Install Thug on Kali Linux

EDIT: This post was originally written for Kali 1.0 in 2013. It was not tested on any later version.

I started this post with Backtrack, but since Kali Linux came out yesterday, I figured I would update the instructions to use the latest and greatest!

Thug is a low-interaction honeyclient put out by The Honeynet Project. The purpose of a honeyclient is to emulate a web browser when viewing malicious websites without actually visiting the page in a vulnerable browser. It can then follow redirects, pull down malware, and emulate browser plugins to pull down any of the malicious code trying to be served up to victims. You can read more about Thug here and here.

Here is how to install thug and its many dependencies on Kali Linux. You should be able to copy and paste the whole block of commands below right into a terminal to get everything going.

# Install the dependencies that are available in aptitude
apt-get -y install subversion libboost-dev libboost-python-dev libboost-thread-dev libboost-system-dev python-pip python-dev libbz2-dev libboost-all-dev python-magic autoconf automake dh-autoreconf

# Install libemu. Used for shellcode emulation
cd 
git clone git://git.carnivore.it/libemu.git
cd libemu
autoreconf -v -i
./configure --enable-python-bindings --prefix=/opt/libemu
make -j4
make install
ldconfig -n /opt/libemu/lib

# Install pylibemu - used for libemu to talk with python
cd
git clone https://github.com/buffer/pylibemu.git
sh -c "echo /opt/libemu/lib > /etc/ld.so.conf.d/pylibemu.conf"
cd pylibemu
python setup.py build
python setup.py install

# Install some remaining python libraries that are needed
pip install beautifulsoup4 zope.interface pymongo cssutils httplib2 pefile chardet html5lib
# pydot requires pyparsing, but the last version of pyparsing that supports python 2.x is 1.5.7
easy_install pyparsing==1.5.7
pip install pydot

# Change to a working directory and get thug
cd /usr/local/src
mkdir thug
cd thug
git clone https://github.com/buffer/thug.git

# Download, configure and install Google V8
svn checkout http://v8.googlecode.com/svn/trunk/ v8
svn checkout http://pyv8.googlecode.com/svn/trunk/ pyv8
# Patch from thug
cp thug/patches/V8-patch* ./
patch -p0 < V8-patch1.diff
# setup V8 and PyV8
export V8_HOME=/usr/local/src/thug/v8/
cd pyv8/
python setup.py build
python setup.py install

# Make a copy of thug in /opt for use
cd ..
cp -ar ./thug/ /opt/thug

# Make sure python knows where libemu is in this session an permanently
export LD_LIBRARY_PATH=/opt/libemu/lib
echo 'export LD_LIBRARY_PATH=/opt/libemu/lib' >> ~/.bashrc

# Profit!
python /opt/thug/src/thug.py -h

That’s it. It’s actually easier to install on Kali than on Backtrack 5r3, so I’m glad I gave it a go.

To begin analyzing malicious sites, I’d recommend creating a directory called ~/thug/run and executing thug from within that directory using

root@kali:~/thug/run# python /opt/thug/src/thug.py <url>

Thug will create the directory  ~/thug/logs for everything it finds. From there you can pull out files or code for further examination with other tools.

References

Installation of libemu and pylibemu on Ubuntu/Debian
Thug on REMnux (Walkthrough)
PaulDotCom Episode318

8 thoughts on “Install Thug on Kali Linux”

    1. Thanks. What packages were missing? I wrote this guide when the original Kali 1.0 came out so perhaps things have changed now that we’re on 1.0.5.

  1. Getting an error while building Pyv8 on Kali 1.0

    src/Engine.cpp:357:43: error: cannot convert ‘v8::ResourceConstraints*’ to ‘v8::Isolate*’ for argument ‘1’ to ‘bool v8::SetResourceConstraints(v8::Isolate*, v8::ResourceConstraints*)’

    Any thoughts?

    1. Im getting issue(s) with missing boost/python.hpp from src/Utils.h . Went out and grabbed the lib, put it in the proper dir and still no luck… I really dont want to have a separate VM for thug but it looks like this is not going to work 🙁

  2. Please please please make similar instructions for OSX! Tried doing each thing by hand with not much luck, things are not happy in OSX land with all these dependencies!
    Thanks much!

  3. This does not work at all, as far as I can tell its missing boost. Went out and got it put it in the src directory and still does not work.

    1. Sorry, this post is old. I’d gather that these instructions and package versions are not going to work on Kali 2 (assuming that’s what you’re using).

Leave a Reply to Kris Cancel reply

Your email address will not be published.