Skip to content

Instantly share code, notes, and snippets.

@aguytech

aguytech/foralyse--installer.sh

Last active June 21, 2022 22:24
Show Gist options
  • Save aguytech/e50900481eb077b5ccd16c49559a864b to your computer and use it in GitHub Desktop.
Save aguytech/e50900481eb077b5ccd16c49559a864b to your computer and use it in GitHub Desktop.
Download ZIP
[foralyse] forensic VM on xubuntu #forensic #ubuntu #foralyse #memory #disk #network #install
Raw
foralyse--installer.sh
#!/bin/bash
_PATH_SCRIPT=${0%/*}
file=${_PATH_SCRIPT}/foralyse-inc.sh
! [ -f ${file} ] && echo "Unable to find file: ${file}" && exit 1
! . ${file} && echo -e "Errors encountered. \nSee log files in /var/lkog/foralyse" && exit 1
_call foralyse-host.sh "HOST"
_echoyb "Use for 'xubuntu 20.04 - focal' as guest \nFrom GUEST:"
_valid
_source foralyse-share.sh
[ -d /share/trans/dev ] && _source foralyse-trans.sh
_source foralyse-global.sh
_source foralyse-forensic.sh
_source foralyse-autopsy.sh
_source foralyse-binwalk.sh
_source foralyse-regripper.sh
_source foralyse-volatility.sh
_source foralyse-wireshark.sh
_source foralyse-sublimetext.sh
_source foralyse-idafree.sh
_source foralyse-bytecode.sh
_source foralyse-luyten.sh
_source foralyse-cfr.sh
# _source foralyse-kali.sh
#_source foralyse-pandoc.sh
_source foralyse-clean.sh
_echoyb "-----------------------------------------------"
_echoyb "This installation is complete"
Raw
foralyse-autopsy.sh
#!/bin/bash
### global
sudo apt-get update
sudo apt install -y afflib-tools testdisk ewf-tools xmount fdupes java-common
sudo apt-get install -y imagemagick libde265-0 libheif1
### java
file_soft=$(ls ${_PATH_SHARE}/trans/jdk-8*linux-x64.tar.gz)
if [ -z "${file_soft}" ]; then
_echoyb "Download jdk v8 from Oracle website \nand put the file jdk-8*linux-x64.tar.gz in shared path: ${_PATH_SHARE}"
_valid
file_soft=$(ls ${_PATH_SHARE}/trans/jdk-8*linux-x64.tar.gz)
[ -z "${file_soft}" ] && echo "Unable to find file: ${file_soft}" && exit 1
fi
file=/usr/local/bin/oracle-java-installer.sh
sudo curl -sS https://raw.githubusercontent.com/labcif/oracle-java-installer/master/oracle-java-installer.sh -o ${file}
sudo sed -i 's|tar -xvzf|tar -xzf|' /usr/local/bin/oracle-java-installer.sh
sudo chmod +x ${file}
sudo ${file} --install ${file_soft}
. /etc/profile.d/jdk.sh
${file} --status ${file_soft}
### sleuthkit
file_soft=$(ls ${_PATH_SHARE}/trans/sleuthkit-java_*_amd64.deb)
if [ -z "${file_soft}" ]; then
_echoyb "Download sleuthkit deb file from sleuthkit website \nand put the file sleuthkit-java_*_amd64.deb in shared path: ${_PATH_SHARE}"
_valid
file_soft=$(ls ${_PATH_SHARE}/trans/sleuthkit-java_*_amd64.deb)
[ -z "${file_soft}" ] && echo "Unable to find file: ${file_soft}" && exit 1
fi
# get versions
# read sleuthkit_version_major sleuthkit_version_minor <<<$(echo ${file_soft}|sed 's|^.*/sleuthkit-java_\([0-9_\.]\+\)-\([0-9]\)_amd64.deb|\1 \2|')
sudo apt install -y ${file_soft}
### autopsy
file_soft=$(ls ${_PATH_SHARE}/trans/autopsy-*.zip)
if [ -z "${file_soft}" ]; then
_echoyb "Download autopsy for linux from autopsy website \nand put the file autopsy-*.zip in shared path: ${_PATH_SHARE}"
