Hack Like a Pro: How to Compile a New Hacking Tool in Kali

How to Compile a New Hacking Tool in Kali

Welcome back, my newbie hackers!

Recently, I "upgraded" to Kali as my hacking platform, despite my preference for BackTrack. I did this reluctantly, primarily because new readers here could no longer download BackTrack from their site. I want to point out here that we all must keep in mind that with any software—or for that matter, any product—that is newer is not necessarily better.

Although Kali has some new tools and has new version of old tools, the developers of Kali left out some very valuable ones. A tool that I am missing most is Snort.

Snort is the world's most widely used Intrusion Detection System (IDS), and as such, I use it to test whether my exploits can get past it without detection. In the previous versions of BackTrack, Snort has always been included, but not Kali. I thought I would take this opportunity to show you how to download, install, and compile a new tool to Kali, using Snort as an example.

The Process of Compiling Tools for Kali

The process will differ slightly for each tool, but the overall process is very similar. In the case of Snort, we have some dependencies that must be installed to make it work properly. Other tools may or may not have dependencies. One of the advantages of using a package manager such as rpm or .deb is that it will usually handle the dependencies for you. The drawback is that you get a tool that is not necessarily optimized for your platform.

By compiling the tool, we can optimize it for our platform. This means that it will run faster and more efficiently. In a production environment for Snort, this is critical. A slow or inefficient Snort will either drop packets or slowdown your network. Neither is good, so let's look at installing Snort from its source code and compiling it specifically for our platform.

Step 1: Download Snort

You can download Snort at snort.org.

When you click on "Download Snort" button, it will take you to this page.

Select the "Source" snort.2.9.6.1.tar.gz. If you are using a browser, it will prompt you with the following screen. Chose to save Snort. In this case, I saved it to my Desktop, but you can save it wherever is convenient and easiest for you.

As you can see, the source file is now on my Desktop in Kali.

Step 2: Pre-Installation

Before we install Snort, there are few pieces of software that Snort needs to run properly. These are often referred to as dependencies. They can include library files and other files that an application needs to run. In the case of Snort, there are a few.

Let's do that now.

kali> sudo apt-get install flex bison build-essential checkinstall libpcap-dev libnet1-dev libpcre3-dev libmysqlclient15-dev libnetfilter-queue-dev iptables-dev

You will be prompted twice with (y/n). Simply select y to both.

Step 3: Build & Install Libnet

Next, we need to download, build, and install libnet from the source. We can download it from here. In this case, I'm using the command-line download tool wget.

kali >wget https://libdnet.googlecode.com/files/libdnet-1.12.tgz

Once we have successfully downloaded libdnet, we need to untar it, configure it and make it.

First , untar it:

kali >tar xvfvz libdnet-1.12.tgz

Then, change directories to the new libnet directory:

kali > cd libdnet-1.12

And configure it with the "CFLAGS=-fPIC" for a 64-bit version:

kali > ./configure "CFLAGS=-fPIC"

And finally, make the file:

kali > make

We should then be greeted by a screen like that below.

Step 4: Build Symbolic Link to Where Snort Looks for Libnet

We need to build a symbolic link from where libnet is, to the location where Snort expects libnet to be, by typing:

kali> ln -s /usr/local/lib/libdnet.1.0.1 /usr/lib/libdnet.1

Step 5: Build & Install Data Acquisistion (DAQ) Library

Snort has what is called a Data Acquisistion Library (DAQ). This is an abstraction layer for I/O (input/output) that enables us to plug different hardware/software interfaces for packet I/O. We can download it at snort.org as well.

I've downloaded it and placed it on my Desktop as well.

We go to the terminal and cd to the Desktop directory and then untar this file.

kali> tar xvfvz daq-2.0.2.tar.gz

Then we change directories to the new daq directory:

kali> cd daq-2.0.2

And configure it:

kali > ./configure

Then finally, make the file:

kali > make

Step 6: Install Snort

Now that we have all the files we need to run Snort, let's complete the installation of Snort. Change to the Desktop directory. You should see the Snort source code there.

Next, let's change directories to /bin and make a directory in the /bin directory named snort. Let's now copy the snort source code to that directory:

kali > cp /root/Desktop/ snort-2.9.6.1.tar.gz /bin/snort

Next, let's untar it:

kali > tar xzvf snort-2.9.6.1.tar.gz

Step 7: Compile

In our final step, we need to compile Snort. Let's change to the new directory that was created when we untarred the source code file.

kali> cd /bin/snort/snort-2.9.6.1

Now, let's configure it.

kali > ./configure

And finally, make Snort.

kali >make

Now we should have a compiled version of Snort specifically compiled for our platform! We can now run Snort by simply typing snort at the command prompt:

kali >snort

Although the steps with differ slightly for different tools, the basic steps to compile a new tool are:

  1. Download the tool
  2. Untar and uncompress the tool
  3. Configure the tool
  4. Make the tool

Hope this all helps with having compiled Snort, but most importantly, I hope it helps with understanding how to compile ANY tool in Linux, and specifically, Kali. If all this seems too much, you can always simply use the package manager, aptitude (apt-get install snort). This will install the binaries for your platform, but not necessarily optimize it for your platform.

Keep coming back, my newbie hackers, as we continue along this exhilarating learning path to becoming pro hackers!

Cover image via Shutterstock

31 Comments

OTW:
thank you

Great tutorial but this is not Kali-specific, is it? Shouldn't this article therefore be moved to Linux Basics?

Hi man..
when i try to ./configure in daq-2.0.2 i have this err:

ERROR! dnet header not found, go get it from
http://code.google.com/p/libdnet/ or use the --with-dnet-
options, if you have it installed in an unusual place

i've tried to fix by reading the README file and by following step listed in this file but when i try to "make" it failed and the error is still listed in terminal..

I have this exact error, did you find a fix?

Drak:

This message is an indication that you have either not installed libdnet or have installed in a place with daq can't find it.

OTW

#~ apt-get clean && apt-get update && apt-get upgrade -y && apt-get dist-upgrade -y

Use the following repositories (update your sources.list file)

## Kali Regular repositories
deb http://repo.kali.org/kali kali main non-free contrib
deb http://security.kali.org/kali-security kali/updates main contrib non-free
## Kali Source repositories
deb-src http://repo.kali.org/kali kali main non-free contrib
deb-src http://security.kali.org/kali-security kali/updates main contrib non-free
Instead of

## Kali Regular repositories
deb http://http.kali.org/kali kali main non-free contrib
deb http://security.kali.org/kali-security kali/updates main contrib non-free
## Kali Source repositories
deb-src http://http.kali.org/kali kali main non-free contrib
deb-src http://security.kali.org/kali-security kali/updates main contrib non-free

Snort is in my default repository so I just used apt-get install snort.

That works as well but I.wanted to show how to compile a tool that might not be in your repository.

Yeah better to know how the process works than rely on Repo's in case you want to install something .

it's very helpful sir.

though i still have problem compiling new tools.

Being a noob and all, I must ask questions such as:

Does snort run always in the background, or do I have to start it myself? Is it supposed to run always in the background in order to detect intrusion? If so, how might one go about setting it to run automatically at startup... or is this even advisable?

hello, please i couldn't completely install libdnet-1.12, i get this erro:
make2: Leaving directory `/root/libdnet-1.12/test/dnet'
make2: Entering directory `/root/libdnet-1.12/test'
make2: Nothing to be done for `all-am'.
make2: Leaving directory `/root/libdnet-1.12/test'
make1: Leaving directory `/root/libdnet-1.12/test'
make1: Entering directory `/root/libdnet-1.12'
make1: Nothing to be done for `all-am'.
make1: Leaving directory `/root/libdnet-1.12'

checking net/netmapuser.h usability... no
checking net/netmap
user.h presence... no
checking for net/netmapuser.h... no
checking dnet.h usability... no
checking dnet.h presence... no
checking for dnet.h... no
checking dumbnet.h usability... no
checking dumbnet.h presence... no
checking for dumbnet.h... no

ERROR! dnet header not found, go get it from
http://code.google.com/p/libdnet/ or use the --with-dnet-
options, if you have it installed in an unusual place

PLEASE WHAT CAN I DO TO FIX THIS?

The error message is telling you exactly what to do. It says "go get libdnet" from the Google repository or "use the --with-dnet option".

OTW

okay, its fixed, thank you so much, please is there anyway i can talk to you directly? like on facebook or yahoo messenger, or any other im please?

The way to communicate with me is right here on Null Byte.

can someone help me with how to use "--with-dnet"? i have libdnet-1.12, but i cannot configure..

I have the same problem...

make1: Entering directory `/root/libdnet-1.12/python'
make1: Nothing to be done for `all'.
make1: Leaving directory `/root/libdnet-1.12/python'
Making all in test
make1: Entering directory `/root/libdnet-1.12/test'
Making all in check
make2: Entering directory `/root/libdnet-1.12/test/check'
make2: Nothing to be done for `all'.
make2: Leaving directory `/root/libdnet-1.12/test/check'
Making all in dnet
make2: Entering directory `/root/libdnet-1.12/test/dnet'
make2: Nothing to be done for `all'.
make2: Leaving directory `/root/libdnet-1.12/test/dnet'
make2: Entering directory `/root/libdnet-1.12/test'
make2: Nothing to be done for `all-am'.
make2: Leaving directory `/root/libdnet-1.12/test'
make1: Leaving directory `/root/libdnet-1.12/test'
make1: Entering directory `/root/libdnet-1.12'
make1: Nothing to be done for `all-am'.
make1: Leaving directory `/root/libdnet-1.12'

I am a total noob and I really need your help to get it installed.

Btw you have typo :)

it should be kali> cd libdnet-1.12 ;)

installing libdnet -
After you run
"make"
try
kali>make install
then
kali>checkinstall

You may also (after installing snort) need to run
kali>ldconfig

sudo apt-get update ,
sudo apt-get install snort.
Did the trick! :)

I'm having some problem with kali being able to locate packages unfortunately. I will post screenshots as to what is going on.

#1.) In the below picture, I have just finished typing the code for the apt-get install packages.

Image via imgur.com

#2.) I press enter, and then the terminal outputs this:

Image via imgur.com

Now, I'm not sure what to do at this point as I have checked for typos and such (which I have none unless I've overlooked something?) Also, there were no (Y)es or (N)o options. Only what is as previously stated. Any and all help would be greatly appreciated.

Somethings up with the dl's, can someone post a quick fix? I don't feel like trudging in search. Where is the list of Snorts required software?

thx for sharing but I cant see any barynyard,pulledpork or base here?

You will have to download those separately.

when i go to ./configure the daq-2.0.6 . i get an error saying libpcap library version >= 1.0.0 not found.

get it from http://tcpdump.org

im configuring a rpi2 and trying to use this guide and substituted the correct file versions. or so i thought. any help would be great

See I tried differently and wondering what is the issue actually!! any help please ?

Share Your Thoughts

  • Hot
  • Latest