mastiff_installer.sh

1. #!/usr/bin/env bash
2.  
3. # mastiff_installer.sh
4. # v1.0 (3/01/2015)
5. # Installs MASTIFF for Ubuntu Linux with one command.
6. # Run this script from the directory in which you'd like to install MASTIFF.
7. # Tested on stock Ubuntu 12.04 + 14.04
8. #
9.  
10. # Original script copyright (C) 2014 4n6k (4n6k.dan@gmail.com)
11. # Modified by Zod for MASTIFF (2015)
12. #
13. # This program is free software; you can redistribute it and/or
14. # modify it under the terms of the GNU General Public License
15. # as published by the Free Software Foundation; either version 2
16. # of the License, or (at your option) any later version.
17. #
18. # This program is distributed in the hope that it will be useful,
19. # but WITHOUT ANY WARRANTY; without even the implied warranty of
20. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
21. # GNU General Public License for more details.
22. #
23. # You should have received a copy of the GNU General Public License
24. # along with this program; if not, write to the Free Software
25. # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
26.  
27. # Define constants
28. PROGNAME="${0}"
29. INSTALL_DIR="${1}"
30. SETUP_DIR="${INSTALL_DIR}"/"mastiff_setup"
31. LOGFILE="${SETUP_DIR}"/"install_mastiff.log"
32. ARCHIVES=('disitool_v0_3.zip' 'distorm3.zip' 'pdfid_v0_2_1.zip' \
33.           'pdf-parser_V0_6_0.zip' 'pefile-1.2.10-139.tar.gz' \
34.           '0.2.tar.gz' 'pyOLEScanner.zip' 'v3.6.5.tar.gz' \
35.           'ssdeep-2.11.1.tar.gz' 'trid_linux_64.zip' \
36.       'v3.3.0.tar.gz' 'officedissector.zip' 'mastiff-0.6.0.tar.gz' )
37. HASHES=('aef923f49e53c7c2194058f34a73b293d21448deb7e2112819fc1b3b450347b8' \
38.         'd311d232e108def8acac0d4f6514e7bc070e37d7aa123ab9a9a05b9322321582' \
39.         'f1b4728dd2ce455b863b930e12c6dec952cb95c0bb3d6924136a6e49aca877c2' \
40.         '8902abe1a9bdb61887d501546ccf333724bcf7b3e3e02ce2541bc311ad8e98df' \
41.         '8b7c5d853c97a923d0f6e128d0ae76b962aa75fd608d552f5a32e46276908a16' \
42.         'df854e4ec8677b8b5f59d6492ce0810a1efd3aa2ab8e67e0d480d8ce9d293f00' \
43.         '82a1e5bc6ee03055862c4b0fc745c5b6300dc8bdaa6dc3d62bea4a4a7d886905' \
44.         '9df4baeba729e58a281db852afb8d8b26616017619811b3d40aab52afa3ea78d' \
45.         'a632ac30fca29ad5627e1bf5fae05d9a8873e6606314922479259531e0c19608' \
46.         '09a253e54b138fa0d996a6797333ca26e67d618a25a0974287b39425caa1ed6a' \
47.         'e5f4359082e35ff00ee94af9ee897bb0ab18abf49a2c4fe45968d7a848e5bd83' \
48.         'fd20492fa422bc9456274a11c89963e6d38c0e81db770b2066cfd3f1521b54f9' \
49.         'fb935be8210a7b4a309aae2b9c545f9dc46191d4b80f745584885db0c0db4cef' )
50.  
51. # Program usage dialog
52. usage() {
53.   echo -e "\nHere is an example of how you should run this script:"
54.   echo -e "  > sudo bash ${PROGNAME} /home/$USER"
55.   echo -e "Result: Mastiff will be installed to /home/$USER/mastiff"
56.   echo -e "***NOTE*** Be sure to use a FULL PATH for the install directory.\n"
57. }
58.  
59. # Usage check; determine if usage should be printed
60. chk_usage() {
61.   if [[ "${INSTALL_DIR}" =~ ^(((-{1,2})([Hh]$|[Hh][Ee][Ll][Pp]$))|$) ]]; then
62.     usage ; exit 1
63.   elif ! [[ "${INSTALL_DIR}" =~ ^/.*+$ ]]; then
64.     usage ; exit 1
65.   else
66.     :
67.   fi
68. }
69.  
70. # Status header for script progress
71. status() {
72.   echo ""
73.   phantom "===================================================================="
74.   phantom "#  ${*}"
75.   phantom "===================================================================="
76.   echo ""
77. }
78.  
79. # Setup for initial installation environment
80. setup() {
81.   if [[ -d "${SETUP_DIR}" ]]; then
82.     echo "" ; touch "${LOGFILE}"
83.     phantom "Setup directory already exists. Skipping..."
84.   else
85.     mkdir -p "${SETUP_DIR}" ; touch "${LOGFILE}"
86.     echo "/usr/local/lib" >> /etc/ld.so.conf.d/mastiff.conf
87.   fi
88.   cd "${SETUP_DIR}"
89. }
90.  
91. # Download Mastiff and its dependencies
92. download() {
93.   if [[ -a "${ARCHIVES[7]}" && $(shasum -a 256 "${ARCHIVES[7]}" | cut -d' ' -f1) \
94.     == "${HASHES[7]}" ]]; then
95.       phantom "Files already downloaded. Skipping..."
96.   else
97.     phantom "This will take a while. Tailing install_mastiff.log for progress..."
98.     tail_log
99.     wget -o "${LOGFILE}" \
100.       "https://didierstevens.com/files/software/disitool_v0_3.zip" \
101.       "https://distorm.googlecode.com/files/distorm3.zip" \
102.       "https://didierstevens.com/files/software/pdfid_v0_2_1.zip" \
103.       "https://didierstevens.com/files/software/pdf-parser_V0_6_0.zip" \
104.       "https://pefile.googlecode.com/files/pefile-1.2.10-139.tar.gz" \
105.       "https://github.com/kbandla/pydeep/archive/0.2.tar.gz" \
106.       "https://github.com/Evilcry/PythonScripts/raw/master/pyOLEScanner.zip" \
107.       "https://github.com/simplejson/simplejson/archive/v3.6.5.tar.gz" && \
108.       wget -o "${LOGFILE}" -O ssdeep-2.11.1.tar.gz "http://sourceforge.net/projects/ssdeep/files/ssdeep-2.11.1/ssdeep-2.11.1.tar.gz/download" && \
109.       wget -o "${LOGFILE}" "http://mark0.net/download/triddefs.zip" \
110.       "http://mark0.net/download/trid_linux_64.zip" \
111.       "https://github.com/plusvic/yara/archive/v3.3.0.tar.gz" && \
112.       wget -o "${LOGFILE}" -O officedissector.zip "https://github.com/grierforensics/officedissector/archive/master.zip" && \
113.       wget -o "${LOGFILE}" "https://www.korelogic.com/Resources/Tools/mastiff-0.6.0.tar.gz"
114.     kill_tail
115.   fi
116. }
117.  
118. # Verify sha256 hashes of the downloaded archives
119. verify() {
120.   local index=0
121.   for hard_sha256 in "${HASHES[@]}"; do
122.     local archive ; archive="${ARCHIVES[$index]}"
123.     local archive_sha256 ; archive_sha256=$(shasum -a 256 "${archive}" | cut -d' ' -f1)
124.     if [[ "$hard_sha256" == "$archive_sha256" ]]; then
125.       phantom "= Hash MATCH for ${archive}."
126.       let "index++"
127.     else
128.       phantom "= Hash MISMATCH for ${archive}. Exiting..."
129.       exit 0
130.     fi
131.   done
132. }
133.  
134. # Extract the downloaded archives
135. extract() {
136.   sudo apt-get update && sudo apt-get install unzip -y --force-yes && unzip triddefs.zip
137.   for archive in "${ARCHIVES[@]}"; do
138.     local ext ; ext=$(echo "${archive}" | sed 's|.*\.||')
139.     if [[ "${ext}" =~ ^(tgz|gz)$ ]]; then
140.       tar -xvf "${archive}"
141.     elif [[ "${ext}" == "zip" ]]; then
142.       unzip "${archive}"
143.     else
144.       :
145.     fi
146.   done
147. } >>"${LOGFILE}"
148.  
149. # Install Mastiff and its dependencies
150. install() {
151.   # Python
152.     aptget_install
153.   # distorm3
154.     cd distorm3 && py_install
155.   # pefile
156.     cd pefile-1.2.10-139 && py_install
157.   # ssdeep
158.     cd ssdeep-2.11.1 && make_install
159.   # pydeep
160.     cd pydeep-0.2 && py_install
161.   # simplejson
162.     cd simplejson-3.6.5 && py_install
163.   # OfficeDissector
164.     cd officedissector-master && py_install
165.   # yara + yara-python
166.     cd yara-3.3.0 && chmod +x bootstrap.sh && ./bootstrap.sh && \
167.       ./configure --enable-magic ; make ; make install;
168.     cd yara-python && py_install && ldconfig && cd "${SETUP_DIR}"
169.   # SIFT 3.0 check + fix
170.     sift_fix
171.   # Mastiff
172.     chmod +x disitool.py; cp -v "$PWD"/disitool.py /usr/local/bin/
173.     chmod +x pdfid.py; cp -v "$PWD"/pdfid.py /usr/local/bin/
174.     chmod +x pdf-parser.py; cp -v "$PWD"/pdf-parser.py /usr/local/bin/
175.     chmod +x pyOLEScanner/pyOLEScanner.py; cp -vr "$PWD"/pyOLEScanner /usr/local/src/
176.     chmod +x trid; cp -v "$PWD"/trid /usr/local/bin/
177.     cp -v "$PWD"/triddefs.trd /usr/local/etc/
178.     mkdir -p /usr/local/etc/yara
179.     wget https://malwarecookbook.googlecode.com/svn-history/r3/trunk/3/5/capabilities.yara
180.     wget -O readme https://api.github.com/repos/Yara-Rules/rules/contents && grep "download_url" readme | awk '{print $2}' | grep \.yar | sed s/,//g | xargs -I% wget %
181.     rename 's/\.yar/\.yara/' "$SETUP_DIR"/*.yar
182.     mv "$SETUP_DIR"/*.yara /usr/local/etc/yara/
183.     sed -i '182s/\+//' /usr/local/etc/yara/malicious_document.yara
184.     mv -f mastiff-0.6.0 .. ; cd ../mastiff-0.6.0 && chmod +x mas.py
185.     mv "$SETUP_DIR"/officedissector-master/mastiff-plugins/* "$INSTALL_DIR"/mastiff-0.6.0/plugins/Office/
186.     sudo sed -i '1s|^|#!/usr/bin/python\n|' /usr/local/src/pyOLEScanner/pyOLEScanner.py
187.     sudo chmod 755 /usr/local/src/pyOLEScanner/pyOLEScanner.py
188.     ln -f -s /usr/local/src/pyOLEScanner/pyOLEScanner.py /usr/local/bin/
189.     ln -f -s  "${PWD}"/mas.py /usr/local/bin/mas.py
190.     sed -i "/^log_dir/ s|\/work|\/workdir|" "$INSTALL_DIR"/mastiff-0.6.0/mastiff.conf
191.     sed -i "/^plugin_dir/ s|\.\/plugins|"$INSTALL_DIR"\/mastiff-0.6.0\/plugins|" "$INSTALL_DIR"/mastiff-0.6.0/mastiff.conf
192.     sed -i "/^trid\ \=\ / s|\.\/trid|\/usr\/local\/bin|" "$INSTALL_DIR"/mastiff-0.6.0/mastiff.conf
193.     sed -i "/^trid_db\ \=\ / s|\.\/trid|\/usr\/local\/etc|" "$INSTALL_DIR"/mastiff-0.6.0/mastiff.conf
194.     sed -i "/^yara_sigs\ \=\ / s|\/usr\/local\/|&"etc"\/|" "$INSTALL_DIR"/mastiff-0.6.0/mastiff.conf
195.     sed -i "/^disitool\ \=\ / s|"$SETUP_DIR"|\/usr\/local\/bin|" "$INSTALL_DIR"/mastiff-0.6.0/mastiff.conf    
196.     sed -i "/^olecmd\=/ s|\/usr\/local\/src\/pyOLEScanner\/|\/usr\/local\/bin\/|" "$INSTALL_DIR"/mastiff-0.6.0/mastiff.conf
197.     cp "$INSTALL_DIR"/mastiff-0.6.0/mastiff.conf ~/.mastiff.conf
198.     kill_tail
199. } &>>"${LOGFILE}"
200.  
