Relentless Coding

JSDetox - Installation

A javascript malware analysis tool

Installation

JSDetox should work on most Linux distributions - major versions get tested on the current LTS version of Linux Mint / Ubuntu. The development is currently done on Linux with the latest chrome browser.

The code can be found in my github repository: https://github.com/svent/jsdetox

If you want to get notified on updates, watch the repository on github or follow me on twitter.


While JSDetox does use the browser as user interface, the whole analysis/execution of javascript code is done in the backend. As with any tool that handles malicious, unknown code, you should consider installing JSDetox into an isolated environment.


If you want to use JSDetox with Docker, take a look at Lenny Zeltser's blog post: Getting to Know Docker for Distributing and Running Applications

General installation

When you have git and ruby installed (and a working build environment needed for some ruby gems), the installation of JSDetox should be easy. 

[sudo] gem install bundler
cd #target-dir#
git clone https://github.com/svent/jsdetox.git
cd jsdetox
[sudo] bundle install
./jsdetox


The following packages might be missing when you cannot install/run JSDetox (these are debian based package names, they might differ on you linux distribution). Consider using chruby as it resolves some ruby dependencies automatically for various linux distributions. 

git
ruby
ruby-dev
libxslt1-dev
libxml2-dev
build-essential

Installation on Linux Mint 17 LTS / Ubuntu 14.04 LTS

Installation on Linux Mint 17 LTS / Ubuntu 14.04 LTS is straightforward:

sudo apt-get install git ruby ruby-dev bundler build-essential
cd #target-dir#
git clone https://github.com/svent/jsdetox.git
cd jsdetox
sudo bundle install
./jsdetox

Installation with chruby and Ruby 2.1

chruby and ruby-install can be used to manage ruby installations. See https://github.com/postmodern/chruby for more information. 

# install ruby-install, see https://github.com/postmodern/ruby-install
wget -O ruby-install-0.4.3.tar.gz https://github.com/postmodern/ruby-install/archive/v0.4.3.tar.gz
tar -xzvf ruby-install-0.4.3.tar.gz
cd ruby-install-0.4.3/
sudo make install

# install ruby
ruby-install ruby 2.1

# install chruby, see https://github.com/postmodern/chruby#install
wget -O chruby-0.3.8.tar.gz https://github.com/postmodern/chruby/archive/v0.3.8.tar.gz
tar -xzvf chruby-0.3.8.tar.gz
cd chruby-0.3.8/
sudo make install

# load chruby by default
echo "source /usr/local/share/chruby/chruby.sh" >>~/.bashrc

# load chruby for the current session
source /usr/local/share/chruby/chruby.sh

# enable ruby 2.1
# needed every time when running JSDetox unless you enable auto switching:
# https://github.com/postmodern/chruby#auto-switching
chruby ruby-2.1

# install jsdetox
gem install bundler
cd #target-dir#
git clone https://github.com/svent/jsdetox.git
cd jsdetox
bundle install
./jsdetox

Installation on Linux Mint 13 / Ubuntu 12.04

Installation with ruby 1.9 on clean image, no ruby installed yet 
sudo apt-get install ruby1.9.1 ruby1.9.1-dev libxslt1-dev libxml2-dev build-essential git
sudo gem install bundler
cd #target-dir#
git clone https://github.com/svent/jsdetox.git
cd jsdetox
sudo bundle install
Installation with ruby 1.8 on clean image, no ruby installed yet 
sudo apt-get install rubygems libxslt1-dev libxml2-dev build-essential git
sudo gem install bundler
cd #target-dir#
git clone https://github.com/svent/jsdetox.git
cd jsdetox
sudo bundle install
Used installation, system wide upgrade from ruby 1.8 to ruby 1.9 
sudo apt-get install ruby1.9.1 ruby1.9.1-dev libxslt1-dev libxml2-dev build-essential git
# select ruby 1.9:
sudo update-alternatives --config ruby
# select ruby 1.9:
sudo update-alternatives --config gem
sudo gem install bundler
cd #target-dir#
git clone https://github.com/svent/jsdetox.git
cd jsdetox
sudo bundle install

Installation on Debian Squeeze

Installation with ruby 1.8 on clean image, no ruby installed yet 
sudo apt-get install ruby rubygems libxslt1-dev libxml2-dev build-essential git
sudo gem install bundler
cd #target-dir#
git clone https://github.com/svent/jsdetox.git
cd jsdetox
sudo /var/lib/gems/1.8/bin/bundle install
Installation with ruby 1.9 on clean image, no ruby installed yet 
sudo apt-get install ruby1.9.1 ruby1.9.1-dev libxslt1-dev libxml2-dev build-essential git
sudo gem1.9.1 install bundler
cd #target-dir#
git clone https://github.com/svent/jsdetox.git
cd jsdetox
sudo /var/lib/gems/1.9.1/bin/bundle install
# Ruby 1.9.1 is not installed as system default - start jsdetox with
ruby1.9.1 jsdetox
# instead of
./jsdetox

Updating

The master branch in the github repository is stable, so just run this to update to the latest version: 

cd #jsdetox-dir#
git pull
sudo bundle install

If you want to get notified on updates, watch the repository on github or follow me on twitter.

Dependencies

JSDetox is written in ruby and compatible with version 1.8/1.9/2.0 and 2.1.
Please note that ruby 2.2 is currently not supported due to problems with some external libraries.

JSDetox has the following gem dependencies, managed with bundler:

The libraries metasm and taka come bundled with JSDetox as there is no maintained gem of the latest version available.

You should use a modern HTML 5 capable browser to access the web gui (chrome and firefox get tested).