zebde · March 24, 2017 07:19
diff --git a/001-vipersetup.sh b/001-vipersetup.sh
 #!/bin/bash          

 # ---------------------------------------------------------------------------
 # vipersetup.sh - Ubuntu 14.04 based Viper installation script

 # Copyright 2016,  https://github.com/zebde
    
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.

 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License at <http://www.gnu.org/licenses/> for
 # more details.

 # Usage: viper.sh
 # Usage: bash -c "$(curl -fsSL https://gist.github.com/zebde/72eb3621cea45724c700448c609b2193/raw/001-vipersetup.sh)"
 # ---------------------------------------------------------------------------

 ## General Tidyness
 sudo apt-get -y install autoconf build-essential g++ python-dev python-pip git automake libtool libimage-exiftool-perl python-m2crypto libfuzzy libssl-dev swig libfuzzy-dev libffi-dev
 sudo pip install SQLAlchemy PrettyTable python-magic pypdns pypssl r2pipe pbkdf2 virustotal-api pyclamd terminaltables
 sudo pip install --pre pype32
 sudo apt-get -y update
 sudo apt-get -y upgrade
 mkdir ~/tmp_build

 ## YARA
 cd ~/tmp_build
 wget https://github.com/VirusTotal/yara/archive/v3.5.0.tar.gz
 tar zxf v3.5.0.tar.gz
 cd yara-3.5.0/
 sudo bash build.sh
 sudo make install
 cd yara-python/
 sudo python setup.py install
 sudo su 
 echo "/usr/local/lib" >> /etc/ld.so.conf
 ldconfig
 exit
 cd ~/tmp_build/

 ## SSDeep
 cd ~/tmp_build/
 wget http://netix.dl.sourceforge.net/project/ssdeep/ssdeep-2.13/ssdeep-2.13.tar.gz
 tar zxf ssdeep-2.13.tar.gz
 cd ssdeep-2.13/
 sudo ./configure
 sudo make
 sudo make install
 sudo pip install pydeep
 cd ~/tmp_build/

 ## Androguard
 cd ~/tmp_build/
 wget https://androguard.googlecode.com/files/androguard-1.9.tar.gz
 tar zxf androguard-1.9.tar.gz
 cd androguard-1.9/
 sudo python setup.py install
 cd ~/tmp_build/

 ## SocksiPy
 sudo apt-get install python-socksipy

 #Py EXIF Tool
 cd ~/tmp_build/
 git clone git://github.com/smarnach/pyexiftool.git
 sudo python setup.py install
 cd ~/tmp_build


 # VIPER Installation
 cd ~/tmp_build/
 wget https://github.com/viper-framework/viper/archive/v1.2.tar.gz
 tar zxf v1.2.tar.gz
 mv v1.2 viper
 sudo mv viper /usr/share/
 cd /usr/share/viper/
 mkdir /etc/viper
 sudo wget -O /etc/viper/viper.conf https://gist.githubusercontent.com/zebde/72eb3621cea45724c700448c609b2193/raw/003-viper.conf
 mkdir /viper
 sudo pip install -r requirements.txt
 sudo python update.py -d
 sudo python update.py -c


 ### NGINX
 sudo apt-get -y install nginx apache2-utils
 p=`openssl rand -base64 6`
 sudo htpasswd -bc /etc/nginx/htpasswd.users viper $p
 sudo wget -O /etc/nginx/sites-available/viper.conf https://gist.githubusercontent.com/zebde/72eb3621cea45724c700448c609b2193/raw/002-viper.conf.nginx
 sudo ln -s /etc/nginx/sites-available/viper.conf /etc/nginx/sites-enabled/viper.conf
 sudo rm /etc/nginx/sites-enabled/default
 sudo service nginx restart

 ## Gunicorn
 sudo apt-get install gunicorn
 sudo chown -R www-data:www-data /opt/viper
 sudo wget -O /etc/gunicorn.d/viper https://gist.githubusercontent.com/zebde/72eb3621cea45724c700448c609b2193/raw/004-viper.gun
 sudo service gunicorn start


 echo "-------------------------------------------"
 echo "-          VIPER Setup Complete           -"
 echo "-                                         -"
 echo "-  You can access VIPER on port 80        -"
 echo "-  Username: viper                        -"
 echo "-  Password: $p                       -"
 echo "-                                         -"
 echo "-------------------------------------------"
diff --git a/002-viper.conf.nginx b/002-viper.conf.nginx
 server {
    listen 80;
 
    server_name example.com;
 
    auth_basic "MALWARE::Restricted Access::MALWARE";
    auth_basic_user_file /etc/nginx/htpasswd.users;
 
    location / {
        proxy_pass http://localhost:9090;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
 }
diff --git a/003-viper.conf b/003-viper.conf
 # This file is part of Viper - https://github.com/botherder/viper
 # See the file 'LICENSE' for copying permission.

 ##
 # Core
 ##

 [modules]
 store_output = True

 [paths]
 # Path to a folder that will be used for storing samples and resources.
 # If left blank, the default will be $HOME/.viper
 storage_path = /viper

 [database]
 # Configure the database connection type example shown below
 # reserved for future use

 [web]
 host = 0.0.0.0
 port = 8080

 [api]
 enabled = True
 host = 0.0.0.0
 port = 9090


 [autorun]
 enabled = True

 # Verbose True will print the output of each command. 
 # False will tell you a command has been run but not display the output
 verbose = True

 # Enter a comma separated list of command lines, As you would enter them in the CLI. You can use ; to chain commands.
 # Commands are run in sequence and the output of MODULES is stored if store_output is set to True.
 # commands = yara scan -t, fuzzy, pe compiletime
 commands = yara scan -t, triage


 ##
 # Modules
 ##

 [virustotal]
 virustotal_has_private_key = False
 virustotal_has_intel_key = False
 virustotal_key =

 [cuckoo]
 cuckoo_modified = False
 cuckoo_host = http://localhost:8080

 [reports]
 malwr_login = https://malwr.com/account/login/
 malwr_user =
 malwr_pass =
 malwr_search = https://malwr.com/analysis/search/
 malwr_prefix = https://malwr.com

 anubis_login = https://anubis.iseclab.org/?action=login
 anubis_user = 
 anubis_pass = 
 anubis_search = https://anubis.iseclab.org/?action=hashquery
 anubis_prefix = https://anubis.iseclab.org/

 [misp]
 misp_url =
 misp_key =
 misp_verify = True
 misp_vturl = https://www.virustotal.com/vtapi/v2/file/report

 [pssl]
 pssl_url =
 pssl_user =
 pssl_pass =

 [pdns]
 pdns_url =
 pdns_user =
 pdns_pass =

 [koodous]
 koodous_url = https://koodous.com/api/apks
 koodous_token = d01d9c845e4b2430682241c5faa55e786c129441
diff --git a/004-viper.gun b/004-viper.gun
 CONFIG = {
    'mode': 'wsgi',
    'working_dir': '/opt/viper',
      'python': '/usr/bin/python',
    'user': 'daemon',
    'group': 'daemon',
    'args': (
        '--bind=0.0.0.0:9090',
        '--workers=4',
        '--umask=0027',
        '--log-level=info',
        '--access-logfile=/var/log/gunicorn/viper_access.log',
        'web:app',
    ),
 }
	#!/bin/bash

	# ---------------------------------------------------------------------------
	# vipersetup.sh - Ubuntu 14.04 based Viper installation script

	# Copyright 2016, https://github.com/zebde

	# This program is free software: you can redistribute it and/or modify
	# it under the terms of the GNU General Public License as published by
	# the Free Software Foundation, either version 3 of the License, or
	# (at your option) any later version.

	# This program is distributed in the hope that it will be useful,
	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	# GNU General Public License at <http://www.gnu.org/licenses/> for
	# more details.

	# Usage: viper.sh
	# Usage: bash -c "$(curl -fsSL https://gist.github.com/zebde/72eb3621cea45724c700448c609b2193/raw/001-vipersetup.sh)"
	# ---------------------------------------------------------------------------

	## General Tidyness
	sudo apt-get -y install autoconf build-essential g++ python-dev python-pip git automake libtool libimage-exiftool-perl python-m2crypto libfuzzy libssl-dev swig libfuzzy-dev libffi-dev
	sudo pip install SQLAlchemy PrettyTable python-magic pypdns pypssl r2pipe pbkdf2 virustotal-api pyclamd terminaltables
	sudo pip install --pre pype32
	sudo apt-get -y update
	sudo apt-get -y upgrade
	mkdir ~/tmp_build

	## YARA
	cd ~/tmp_build
	wget https://github.com/VirusTotal/yara/archive/v3.5.0.tar.gz
	tar zxf v3.5.0.tar.gz
	cd yara-3.5.0/
	sudo bash build.sh
	sudo make install
	cd yara-python/
	sudo python setup.py install
	sudo su
	echo "/usr/local/lib" >> /etc/ld.so.conf
	ldconfig
	exit
	cd ~/tmp_build/

	## SSDeep
	cd ~/tmp_build/
	wget http://netix.dl.sourceforge.net/project/ssdeep/ssdeep-2.13/ssdeep-2.13.tar.gz
	tar zxf ssdeep-2.13.tar.gz
	cd ssdeep-2.13/
	sudo ./configure
	sudo make
	sudo make install
	sudo pip install pydeep
	cd ~/tmp_build/

	## Androguard
	cd ~/tmp_build/
	wget https://androguard.googlecode.com/files/androguard-1.9.tar.gz
	tar zxf androguard-1.9.tar.gz
	cd androguard-1.9/
	sudo python setup.py install
	cd ~/tmp_build/

