FROM debian:latest LABEL authors="Johannes Bülow " WORKDIR /tmp/crap RUN export DEBIAN_FRONTEND="noninteractive" \ && apt-get update \ && apt-get upgrade -y \ && apt-get install --no-install-recommends -y bash wget curl yara zip unzip git file binutils msitools exif coreutils \ python3-pip libsqlite3-dev python3-full ## TRID RUN wget https://mark0.net/download/trid_linux_64.zip \ && unzip trid_linux_64.zip \ && chmod +x trid \ && mv trid /usr/local/bin/trid ## YARA RUN git clone https://github.com/Yara-Rules/rules.git /usr/local/src/yara-rules \ && echo "#!/bin/bash" > /usr/local/bin/yara-rules && echo 'yara -w /usr/local/src/yara-rules/index.yar "${*}"' >> /usr/local/bin/yara-rules \ && chmod +x /usr/local/bin/yara-rules ## Detect-It-Easy RUN wget https://github.com/horsicq/DIE-engine/releases/download/3.08/die_3.08_Debian_12_amd64.deb -O die.deb\ && apt-get install --no-install-recommends -y ./die.deb ## PiP stuff #RUN pip3 install stringsifter pyelftools dotnetfile peframe-ds flare-floss oletools RUN pip3 install stringsifter pyelftools dotnetfile flare-floss oletools ## Manalyze RUN apt-get install -y libboost-regex-dev libboost-program-options-dev libboost-system-dev libboost-filesystem-dev libssl-dev build-essential cmake git python3-dev \ && git clone https://github.com/JusticeRage/Manalyze.git && cd Manalyze \ && cmake . \ && make -j5 \ && make install \ && cd /tmp/crap ## dllcharacteristics RUN wget https://raw.githubusercontent.com/accidentalrebel/dllcharacteristics.py/master/dllcharacteristics.py -O /usr/local/bin/dllcharacteristics.py \ && chmod +x /usr/local/bin/dllcharacteristics.py ## Malchive RUN git clone https://github.com/MITRECND/malchive.git && cd malchive && pip install . && cd /tmp/crap ## CAPA RUN wget https://github.com/mandiant/capa/releases/download/v6.1.0/capa-v6.1.0-linux.zip -O capa.zip \ && unzip capa.zip && chmod +x capa && mv capa /usr/local/bin/ ## CLEANUP RUN apt-get -y autoremove \ && apt-get clean -y \ && unset DEBIAN_FRONTEND \ && rm -rf /tmp/crap