Jul 23 2014

Vagrant configuration for Thug honeyclient

I am happy to announce another small side-project. This time, I decided to make a Thug honeyclient VM available with one command (no kidding!)

I have previously done the same with Dionaea-Vagrant, and while I was working on the next version of HoneyDrive the past days, news came out that Thug 0.5 was released today. So, I followed again the lengthy installation procedure and thought that I should make it easily replicable.

Thus, I have created a simple shell script to automate the installation of Thug, which is applied to a VM upon launch. To use it, first install VirtualBox and Vagrant itself for your OS version.

The files are located in a GitHub repo here: https://github.com/ikoniaris/thug-vagrant

So, you can now have a working Thug VM up and running in minutes by simply issuing:

git clone https://github.com/ikoniaris/thug-vagrant && cd thug-vagrant
vagrant up

This will download (only the first time) a virtual disk, create a new Ubuntu 12.04 LTS VM on the fly and start it, install Thug and all of its dependencies. And that’s it!

You can then login into the machine by typing “vagrant ssh” or using an SSH client (e.g. PuTTY) and connect to localhost:2222 — username: vagrant, password: vagrant. Once inside the VM, you will find Thug in the /opt/thug/ directory and the main script located at: /opt/thug/src/thug.py.

If you want to stop the machine type “vagrant halt” (on the outer terminal, not inside the machine). Every time you want to start the honeypot VM a simple “vagrant up” issued inside the thug-vagrant directory is enough! (hint: see the list of CLI commands for more)

Enjoy and if you have any feedback let me know!

PS. If you want to refer to this project you can use this dedicated page: http://bruteforce.gr/thug-vagrant

More in Blog News, DevOps, Honeypots, Malware, Visualization
Kippo-Graph 1.2: pull master or re-download
Kippo-Graph 1.2 released!
Honeypots workshop at BSidesLV 2014!
Dionaea-Vagrant demo
The Bulgarian and Soviet Virus Factories