Advertisement
opexxx

4n6k_volatility_installer.sh

May 26th, 2015
453
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 8.13 KB | None | 0 0
  1. #!/bin/bash
  2.  
  3. # 4n6k_volatility_installer.sh
  4. # v1.1.2 (2/14/2015)
  5. # Installs Volatility for Ubuntu Linux with one command.
  6. # Run this script from the directory in which you'd like to install Volatility.
  7. # Tested on stock Ubuntu 12.04 + 14.04 + SIFT 3
  8. # More at http://www.4n6k.com + http://www.volatilityfoundation.org
  9.  
  10. # Copyright (C) 2014 4n6k (4n6k.dan@gmail.com)
  11. #
  12. # This program is free software; you can redistribute it and/or
  13. # modify it under the terms of the GNU General Public License
  14. # as published by the Free Software Foundation; either version 2
  15. # of the License, or (at your option) any later version.
  16. #
  17. # This program is distributed in the hope that it will be useful,
  18. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  19. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  20. # GNU General Public License for more details.
  21. #
  22. # You should have received a copy of the GNU General Public License
  23. # along with this program; if not, write to the Free Software
  24. # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
  25.  
  26. # Define constants
  27. PROGNAME="${0}"
  28. INSTALL_DIR="${1}"
  29. SETUP_DIR="${INSTALL_DIR}"/"volatility_setup"
  30. LOGFILE="${SETUP_DIR}"/"install_vol.log"
  31. ARCHIVES=('distorm3.zip' 'pycrypto-2.6.1.tar.gz' 'ipython-2.1.0.tar.gz' \
  32.           '2.0.5.tar.gz' 'setuptools-5.7.tar.gz' 'Imaging-1.1.7.tar.gz' \
  33.           'v3.3.0.tar.gz' 'volatility-2.4.tar.gz'                       )
  34. HASHES=('d311d232e108def8acac0d4f6514e7bc070e37d7aa123ab9a9a05b9322321582' \
  35.         'f2ce1e989b272cfcb677616763e0a2e7ec659effa67a88aa92b3a65528f60a3c' \
  36.         'ca86a6308c4b53ea8a040ba776066dc9a7af4ac738ad43ab2059a016c09b0c2d' \
  37.         '1a403d39c739fa89c08b315fc5854170a51aa5f4f018bd11ff4eda11b613a166' \
  38.         'a8bbdb2d67532c5b5cef5ba09553cea45d767378e42c7003347e53ebbe70f482' \
  39.         '895bc7c2498c8e1f9b99938f1a40dc86b3f149741f105cf7c7bd2e0725405211' \
  40.         'e5f4359082e35ff00ee94af9ee897bb0ab18abf49a2c4fe45968d7a848e5bd83' \
  41.         '684fdffd79ca4453298ee2eb001137cff802bc4b3dfaaa38c4335321f7cccef1' )
  42.  
  43. # Program usage dialog
  44. usage() {
  45.   echo -e "\nHere is an example of how you should run this script:"
  46.   echo -e "  > sudo bash ${PROGNAME} /home/4n6k"
  47.   echo -e "Result: Volatility will be installed to /home/4n6k/volatility_2.4"
  48.   echo -e "***NOTE*** Be sure to use a FULL PATH for the install directory.\n"
  49. }
  50.  
  51. # Usage check; determine if usage should be printed
  52. chk_usage() {
  53.   if [[ "${INSTALL_DIR}" =~ ^(((-{1,2})([Hh]$|[Hh][Ee][Ll][Pp]$))|$) ]]; then
  54.     usage ; exit 1
  55.   elif ! [[ "${INSTALL_DIR}" =~ ^/.*+$ ]]; then
  56.     usage ; exit 1
  57.   else
  58.     :
  59.   fi
  60. }
  61.  
  62. # Status header for script progress
  63. status() {
  64.   echo ""
  65.   phantom "===================================================================="
  66.   phantom "#  ${*}"
  67.   phantom "===================================================================="
  68.   echo ""
  69. }
  70.  
  71. # Setup for initial installation environment
  72. setup() {
  73.   if [[ -d "${SETUP_DIR}" ]]; then
  74.     echo "" ; touch "${LOGFILE}"
  75.     phantom "Setup directory already exists. Skipping..."
  76.   else
  77.     mkdir -p "${SETUP_DIR}" ; touch "${LOGFILE}"
  78.     echo "/usr/local/lib" >> /etc/ld.so.conf.d/volatility.conf
  79.   fi
  80.   cd "${SETUP_DIR}"
  81. }
  82.  
  83. # Download Volatility and its dependencies
  84. download() {
  85.   if [[ -a "${ARCHIVES[7]}" && $(sha256sum "${ARCHIVES[7]}" | cut -d' ' -f1) \
  86.     == "${HASHES[7]}" ]]; then
  87.       phantom "Files already downloaded. Skipping..."
  88.   else
  89.     phantom "This will take a while. Tailing install_vol.log for progress..."
  90.     tail_log
  91.     wget -o "${LOGFILE}" \
  92.       "https://distorm.googlecode.com/files/distorm3.zip" \
  93.       "https://ftp.dlitz.net/pub/dlitz/crypto/pycrypto/pycrypto-2.6.1.tar.gz" \
  94.       "https://github.com/plusvic/yara/archive/v3.3.0.tar.gz" \
  95.       "http://effbot.org/downloads/Imaging-1.1.7.tar.gz" \
  96.       "https://pypi.python.org/packages/source/s/setuptools/setuptools-5.7.tar.gz" \
  97.       "https://bitbucket.org/openpyxl/openpyxl/get/2.0.5.tar.gz" \
  98.       "https://github.com/ipython/ipython/releases/download/rel-2.1.0/ipython-2.1.0.tar.gz" \
  99.       "http://downloads.volatilityfoundation.org/releases/2.4/volatility-2.4.tar.gz"
  100.     kill_tail
  101.   fi
  102. }
  103.  
  104. # Verify sha256 hashes of the downloaded archives
  105. verify() {
  106.   local index=0
  107.   for hard_sha256 in "${HASHES[@]}"; do
  108.     local archive ; archive="${ARCHIVES[$index]}"
  109.     local archive_sha256 ; archive_sha256=$(sha256sum "${archive}" | cut -d' ' -f1)
  110.     if [[ "$hard_sha256" == "$archive_sha256" ]]; then
  111.       phantom "= Hash MATCH for ${archive}."
  112.       let "index++"
  113.     else
  114.       phantom "= Hash MISMATCH for ${archive}. Exiting..."
  115.       exit 0
  116.     fi
  117.   done
  118. }
  119.  
  120. # Extract the downloaded archives
  121. extract() {
  122.   apt-get update && apt-get install unzip tar -y --force-yes
  123.   for archive in "${ARCHIVES[@]}"; do
  124.     local ext ; ext=$(echo "${archive}" | sed 's|.*\.||')
  125.     if [[ "${ext}" =~ ^(tgz|gz)$ ]]; then
  126.       tar -xvf "${archive}"
  127.     elif [[ "${ext}" == "zip" ]]; then
  128.       unzip "${archive}"
  129.     else
  130.       :
  131.     fi
  132.   done
  133. } >>"${LOGFILE}"
  134.  
