zebde/001-vipersetup.sh

## 001-vipersetup.sh
#!/bin/bash

# ---------------------------------------------------------------------------
# vipersetup.sh - Ubuntu 14.04 based Viper installation script

# Copyright 2016,  https://github.com/zebde

# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.

# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License at <http://www.gnu.org/licenses/> for
# more details.

# Usage: viper.sh
# Usage: bash -c "$(curl -fsSL https://gist.github.com/zebde/72eb3621cea45724c700448c609b2193/raw/001-vipersetup.sh)"
# ---------------------------------------------------------------------------

## General Tidyness
sudo apt-get -y install autoconf build-essential g++ python-dev python-pip git automake libtool libimage-exiftool-perl python-m2crypto libfuzzy libssl-dev swig libfuzzy-dev libffi-dev
sudo pip install SQLAlchemy PrettyTable python-magic pypdns pypssl r2pipe pbkdf2 virustotal-api pyclamd terminaltables
sudo pip install --pre pype32
sudo apt-get -y update
sudo apt-get -y upgrade
mkdir ~/tmp_build

## YARA
cd ~/tmp_build
wget https://github.com/VirusTotal/yara/archive/v3.5.0.tar.gz
tar zxf v3.5.0.tar.gz
cd yara-3.5.0/
sudo bash build.sh
sudo make install
cd yara-python/
sudo python setup.py install
sudo su
echo "/usr/local/lib" >> /etc/ld.so.conf
ldconfig
exit
cd ~/tmp_build/

## SSDeep
cd ~/tmp_build/
wget http://netix.dl.sourceforge.net/project/ssdeep/ssdeep-2.13/ssdeep-2.13.tar.gz
tar zxf ssdeep-2.13.tar.gz
cd ssdeep-2.13/
sudo ./configure
sudo make
sudo make install
sudo pip install pydeep
cd ~/tmp_build/

## Androguard
cd ~/tmp_build/
wget https://androguard.googlecode.com/files/androguard-1.9.tar.gz
tar zxf androguard-1.9.tar.gz
cd androguard-1.9/
sudo python setup.py install
cd ~/tmp_build/

## SocksiPy
sudo apt-get install python-socksipy

#Py EXIF Tool
cd ~/tmp_build/
git clone git://github.com/smarnach/pyexiftool.git
sudo python setup.py install
cd ~/tmp_build


# VIPER Installation
cd ~/tmp_build/
wget https://github.com/viper-framework/viper/archive/v1.2.tar.gz
tar zxf v1.2.tar.gz
mv v1.2 viper
sudo mv viper /usr/share/
cd /usr/share/viper/
mkdir /etc/viper
sudo wget -O /etc/viper/viper.conf https://gist.githubusercontent.com/zebde/72eb3621cea45724c700448c609b2193/raw/003-viper.conf
mkdir /viper
sudo pip install -r requirements.txt
sudo python update.py -d
sudo python update.py -c


### NGINX
sudo apt-get -y install nginx apache2-utils
p=`openssl rand -base64 6`
sudo htpasswd -bc /etc/nginx/htpasswd.users viper $p
sudo wget -O /etc/nginx/sites-available/viper.conf https://gist.githubusercontent.com/zebde/72eb3621cea45724c700448c609b2193/raw/002-viper.conf.nginx
sudo ln -s /etc/nginx/sites-available/viper.conf /etc/nginx/sites-enabled/viper.conf
sudo rm /etc/nginx/sites-enabled/default
sudo service nginx restart

## Gunicorn
sudo apt-get install gunicorn
sudo chown -R www-data:www-data /opt/viper
sudo wget -O /etc/gunicorn.d/viper https://gist.githubusercontent.com/zebde/72eb3621cea45724c700448c609b2193/raw/004-viper.gun
sudo service gunicorn start


echo "-------------------------------------------"
echo "-          VIPER Setup Complete           -"
echo "-                                         -"
echo "-  You can access VIPER on port 80        -"
echo "-  Username: viper                        -"
echo "-  Password: $p                       -"
echo "-                                         -"
echo "-------------------------------------------"

## 002-viper.conf.nginx
server {
    listen 80;

    server_name example.com;

    auth_basic "MALWARE::Restricted Access::MALWARE";
    auth_basic_user_file /etc/nginx/htpasswd.users;

    location / {
        proxy_pass http://localhost:9090;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

## 003-viper.conf
# This file is part of Viper - https://github.com/botherder/viper
# See the file 'LICENSE' for copying permission.