	## SocksiPy
	sudo apt-get install python-socksipy

	#Py EXIF Tool
	cd ~/tmp_build/
	git clone git://github.com/smarnach/pyexiftool.git
	sudo python setup.py install
	cd ~/tmp_build


	# VIPER Installation
	cd ~/tmp_build/
	wget https://github.com/viper-framework/viper/archive/v1.2.tar.gz
	tar zxf v1.2.tar.gz
	mv v1.2 viper
	sudo mv viper /usr/share/
	cd /usr/share/viper/
	mkdir /etc/viper
	sudo wget -O /etc/viper/viper.conf https://gist.githubusercontent.com/zebde/72eb3621cea45724c700448c609b2193/raw/003-viper.conf
	mkdir /viper
	sudo pip install -r requirements.txt
	sudo python update.py -d
	sudo python update.py -c


	### NGINX
	sudo apt-get -y install nginx apache2-utils
	p=`openssl rand -base64 6`
	sudo htpasswd -bc /etc/nginx/htpasswd.users viper $p
	sudo wget -O /etc/nginx/sites-available/viper.conf https://gist.githubusercontent.com/zebde/72eb3621cea45724c700448c609b2193/raw/002-viper.conf.nginx
	sudo ln -s /etc/nginx/sites-available/viper.conf /etc/nginx/sites-enabled/viper.conf
	sudo rm /etc/nginx/sites-enabled/default
	sudo service nginx restart

	## Gunicorn
	sudo apt-get install gunicorn
	sudo chown -R www-data:www-data /opt/viper
	sudo wget -O /etc/gunicorn.d/viper https://gist.githubusercontent.com/zebde/72eb3621cea45724c700448c609b2193/raw/004-viper.gun
	sudo service gunicorn start


	echo "-------------------------------------------"
	echo "- VIPER Setup Complete -"
	echo "- -"
	echo "- You can access VIPER on port 80 -"
	echo "- Username: viper -"
	echo "- Password: $p -"
	echo "- -"
	echo "-------------------------------------------"
	server {
	listen 80;

	server_name example.com;

	auth_basic "MALWARE::Restricted Access::MALWARE";
	auth_basic_user_file /etc/nginx/htpasswd.users;

	location / {
	proxy_pass http://localhost:9090;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection 'upgrade';
	proxy_set_header Host $host;
	proxy_cache_bypass $http_upgrade;
	}
	}
	# This file is part of Viper - https://github.com/botherder/viper
	# See the file 'LICENSE' for copying permission.

	##
	# Core
	##

	[modules]
	store_output = True

	[paths]
	# Path to a folder that will be used for storing samples and resources.
	# If left blank, the default will be $HOME/.viper
	storage_path = /viper

	[database]
	# Configure the database connection type example shown below
	# reserved for future use

	[web]
	host = 0.0.0.0
	port = 8080

	[api]
	enabled = True
	host = 0.0.0.0
	port = 9090


	[autorun]
	enabled = True

	# Verbose True will print the output of each command.
	# False will tell you a command has been run but not display the output
	verbose = True

	# Enter a comma separated list of command lines, As you would enter them in the CLI. You can use ; to chain commands.
	# Commands are run in sequence and the output of MODULES is stored if store_output is set to True.
	# commands = yara scan -t, fuzzy, pe compiletime
	commands = yara scan -t, triage


	##
	# Modules
	##

	[virustotal]
	virustotal_has_private_key = False
	virustotal_has_intel_key = False
	virustotal_key =

	[cuckoo]
	cuckoo_modified = False
	cuckoo_host = http://localhost:8080

	[reports]
	malwr_login = https://malwr.com/account/login/
	malwr_user =
	malwr_pass =
	malwr_search = https://malwr.com/analysis/search/
	malwr_prefix = https://malwr.com

	anubis_login = https://anubis.iseclab.org/?action=login
	anubis_user =
	anubis_pass =
	anubis_search = https://anubis.iseclab.org/?action=hashquery
	anubis_prefix = https://anubis.iseclab.org/

	[misp]
	misp_url =
	misp_key =
	misp_verify = True
	misp_vturl = https://www.virustotal.com/vtapi/v2/file/report

	[pssl]
	pssl_url =
	pssl_user =
	pssl_pass =

	[pdns]
	pdns_url =
	pdns_user =
	pdns_pass =

	[koodous]
	koodous_url = https://koodous.com/api/apks
	koodous_token = d01d9c845e4b2430682241c5faa55e786c129441
	CONFIG = {
	'mode': 'wsgi',
	'working_dir': '/opt/viper',
	'python': '/usr/bin/python',
	'user': 'daemon',
	'group': 'daemon',
	'args': (
	'--bind=0.0.0.0:9090',
	'--workers=4',
	'--umask=0027',
	'--log-level=info',
	'--access-logfile=/var/log/gunicorn/viper_access.log',
	'web:app',
	),
	}