I've always liked to automate my work and computer related hobbies. The goal has been to save time, get a known desired install and as a result have more time over to learn more and work on more interesting tasks and problems.
In the beginning I used scripts and had documented steps in different text files. Later the documentation was moved to different wikis. Lately my server configurations are done with Ansible. Those servers are running all the time. Either physical PCs, virtual machines at home or in the cloud. I also configure a couple of Raspberry Pi with Ansible.
For some of my work and computer hobbies I use a couple of VMs running in VMware Fusion on my Macs. To automate the installation of the tools I've gone back to use scripts for the install, setup and update. The reason is that it's easiest for this use case and also makes it easier for others to use. Just check out a git repository and run the setup.sh script. At the moment I mainly use three different setup scripts described below.
Ubuntu with REMnux and Sift workstation
For forensics and malware analysis I prefer to use REMnux and Sift. Both can be installed on Ubuntu 14.04 LTS. One advantage with a script compared to manual installation is that it is easy to always add extra tools or newer version of the ones that are installed by default. At the moment some of the additions are
- psparser.py - example use
- https://zeltser.com/convert-shellcode-to-assembly/ - introduction
I've also added some aliases and checkout a new, work in progress, repository with resource links.
There are many other tools on the TODO-list and they will be added to setup.sh when I test them. To save time I always try to script the installation even when doing a test of a new tool. If it is a useful tool the install script is already done and can be added to the repository. The next time I run an update in any other VM that VM will have the same tools available in the same place as the other one.
The repository is available at: https://github.com/reuteras/remnux-tools
Debian with Cuckoo Sandbox
For automated malware analysis I like to use Cuckoo Sandbox. I've heard many say that it is difficult to install Cuckoo but with a background working as a sysadmin with Solaris, Irix, AIX, HP-UX and Linux most of my problems was related to networking (gave up on the new VPN configuration for the moment) and doing the work to close to midnight when I should have been sleeping... The current repository installs Cuckoo and then you manually have to create your VM that should execute the malware. If Microsofts licenses had allowed me to share that VM I would have done that. When your Windows VM is done and snapshoted you can use the start script in the repository to get Cuckoo running with Suricata monitoring the network traffic. The current setup script installs from the Cuckoo git repositories master branch so there is a risk for problems.
The Cuckoo setup.sh assumes that the OS is Debian.
The repository is available at: https://github.com/reuteras/cuckoo-tools
If I need to to some more offensive IT security work I use Kali. This is the repository that I've had the least amount of time to work on. At the moment there are scripts to install Kali and add some basic tools like VMware tools and support for exfat,
The only added scripts at the moment are:
The repository is available at: https://github.com/reuteras/kali-tools
Windows and Mac
I haven't done any automated installation scripts for Windows or Mac OS X at the moment. I've some private wiki pages with links and commands that I always run. At the moment those wiki pages are not in a form that I can present publicly.
In a future blog post I hope to be able to present a repository with scripts to do some basic malware analysis in Cuckoo and REMnux. I'm also considering to add support for Windows based tools in that tool chain. Since easter is coming up soon I hope to have more time for that project.