Last active
November 10, 2023 00:42
-
-
Save Wenzel/5185887c3f230fedc7605c645c08dc71 to your computer and use it in GitHub Desktop.
A shell script to build a Python3 version of Rekall
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -e | |
| # create virtualenv | |
| virtualenv -p python3 venv | |
| # activate venv | |
| source venv/bin/activate | |
| # clone pyff4 python3 (rekall dependency, not available on Pypi) | |
| git clone https://github.com/google/aff4 | |
| # install pyff4 | |
| (cd aff4/pyaff4 && python setup.py build) | |
| (cd aff4/pyaff4 && python setup.py install) | |
| # clone rekall-capstone python3 (rekall dependency, not available on Pypi) | |
| git clone https://github.com/scudette/rekall-capstone | |
| # install rekall-capstone | |
| (cd rekall-capstone && python setup.py sdist) | |
| (cd rekall-capstone && pip install -I dist/*) | |
| # clone rfc822py3, dependency of rekall-agent/locations/cloud.py | |
| git clone https://github.com/Wenzel/rfc822py3 | |
| (cd rfc822py3 && python setup.py build) | |
| (cd rfc822py3 && python setup.py install) | |
| # clone rekall python3 | |
| git clone https://github.com/Wenzel/rekall -b port_python3 | |
| # install rekall | |
| pip install --upgrade setuptools pip wheel | |
| pip install --editable rekall/rekall-lib | |
| pip install --editable rekall/rekall-core | |
| pip install --editable rekall/rekall-agent | |
| pip install --editable rekall | |
| # download memory image of Cridex | |
| wget 'http://files.sempersecurus.org/dumps/cridex_memdump.zip' | |
| unzip cridex_memdump.zip && rm cridex_memdump.zip | |
| # testing | |
| rekall -f cridex.vmem pslist |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment