Re: [qubes-users] Need help troubleshooting four program installs (EyeWitness/theHarvester/pipenv/kazam) for Fedora based OSINT VM
On 6/8/21 9:57 AM, Chrome wrote:
On Tuesday, June 8, 2021 at 10:48:14 AM UTC-4 Chrome wrote:
On Tuesday, June 8, 2021 at 10:40:30 AM UTC-4 unman wrote:
On Tue, Jun 08, 2021 at 06:38:44AM -0700, Chrome wrote:
>
> Good Morning again,
>
> I got the OSINT VM about 95% setup. Thank you all for your
help on it. I
> ran into problems during the install of a few recommended
tools in the Mike
> Bazzell OSINT manual. These programs are as follows:
EyeWitness,
> theHarvester, pipenv, and kazam.
>
> Kazam seems like something I don't actually need but I'd
still like all
> tools set up. Below is the terminal text I saved in a "todo"
txt file. Any
> help understanding the error messages and what I need to do
to resolve them
> would be appreciated. I recognize everyone on here is quite
busy but this
> n00b would definitely appreciate the help. Thank you.
You have not said where, or how, you are trying to install
these - in Template,
Standalone, or template based qube.
>
>
=
> 1. Fix Eyewitness
>
###
> # EyeWitness Setup #
>
###
>
> [Error]: \S is not supported by this setup script.
Clear - look in the setup script. You are using a parameter
"\S" that is
not supported.
>
> [user@OSINT-Template setup]$
>
> 2. Fix theHarvester
> 3. Fix pipenv
You have repeated error 502 - this is "Bad Gateway"- change
your routing
to these sites.
You do not have right python installed - the requirement is
specific -
>=2.7, but less than 3.0.
Install and configure your python(s) as necessary.
> 4. Fix kazam
> [user@OSINT-Template kazam-1.4.4]$ sudo python3 setup.py
install
> Traceback (most recent call last):
> File "setup.py", line 8, in
> from DistUtilsExtra.command import *
> ModuleNotFoundError: No module named 'DistUtilsExtra'
> [user@OSINT-Template kazam-1.4.4]$
>
You need to install DistUtilsExtra - in Debian based qubes you
should
install python-distutils-extra or python3-distutils-extra ,
depending on
your python version.
1. Roger
2&3. Sounds like I need to install some sort of 2.x python
version. I imagine 2.9 should be sufficient if I can find it.
4. I'll see what I can find on my own with a Fedora based qube via
dnf. Do you happen to know what it would be for fedora? Thank you
for your help.
Re: 1, the EyeWitness issue. I still have a problem.
I went into the setup.sh file with gedit to look at the code. The only
relevant line of code seems to be this.
echo "[Error]: ${osinfo} is not supported by this setup script."
There was no \S parameter for me to edit out. And, despite pulling
this via git clone, it seems that the setup.sh script does not support
Fedora. I'm going to google around and see what I can find. Certainly
there has to be a version of this program that likes Fedora. Otherwise
I guess I need to try this again with debian and put up with Firefox ESR.
Floyd: If you see this, let me know if you have any feedback. It would
definitely be appreciated since you commented on my posts before and
have done something similar to what I'm trying to do re: OSINT VM's on
Fedora. I know you settled on debian but I just want to finally call
this setup complete and get on with it, ya know? Thanks again all.
--
Regarding Debian vs Fedora, one consideration I made that I had
forgotten about is that Ubuntu is a Debian derivative.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/75db99f2-7b65-4798-040e-20199d986cb8%40bauernhof.us.
Re: [qubes-users] Need help troubleshooting four program installs (EyeWitness/theHarvester/pipenv/kazam) for Fedora based OSINT VM
On 6/8/21 9:57 AM, Chrome wrote:
On Tuesday, June 8, 2021 at 10:48:14 AM UTC-4 Chrome wrote:
On Tuesday, June 8, 2021 at 10:40:30 AM UTC-4 unman wrote:
On Tue, Jun 08, 2021 at 06:38:44AM -0700, Chrome wrote:
>
> Good Morning again,
>
> I got the OSINT VM about 95% setup. Thank you all for your
help on it. I
> ran into problems during the install of a few recommended
tools in the Mike
> Bazzell OSINT manual. These programs are as follows:
EyeWitness,
> theHarvester, pipenv, and kazam.
>
> Kazam seems like something I don't actually need but I'd
still like all
> tools set up. Below is the terminal text I saved in a "todo"
txt file. Any
> help understanding the error messages and what I need to do
to resolve them
> would be appreciated. I recognize everyone on here is quite
busy but this
> n00b would definitely appreciate the help. Thank you.
You have not said where, or how, you are trying to install
these - in Template,
Standalone, or template based qube.
>
>
=
> 1. Fix Eyewitness
>
###
> # EyeWitness Setup #
>
###
>
> [Error]: \S is not supported by this setup script.
Clear - look in the setup script. You are using a parameter
"\S" that is
not supported.
>
> [user@OSINT-Template setup]$
>
> 2. Fix theHarvester
> 3. Fix pipenv
You have repeated error 502 - this is "Bad Gateway"- change
your routing
to these sites.
You do not have right python installed - the requirement is
specific -
>=2.7, but less than 3.0.
Install and configure your python(s) as necessary.
> 4. Fix kazam
> [user@OSINT-Template kazam-1.4.4]$ sudo python3 setup.py
install
> Traceback (most recent call last):
> File "setup.py", line 8, in
> from DistUtilsExtra.command import *
> ModuleNotFoundError: No module named 'DistUtilsExtra'
> [user@OSINT-Template kazam-1.4.4]$
>
You need to install DistUtilsExtra - in Debian based qubes you
should
install python-distutils-extra or python3-distutils-extra ,
depending on
your python version.
1. Roger
2&3. Sounds like I need to install some sort of 2.x python
version. I imagine 2.9 should be sufficient if I can find it.
4. I'll see what I can find on my own with a Fedora based qube via
dnf. Do you happen to know what it would be for fedora? Thank you
for your help.
Re: 1, the EyeWitness issue. I still have a problem.
I went into the setup.sh file with gedit to look at the code. The only
relevant line of code seems to be this.
echo "[Error]: ${osinfo} is not supported by this setup script."
There was no \S parameter for me to edit out. And, despite pulling
this via git clone, it seems that the setup.sh script does not support
Fedora. I'm going to google around and see what I can find. Certainly
there has to be a version of this program that likes Fedora. Otherwise
I guess I need to try this again with debian and put up with Firefox ESR.
Floyd: If you see this, let me know if you have any feedback. It would
definitely be appreciated since you commented on my posts before and
have done something similar to what I'm trying to do re: OSINT VM's on
Fedora. I know you settled on debian but I just want to finally call
this setup complete and get on with it, ya know? Thanks again all.
--
I found my notes - basically a print out of the install document Bazzell
provided on his website, IIRC. I printed it from an editor that provided
line numbers (notepad++ ?). I also used info from the 7th edition of his
book, which is earlier than the one you're using IIRC.
I don't see any notes regarding issues with python3-pip or installing
Python in general. I used the Qubes generic Debian 10 template and
cloned it before making the mods.
I do see a note about needing a git account (which I do not have, I
don't think) for EyeWitness. My notes indicate I reached a section of
Bazzells notes that involved git cloning - Sublist3r, Photon,
theHarvester - when I apparently stopped. Huh. My template shows
EyeWitness installed, but it does not run. Maybe that one did not need
an account. Looking at some of the time stamps in the template it's been
over a year since I worked with the template
Re: [qubes-users] Trying to create an OSINT VM with Qubes Fedora template: Need help getting pip to work
On 6/6/21 1:12 PM, Chrome wrote:
Hello there all,
I am currently following the instructions to create an OSINT VM
Michael Bazzell's "Open Source Intelligence Techniques 8th Edition."
Naturally I'm trying to avoid installing a whole new OS (Ubuntu is
recommended by the author) or to have a dedicated laptop for this. I
figured it would be a fun experiment to see how far I could get with
Qubes before I ran into problems.
So far, issues are minor but when I hit a roadblock, like the below
terminal text, I'm ill-prepared to troubleshoot it myself. Can someone
help me understand what I'm looking at and how to fix it so I can
install packages via pip onto my Fedora templateVM? Thank you
Qubes version: 4.0
Problem: Need to install recommended OSINT tools to Fedora 32
templateVM, user is inexperienced with Linux and troubleshooting issues.