_valid
file_soft=$(ls ${_PATH_SHARE}/trans/autopsy-*.zip)
[ -z "${file_soft}" ] && echo "Unable to find file: ${file_soft}" && exit 1
fi
_echoyb unzip ${file_soft}
sudo unzip -q -d /opt/ ${file_soft}
path=/opt/autopsy
sudo mv $(ls -d /opt/autopsy-*) ${path}
sudo chown -R ${USER}:${USER} ${path}
cd /opt/autopsy
sh unix_setup.sh
ln -sv ${path}/bin/autopsy ~/.local/bin/autopsy
cp ${_PATH_SHARE}/trans/dev/install-desktop/foralyse/conf/autopsy.desktop ~/.local/share/applications/
autopsy --nosplash
### addons
-echoyb "For other addons, see:"
echo '
##### ReportModules / ForensicExpertWitnessReport
https://github.com/chriswipat/forensic_expert_witness_report_module
##### IngestModules / FileHistory
https://medium.com/@markmckinnon_80619/windows-file-history-plugin-a6208da4efa5
##### IngestModules / Volatility
https://markmckinnon-80619.medium.com/volatility-autopsy-plugin-module-8beecea6396
'
Raw
foralyse-binwalk.sh
#!/bin/bash
### dependencies
sudo apt install -y mtd-utils gzip bzip2 tar arj lhasa p7zip p7zip-full cabextract cramfsswap squashfs-tools lzop srecord
python3 -m pip install -U nose coverage pycryptodome pyqtgraph capstone matplotlib
##### github
# Install sasquatch to extract non-standard SquashFS images
sudo apt install -y zlib1g-dev liblzma-dev liblzo2-dev
cd /tmp && git clone https://github.com/devttys0/sasquatch
cd sasquatch && ./build.sh
# Install jefferson to extract JFFS2 file systems
python3 -m pip install -U cstruct
cd /tmp && git clone https://github.com/sviehb/jefferson
cd jefferson && sudo python3 setup.py install
# Install ubi_reader to extract UBIFS file systems
sudo apt install -y liblzo2-dev
python3 -m pip install -U python-lzo
cd /tmp && git clone https://github.com/jrspruitt/ubi_reader
cd ubi_reader && sudo python3 setup.py install
# Install yaffshiv to extract YAFFS file systems
cd /tmp && git clone https://github.com/devttys0/yaffshiv
cd yaffshiv && sudo python3 setup.py install
# Install unstuff (closed source) to extract StuffIt archive files
cd /tmp && curl -sS http://downloads.tuxfamily.org/sdtraces/stuffit520.611linux-i386.tar.gz | tar -zxv
sudo cp bin/unstuff /usr/local/bin/
#### binwalk
cd /tmp && git clone https://github.com/ReFirmLabs/binwalk
cd binwalk && sudo python3 setup.py install
Raw
foralyse-bytecode.sh
#!/bin/bash
file_soft=$( ls ${_PATH_SHARE}/trans/bytecode-viewer-*.tar.gz )
if [ -z "${file_soft}" ]; then
_echoyb "Put the pre-package of bytecode for linux from autopsy website \nand put the file autopsy-*.zip in shared path: ${_PATH_SHARE}"
_valid
file_soft=$( ls ${_PATH_SHARE}/trans/bytecode-viewer-*.tar.gz )
[ -z "${file_soft}" ] && echo "Unable to find file: ${file_soft}" && exit 1
fi
path=/tmp/bt
[ -d ${path} ] || mkdir -p ${path}
cd ${path}
tar xzf "${file_soft}"
sudo mv opt/bytecode* /opt/
sudo mv usr/local/bin/bytecode-viewer /usr/local/bin/
[ -d ~/.Bytecode-Viewer ] || mv home/*/.Bytecode-Viewer ~/
mv home/*/.local/share/applications/bytecode-viewer.desktop ~/.local/share/applications/
cd
rm -fR ${path}
Raw
foralyse-cfr.sh
#!/bin/bash
file_soft=$( ls ${_PATH_SHARE}/trans/cfr-*.tar.gz )
