Add the iNetSim repository to installation (switch to root shell first by sudo bash, followed by root password):
sudo echo "deb http://www.inetsim.org/debian/ binary/" >> /etc/apt/sources.list
We then add the archive signing key provided by the iNetSim team to our installation to allow apt to verify the digital signatures of the package we’re going to install (Yes the dash at the end is important!):
wget -O — http://www.inetsim.org/inetsim-archive-signing-key.asc | apt-key add -
Update the packages list again to pull the latest versions from the repo we just added:
sudo apt-get update
Then finally we will be ready to install the iNetSim package (and all its dependencies):
sudo apt-get install inetsim
If you notice as part of the installation one of the last few lines reads:
Not starting INetSim. Edit /etc/default/inetsim to enable.
We’ve gotta do a little configuration before we’re good to go! Lets fire up our favorite text editor and have at it:
sudo gedit /etc/inetsim/inetsim.conf
This is the main configuration file for the iNetSim application, we want to modify/uncomment the following lines. Before you do this you will need to know your servers IP (the one you’re on now, find by ifconfig)
service_bind_address <your servers IP>
dns_default_ip <your servers IP>
These options will set both the binding IP for the service and the IP and Domains used within the application, when your malware requests www.test.com it’ll get back the IP of your iNetSim so that it forwards the rest of its juicy traffic there.
Save that file and be done with it. Then we move on:
sudo gedit /etc/default/inetsim
Here we wanna change ENABLED=0 to ENABLED=1, Save, Quit and have a mouthful of beer. That steps done!
To fire up the application whenever you are ready its a fairly simple:
The output will tell you where log files etc are stored and that the simulation is running successfully, including IP address and Process info. The usual CTRL+C to close. If you go to a web browser and open up the IP address of the server your iNetSim is running on you should see something like this:
If you see that, its working, well done! :)