Advertisement
opexxx

mastiff_installer.sh

May 26th, 2015
380
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 10.81 KB | None | 0 0
  1. #!/usr/bin/env bash
  2.  
  3. # mastiff_installer.sh
  4. # v1.0 (3/01/2015)
  5. # Installs MASTIFF for Ubuntu Linux with one command.
  6. # Run this script from the directory in which you'd like to install MASTIFF.
  7. # Tested on stock Ubuntu 12.04 + 14.04
  8. #
  9.  
  10. # Original script copyright (C) 2014 4n6k (4n6k.dan@gmail.com)
  11. # Modified by Zod for MASTIFF (2015)
  12. #
  13. # This program is free software; you can redistribute it and/or
  14. # modify it under the terms of the GNU General Public License
  15. # as published by the Free Software Foundation; either version 2
  16. # of the License, or (at your option) any later version.
  17. #
  18. # This program is distributed in the hope that it will be useful,
  19. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  20. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  21. # GNU General Public License for more details.
  22. #
  23. # You should have received a copy of the GNU General Public License
  24. # along with this program; if not, write to the Free Software
  25. # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
  26.  
  27. # Define constants
  28. PROGNAME="${0}"
  29. INSTALL_DIR="${1}"
  30. SETUP_DIR="${INSTALL_DIR}"/"mastiff_setup"
  31. LOGFILE="${SETUP_DIR}"/"install_mastiff.log"
  32. ARCHIVES=('disitool_v0_3.zip' 'distorm3.zip' 'pdfid_v0_2_1.zip' \
  33.           'pdf-parser_V0_6_0.zip' 'pefile-1.2.10-139.tar.gz' \
  34.           '0.2.tar.gz' 'pyOLEScanner.zip' 'v3.6.5.tar.gz' \
  35.           'ssdeep-2.11.1.tar.gz' 'trid_linux_64.zip' \
  36.       'v3.3.0.tar.gz' 'officedissector.zip' 'mastiff-0.6.0.tar.gz' )
  37. HASHES=('aef923f49e53c7c2194058f34a73b293d21448deb7e2112819fc1b3b450347b8' \
  38.         'd311d232e108def8acac0d4f6514e7bc070e37d7aa123ab9a9a05b9322321582' \
  39.         'f1b4728dd2ce455b863b930e12c6dec952cb95c0bb3d6924136a6e49aca877c2' \
  40.         '8902abe1a9bdb61887d501546ccf333724bcf7b3e3e02ce2541bc311ad8e98df' \
  41.         '8b7c5d853c97a923d0f6e128d0ae76b962aa75fd608d552f5a32e46276908a16' \
  42.         'df854e4ec8677b8b5f59d6492ce0810a1efd3aa2ab8e67e0d480d8ce9d293f00' \
  43.         '82a1e5bc6ee03055862c4b0fc745c5b6300dc8bdaa6dc3d62bea4a4a7d886905' \
  44.         '9df4baeba729e58a281db852afb8d8b26616017619811b3d40aab52afa3ea78d' \
  45.         'a632ac30fca29ad5627e1bf5fae05d9a8873e6606314922479259531e0c19608' \
  46.         '09a253e54b138fa0d996a6797333ca26e67d618a25a0974287b39425caa1ed6a' \
  47.         'e5f4359082e35ff00ee94af9ee897bb0ab18abf49a2c4fe45968d7a848e5bd83' \
  48.         'fd20492fa422bc9456274a11c89963e6d38c0e81db770b2066cfd3f1521b54f9' \
  49.         'fb935be8210a7b4a309aae2b9c545f9dc46191d4b80f745584885db0c0db4cef' )
  50.  
  51. # Program usage dialog
  52. usage() {
  53.   echo -e "\nHere is an example of how you should run this script:"
  54.   echo -e "  > sudo bash ${PROGNAME} /home/$USER"
  55.   echo -e "Result: Mastiff will be installed to /home/$USER/mastiff"
  56.   echo -e "***NOTE*** Be sure to use a FULL PATH for the install directory.\n"
  57. }
  58.  
  59. # Usage check; determine if usage should be printed
  60. chk_usage() {
  61.   if [[ "${INSTALL_DIR}" =~ ^(((-{1,2})([Hh]$|[Hh][Ee][Ll][Pp]$))|$) ]]; then
  62.     usage ; exit 1
  63.   elif ! [[ "${INSTALL_DIR}" =~ ^/.*+$ ]]; then
  64.     usage ; exit 1
  65.   else
  66.     :
  67.   fi
  68. }
  69.  
  70. # Status header for script progress
  71. status() {
  72.   echo ""
  73.   phantom "===================================================================="
  74.   phantom "#  ${*}"
  75.   phantom "===================================================================="
  76.   echo ""
  77. }
  78.  
  79. # Setup for initial installation environment
  80. setup() {
  81.   if [[ -d "${SETUP_DIR}" ]]; then
  82.     echo "" ; touch "${LOGFILE}"
  83.     phantom "Setup directory already exists. Skipping..."
  84.   else
  85.     mkdir -p "${SETUP_DIR}" ; touch "${LOGFILE}"
  86.     echo "/usr/local/lib" >> /etc/ld.so.conf.d/mastiff.conf
  87.   fi
  88.   cd "${SETUP_DIR}"
  89. }
  90.  
  91. # Download Mastiff and its dependencies
  92. download() {
  93.   if [[ -a "${ARCHIVES[7]}" && $(shasum -a 256 "${ARCHIVES[7]}" | cut -d' ' -f1) \
  94.     == "${HASHES[7]}" ]]; then
  95.       phantom "Files already downloaded. Skipping..."
  96.   else
  97.     phantom "This will take a while. Tailing install_mastiff.log for progress..."
  98.     tail_log
  99.     wget -o "${LOGFILE}" \
  100.       "https://didierstevens.com/files/software/disitool_v0_3.zip" \
  101.       "https://distorm.googlecode.com/files/distorm3.zip" \
  102.       "https://didierstevens.com/files/software/pdfid_v0_2_1.zip" \
  103.       "https://didierstevens.com/files/software/pdf-parser_V0_6_0.zip" \
  104.       "https://pefile.googlecode.com/files/pefile-1.2.10-139.tar.gz" \
  105.       "https://github.com/kbandla/pydeep/archive/0.2.tar.gz" \
  106.       "https://github.com/Evilcry/PythonScripts/raw/master/pyOLEScanner.zip" \
  107.       "https://github.com/simplejson/simplejson/archive/v3.6.5.tar.gz" && \
  108.       wget -o "${LOGFILE}" -O ssdeep-2.11.1.tar.gz "http://sourceforge.net/projects/ssdeep/files/ssdeep-2.11.1/ssdeep-2.11.1.tar.gz/download" && \
  109.       wget -o "${LOGFILE}" "http://mark0.net/download/triddefs.zip" \
  110.       "http://mark0.net/download/trid_linux_64.zip" \
  111.       "https://github.com/plusvic/yara/archive/v3.3.0.tar.gz" && \
  112.       wget -o "${LOGFILE}" -O officedissector.zip "https://github.com/grierforensics/officedissector/archive/master.zip" && \
  113.       wget -o "${LOGFILE}" "https://www.korelogic.com/Resources/Tools/mastiff-0.6.0.tar.gz"
  114.     kill_tail
  115.   fi
  116. }
  117.  
  118. # Verify sha256 hashes of the downloaded archives
  119. verify() {
  120.   local index=0
  121.   for hard_sha256 in "${HASHES[@]}"; do
  122.     local archive ; archive="${ARCHIVES[$index]}"
  123.     local archive_sha256 ; archive_sha256=$(shasum -a 256 "${archive}" | cut -d' ' -f1)
  124.     if [[ "$hard_sha256" == "$archive_sha256" ]]; then
  125.       phantom "= Hash MATCH for ${archive}."
  126.       let "index++"
  127.     else
  128.       phantom "= Hash MISMATCH for ${archive}. Exiting..."
  129.       exit 0
  130.     fi
  131.   done
  132. }
  133.  
  134. # Extract the downloaded archives
  135. extract() {
  136.   sudo apt-get update && sudo apt-get install unzip -y --force-yes && unzip triddefs.zip
  137.   for archive in "${ARCHIVES[@]}"; do
  138.     local ext ; ext=$(echo "${archive}" | sed 's|.*\.||')
  139.     if [[ "${ext}" =~ ^(tgz|gz)$ ]]; then
  140.       tar -xvf "${archive}"
  141.     elif [[ "${ext}" == "zip" ]]; then
  142.       unzip "${archive}"
  143.     else
  144.       :
  145.     fi
  146.   done
  147. } >>"${LOGFILE}"
  148.  
  149. # Install Mastiff and its dependencies
  150. install() {
  151.   # Python
  152.     aptget_install
  153.   # distorm3
  154.     cd distorm3 && py_install
  155.   # pefile
  156.     cd pefile-1.2.10-139 && py_install
  157.   # ssdeep
  158.     cd ssdeep-2.11.1 && make_install
  159.   # pydeep
  160.     cd pydeep-0.2 && py_install
  161.   # simplejson
  162.     cd simplejson-3.6.5 && py_install
  163.   # OfficeDissector
  164.     cd officedissector-master && py_install
  165.   # yara + yara-python
  166.     cd yara-3.3.0 && chmod +x bootstrap.sh && ./bootstrap.sh && \
  167.       ./configure --enable-magic ; make ; make install;
  168.     cd yara-python && py_install && ldconfig && cd "${SETUP_DIR}"
  169.   # SIFT 3.0 check + fix
  170.     sift_fix
  171.   # Mastiff
  172.     chmod +x disitool.py; cp -v "$PWD"/disitool.py /usr/local/bin/
  173.     chmod +x pdfid.py; cp -v "$PWD"/pdfid.py /usr/local/bin/
  174.     chmod +x pdf-parser.py; cp -v "$PWD"/pdf-parser.py /usr/local/bin/
  175.     chmod +x pyOLEScanner/pyOLEScanner.py; cp -vr "$PWD"/pyOLEScanner /usr/local/src/
  176.     chmod +x trid; cp -v "$PWD"/trid /usr/local/bin/
  177.     cp -v "$PWD"/triddefs.trd /usr/local/etc/
  178.     mkdir -p /usr/local/etc/yara
  179.     wget https://malwarecookbook.googlecode.com/svn-history/r3/trunk/3/5/capabilities.yara
  180.     wget -O readme https://api.github.com/repos/Yara-Rules/rules/contents && grep "download_url" readme | awk '{print $2}' | grep \.yar | sed s/,//g | xargs -I% wget %
  181.     rename 's/\.yar/\.yara/' "$SETUP_DIR"/*.yar
  182.     mv "$SETUP_DIR"/*.yara /usr/local/etc/yara/
  183.     sed -i '182s/\+//' /usr/local/etc/yara/malicious_document.yara
  184.     mv -f mastiff-0.6.0 .. ; cd ../mastiff-0.6.0 && chmod +x mas.py
  185.     mv "$SETUP_DIR"/officedissector-master/mastiff-plugins/* "$INSTALL_DIR"/mastiff-0.6.0/plugins/Office/
  186.     sudo sed -i '1s|^|#!/usr/bin/python\n|' /usr/local/src/pyOLEScanner/pyOLEScanner.py
  187.     sudo chmod 755 /usr/local/src/pyOLEScanner/pyOLEScanner.py
  188.     ln -f -s /usr/local/src/pyOLEScanner/pyOLEScanner.py /usr/local/bin/
  189.     ln -f -s  "${PWD}"/mas.py /usr/local/bin/mas.py
  190.     sed -i "/^log_dir/ s|\/work|\/workdir|" "$INSTALL_DIR"/mastiff-0.6.0/mastiff.conf
  191.     sed -i "/^plugin_dir/ s|\.\/plugins|"$INSTALL_DIR"\/mastiff-0.6.0\/plugins|" "$INSTALL_DIR"/mastiff-0.6.0/mastiff.conf
  192.     sed -i "/^trid\ \=\ / s|\.\/trid|\/usr\/local\/bin|" "$INSTALL_DIR"/mastiff-0.6.0/mastiff.conf
  193.     sed -i "/^trid_db\ \=\ / s|\.\/trid|\/usr\/local\/etc|" "$INSTALL_DIR"/mastiff-0.6.0/mastiff.conf
  194.     sed -i "/^yara_sigs\ \=\ / s|\/usr\/local\/|&"etc"\/|" "$INSTALL_DIR"/mastiff-0.6.0/mastiff.conf
  195.     sed -i "/^disitool\ \=\ / s|"$SETUP_DIR"|\/usr\/local\/bin|" "$INSTALL_DIR"/mastiff-0.6.0/mastiff.conf    
  196.     sed -i "/^olecmd\=/ s|\/usr\/local\/src\/pyOLEScanner\/|\/usr\/local\/bin\/|" "$INSTALL_DIR"/mastiff-0.6.0/mastiff.conf
  197.     cp "$INSTALL_DIR"/mastiff-0.6.0/mastiff.conf ~/.mastiff.conf
  198.     kill_tail
  199. } &>>"${LOGFILE}"
  200.  
