nepenthes用法

安装

# apt-get install nepenthes

配置文件

# vi submit-file.conf

submit-file
{
    path "/var/lib/nepenthes/binaries/"; //存放恶意程序的路径
};

# vi submit-norman.conf

submit-norman
{
    // this is the adress where norman sandbox reports will be sent
    email   "nsbx@mwcollect.org"; //分析恶意程序结果，发送邮件通知
    urls    ("http://www.norman.com/microsites/nsic/Submit/Special/45773/",
             "http://luigi.informatik.uni-mannheim.de/submit.php?action=veri
fy"); //恶意程序分析url
};

# vi log-download.conf

log-download
{
    downloadfile    "/var/log/nepenthes/logged_downloads"; // log download attem
pts //日志记录路径
    submitfile    "/var/log/nepenthes/logged_submissions"; // log successfull do
wnloads
};

Metasploit
Metasploit是一款开源的安全漏洞检测工具

安装msf

# curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall
# chmod 755 msfinstall
# ./msfinstall

出现如下错误：

curl: (35) error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown message digest algorithm

解决办法：
拷贝文件内容到msfinstall文件

安装postgresql

# apt-get install postgresql
# su - postgres
# psql
# password
123456

运行
应用msf扫描蜜罐，使用nepenthes检测恶意软件

# msfconsole