move README to /

files/analyst/README

@@ -0,0 +1,82 @@
+The following tools are available on the analyst workstation.
+
+
+NetworkMiner
+  url: https://www.netresec.com
+  Running NetworkMiner: Open terminal and run: mono /opt/NetworkMiner_2-5/NetworkMiner.exe --noupdatecheck
+
+Wireshark
+  url: https://www.wireshark.org/
+  Running Wireshark: Applications > Internet > Wireshark Network Analyzer
+
+dnsiff
+  url: https://www.monkey.org/~dugsong/dsniff/
+  Running dsniff: Open terminal and run: dsniff -h
+
+hping3
+  url: http://www.hping.org/hping3.html
+  Running hping3: Open terminal and run: hping3 -h
+
+netsed
+  url: http://silicone.homelinux.org/projects/netsed/
+  Running netsed: Open terminal and run: netsed -h
+
+ngrep
+  url: https://github.com/jpr5/ngrep
+  Running ngrep: Open terminal and run: ngrep -h
+
+scapy
+  url: http://www.secdev.org/projects/scapy/
+  Running scapy: Open terminal and run: scapy
+
+ssldump
+  url: http://www.rtfm.com/ssldump/
+  Running ssldump: Open terminal and run: ssldump -h
+
+tcpdump
+  url: http://www.tcpdump.org
+  Running tcpdump: Open terminal and run: tcpdump -h
+
+tcpflow
+  url: https://github.com/simsong/tcpflow
+  Running tcpflow: Open terminal and run: tcpflow -h
+
+tcpxtract
+  url: http://tcpxtract.sourceforge.net/
+  Running tcpxtract: Open terminal and run: tcpxtract -h
+
+whois
+  url: http://www.linux.it/~md/software/
+  Running whois: Open terminal and run: whois -h
+
+foremost
+  url: http://foremost.sourceforge.net
+  Running foremost: Open terminal and run: foremost -h
+
+tcpstat
+  url: https://frenchfries.net/paul/tcpstat/
+  Running tcpstat: Open terminal and run: tcpstat -h
+
+tcptrace
+  url: http://www.tcptrace.org
+  Running tcptract: Open terminal and run: tcptrace -h
+
+sslsplit
+  url: https://github.com/droe/sslsplit
+  Running sslsplit: Open terminal and run: sslsplit -h
+
+bit-twist
+  url: http://bittwist.sourceforge.net
+  Running bit-twist: Open terminal and run: bittwist -h
+
+chaosreader
+  url: http://chaosreader.sourceforge.net
+  Running chaosreader: Open terminal and run: perl /usr/bin/chaosreader -h
+  
+Google Chrome
+  url: https://www.google.com/chrome/
+  Running Google Chrome: Applications > Internet > Google Chrome
+
+
+
+

setup/so-analyst

@@ -49,7 +49,7 @@ yum -y install dsniff;
 yum -y install hping3;
 
 # Install netsed
-yum -y isntall netsed;
+yum -y install netsed;
 
 # Install ngrep
 yum -y install ngrep;
@@ -86,10 +86,9 @@ yum -y install https://github.com/Security-Onion-Solutions/securityonion-docker-
 # Install tcptrace
 yum -y install https://github.com/Security-Onion-Solutions/securityonion-docker-rpm/releases/download/securityonion-tcptrace-6.6.7/securityonion-tcptrace-6.6.7.rpm;
 
-# Install sslsniff
-# This is unmainted with many PRs waiting. Perhaps we should consider https://github.com/droe/sslsplit instead
-yum -y install boost-filesystem boost-thread log4cpp;
-yum -y install https://github.com/Security-Onion-Solutions/securityonion-docker-rpm/releases/download/securityonion-sslsniff-0.8.0/securityonion-sslsniff-0.8.0.rpm;
+# Install sslsplit
+yum -y install libevent;
+yum -y install https://github.com/Security-Onion-Solutions/securityonion-docker-rpm/releases/download/securityonion-sslsplit-0.5.5/securityonion-sslsplit-0.5.5.rpm;
 
 # Install Bit-Twist
 yum -y install https://github.com/Security-Onion-Solutions/securityonion-docker-rpm/releases/download/securityonion-bittwist-2.0.0/securityonion-bittwist-2.0.0.rpm;
@@ -98,4 +97,6 @@ yum -y install https://github.com/Security-Onion-Solutions/securityonion-docker-
 yum -y install perl-IO-Compress perl-Net-DNS;
 yum -y install https://github.com/Security-Onion-Solutions/securityonion-docker-rpm/releases/download/securityonion-chaosreader-0.95.10/securityonion-chaosreader-0.95.10.rpm;
 
+cp ../files/analyst/README /;
+
 reboot;