  201. # Shorthand for make/install routine
  202. make_install() {
  203.   ./configure; make; make install; cd ..
  204. }
  205.  
  206. # Shorthand for build/install Python routine
  207. py_install() {
  208.   python setup.py build install; cd ..
  209. }
  210.  
  211. # Log script progress graphically
  212. tail_log() {
  213.   if [[ -d /usr/bin/X11 ]]; then
  214.     xterm -e "tail -F ${LOGFILE} | sed "/kill_tail/q" && pkill -P $$ tail;" &
  215.   else
  216.   phantom "No GUI detected. Still running; not showing progress..."
  217.   fi
  218. }
  219.  
  220. # Kill the graphical script progress window
  221. kill_tail() {
  222.   echo -e "kill_tail" >> "${LOGFILE}"
  223. }
  224.  
  225. # Install required packages from APT
  226. aptget_install() {
  227.   apt-get update && \
  228.   apt-get install \
  229.     automake build-essential exiftool git libtool make python-dev python-magic \
  230.     python-lxml python-setuptools python-yapsy libmagic-dev  -y --force-yes
  231. }
  232.  
  233. # Shorthand for done message
  234. done_msg() {
  235.   phantom "Done."
  236. }
  237.  
  238. # Check for SIFT 3.0 and fix
  239. sift_fix() {
  240.   if [[ -d /usr/share/sift ]]; then
  241.     apt-get install libxml2 libxml2-dev libxslt1.1 libxslt1-dev -y --force-yes
  242.     pip install lxml --upgrade
  243.   else
  244.     :
  245.   fi
  246. }
  247.  
  248. # Text echo enhancement
  249. phantom() {
  250.   msg="${1}"
  251.     if [[ "${msg}" =~ ^=.*+$ ]]; then
  252.       speed=".01"
  253.     else
  254.       speed=".03"
  255.     fi
  256.   let lnmsg=$(expr length "${msg}")-1
  257.   for (( i=0; i <= "${lnmsg}"; i++ )); do
  258.     echo -n "${msg:$i:1}" | tee -a "${LOGFILE}"
  259.     sleep "${speed}"
  260.   done ; echo ""
  261. }
  262.  
  263. # Main program execution flow
  264. main() {
  265.   chk_usage
  266.   setup
  267.   status "Downloading Mastiff 0.6.0 and dependency source code..."
  268.     download && done_msg
  269.   status "Verifying archive hash values..."
  270.     verify && done_msg
  271.   status "Extracting archives..."
  272.     extract && done_msg
  273.   status "Installing Mastiff and dependencies..."
  274.     phantom "This will take a while. Tailing install_mastiff.log for progress..."
  275.       tail_log
  276.       install ; done_msg
  277.   status "Finished. You can now run "mas.py" from anywhere."
  278.   phantom "Mastiff location: ${PWD}"
  279.   phantom "Dependency location: ${SETUP_DIR}"
  280.   echo ""
  281. }
  282.  
  283. main "$@"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement