Skip to content

Evasion environment setup

Warning

Work in progress

Litterbox

git clone https://github.com/BlackSnufkin/LitterBox.git
cd LitterBox
cd Docker

Modified setup.sh that skips tools check & use compose v2: 

#!/bin/bash

echo "LitterBox Docker Setup"
echo "====================="

# echo "[+] Installing Docker, Docker Compose, and CPU checker..."
# 
# echo "[+] Checking KVM support..."
# if sudo kvm-ok; then
#     echo "[+] KVM acceleration available"
# else
#     echo "[!] KVM not available - will run slower"
#     echo "[!] Enable virtualization in BIOS or use KVM: 'N' in docker-compose"
# fi


# Create directories
mkdir -p oem
mkdir -p share

# Create install.bat
cat > oem/install.bat << 'EOF'
@echo off
echo [+] LitterBox Installation Starting...
powershell -ExecutionPolicy Bypass -File "C:\OEM\install.ps1"
echo [+] Installation complete!
EOF

# Copy existing install.ps1
cp install.ps1 oem/install.ps1

echo ""
echo "Starting Windows installation..."
echo "Web viewer: http://localhost:8006"
echo "Monitor installation progress in browser"
echo "Windows will auto-install, then LitterBox will be set up"
echo "LitterBox will be ready at http://localhost:1337 when complete"

# Start Docker container
sudo docker compose up -d

Updated docker-compose.yml: 

services:
  litterbox-windows:
    image: dockurr/windows
    container_name: litterbox-windows
    environment:
      VERSION: "10"
      RAM_SIZE: "8G"
      CPU_CORES: "4"
      DISK_SIZE: "25G"
      USERNAME: "litterbox"
      PASSWORD: "sandbox123"
    devices:
      - /dev/kvm
      - /dev/net/tun
    cap_add:
      - NET_ADMIN
    ports:
      - 8006:8006
      - 3389:3389/tcp
      - 3389:3389/udp
      - 1337:1337
      - 8080:8080
    volumes:
      - ./windows:/storage
      - ./oem:/oem
      - ./share:/data
    restart: always
    stop_grace_period: 2m

avred

https://avred.r00ted.ch/

Qu1cksc0pe

git clone --depth 1 https://github.com/CYB3RMX/Qu1cksc0pe
cd Qu1cksc0pe

# for docker version; so we can publish localhost port of our computer to the webapp port of container
sed -i "s/127.0.0.1/0.0.0.0/" Modules/web_app.py

docker build -t qu1cksc0pe .
docker run -it --rm -v $(pwd):/data qu1cksc0pe:latest --file /data/suspicious_file --analyze

# or launch Web UI
docker run -it --rm -p "127.0.0.1:5055:5055" -v $(pwd):/data qu1cksc0pe:latest --ui

# open http://127.0.0.1:5055/