Thug-Vagrant

Thug-Vagrant provides a Vagrant configuration file (Vagrantfile) and shell script to automate the setup of a Thug honeyclient in a virtual machine. The need for this project comes from the lengthy and somewhat difficult installation procedure of Thug which can be discouraging.

REQUIREMENTS:

  1. VirtualBox
  2. Vagrant

DOWNLOAD & INSTALL Thug-Vagrant:

git clone https://github.com/ikoniaris/thug-vagrant && cd thug-vagrant
vagrant up

This will download (only the first time) a virtual disk, it will create a new Ubuntu 12.04 LTS VM on the fly and start it using VirtualBox. Then Thug and all of its dependencies will be installed on it. And that’s it!

You can then login into the machine by typing “vagrant ssh” or using an SSH client (e.g. PuTTY) and connect to localhost:2222 — username: vagrant, password: vagrant. Once inside the VM, you will find Thug in the /opt/thug/ directory and the main script located at: /opt/thug/src/thug.py. If you want to stop the machine type “vagrant halt” (on the outer terminal, not inside the machine).

Every time you want to start the honeypot VM a simple “vagrant up” issued inside the thug-vagrant directory is enough!

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

9 comments

Skip to comment form

    • Stepan Mark Pietrek on July 25, 2014 at 11:02 AM
    • Reply

    Hi,
    I get this error when run ‘vagrant up’ command:

    ” The guest machine entered an invalid state while waiting for it
    to boot. Valid states are ‘starting, running’. The machine is in the
    ‘poweroff’ state. Please verify everything is configured
    properly and try again.

    If the provider you’re using has a GUI that comes with it,
    it is often helpful to open that and watch the machine, since the
    GUI often has more helpful error messages than Vagrant can retrieve.
    For example, if you’re using VirtualBox, run `vagrant up` while the
    VirtualBox GUI is open. ”

    Box “precise32” downloaded but doesn’t work.

    Windows 7 Ultimate SP1 64Bit

      • Ion on July 25, 2014 at 11:16 AM
      • Reply

      Hi Stepan, can you open VirtualBox and see if the machine is there? If yes, just delete it from the GUI. And then run `vagrant up` inside the thug-vagrant folder again. Good luck.

        • Stepan Mark Pietrek on July 25, 2014 at 1:07 PM

        The problem was in the VirtualBox version! With VirtualBox 4.3.* doesn’t work but with VirtualBox 4.2.* works fine (in my case VirtualBox 4.2.12).
        Anyway thanks alot! =)

        • Ion on July 26, 2014 at 10:16 AM

        It works for me with VirtualBox 4.3 though. But since you’ve solved it, everything is good.

        • Stepan Mark Pietrek on July 26, 2014 at 2:19 PM

        The 4.3.14 VirtualBox version has some problem, so this was the problem maybe. You can see in VirtualBox forum. =)

    • Ken Pryor on July 27, 2014 at 10:23 PM
    • Reply

    This is excellent, my friend! I did find that in Win 7, I had to open cmd as Administrator before typing the command vagrant up. It works very well, though! Thank you!

      • Ion on July 27, 2014 at 10:56 PM
      • Reply

      Hi Ken!

      Great news 🙂 Let me know how it goes. Another suggestion is to also take a look at Docker after Vagrant. There is even a Docker container for Thug around.

      Best regards, Ion.

    • User on February 25, 2015 at 3:15 PM
    • Reply

    Please include flex as required package otherwise yara build will fail.

      • Ion on February 26, 2015 at 2:35 AM
      • Reply

      Done!

Leave a Reply

Read previous post:
Kippo-Graph 1.2: pull master or re-download
Kippo-Graph 1.2 released!
Honeypots workshop at BSidesLV 2014!
Dionaea-Vagrant demo
The Bulgarian and Soviet Virus Factories
Close