安装
# apt-get install nepenthes配置文件
# vi submit-file.conf
submit-file
{
path "/var/lib/nepenthes/binaries/"; //存放恶意程序的路径
};# vi submit-norman.conf
submit-norman
{
// this is the adress where norman sandbox reports will be sent
email "nsbx@mwcollect.org"; //分析恶意程序结果,发送邮件通知
urls ("http://www.norman.com/microsites/nsic/Submit/Special/45773/",
"http://luigi.informatik.uni-mannheim.de/submit.php?action=veri
fy"); //恶意程序分析url
};# vi log-download.conf
log-download
{
downloadfile "/var/log/nepenthes/logged_downloads"; // log download attem
pts //日志记录路径
submitfile "/var/log/nepenthes/logged_submissions"; // log successfull do
wnloads
};Metasploit
Metasploit是一款开源的安全漏洞检测工具
安装msf
# curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall
# chmod 755 msfinstall
# ./msfinstall出现如下错误:
curl: (35) error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown message digest algorithm解决办法:
拷贝文件内容到msfinstall文件
安装postgresql
# apt-get install postgresql
# su - postgres
# psql
# password
123456运行
应用msf扫描蜜罐,使用nepenthes检测恶意软件
# msfconsole