##
# Core
##

[modules]
store_output = True

[paths]
# Path to a folder that will be used for storing samples and resources.
# If left blank, the default will be $HOME/.viper
storage_path = /viper

[database]
# Configure the database connection type example shown below
# reserved for future use

[web]
host = 0.0.0.0
port = 8080

[api]
enabled = True
host = 0.0.0.0
port = 9090


[autorun]
enabled = True

# Verbose True will print the output of each command.
# False will tell you a command has been run but not display the output
verbose = True

# Enter a comma separated list of command lines, As you would enter them in the CLI. You can use ; to chain commands.
# Commands are run in sequence and the output of MODULES is stored if store_output is set to True.
# commands = yara scan -t, fuzzy, pe compiletime
commands = yara scan -t, triage


##
# Modules
##

[virustotal]
virustotal_has_private_key = False
virustotal_has_intel_key = False
virustotal_key =

[cuckoo]
cuckoo_modified = False
cuckoo_host = http://localhost:8080

[reports]
malwr_login = https://malwr.com/account/login/
malwr_user =
malwr_pass =
malwr_search = https://malwr.com/analysis/search/
malwr_prefix = https://malwr.com

anubis_login = https://anubis.iseclab.org/?action=login
anubis_user =
anubis_pass =
anubis_search = https://anubis.iseclab.org/?action=hashquery
anubis_prefix = https://anubis.iseclab.org/

[misp]
misp_url =
misp_key =
misp_verify = True
misp_vturl = https://www.virustotal.com/vtapi/v2/file/report

[pssl]
pssl_url =
pssl_user =
pssl_pass =

[pdns]
pdns_url =
pdns_user =
pdns_pass =

[koodous]
koodous_url = https://koodous.com/api/apks
koodous_token = d01d9c845e4b2430682241c5faa55e786c129441

## 004-viper.gun
CONFIG = {
    'mode': 'wsgi',
    'working_dir': '/opt/viper',
      'python': '/usr/bin/python',
    'user': 'daemon',
    'group': 'daemon',
    'args': (
        '--bind=0.0.0.0:9090',
        '--workers=4',
        '--umask=0027',
        '--log-level=info',
        '--access-logfile=/var/log/gunicorn/viper_access.log',
        'web:app',
    ),
}
	#!/bin/bash

	# ---------------------------------------------------------------------------
	# vipersetup.sh - Ubuntu 14.04 based Viper installation script

	# Copyright 2016, https://github.com/zebde

	# This program is free software: you can redistribute it and/or modify
	# it under the terms of the GNU General Public License as published by
	# the Free Software Foundation, either version 3 of the License, or
	# (at your option) any later version.

	# This program is distributed in the hope that it will be useful,
	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	# GNU General Public License at <http://www.gnu.org/licenses/> for
	# more details.

	# Usage: viper.sh
	# Usage: bash -c "$(curl -fsSL https://gist.github.com/zebde/72eb3621cea45724c700448c609b2193/raw/001-vipersetup.sh)"
	# ---------------------------------------------------------------------------

	## General Tidyness
	sudo apt-get -y install autoconf build-essential g++ python-dev python-pip git automake libtool libimage-exiftool-perl python-m2crypto libfuzzy libssl-dev swig libfuzzy-dev libffi-dev
	sudo pip install SQLAlchemy PrettyTable python-magic pypdns pypssl r2pipe pbkdf2 virustotal-api pyclamd terminaltables
	sudo pip install --pre pype32
	sudo apt-get -y update
	sudo apt-get -y upgrade
	mkdir ~/tmp_build

	## YARA
	cd ~/tmp_build
	wget https://github.com/VirusTotal/yara/archive/v3.5.0.tar.gz
	tar zxf v3.5.0.tar.gz
	cd yara-3.5.0/
	sudo bash build.sh
	sudo make install
	cd yara-python/
	sudo python setup.py install
	sudo su
	echo "/usr/local/lib" >> /etc/ld.so.conf
	ldconfig
	exit
	cd ~/tmp_build/

	## SSDeep
	cd ~/tmp_build/
	wget http://netix.dl.sourceforge.net/project/ssdeep/ssdeep-2.13/ssdeep-2.13.tar.gz
	tar zxf ssdeep-2.13.tar.gz
	cd ssdeep-2.13/
	sudo ./configure
	sudo make
	sudo make install
	sudo pip install pydeep
	cd ~/tmp_build/

	## Androguard
	cd ~/tmp_build/
	wget https://androguard.googlecode.com/files/androguard-1.9.tar.gz
	tar zxf androguard-1.9.tar.gz
	cd androguard-1.9/
	sudo python setup.py install
	cd ~/tmp_build/

	## SocksiPy
	sudo apt-get install python-socksipy

	#Py EXIF Tool
	cd ~/tmp_build/
	git clone git://github.com/smarnach/pyexiftool.git
	sudo python setup.py install
	cd ~/tmp_build


	# VIPER Installation
	cd ~/tmp_build/
	wget https://github.com/viper-framework/viper/archive/v1.2.tar.gz
	tar zxf v1.2.tar.gz
	mv v1.2 viper
	sudo mv viper /usr/share/
	cd /usr/share/viper/
	mkdir /etc/viper
	sudo wget -O /etc/viper/viper.conf https://gist.githubusercontent.com/zebde/72eb3621cea45724c700448c609b2193/raw/003-viper.conf
	mkdir /viper
	sudo pip install -r requirements.txt
	sudo python update.py -d
	sudo python update.py -c


	### NGINX
	sudo apt-get -y install nginx apache2-utils
	p=`openssl rand -base64 6`
	sudo htpasswd -bc /etc/nginx/htpasswd.users viper $p
	sudo wget -O /etc/nginx/sites-available/viper.conf https://gist.githubusercontent.com/zebde/72eb3621cea45724c700448c609b2193/raw/002-viper.conf.nginx
	sudo ln -s /etc/nginx/sites-available/viper.conf /etc/nginx/sites-enabled/viper.conf
	sudo rm /etc/nginx/sites-enabled/default
	sudo service nginx restart

	## Gunicorn
	sudo apt-get install gunicorn
	sudo chown -R www-data:www-data /opt/viper
	sudo wget -O /etc/gunicorn.d/viper https://gist.githubusercontent.com/zebde/72eb3621cea45724c700448c609b2193/raw/004-viper.gun
	sudo service gunicorn start


	echo "-------------------------------------------"
	echo "- VIPER Setup Complete -"
	echo "- -"
	echo "- You can access VIPER on port 80 -"
	echo "- Username: viper -"
	echo "- Password: $p -"
	echo "- -"
	echo "-------------------------------------------"
	server {
	listen 80;

	server_name example.com;

	auth_basic "MALWARE::Restricted Access::MALWARE";
	auth_basic_user_file /etc/nginx/htpasswd.users;

	location / {
	proxy_pass http://localhost:9090;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection 'upgrade';
	proxy_set_header Host $host;
	proxy_cache_bypass $http_upgrade;
	}
	}
	# This file is part of Viper - https://github.com/botherder/viper
	# See the file 'LICENSE' for copying permission.

	##
	# Core
	##

	[modules]
	store_output = True

	[paths]
	# Path to a folder that will be used for storing samples and resources.
	# If left blank, the default will be $HOME/.viper
	storage_path = /viper

	[database]
	# Configure the database connection type example shown below
	# reserved for future use

	[web]
	host = 0.0.0.0
	port = 8080

	[api]
	enabled = True
	host = 0.0.0.0
	port = 9090


	[autorun]
	enabled = True

	# Verbose True will print the output of each command.
	# False will tell you a command has been run but not display the output
	verbose = True

	# Enter a comma separated list of command lines, As you would enter them in the CLI. You can use ; to chain commands.
	# Commands are run in sequence and the output of MODULES is stored if store_output is set to True.
	# commands = yara scan -t, fuzzy, pe compiletime
	commands = yara scan -t, triage


	##
	# Modules
	##

	[virustotal]
	virustotal_has_private_key = False
	virustotal_has_intel_key = False
	virustotal_key =

	[cuckoo]
	cuckoo_modified = False
	cuckoo_host = http://localhost:8080

	[reports]
	malwr_login = https://malwr.com/account/login/
	malwr_user =
	malwr_pass =
	malwr_search = https://malwr.com/analysis/search/
	malwr_prefix = https://malwr.com

	anubis_login = https://anubis.iseclab.org/?action=login
	anubis_user =
	anubis_pass =
	anubis_search = https://anubis.iseclab.org/?action=hashquery
	anubis_prefix = https://anubis.iseclab.org/

	[misp]
	misp_url =
	misp_key =
	misp_verify = True
	misp_vturl = https://www.virustotal.com/vtapi/v2/file/report

	[pssl]
	pssl_url =
	pssl_user =
	pssl_pass =

	[pdns]
	pdns_url =
	pdns_user =
	pdns_pass =

	[koodous]
	koodous_url = https://koodous.com/api/apks
	koodous_token = d01d9c845e4b2430682241c5faa55e786c129441
	CONFIG = {
	'mode': 'wsgi',
	'working_dir': '/opt/viper',
	'python': '/usr/bin/python',
	'user': 'daemon',
	'group': 'daemon',
	'args': (
	'--bind=0.0.0.0:9090',
	'--workers=4',
	'--umask=0027',
	'--log-level=info',
	'--access-logfile=/var/log/gunicorn/viper_access.log',
	'web:app',
	),
	}