I was delighted to hear that Yahoo released the scanning platform Gryffin as open source. Nothing beats installing some public domain software to clear the week-end hangover, so let's go.
I created my test server on a Digital Ocean droplet (you get a 10 dollar credit if you register at Digital Ocean through this link). The instructions should work however for any Ubuntu 14.04 LTS server.
First check your fridge, you will need at least a six-pack of beers since installation will take a lot of time.
I started with my base Ubuntu 14.04 LTS installation as described here.
Execute the following:
sudo apt-get update sudo apt-get upgrade sudo apt-get install git wget build-essential g++ flex bison gperf ruby perl libsqlite3-dev libfontconfig1-dev libicu-dev curl libcurl3 libcurl4-openssl-dev libfreetype6 libssl-dev libpng12-dev libjpeg-dev python libx11-dev libxext-dev mercurial
One of the prerequisites is GOlang, a language I haven't been playing with for a very long time. Time to brush up my knowledge!
Unfortunately, the Ubuntu 14.04 LTS version of GOlang is a bit too old and we need to install it manually.
Download the current version from the Golang repository.
cd wget https://storage.googleapis.com/golang/go1.5.1.linux-amd64.tar.gz sudo tar -C /usr/local -xzf go1.5.1.linux-amd64.tar.gz
Add the following line to
make sure the PATH is loaded:
Gryffin uses PhantomJS as headless browser. Unfortunately, no pre-made package is available for version 2.x and this needs to be build from source. Time to get that first beer, since compilation will take about two and a half hours.
cd git clone git://github.com/ariya/phantomjs.git cd phantomjs git checkout 2.0 ./build.sh sudo ln -s $PWD/bin/phantomjs /usr/local/bin/phantomjs
cd git clone git://github.com/sqlmapproject/sqlmap.git sudo ln -s $PWD/sqlmap/sqlmap.py /usr/local/bin/sqlmap.py
Check the availability of the latest version of Arachni and download the self-contained package:
cd wget https://github.com/Arachni/arachni/releases/download/v1.2.1/arachni-1.2.1-0.5.7.1-linux-x86_64.tar.gz tar zxvf tar zxvf arachni-1.2.1-0.5.7.1-linux-x86_64.tar.gz cd arachni-1.2.1-0.5.7.1/bin for f in arachni*; do sudo ln -s $PWD/"$f" "/usr/local/bin/$f"; done
Install NSQ as follows:
cd wget https://s3.amazonaws.com/bitly-downloads/nsq/nsq-0.3.6.linux-amd64.go1.5.1.tar.gz tar zxvf nsq-0.3.6.linux-amd64.go1.5.1.tar.gz cd nsq-0.3.6.linux-amd64.go1.5.1/bin for f in *; do sudo ln -s $PWD/"$f" "/usr/local/bin/$f"; done
Kibana and ElasticSearch
First we need to install docker and enable your local non-root user to run it. Modify the "igbuend" to your own username!
cd sudo wget -qO- https://get.docker.com/ | sh sudo usermod -aG docker igbuend
Log out and log in again. Now run the following:
docker run hello-world
This should run without problems. Now try the Kibana/ElasticSearch image:
docker run -p 8080:5601 -p 5000:5000 yukinying/elk
Again this should run without problems.
Finally, we can install Gryffin. Open another shell and execute:
cd mkdir gofiles export GOPATH=$PWD/gofiles go get github.com/yahoo/gryffin/...
Add the following to your
This is it! Reboot your server (so you can detect potential errors) and try-out your installation with:
sudo docker daemon docker run -p 8080:5601 -p 5000:5000 yukinying/elk
In another shell type:
cd nsqlookupd & nsqd & $GOPATH/bin/gryffin-standalone
And this should start scanning:
Probably a lot more configuration is needed, but unfortunately, the documentation is completely missing from the site. Ah, the joys of open source! Anyway, have fun hacking at Gryffin!