Solutions attempted: YOLOing it and figuring out how to install each
package as best I can, as I come across them, bypassing the ones which
I have difficulty installing.
Relevant Terminal text:
[user@fedora-32 ~]$ sudo -H python3 -m pip install instalooter
WARNING: Running pip install with root privileges is generally not a
good idea. Try `python3 -m pip install --user` instead.
WARNING: Retrying (Retry(total=4, connect=None, read=None,
redirect=None, status=None)) after connection broken by
'NewConnectionError('object at 0x7a2f64242310>: Failed to establish a new connection:
[Errno -2] Name or service not known')': /simple/instalooter/
WARNING: Retrying (Retry(total=3, connect=None, read=None,
redirect=None, status=None)) after connection broken by
'NewConnectionError('object at 0x7a2f642427c0>: Failed to establish a new connection:
[Errno -2] Name or service not known')': /simple/instalooter/
WARNING: Retrying (Retry(total=2, connect=None, read=None,
redirect=None, status=None)) after connection broken by
'NewConnectionError('object at 0x7a2f64242d90>: Failed to establish a new connection:
[Errno -2] Name or service not known')': /simple/instalooter/
^CERROR: Operation cancelled by user
--
You received this message because you are subscribed to the Google
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to qubes-users+unsubscr...@googlegroups.com
.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/825ca109-8b4f-4e41-b4d4-8e75fcce378an%40googlegroups.com
.
Hello. I can't address your specific issues with a Fedora install as I
chose to use Debian for my similar install. A big reason for me was
video CODEC issues in Fedora. I got fairly well into it about a year ago
and have not worked with it since. I took your route as well, "figuring
out how to install each package as best I can, as I come across them,
bypassing the ones which I have difficulty installing". Linux is not my
strong point either, but I do love Qubes.
I created a Debian based templateVM with his mods, (the intent was to
have a separate VM for each case) but that has its own quirks (browser
shortcuts for example and using Firefox). It can be a high maintenance
VM given the dynamic nature of the Internet and the purpose of an OSINT
VM. I believe the maintenance aspect of his own purpose built OSINT VM
image he offered for a while played a bigger part in his discontinuing
support for it than he publicly admits.
I'd have to review my files on this as I believe I kept notes on the
install while following his instructions for the modifications. Be
cautious of the tools he suggests, especially in the context of Qubes'
reason for being. Bazzell has some great ideas and suggestions, but I
urge due diligence - really understand the tool he suggests. Only you
know your individual risk level.
Always use a VPN or Whonix.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/5c240b0a-caa3-4ac4-5518-cf36deae6e08%40opsimx.com.
[qubes-users] HCL - Microsoft Surface Book with Performance Base R4.0 RC1
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 The steps to getting Qubes-OS R4.0 RC1 to run on the Surface Book are pretty simple. Not everything works, but it is a testing image. I also have read that the Nvidia dGPU isnt detected by any flavor of linux. I believe that it is running through USB 3.0 to PCIe to the CPU. I will have to investigate this some more and see if I can figure anything out. I had issues with the install media for a long time, and used 10 different USB drives to try to install R4.0 RC1 with the install failing at RPM unpacking the Fedora 25 template. I found out it was because of how I was creating the media. The only way I have successfully created the media was using Fedora and dd the Qubes-OS ISO to the drive. Using Rufus on Windows 10 with their version of dd would not work. Step 1: Use Fedora to dd Qubes-OS R4.0 RC1 ISO to USB drive. Step 2: Install Qubes-OS R4.0 RC1 as normal, with the GUI. Step 3: When the install finishes, hit Ctrl+Alt+F2 to get to the terminal. Step 4: Copy the /EFI/Qubes/ folder contents to a newly created /EFI/BOOT/ folder with "cd /mnt/sysimage/boot/efi/EFI && mkdir BOOT" then "cp ./Qubes/xen* ./BOOT" then "cp ./Qubes/vm* ./BOOT" then "cp ./Qubes/init* ./BOOT" The Surface Book only likes to boot "*.efi" from /EFI/BOOT/ and not /EFI/*/ folders. I also like to leave the /EFI/Qubes directory intact, just in case I mess up the boot folder, then I can just copy everything over again and have the default files. Step 5: Edit the xen.cfg file in /EFI/BOOT/ to remove the Xen boot parameter "iommu=no-igfx" and replace it with "iommu=on". This will be under the "options=" line for each kernel entry. You must edit all of the kernel entries "options=" line for this to work properly. This will allow your machine to boot! Without doing this, you just get a boot loop where Xen starts to load and then you see the magical red top with an unlocked lock Surface splash screen after the screen goes black to start the boot process. If you are lucky and the Qubes-OS installer correctly set up your NVME drive for booting, you should be good to go and able to boot Qubes-OS R4.0 RC1! If you are unlucky or need to add additional boot parameters to the EFI boot chain, then you will need a few more steps. Extra steps need both Qubes-OS R4.0 RC1 and Qubes-OS R3.2 USB drives to be able to boot into the rescue mode and use efibootmgr. the efibootmgr is R4.0 RC1 does not like to play with the GPT formatted NVME drive I have, and registers the boot record as an MBR drive. Step 6: Use Fedora to dd Qubes-OS R3.2 to a USB drive. Step 7: Mount both Qubes-OS drives. Step 8: Navigate to /EFI/BOOT/ on the Qubes-OS R3.2 USB drive and delete "xen.cfg" "xen.efi" "BOOTX64.efi" I have not yet found a way to boot Qubes-OS R3.2 on the Surface Book, even though technically the hardware is compatible. The UEFI workarounds do not seem to work on Xen 4.6.x that Qubes-OS R3.2 uses. So we must use the Xen 4.8.1 version that Qubes-OS R4.0 RC1 uses. Step 9: Navigate to /EFI/BOOT/ on the Qubes-OS R4.0 RC1 USB drive and copy "xen.cfg" "xen.efi" "BOOTX64.efi" to the Qubes-OS R3.2 USB drive in the /EFI/BOOT/ directory. Step 10: Insert the edited Qubes-OS R3.2 USB drive into the Surface Book. Select the "Rescue Qubes" option, then press "e" to edit the boot chain. Go to the end of the second line of the boot chain and add "-- efi=attr=uc" and press Ctrl+X to boot with those options. There is a space between the '--' and 'efi=attr=uc'. You will need an external USB keyboard to continue from this point! The keyboard on the base does not work in the Qubes-OS R3.2 installer. Step 11: When the "Rescue Qubes" mode boots, you will have 4 options to choose from. Press "1" on the keyboard and hit "Enter". Then it will ask you for your encryption password, enter the password that you chose to encrypt your drive during the Qubes-OS install. It will take a minute or two, and then tell you that you that your system is mounted to /mnt/sysimage/. Hit "Enter" to get a shell. If the prompt does not ask for your drive encryption password, and just says "Hit enter to continue to a shell" or something along those lines, then you need to reboot into the UEFI menu and delete the "Qubes" boot entry and follow steps 10 and 11 again. Step 12: change directories to the /EFI/BOOT/ directory and then use efibootmgr to create a new entry for Qubes-OS R4.0 RC1. The commands that I used to do this are: "cd /mnt/sysimage/boot/efi/EFI/BOOT" "efibootmgr -v" The "efibootmgr -v" command is to make sure that no other Qubes boot entries are present. If they are present, note the number [ex: 0005 Qubes HD(1,MBR,0)] and then use the command "efibootmgr -b -B" to remove the entry. The is where you would put the boot entry number, like 0005 in the example I gave you. If there are no Qubes boot entries, then use this command to create one. "efibootmgr -v -c -u -L QubesOS -l /EFI/BOOT/xen.efi -d
[qubes-users] HCL - Microsoft Surface Book with Performance Base
