Sunday, March 23, 2008

Ubuntu: Unicornscan Installation

I hate to remember simple thing these days, and the only way to prevent myself to remember simple thing is to write it down so I can refer later. This is Unicornscan installation steps on Ubuntu 7.10, I hope it helps someone if he/she want to try out Unicornscan on Ubuntu. If you don't know what Unicornscan is, here's the description from the Unicorn site -

Unicornscan is a new information gathering and correlation engine built for and by members of the security research and testing communities. It was designed to provide an engine that is Scalable, Accurate, Flexible, and Efficient.

Lets start the installation -

shell>sudo apt-get install libpcap0.8-dev

shell>sudo apt-get install libgeoip-dev

shell>sudo apt-get install libltdl3-dev

shell>wget \
http://www.unicornscan.org/releases/unicornscan-0.4.7-2.tar.bz2

shell>tar xvjf unicornscan-0.4.7-2.tar.bz2

shell>cd unicornscan-0.4.7-2

shell>./configure --prefix=/usr/local/stow/unicornscan-0.4.7-2

shell>make

shell>sudo make install

Simple as it is, time to dive into Unicornscan. In fact they have blog now.

Peace ;]

13 comments:

Unknown said...

I'm trying to get this to work per your instructions. However, when I launch unicornscan, I get the following errors:

Error Opening file /usr/local/stow/unicornscan-0.4.7-2/etc/unicornscan/GeoIP.dat
Main [Error report.c:73] error opening geoip database `/usr/local/stow/unicornscan-0.4.7-2/etc/unicornscan//GeoIP.dat': No such file or directory

I have confirmed that geoip is installed. Any ideas?

C.S.Lee said...

Hi larry,

This is simple fixed, you need to download the file, do the following -

shell>wget \
http://www.maxmind.com/download/geoip/database/GeoIP.dat.gz

shell>gunzip -d GeoIP.dat.gz

shell>cp GeoIP.dat \
/usr/local/stow/unicornscan-0.4.7-2/etc/unicornscan

You won't be getting the warning message after this.

Cheers ;]

Unknown said...

Thanks! That fixed it.

C.S.Lee said...

Hi larry,

Glad it helps!

Unknown said...

One more question... How can I put unicornscan in my path so I do not have to type out the entire install path each time I run it?

C.S.Lee said...

hi larry,

You can make use of stow, just

shell>sudo apt-get install stow

shell>cd /usr/local/stow

shell>sudo stow unicornscan-0.4.7-2

Now it will automatically create all the symlinks to /usr/local/bin and so forth. That way everything is cleaner, say if you want to remove it, you just need to do

shell>sudo stow -D unicorn-0.4.7-2

shell>sudo rm -rf unicorn-0.4.7-2

If you are not using stow to manage, you will be having problem to look for all the files installed by certain application and removing it requires more works.

Have fun with stow!

Anonymous said...

I just came accross your post and have a question, if you don't mind helping out.

I followed your directions but am now stuck with the following error:

>make


tools/scanners/unicornscan-0.4.7/src/scan_progs/makepkt.c:65: undefined reference to `ip_checksum'
collect2: ld returned 1 exit status
make[2]: *** [unisend] Error 1
make[2]: Leaving directory `/home/mmullen/tools/scanners/unicornscan-0.4.7/src/scan_progs'
make[1]: *** [alld] Error 1
make[1]: Leaving directory `/home/mmullen/tools/scanners/unicornscan-0.4.7/src'
make: *** [all] Error 1

Any suggestions?

Also, please Note I am running on Ubuntu 8.04

Thanks,
Sparky

Anonymous said...

yes I too would like to know how to properly install this in Hardy. I am going to try to install it using the documentation later

Anonymous said...

hi,
i'm trying to build unicornscan on ubuntu ibex (8.10). i installed the dev packages required to compile, but still it gives me an error during make:

socktrans.c: In function 'socktrans_accept':
socktrans.c:192: error: storage size of 'ccred' isn't known
make[2]: *** [socktrans.lo] Error 1

do you have an idea what could be the problem and eventually howto fix it ?

Anonymous said...

I'm getting the same issue when compiling unicorn on Ubuntu 8.10. So... bump :-)

Anonymous said...

Also here, anyone have a fix?

C.S.Lee said...

hi,

I have a fix, I will post it as new blog post as many people have been asking about it.

Cheers!

josh said...

Im tryin "cd unicornscan-0.4.7-2" but it keeps telling me in does not exist after i followed all the steps to this point. How do i solve?