This may take a while!
#python honeypot.py update
=>Running the honeypot
#python honeypot.py --url www.yahoo.com
#python honeypot.py --file /opt/somefile-that-contains-a-list-of-suspecious-URLs.txt
for more information run:
#python honeypot.py --help
=>Running the honeypot with monitoring
#python honeypotMonitor --url www.yahoo.com
#python honeypotMonitor.py --file /opt/somefile-that-contains-a-list-of-suspecious-URLs.txt
HoneypotMonitor accepts the same argurements as the original honeypot.py
=>Report Generator Scripts (Inside scripts folder)
1) Extracts and appends connection refused links to connectionrefused.txt
#python extractconnectionrefuse.py sample.log
2) Extracts and appends forbidden links to forbidden.txt
#python extractforbidden.py sample.log
3) Extracts and appends redirection links to links.txt
#python redirectionlinks.py /home/user/yalih/debug /home/user/yalih/links.txt
4) Compares the differences between two log files
#python comparelog.py file1.log file2.log
=============================================================================
*** Scan log files are stored in the "scanlogs" folder.
*** you can get extra information about redirections, fobideen sites and error messages in the debug folder (debug files are stored based on the date and time of scan)
*** certain aspects of the honeyclient can be configure from the honeypotconfig.py file
Cheers