-
Notifications
You must be signed in to change notification settings - Fork 11
/
Copy pathget_plugins_2.0.bsh
138 lines (118 loc) · 3.22 KB
/
get_plugins_2.0.bsh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
#!/bin/bash
#
# Author: Jamie Levy (gleeda)
#
# get_plugins_2.0.bsh
#
# Downloads and installs Volatility 2.0 dependencies and plugins
#
# Updated for Volatility 2.0
#
# Tested on Ubuntu and Mac OSX
# At the moment there is an issue with the distorm3 dependency on Mac OSX
#
#check we have svn installed
k=`uname -a`
svn=`which svn`
if [[ $svn =~ svn ]]
then
echo svn already installed
else
if [[ "$k" =~ buntu ]]
then
apt-get install subversion -y
elif [[ "$k" =~ Darwin ]]
then
port install subversion
else
echo please install subversion first!
exit 0
fi
fi
#download Volatility from the SVN repository
echo "starting download from Volatility SVN repository..."
start=`pwd`/Volatility
svn checkout http://volatility.googlecode.com/svn/trunk Volatility
#create a temporary directory
#and download the helper libraries
echo
echo "installing some dependencies"
if [[ "$k" =~ buntu ]]
then
apt-get install pcregrep libpcre++-dev python-dev -y
elif [[ "$k" =~ Darwin ]]
then
port install pcre pcre++
fi
pid=$$
mkdir temp_$pid
cd temp_$pid
echo
echo "downloading and installing pycrypto"
wget http://gitweb.pycrypto.org/\?p=crypto/pycrypto-2.0.x.git\;a=snapshot\;h=9e9641d0a9b88f09683b5f26d3b99c4a2e148da5\;sf=tgz -O pycrypto.tgz
tar -xzvf pycrypto.tgz
cd `tar -tf pycrypto.tgz | head -n1`
python setup.py build
python setup.py build install
cd ..
echo
echo "downloading and installing distorm3"
wget http://distorm.googlecode.com/files/distorm3-1.0.zip
unzip distorm3-1.0.zip
cd distorm3-1.0
python setup.py build
python setup.py build install
cd ..
echo
echo "downloading and installing yara"
wget http://yara-project.googlecode.com/files/yara-1.4.tar.gz
wget http://yara-project.googlecode.com/files/yara-python-1.4a.tar.gz
tar -xvzf yara-1.4.tar.gz
cd yara-1.4
if [[ "$k" =~ Darwin ]]
then
cat libyara/yara.h |sed 's/#include <pcre.h>/#include "\/opt\/local\/include\/pcre.h"/' > tmp
mv libyara/yara.h libyara/yara.h.bak
mv tmp libyara/yara.h
cat libyara/scan.c |sed 's/#include <pcre.h>/#include "\/opt\/local\/include\/pcre.h"/' > tmp
mv libyara/scan.c libyara/scan.c.bak
mv tmp libyara/scan.c
fi
./configure
make
make install
cd ..
tar -xvzf yara-python-1.4a.tar.gz
cd yara-python-1.4a
python setup.py build
python setup.py build install
if [[ "$k" =~ buntu ]]
then
if `cat /etc/ld.so.conf | grep "/usr/local/lib" 1>/dev/null 2>&1`
then
echo "yara configured"
else
echo "/usr/local/lib" >> /etc/ld.so.conf
ldconfig
echo "yara configured"
fi
fi
cd ../..
rm -Rf temp_$pid
cd $start
wget http://jls-scripts.googlecode.com/files/timeliner_9-2011.zip
unzip timeliner_9-2011.zip
cd volatility/plugins
wget http://malwarecookbook.googlecode.com/svn/trunk/malware.py
wget http://malwarecookbook.googlecode.com/svn/trunk/zeusscan/zeusscan1.py
wget http://malwarecookbook.googlecode.com/svn/trunk/zeusscan/zeusscan2.py
wget http://malwarecookbook.googlecode.com/svn/trunk/zeroaccess/zeroaccess.py
echo
echo
echo "Done. Change to your Volatility directory and type 'python vol.py -h'"
echo "All plugins should populate under 'supported plugins'"
if [[ "$k" =~ Darwin ]]
then
echo "You may have to manually install distorm3"
fi
echo