if [ -z "${file_soft}" ]; then
_echoyb "Put the pre-package of bytecode for linux from autopsy website \nand put the file autopsy-*.zip in shared path: ${_PATH_SHARE}"
_valid
file_soft=$( ls ${_PATH_SHARE}/trans/cfr-*.tar.gz )
[ -z "${file_soft}" ] && echo "Unable to find file: ${file_soft}" && exit 1
fi
path=/tmp/cf
[ -d ${path} ] || mkdir -p ${path}
cd ${path}
tar xzf "${file_soft}"
sudo mv opt/cfr /opt/
sudo mv usr/local/bin/cfr /usr/local/bin/
cd
rm -fR ${path}
Raw
foralyse-clean.sh
#!/bin/bash
sudo apt update
sudo apt -y dist-upgrade
sudo apt -y autoremove
Raw
foralyse-forensic.sh
#!/bin/bash
### global
#### network
sudo apt install -y whois
#### pwd & evtx & process
sudo apt install -y john libscca-utils pev radare2
#### hive
sudo apt install -y libhivex-bin chntpw reglookup
#### gui
sudo apt install -y bless geany ghex gpicview gtkhash wxhexeditor
### pip
python2 -m pip install -U balbuzard
python3 -m pip install -U malcarve regrippy
### base64sha
file=/usr/local/bin/b64sha
sudo curl -sS https://raw.githubusercontent.com/labcif/Base64SHA/master/b64sha -o ${file}
sudo chmod +x ${file}
### conf
#### bless
path=~/.config/bless/layouts/
[ -d ${path} ] || mkdir -p ${path}
cp /usr/share/bless/*.layout ${path}/
Raw
foralyse-global.sh
#!/bin/bash
### profile
# add ~/.local/bin to PATH
path=${HOME}/.local/bin
[ -d ${path} ] || mkdir -p ${path}
[ -f ~/.profile ] && . ~/.profile
### upgrade
sudo apt remove -y gimp* libreoffice-* thunderbird* transmission-gtk
sudo sed -i '/# deb .*partner$/ s|# ||' /etc/apt/sources.list
sudo apt update
sudo apt list --upgradable
sudo apt -y dist-upgrade
sudo apt -y autoremove
##### system
sudo apt install -y binutils-common bsdmainutils curl debconf-utils exfat-utils git gnupg2 gparted hfsprogs htop kpartx lnav most net-tools p7zip-full p7zip-rar pv rar sysstat testdisk tmux tree unrar vim xsysinfo # openssh-server
sudo apt install -y dconf-editor firefox-locale-fr galculator gpicview meld plank qt5ct qt5-gtk2-platformtheme thunar-media-tags-plugin tumbler-plugins-extra
### python
sudo apt-get install -y python3 python3-pip
sudo apt-get install -y python2 # python2-dev
cd /tmp
curl -sSL https://bootstrap.pypa.io/pip/2.7/get-pip.py -o get-pip.py
python2 get-pip.py
python2 -m pip install -U pip
### conf
##### global
sudo swapoff -av && sudo sh -c 'echo vm.swappiness=10 > /etc/sysctl.d/99-swappiness.conf' # limit swap
sudo rm /etc/localtime && sudo ln -sv /usr/share/zoneinfo/Etc/UTC /etc/localtime
##### QT5
export QT_QPA_PLATFORMTHEME=gtk2
echo -e "\n# QT\nexport QT_QPA_PLATFORMTHEME=gtk2" >> ~/.profile
echo -e "\n#JAVA\nexport _JAVA_OPTIONS=\"-Dawt.useSystemAAFontSettings=on -Dswing.aatext=true -Dswing.defaultlaf=com.sun.java.swing.plaf.gtk.GTKLookAndFeel -Dswing.crossplatformlaf=com.sun.java.swing.plaf.gtk.GTKLookAndFeel \${_JAVA_OPTIONS}\"" >> ~/.profile
_echoyb "After validation, set fusion / darker for qt5"
_valid
qt5ct
##### menu
#_echoyb "After validation, modify menu"
#_valid
#menulibre
##### plank
path=~/.config/autostart
[ -d ${path} ] || mkdir ${path}
echo '[Desktop Entry]
Encoding=UTF-8
Version=0.9.4
Type=Application
Name=plank
Comment=plank
Exec=plank
OnlyShowIn=XFCE;
RunHook=0
StartupNotify=false
Terminal=false
Hidden=false' > ${path}/plank.desktop
_echoyb "After validation, adjust planf preferences"
_valid
plank --preferences &
Raw
foralyse-host.sh
#!/bin/bash
sudo usermod -G libvirt-qemu -a ${USER}
path_share=/vms/share
sudo [ -d ${path} ] || sudo mkdir -p ${path}
sudo chown -R libvirt-qemu:libvirt-qemu ${path_share}
sudo setfacl -Rm g:libvirt-qemu:rwx ${path_share}
sudo setfacl -d -Rm g:libvirt-qemu:rwx ${path_share}
_echoyb 'Configure in virt-manager the shared path like this (use XML settings):'
echo 'Configure in virt-manager the shared path like this (use XML settings):
<filesystem type="mount" accessmode="mapped" fmode="0660" dmode="0770">
<source dir="/vms/share"/>
<target dir="/hostshare"/>
<address type="pci" domain="0x0000" bus="0x07" slot="0x00" function="0x0"/>
</filesystem>'
_valid
# personnal settings
if [ -d ~/dev ]; then
path_trans=${path_share}/trans
[ -d ${path_trans} ] || sudo mkdir ${path_trans}
sudo chown -R libvirt-qemu:libvirt-qemu ${path_trans}
# dev
cp -r ~/dev/ ${path_trans}/
# gtk styles
cp -r /home/shared/.local/share/gtksourceview-3.0/styles ${path_trans}/
# tmux
cp -r /home/shared/.tmux ${path_trans}/
find ${path_trans}/.tmux -type l -exec rm {} \;
# sublime text
cp "$( ls -1t ~/Soft/linux/backup/sublime_text*.tar.gz | head -n1 )" ${path_trans}/
# java jdk
cp "$( ls -1t ~/Soft/linux/forensic/jdk-*-linux-x64.tar.gz | head -n1 )" ${path_trans}/
# sleuhkit
cp "$( ls -1t ~/Soft/linux/forensic/sleuthkit-java_*_amd64.deb | head -n1 )" ${path_trans}/
# autopsy
cp "$( ls -1t ~/Soft/linux/forensic/autopsy-*.zip | head -n1 )" ${path_trans}/
# ida
cp "$( ls -1t ~/Soft/linux/forensic/idafree*_linux.run | head -n1 )" ${path_trans}/
# bycode
cp "$( ls -1t ~/Soft/linux/forensic/bytecode-viewer-*.tar.gz | head -n1 )" ${path_trans}/
# luyten
cp "$( ls -1t ~/Soft/linux/forensic/luyten-*.tar.gz | head -n1 )" ${path_trans}/
# cfr
cp "$( ls -1t ~/Soft/linux/forensic/cfr-*.tar.gz | head -n1 )" ${path_trans}/
# privileges
find ${path_trans}/dev -name .git -exec rm -fR {} \; 2>/dev/null
sudo find ${path_trans}/dev -type d -exec chmod 775 {} \;
sudo chown libvirt-qemu:libvirt-qemu -R ${path_trans}/dev
sudo chmod g+rw,o+r -R ${path_trans}/dev
fi
_echoyb "logout/login from your computer to apply changes"
Raw
foralyse-idafree.sh
#!/bin/bash
### global
sudo apt install -y libc6-i686:i386 libexpat1:i386 libffi7:i386 libfontconfig1:i386 libfreetype6:i386 libgcc1:i386 libglib2.0-0:i386 libice6:i386 libpcre3:i386 libpng16-16:i386 libsm6:i386 libstdc++6:i386 libuuid1:i386 libx11-6:i386 libxau6:i386 libxcb1:i386 libxdmcp6:i386 libxext6:i386 libxrender1:i386 zlib1g:i386 libx11-xcb1:i386 libdbus-1-3:i386 libxi6:i386 libsm6:i386 libcurl4:i386
sudo apt install -y libgtk2.0-0:i386 gtk2-engines-murrine:i386 gtk2-engines-pixbuf:i386 libpango1.0-0:i386
### IDA
file_soft=$( ls ${_PATH_SHARE}/trans/idafree*_linux.run )
if [ -z "${file_soft}" ]; then
_echoyb "Download IDA free version from hex-rays.com \nand put the file idafree*_linux.run in shared path: ${_PATH_SHARE}"
