A Beginner's Guide to Brunnhilde: The Installation, Recent Update, Additional Dependencies, and Uses of the Brunnhilde Software

Niamh Murphy is a student of the Master of Library and Information Studies programme at University College Dublin.

As prefaced last week, this week’s post concerning Brunnhilde will be about the core requirements for its installation, the most recent update, the additional dependencies, and uses of the software, with specific attention to macOS and Python 3. As previously discussed, there are a multitude of reasons in favour of the installation and use of this software, which can be found here.

To begin, we will discuss its installation. First, it is required that Python and Siegfried be installed prior to Brunnhilde. At this point, it is also worth noting that guidelines are specific to operating systems, and so for reference, I am using macOS. With regard to macOS, it is a requirement that Homebrew also be installed, in order to install Siegfried. Once you have the core dependencies installed, you will be able to install Brunnhilde. To utilize the full function of Brunnhilde, again with respect to macOS, you will also need to install additional dependencies, which will be discussed shortly.

To install Brunnhilde, as per the installation notes on GitHub, it is advised that you input the following into terminal:

sudo pip install brunnhilde

However, when using Python 3, it is required that you input a variation of this command, which is:

sudo pip3 install brunnhilde

Similarly, to upgrade to the latest version of Brunnhilde, it is advised that you input:

sudo pip install brunnhilde --upgrade

Again, with Python 3, you will need to input the following instead:

sudo pip3 install brunnhilde --upgrade

It is worth noting that as of 2020, Python 2 has become obsolete, and so everyone should be using Python 3.

At this point, having followed the aforementioned guidelines, you will have successfully installed Brunnhilde 1.9+ and can use its base functions. In comparison to previous versions, Brunnhilde 1.9.0 has introduced a simpler command line syntax. To generate Brunnhilde’s core output, which is the HTML report, a full .csv output from Siegfried and an additional folder of .csv results, as per the most recent update you will need to input the following:

brunnhilde.py /directory/to/scan/output/directory/to/create

An example of this command is as follows:

This will result in the following:

However, it is worth noting that the virus scan that you see above will not run on a functional basis until the ClamAV software has been installed correctly, which requires that you complete a number of additional steps. Again, we will discuss ClamAV, as well as other dependencies, shortly.

Returning to the core output, the aforementioned command will have generated a folder containing a HTML report, a full .csv output from Siegfried and an additional folder of .csv results, all of which provide information such as file formats, versions, dates, errors, duplicates, etc. pertaining to the directory scanned.

Thus concludes the installation, recent update and basic function of the Brunnhilde software. Next, we will discuss the installation of the additional dependencies required in order to utilize the full function of Brunnhilde.

 Additional dependences

The additional dependencies, with respect to macOS, are as follows:

• SleuthKit

• Bulk extractor

• ClamAV

• Tree

As I have previously mentioned, with macOS, it is required that Homebrew be installed in advance in order to install the aforementioned software. To install the additional dependencies, simply input and run each of the following commands:

brew install sleuthkit

brew install bulk_extractor

brew install clamav

brew install tree

With regard to the ClamAV anti-virus software, there are a number of additional steps that must be completed before the software is functional.

First, create the freshclam.conf file. To do this, input and run the following command in terminal:

mv /usr/local/etc/clamav/freshclam.conf.sample /usr/local/etc/clamav/freshclam.conf

Then, edit the file. To locate the file, first open Finder. Then, press Command+Shift+G to open the dialogue box. Then, input the following search:

/usr/local/etc/clamav/freshclam.conf

Open the freshclam.conf file and change the following from:

# Comment or remove the line below.

Example

To:

# Comment or remove the line below.

# Example

Once the aforementioned has been completed, update the database by running the freshclam application in terminal. To do this, simply input and run:

freshclam

This should result in the following:

At this point, the ClamAV anti-virus software is functional and can be run successfully as part of the Brunnhilde output.

There is one more note that I would like to make about the additional dependencies, in relation to macOS, which is the command necessary to run bulk extractor. In order to run bulk extractor, in addition to all of the aforementioned functions, the command varies slightly from:

brunnhilde.py /directory/to/scan /output/directory/to/create

To:

brunnhilde.py -b /directory/to/scan /output/directory/to/create

An example of this command is as follows:

This will result in the following:

Similarly to the basic function of Brunnhilde, the aforementioned command will generate a folder containing a HTML report, a full .csv output from Siegfried and an additional folder of .csv results, run the anti-virus scan, as well as scan the desired directory for sensitive or personally identifiable information and create a folder presenting this information.

With that, you have made it to the end of this series, and having followed all of the previously outlined steps, are able to use the Brunnhilde software to great effect. Congratulations!

Before I sign off, I would like to acknowledge the source I consulted in relation to the additional steps needed to effectively install ClamAV, which is the Red Green Repeat: Adventures of a Spec Driven Junkie blog. Special thanks are also due to Kieran O’Leary for all of his advice, and for being exceedingly generous with his knowledge. And finally, to those reading, I would like to thank you all for taking the time. I hope that these posts have been interesting and that you have gained something that is worthwhile.

If you would like to reach out, or have any queries, you can find me on Twitter @niamhelmurphy

Thanks again :)