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 The steps to getting Qubes-OS R4.0 RC1 to run on the Surface Book are pretty simple. Not everything works, but it is a testing image. I also have read that the Nvidia dGPU isnt detected by any flavor of linux. I believe that it is running through USB 3.0 to PCIe to the CPU. I will have to investigate this some more and see if I can figure anything out. I had issues with the install media for a long time, and used 10 different USB drives to try to install R4.0 RC1 with the install failing at RPM unpacking the Fedora 25 template. I found out it was because of how I was creating the media. The only way I have successfully created the media was using Fedora and dd the Qubes-OS ISO to the drive. Using Rufus on Windows 10 with their version of dd would not work. Step 1: Use Fedora to dd Qubes-OS R4.0 RC1 ISO to USB drive. Step 2: Install Qubes-OS R4.0 RC1 as normal, with the GUI. Step 3: When the install finishes, hit Ctrl+Alt+F2 to get to the terminal. Step 4: Copy the /EFI/Qubes/ folder contents to a newly created /EFI/BOOT/ folder with "cd /mnt/sysimage/boot/efi/EFI && mkdir BOOT" then "cp ./Qubes/xen* ./BOOT" then "cp ./Qubes/vm* ./BOOT" then "cp ./Qubes/init* ./BOOT" The Surface Book only likes to boot "*.efi" from /EFI/BOOT/ and not /EFI/*/ folders. I also like to leave the /EFI/Qubes directory intact, just in case I mess up the boot folder, then I can just copy everything over again and have the default files. Step 5: Edit the xen.cfg file in /EFI/BOOT/ to remove the Xen boot parameter "iommu=no-igfx" and replace it with "iommu=on". This will be under the "options=" line for each kernel entry. You must edit all of the kernel entries "options=" line for this to work properly. This will allow your machine to boot! Without doing this, you just get a boot loop where Xen starts to load and then you see the magical red top with an unlocked lock Surface splash screen after the screen goes black to start the boot process. If you are lucky and the Qubes-OS installer correctly set up your NVME drive for booting, you should be good to go and able to boot Qubes-OS R4.0 RC1! If you are unlucky or need to add additional boot parameters to the EFI boot chain, then you will need a few more steps. Extra steps need both Qubes-OS R4.0 RC1 and Qubes-OS R3.2 USB drives to be able to boot into the rescue mode and use efibootmgr. the efibootmgr is R4.0 RC1 does not like to play with the GPT formatted NVME drive I have, and registers the boot record as an MBR drive. Step 6: Use Fedora to dd Qubes-OS R3.2 to a USB drive. Step 7: Mount both Qubes-OS drives. Step 8: Navigate to /EFI/BOOT/ on the Qubes-OS R3.2 USB drive and delete "xen.cfg" "xen.efi" "BOOTX64.efi" I have not yet found a way to boot Qubes-OS R3.2 on the Surface Book, even though technically the hardware is compatible. The UEFI workarounds do not seem to work on Xen 4.6.x that Qubes-OS R3.2 uses. So we must use the Xen 4.8.1 version that Qubes-OS R4.0 RC1 uses. Step 9: Navigate to /EFI/BOOT/ on the Qubes-OS R4.0 RC1 USB drive and copy "xen.cfg" "xen.efi" "BOOTX64.efi" to the Qubes-OS R3.2 USB drive in the /EFI/BOOT/ directory. Step 10: Insert the edited Qubes-OS R3.2 USB drive into the Surface Book. Select the "Rescue Qubes" option, then press "e" to edit the boot chain. Go to the end of the second line of the boot chain and add "-- efi=attr=uc" and press Ctrl+X to boot with those options. There is a space between the '--' and 'efi=attr=uc'. You will need an external USB keyboard to continue from this point! The keyboard on the base does not work in the Qubes-OS R3.2 installer. Step 11: When the "Rescue Qubes" mode boots, you will have 4 options to choose from. Press "1" on the keyboard and hit "Enter". Then it will ask you for your encryption password, enter the password that you chose to encrypt your drive during the Qubes-OS install. It will take a minute or two, and then tell you that you that your system is mounted to /mnt/sysimage/. Hit "Enter" to get a shell. If the prompt does not ask for your drive encryption password, and just says "Hit enter to continue to a shell" or something along those lines, then you need to reboot into the UEFI menu and delete the "Qubes" boot entry and follow steps 10 and 11 again. Step 12: change directories to the /EFI/BOOT/ directory and then use efibootmgr to create a new entry for Qubes-OS R4.0 RC1. The commands that I used to do this are: "cd /mnt/sysimage/boot/efi/EFI/BOOT" "efibootmgr -v" The "efibootmgr -v" command is to make sure that no other Qubes boot entries are present. If they are present, note the number [ex: 0005 Qubes HD(1,MBR,0)] and then use the command "efibootmgr -b -B" to remove the entry. The is where you would put the boot entry number, like 0005 in the example I gave you. If there are no Qubes boot entries, then use this command to create one. "efibootmgr -v -c -u -L QubesOS -l /EFI/BOOT/xen.efi -d