_valid
file_soft=$( ls ${_PATH_SHARE}/trans/idafree*_linux.run )
[ -z "${file_soft}" ] && echo "Unable to find file: ${file_soft}" && exit 1
fi
path=/opt/idafree
sudo mkdir ${path}
sudo chown ${USER}:${USER} ${path}
_echoyb "After validation, give this path for installation: ${path}"
_valid
sudo chmod +x ${file_soft}
${file_soft}
sudo ln -sv ${path}/ida /usr/local/bin/idafree
file=~/.local/share/applications/
[ -f ${file} ] && rm ${file}
cp ${_PATH_SHARE}/trans/dev/install-desktop/foralyse/conf/idafree.desktop ~/.local/share/applications/
Raw
foralyse-inc.sh
#!/bin/bash
_PATH_SHARE=/share
# colors
white='\e[0;0m'; red='\e[0;31m'; green='\e[0;32m'; blue='\e[0;34m'; magenta='\e[0;95m'; yellow='\e[0;93m'; cyan='\e[0;96m';
whiteb='\e[1;1m'; redb='\e[1;31m'; greenb='\e[1;32m'; blueb='\e[1;34m'; magentab='\e[1;95m'; yellowb='\e[1;93m'; cyanb='\e[1;96m'; cclear='\e[0;0m';
# logs
path_log=/var/log/foralyse
file_log=${path_log}/foralyse.log
file_err=${path_log}/foralyse.err
file_done=${path_log}/foralyse.done
sudo [ -d ${path_log} ] || sudo mkdir -p ${path_log}
sudo chown ${USER}:${USER} -R ${path_log}
[ -f ${file_done} ] || touch ${file_done}
exec 1> >( tee -a ${file_log} ) 2> >( tee -a ${file_err} )
_echoy() {
echo -e "${yellow}$*${cclear}"
}
_echoyb() {
echo -e "${yellowb}$*${cclear}"
}
_echor() {
echo -e "${red}$*${cclear}"
}
_echorb() {
echo -e "${redb}$*${cclear}"
}
_valid() {
echo -en "${yellowb}$* Validate to continue: ${cclear}"
read _ANSWER
}
_source() {
if ! grep -q ^$1 ${file_done}; then
echo -e "\n${yellowb}> $1${cclear}"
if . ${_PATH_SCRIPT}/$1; then
echo $1 >> ${file_done}
echo -e "${yellowb}< $1${cclear}\n"
_valid
else
echo -e "${redb}See file log $1 for errors${cclear}"
exit
fi
fi
}
_call() {
if ! grep -q ^$1$ ${file_done}; then
echo -e "${yellowb}From $2: \nUse $1${cclear}"
_valid
echo $1 >> ${file_done}
fi
}
Raw
foralyse-kali.sh
#!/bin/bash
### repository
# ADDING REPOSITORY IS VERY INVASING IN THE SYSTEM !!
sudo sh -c "echo '# kali\ndeb http://http.kali.org/kali kali-rolling main non-free contrib' > /etc/apt/sources.list.d/kali.list"
wget -q -O - archive.kali.org/archive-key.asc | sudo apt-key add -
# comment to use repository
sed -i '/^deb/ s|^|#|' /etc/apt/sources.list.d/kali.list
sudo apt update
Raw
foralyse-luyten.sh
#!/bin/bash
file_soft=$( ls ${_PATH_SHARE}/trans/luyten-*.tar.gz )
if [ -z "${file_soft}" ]; then
_echoyb "Put the pre-package of bytecode for linux from autopsy website \nand put the file autopsy-*.zip in shared path: ${_PATH_SHARE}"
_valid
file_soft=$( ls ${_PATH_SHARE}/trans/luyten-*.tar.gz )
[ -z "${file_soft}" ] && echo "Unable to find file: ${file_soft}" && exit 1
fi
path=/tmp/lt
[ -d ${path} ] || mkdir -p ${path}
cd ${path}
tar xzf "${file_soft}"
sudo mv opt/luyten* /opt/
sudo mv usr/local/bin/luyten /usr/local/bin/
path=.java/.userPrefs/us/deathmarine/luyten
if ! [ -f ~/${path}/prefs.xml ]; then
mkdir -p ~/${path}
mv home/*/${path}/prefs.xml ~/${path}/
fi
mv home/*/.local/share/applications/luyten.desktop ~/.local/share/applications/
cd
rm -fR ${path}
Raw
foralyse-pandoc.sh
#!/bin/bash
### install
sudo apt install -y pandoc texlive-latex-base texlive-latex-recommended texlive-latex-extra
### usage#!/bin/bash
_echoyb "To use pandoc:"
echo "pandoc -s -o \$fileout \$filein"
Raw
foralyse-regripper.sh
#!/bin/bash
### dependencies
sudo apt-get install -y libparse-win32registry-perl
### install / conf
path=$(find /usr/share -name Win32Registry)
cd /usr/share && sudo git clone https://github.com/keydet89/RegRipper3.0.git
sudo mv RegRipper3.0 regripper
for file in WinNT/File.pm WinNT/Key.pm Base.pm; do sudo mv ${path}/${file} ${path}/${file}.$(date +%s); sudo ln -sv /usr/share/regripper/${file##*/} ${path}/${file}; done
cd regripper
sudo cp -a rip.pl rip.pl.$(date +%s)
sudo sed -i '/^my @alerts = ();/a my \$plugindir = "/usr/share/regripper/plugins/";' rip.pl
sudo sed -i "1c #! $(which perl)\nuse lib qw(/usr/lib/perl5/);" rip.pl
sudo chmod +x rip.pl
sudo ln -sv /usr/share/regripper/rip.pl /usr/bin/regripper
sudo ln -sv /usr/share/regripper/rip.pl /usr/bin/rip
Raw
foralyse-share.sh
#!/bin/bash
file=/etc/initramfs-tools/modules
grep -q ^9p ${file} || sudo sh -c "echo '
# qemu share
9p
9pnet
9pnet_virtio' >> ${file}"
sudo update-initramfs -u
grep -q '^/hostshare' /etc/fstab || sudo sh -c 'echo "
# qemu share
/hostshare /share 9p trans=virtio,version=9p2000.L,rw,umask=002 0 0" >> /etc/fstab'
[ -d ${_PATH_SHARE} ] || sudo mkdir -p ${_PATH_SHARE}
sudo mount /share
Raw
foralyse-sublimetext.sh
#!/bin/bash
### install
file_soft=$( ls ${_PATH_SHARE}/trans/sublime_text*.tar.gz )
if [ -z "${file_soft}" ]; then
_echoyb "Put the pre-package of bytecode for linux from autopsy website \nand put the file autopsy-*.zip in shared path: ${_PATH_SHARE}"
_valid
file_soft=$( ls ${_PATH_SHARE}/trans/sublime_text*.tar.gz )
[ -z "${file_soft}" ] && echo "Unable to find file: ${file_soft}" && exit 1
fi
path=/tmp/st
[ -d ${path} ] || mkdir -p ${path}
cd ${path}
tar xzf "${file_soft}"
sudo mv opt/sublime_text* /opt/
sudo mv usr/bin/sublime_text /usr/local/bin/
mv home/*/.sublime-project/ ~/
mv home/*/.config/sublime-text-* ~/.config/
mv home/*/.local/share/applications/sublime-text.desktop ~/.local/share/applications/
cd
rm -fR ${path}
### conf
file="/etc/hosts"
sudo sh -c "echo '\n# sublime-text hack\n127.0.0.1\tsublimetext.com\n127.0.0.1\twww.sublimetext.com\n127.0.0.1\tlicense.sublimehq.com' >> ${file}"
ips="45.55.255.55"
for ip in ${ips}; do sudo iptables -A OUTPUT -d ${ip} -j DROP; done
path=/etc/iptables
[ -d "${path}" ] || sudo mkdir "${path}"
sudo sh -c 'iptables-save > /etc/iptables/rules.v4'
echo
cat ${_PATH_SHARE}/trans/dev/install-desktop/conf/soft/sublime-text.license
_echoyb "Register sublime test with above license"
Raw
foralyse-trans.sh
#!/bin/bash
path_foralyse=${_PATH_SHARE}/trans/dev/install-desktop/foralyse
path_conf=${_PATH_SHARE}/trans/dev/install-desktop/foralyse/conf
path_conf_desk=${_PATH_SHARE}/trans/dev/install-desktop/conf
for path in ${path_conf} ${path_conf_desk}; do
! [ -d ${path} ] && _echorb "Unable to find path: ${path}" && exit 1
done
# sudo chown ${USER}:${USER} -R ${_PATH_SHARE} 2>/dev/null
### user
paths="~/.local/share/icons ~/.local/share/applications ~/.local/share/gtksourceview-3.0 ~/.config/bless/layouts"
for path in ${paths}; do
[ -d ${path} ] || mkdir -p ${path}
done
cp ${path_conf}/.bashrc ~/
cp ${path_conf}/.bash_aliases ~/
cp ${path_conf}/uca.xml ~/.config/Thunar/
cp ${path_conf}/xfce4-terminal-tmux.desktop ~/.local/share/applications/
cp ${path_conf}/icons/* ~/.local/share/icons
cp ${path_conf_desk}/icons/* ~/.local/share/icons
cp ${path_conf}/bless/* ~/.config/bless/layouts/
cp ${_PATH_SHARE}/trans/dev/bs/conf/.vimrc ~/
cp ${_PATH_SHARE}/trans/dev/bs/conf/.tmux.conf ~/
cp -r ${_PATH_SHARE}/trans/styles ~/.local/share/gtksourceview-3.0/
#### user conf
for file in $(ls ${path_conf}/user.*.tar.gz); do
tar xzf ${file} -C ${HOME}/
done
### root
sudo cp ${path_conf}/.bashrc-root /root/.bashrc
sudo cp ${path_conf}/.bash_aliases /root/
### system
for path in /usr/share/meld/styles; do
[ -d ${path} ] || sudo mkdir -p ${path}
done
sudo cp ${_PATH_SHARE}/trans/dev/bs/scripts/clean-files.sh /usr/local/bin/
sudo cp ${_PATH_SHARE}/trans/dev/install/conf/vim/* /usr/share/vim/vim*/colors/
sudo cp ${path_conf_desk}/soft/meld-dark.xml /usr/share/meld/styles/
sudo cp ${path_conf_desk}/wp/* /usr/share/xfce4/backdrops/
sudo cp ${path_conf_desk}/bash-completion/* /usr/share/bash-completion/completions/
sudo cp ${path_foralyse}/*.sh /usr/local/bin/
sudo cp ${path_foralyse}/mount-cases.service /etc/systemd/system/
sudo chmod +r -R ~/.local
sudo chmod +r /usr/share/bash-completion/completions/tmux*
sudo chmod +r /usr/share/xfce4/backdrops/*
sudo chmod 755 /usr/local/bin/*.sh
sudo chmod 644 /etc/systemd/system/mount-cases.service
sudo systemctl enable mount-cases.service
sudo systemctl start mount-cases.service
Raw
foralyse-volatility.sh
#!/bin/bash
### volatility3
python3 -m pip install -U pefile yara-python capstone pycryptodome jsonschema leechcorepyc python-snappy
python3 -m pip install -U volatility3
cd ~/.local/bin && ln -sv vol vol3
### volatility2
# https://github.com/volatilityfoundation/volatility/wiki/Installation
##### global
sudo apt install -y pcregrep libpcre++-dev python-dev
python2 -m pip install distorm3 ipython openpyxl pycrypto pytz ujson yara-python
##### libforensic1394
sudo apt install -y cmake
cd /tmp
git clone https://github.com/FreddieWitherden/libforensic1394
cd libforensic1394
mkdir build && cd build
cmake -G"Unix Makefiles" ../
sudo make install
cd ../python
sudo python setup.py install
sudo ln -sv /usr/local/lib/libforensic1394.so.0.3.0 /usr/lib/libforensic1394.so.2
cd
sudo rm -fR /tmp/libforensic1394
sudo apt remove -y cmake
sudo apt -y autoremove
##### volatility
cd /opt
sudo git clone https://github.com/volatilityfoundation/volatility.git
cd volatility
sudo rm -fR .git
sudo python setup.py install
cd /usr/local/bin
sudo ln -sv vol.py vol2
_echoy vol2
vol2 -h
_echoy vol3
vol3 -h
Raw
foralyse-wireshark.sh
#!/bin/bash
sudo add-apt-repository -y ppa:wireshark-dev/stable
sudo apt update
sudo apt install -y tshark wireshark
cp ${_PATH_SHARE}/trans/dev/install-desktop/foralyse/conf/org.wireshark.Wireshark.desktop ~/.local/share/applications/
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment