1. About
Python으로 구현된 "honeyclient"이다. 여기서 honeyclient는 공격을 포함하는 악성 웹 사이트의 페이지를 분석하여 제공하도록 설계한 것을 말한다. http://buffer.github.com/thug/doc/index.html
2. 설치모듈
- Python
- Google V8
- PyV8
- Beautiful Soup 4
- Html5lib
- Libemu
- Pylibemu
- Pefile
- Chardet
- httplib2
- Cssutils
- Zope interface
- MongoDB (optional)
- PyMongo (optional)
3. 설치
환경 : Ubuntu 12.04 LTS amd64
설치방법 : Shell script
#!/bin/bash
#Thug installation on the Ubuntu 12.04 LTS amd64.
## Thug is a honeyclient.
sudo apt-get install -y autoconf build-essential git-core libboost-dev libboost-python-dev libtool mongodb python-bs4 python-chardet python-cssutils python-dev python-html5lib python-httplib2 python-pymongo python-pefile python-setuptools python-zope.interface scons subversion
HOME_PWD=`pwd`
cd /tmp
git clone git://git.carnivore.it/libemu.git
cd /tmp/libemu
sudo sh -c "echo /opt/libemu/lib > /etc/ld.so.conf.d/libemu.conf"
sudo sh -c "echo /opt/libemu/lib/libemu >> /etc/ld.so.conf.d/libemu.conf"
autoreconf -v -i
./configure --prefix=/opt/libemu/
sudo make install
cd ..
git clone https://github.com/buffer/pylibemu.git
cd /tmp/pylibemu/
sudo sh -c "echo /opt/libemu/lib > /etc/ld.so.conf.d/pylibemu.conf"
sudo ldconfig
python setup.py build
sudo python setup.py install
cd $HOME_PWD
git clone https://github.com/buffer/thug.git
cd thug/
svn checkout http://v8.googlecode.com/svn/trunk/@13134 v8
cd v8/
export V8_HOME=`pwd`
cd ..
sed -i 's/Abort("Building V8/print("Building V8/g' v8/SConstruct
for item in $(ls patches/*.diff); do patch -p0 < $item; done
cd /tmp
svn checkout http://pyv8.googlecode.com/svn/trunk/ pyv8
sudo sh -c "echo /opt/pyv8/lib > /etc/ld.so.conf.d/pyv8.conf"
cd /tmp/pyv8/
mv setup.py setup_bak.py
sed 's/self.checkout_v8()/#self.checkout_v8()/g' setup_bak.py > setup.py
python setup.py build
sudo python setup.py install
cd $HOME_PWD4. 사용
- Basic usage
python thug.py -h
Synopsis:
Thug: Pure Python honeyclient implementation
Usage:
python thug.py [ options ] url
Options:
-h, --help Display this help information
-u, --useragent= Select a user agent (see below for values, default: winxpie60)
-e, --events= Enable comma-separated specified DOM events handling
-w, --delay= Set a maximum setTimeout/setInterval delay value (in milliseconds)
-n, --logdir= Set the log output directory
-o, --output= Log to a specified file
-r, --referer= Specify a referer
-p, --proxy= Specify a proxy (see below for format and supported schemes)
-l, --local
-v, --verbose Enable verbose mode
-d, --debug Enable debug mode
-q, --quiet Disable console logging
-a, --ast-debug Enable AST debug mode (requires debug mode)
-A, --adobepdf= Specify the Adobe Acrobat Reader version (default: 9.1.0)
-S, --shockwave= Specify the Shockwave Flash version (default: 10.0.64.0)
-J, --javaplugin= Specify the JavaPlugin version (default: 1.6.0.32)
Proxy Format:
scheme://[username:password@]host:port (supported schemes: http, socks4, socks5)
Available User-Agents:
winxpie60 Internet Explorer 6.0 (Windows XP)
winxpie61 Internet Explorer 6.1 (Windows XP)
winxpie70 Internet Explorer 7.0 (Windows XP)
winxpie80 Internet Explorer 8.0 (Windows XP)
winxpchrome20 Chrome 20.0.1132.47 (Windows XP)
winxpfirefox12 Firefox 12.0 (Windows XP)
winxpsafari5 Safari 5.1.7 (Windows XP)
win2kie60 Internet Explorer 6.0 (Windows 2000)
win2kie80 Internet Explorer 8.0 (Windows 2000)
win7ie80 Internet Explorer 8.0 (Windows 7)
win7ie90 Internet Explorer 9.0 (Windows 7)
win7chrome20 Chrome 20.0.1132.47 (Windows 7)
win7safari5 Safari 5.1.7 (Windows 7)
osx10safari5 Safari 5.1.1 (MacOS X 10.7.2)
osx10chrome19 Chrome 19.0.1084.54 (MacOS X 10.7.4)- Browser personality
- DOM Events Handling
- Adobe Acrobat Reader
- Shockwave Flash
- JavaPlugin and JavaWebStart
- Proxy support
- Local Analysis
- Web Cache
- Other useful features
반응형
'Information Security > OpenSource' 카테고리의 다른 글
| Pygoogle.py (1) | 2013.01.10 |
|---|---|
| GeoIP + Matploitlib (1) | 2013.01.03 |
| Phoneyc (1) | 2012.12.18 |
| YARA-Project (1) | 2012.11.15 |
| JSDetox (1) | 2012.11.08 |