201. # Shorthand for make/install routine
202. make_install() {
203.   ./configure; make; make install; cd ..
204. }
205.  
206. # Shorthand for build/install Python routine
207. py_install() {
208.   python setup.py build install; cd ..
209. }
210.  
211. # Log script progress graphically
212. tail_log() {
213.   if [[ -d /usr/bin/X11 ]]; then
214.     xterm -e "tail -F ${LOGFILE} | sed "/kill_tail/q" && pkill -P $$ tail;" &
215.   else
216.   phantom "No GUI detected. Still running; not showing progress..."
217.   fi
218. }
219.  
220. # Kill the graphical script progress window
221. kill_tail() {
222.   echo -e "kill_tail" >> "${LOGFILE}"
223. }
224.  
225. # Install required packages from APT
226. aptget_install() {
227.   apt-get update && \
228.   apt-get install \
229.     automake build-essential exiftool git libtool make python-dev python-magic \
230.     python-lxml python-setuptools python-yapsy libmagic-dev  -y --force-yes
231. }
232.  
233. # Shorthand for done message
234. done_msg() {
235.   phantom "Done."
236. }
237.  
238. # Check for SIFT 3.0 and fix
239. sift_fix() {
240.   if [[ -d /usr/share/sift ]]; then
241.     apt-get install libxml2 libxml2-dev libxslt1.1 libxslt1-dev -y --force-yes
242.     pip install lxml --upgrade
243.   else
244.     :
245.   fi
246. }
247.  
248. # Text echo enhancement
249. phantom() {
250.   msg="${1}"
251.     if [[ "${msg}" =~ ^=.*+$ ]]; then
252.       speed=".01"
253.     else
254.       speed=".03"
255.     fi
256.   let lnmsg=$(expr length "${msg}")-1
257.   for (( i=0; i <= "${lnmsg}"; i++ )); do
258.     echo -n "${msg:$i:1}" | tee -a "${LOGFILE}"
259.     sleep "${speed}"
260.   done ; echo ""
261. }
262.  
263. # Main program execution flow
264. main() {
265.   chk_usage
266.   setup
267.   status "Downloading Mastiff 0.6.0 and dependency source code..."
268.     download && done_msg
269.   status "Verifying archive hash values..."
270.     verify && done_msg
271.   status "Extracting archives..."
272.     extract && done_msg
273.   status "Installing Mastiff and dependencies..."
274.     phantom "This will take a while. Tailing install_mastiff.log for progress..."
275.       tail_log
276.       install ; done_msg
277.   status "Finished. You can now run "mas.py" from anywhere."
278.   phantom "Mastiff location: ${PWD}"
279.   phantom "Dependency location: ${SETUP_DIR}"
280.   echo ""
281. }
282.  
283. main "$@"