Zeek Installation

Shodan provides access to the InternetDB using both an API as well as a SQLite file for you to check open ports on various IP addresses. The Zeek integration lets you access that information from within your scripts so you can make decisions based on the open ports, vulnerabilities and other information about the remote IP.

Requirements

Building Zeek from source requires the following dependencies.

  • RPM/RedHat-based Linux:
sudo dnf install cmake make gcc gcc-c++ flex bison libpcap-devel openssl-devel python3 python3-devel swig zlib-devel
sudo yum install cmake3 devtoolset-7
scl enable devtoolset-7 bash
  • DEB/Debian-based Linux:
sudo apt-get install cmake make gcc g++ flex libfl-dev bison libpcap-dev libssl-dev python3 python3-dev swig zlib1g-dev

Configuring and Building

Zeek source code release and can be manually downloaded from the download page.

Once you download the .tar.gz file, extract it and run the commands:

./configure && make && sudo make install

After installation, please adjust the PATH environment to the Zeek directory.

export PATH=/usr/local/zeek/bin:$PATH
Next: Setup InternetDB package