  135. # Install Volatility and its dependencies
  136. install() {
  137.   # Python
  138.     aptget_install
  139.   # distorm3
  140.     cd distorm3 && py_install
  141.   # pycrypto
  142.     cd pycrypto-2.6.1 && py_install
  143.   # yara + yara-python
  144.     cd yara-3.3.0 && chmod +x bootstrap.sh && ./bootstrap.sh && \
  145.       ./configure --enable-magic ; make ; make install
  146.     cd yara-python && py_install && ldconfig && cd "${SETUP_DIR}"
  147.   # OpenPyxl
  148.     cd setuptools-5.7 && python ez_setup.py && cd "${SETUP_DIR}"
  149.     cd openpyxl-openpyxl-2ed17dbd3445 && py_install
  150.   # Python Imaging Library
  151.     ln -s -f /lib/$(uname -i)-linux-gnu/libz.so.1 /usr/lib/
  152.     ln -s -f /usr/lib/$(uname -i)-linux-gnu/libfreetype.so.6 /usr/lib/
  153.     ln -s -f /usr/lib/$(uname -i)-linux-gnu/libjpeg.so.8 /usr/lib/
  154.   # pytz
  155.     easy_install --upgrade pytz
  156.   # iPython
  157.     cd ipython-2.1.0 && py_install
  158.   # SIFT 3.0 check + fix
  159.     sift_fix
  160.   # Volatility
  161.     mv -f volatility-2.4 .. ; cd ../volatility-2.4 && chmod +x vol.py
  162.     ln -f -s "${PWD}"/vol.py /usr/local/bin/vol.py
  163.     kill_tail
  164. } &>>"${LOGFILE}"
  165.  
  166. # Shorthand for make/install routine
  167. make_install() {
  168.   ./configure; make; make install; cd ..
  169. }
  170.  
  171. # Shorthand for build/install Python routine
  172. py_install() {
  173.   python setup.py build install; cd ..
  174. }
  175.  
  176. # Log script progress graphically
  177. tail_log() {
  178.   if [[ -d /usr/bin/X11 ]]; then
  179.     xterm -e "tail -F ${LOGFILE} | sed "/kill_tail/q" && pkill -P $$ tail;" &
  180.   else
  181.   phantom "No GUI detected. Still running; not showing progress..."
  182.   fi
  183. }
  184.  
  185. # Kill the graphical script progress window
  186. kill_tail() {
  187.   echo -e "kill_tail" >> "${LOGFILE}"
  188. }
  189.  
  190. # Install required packages from APT
  191. aptget_install() {
  192.   apt-get install \
  193.     build-essential libreadline-gplv2-dev libjpeg8-dev zlib1g zlib1g-dev \
  194.     libgdbm-dev libc6-dev libbz2-dev libfreetype6-dev libtool automake \
  195.     python-dev libjansson-dev libmagic-dev -y --force-yes
  196. }
  197.  
  198. # Shorthand for done message
  199. done_msg() {
  200.   phantom "Done."
  201. }
  202.  
  203. # Check for SIFT 3.0 and fix
  204. sift_fix() {
  205.   if [[ -d /usr/share/sift ]]; then
  206.     apt-get install libxml2 libxml2-dev libxslt1.1 libxslt1-dev -y --force-yes
  207.     pip install lxml --upgrade
  208.   else
  209.     :
  210.   fi
  211. }
  212.  
  213. # Text echo enhancement
  214. phantom() {
  215.   msg="${1}"
  216.     if [[ "${msg}" =~ ^=.*+$ ]]; then
  217.       speed=".01"
  218.     else
  219.       speed=".03"
  220.     fi
  221.   let lnmsg=$(expr length "${msg}")-1
  222.   for (( i=0; i <= "${lnmsg}"; i++ )); do
  223.     echo -n "${msg:$i:1}" | tee -a "${LOGFILE}"
  224.     sleep "${speed}"
  225.   done ; echo ""
  226. }
  227.  
  228. # Main program execution flow
  229. main() {
  230.   chk_usage
  231.   setup
  232.   status "Downloading Volatility 2.4 and dependency source code..."
  233.     download && done_msg
  234.   status "Verifying archive hash values..."
  235.     verify && done_msg
  236.   status "Extracting archives..."
  237.     extract && done_msg
  238.   status "Installing Volatility and dependencies..."
  239.     phantom "This will take a while. Tailing install_vol.log for progress..."
  240.       tail_log
  241.       install ; done_msg
  242.   status "Finished. You can now run "vol.py" from anywhere."
  243.   phantom "Volatility location: ${PWD}"
  244.   phantom "Dependency location: ${SETUP_DIR}"
  245.   echo ""
  246. }
  247.  
  248. main "$@"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement