jacobjacob / depdep Goto Github PK

Depdep is a merciless sentinel which will seek sensitive files containing critical info leaking through your network. Basically, it is a fast and practical sensitive data search tool maintaining personal & commercial data privacy for companies and institutions. It can very well be used by auditors making sure that their network doesn't leak any unauthorized non-compliant data through windows & unix/linux shares. The usage is easy and configurable, however, certain technical knowledge is necessary, such as using linux console, ability of writing and understanding basic regular expressions, tough the configuration file comes with several sensitive information patterns, etc.

In order to run depdep succesfully, you have to install some packages. Packages needed to run depdep succesfully are shown below;
nmap -> to scan network and detect opened 445/tcp ports cifs-utils -> to mount windows shares from linux machine mount -> to mount and umount operations smbclient -> to list windows shares samba4-clients -> other operations for listing and accessing windows shares from linux machine findutils -> the find command utility curl -> to upload files to tika and get results For installation, you can use apt-get. For Kali Linux :

 #apt-get install nmap cifs-utils mount smbclient samba4-clients findutils curl

There is tika binary in the script directory. In order to run tika, java must be installed on the system. You can achieve this using apt-get like below;

 # apt-get install openjdk-6-jre-headless:amd64

Then you must download tika from internet and run like below. You can download Apache Tika at http://mvnrepository.com/artifact/org.apache.tika/tika-server. Most recent version is 1.5 so that this version can be used to extract files.

 # wget http://central.maven.org/maven2/org/apache/tika/tika-server/1.5/tika-server-1.5.jar  
 # /usr/bin/java -jar /opt/tika/tika-server-1.5.jar >/dev/null 2>/dev/null &  

Also depdep comes with a script (script/tika.sh) that you can use for managing tika easily. Copy it under /etc/init.d/ and use it below. But at first you must download tika and move it into /opt/tika directory and move tika.sh script into the /etc/init.d directory.

 # mkdir /opt/tika  
 # cp script/tika.sh /etc/init.d/tika  
 # /etc/init.d/tika.sh start  
[+] Tika has been started ...  

In order to check whether the tika process is running use ps command;

 # ps -ef | grep java | grep -v grep
root     13066     1 99 15:52 pts/3    00:00:01 /usr/bin/java -jar /opt/tika/tika-server-1.4.jar

After that, you have to configure depdep configuration file, config/depdep.xml, to run depdep. The configuration is easy to understand and contains directive comments.

Also installation script comes with depdep (script/installation.sh). You can easily install depdep via this script. Only thing which you should specify which distro you want to run on. For instance, in order to install depdep on kali follow steps below;

 # chmod 755 script/installation.sh  
 # .script/installation.sh kali  

ArchAssault has this prepackaged in their repo, you can install it with "pacman -S depdep-git".

 # pacman -S depdep-git  

Once you have installed depdep, you should start tika via tika.sh script like below;

 # /etc/init.d/tika.sh start

###Basic Usage

 # python depdep.py --config config/depdep.xml

Without "-w 1" option, depdep will resume from its previous work. If you don't want depdep to resume, but start fresh please start it like below;

 # python depdep.py --config config/depdep.xml -w 1

Also if you want to see debug message you should use "-v 1" option.

 # python depdep.py --config config/depdep.xml -w 1 -v 1

• Process using hostname or ip address
• Advanced logging operations
• Advanced debugging operations
• Detect & process linux shares (NFS)
• Detect & process FTP shares