trinitor/DetectionLab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Replace build scripts with prepare scripts

Browse Source
This commit is contained in:
Chris Long
2020-08-27 18:14:41 -07:00
parent 4ed4d9ed4a
commit bee5d4ce1b
18 changed files with 745 additions and 931 deletions
Download Patch File Download Diff File Expand all files Collapse all files

83
Vagrant/post_build_checks.ps1 Normal file
View File

@@ -0,0 +1,83 @@
function download {
param(
[string]$URL,
[string]$PatternToMatch,
[switch]$SuccessOn401
)
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $true }
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$wc = New-Object System.Net.WebClient
try {
$result = $wc.DownloadString($URL)
if ($result -like "*$PatternToMatch*") {
return $true
} else {
return $false
}
}
catch {
if ($_.Exception.InnerException.Response.StatusCode -eq 401 -and $SuccessOn401.IsPresent) {
return $true
} else {
Write-Host "Error occured on webrequest: $_" -ForegroundColor red
return $false
}
}
}
function post_build_checks {
$checkmark = ([char]8730)
Write-Host '[*] Verifying that Splunk is reachable...'
$SPLUNK_CHECK = download -URL 'https://192.168.38.105:8000/en-US/account/login?return_to=%2Fen-US%2F' -PatternToMatch 'This browser is not supported by Splunk'
if ($SPLUNK_CHECK -eq $false) {
Write-Host '[!] Splunk was unreachable and may not have installed correctly.' -ForegroundColor red
}
else {
Write-Host ' ['$($checkmark)'] Splunk is running and reachable!' -ForegroundColor Green
}
Write-Host ''
Write-Host '[*] Verifying that Fleet is reachable...'
$FLEET_CHECK = download -URL 'https://192.168.38.105:8412' -PatternToMatch 'Kolide Fleet'
if ($FLEET_CHECK -eq $false) {
Write-Host '[!] Fleet was unreachable and may not have installed correctly.' -ForegroundColor red
}
else {
Write-Host ' ['$($checkmark)'] Fleet is running and reachable!' -ForegroundColor Green
}
Write-Host ''
Write-Host '[*] Verifying that Microsoft ATA is reachable...'
$ATA_CHECK = download -URL 'https://192.168.38.103' -SuccessOn401
if ($ATA_CHECK -eq $false) {
Write-Host '[!] Microsoft ATA was unreachable and may not have installed correctly.' -ForegroundColor red
}
else {
Write-Host ' ['$($checkmark)'] Microsoft ATA is running and reachable!' -ForegroundColor Green
}
Write-Host ''
Write-Host '[*] Verifying that Velociraptor is reachable...'
$VELOCIRAPTOR_CHECK = download -URL 'https://192.168.38.105:9999' -PatternToMatch 'app.html'
if ($VELOCIRAPTOR_CHECK -eq $false) {
Write-Host '[!] Velociraptor was unreachable and may not have installed correctly.' -ForegroundColor red
}
else {
Write-Host ' ['$($checkmark)'] Velocirpator is running and reachable!' -ForegroundColor Green
}
Write-Host ''
Write-Host '[*] Verifying that Guacamole is reachable...'
$GUACAMOLE_CHECK = download -URL 'http://192.168.38.105:8080/guacamole' -PatternToMatch 'Apache Software'
if ($GUACAMOLE_CHECK -eq $false) {
Write-Host '[!] Guacamole was unreachable and may not have installed correctly.' -ForegroundColor red
}
else {
Write-Host ' ['$($checkmark)'] Guacamole is running and reachable!' -ForegroundColor Green
}
Write-Host ''
}
post_build_checks

68
Vagrant/post_build_checks.sh Executable file
View File

@@ -0,0 +1,68 @@
#! /bin/bash
# This script is meant to verify that DetectionLab was built successfully.
# Only MacOS and Linux are supported. Use post_build_checks.ps1 for Windows.
# If you encounter issues, feel free to open an issue at
# https://github.com/clong/DetectionLab/issues
ERROR=$(tput setaf 1; echo -n " [!]"; tput sgr0)
GOODTOGO=$(tput setaf 2; echo -n " [✓]"; tput sgr0)
# A series of checks to ensure important services are responsive after the build completes.
post_build_checks() {
SPLUNK_CHECK=0
FLEET_CHECK=0
ATA_CHECK=0
VELOCIRAPTOR_CHECK=0
GUACAMOLE_CHECK=0
# If the curl operation fails, we'll just leave the variable equal to 0
# This is needed to prevent the script from exiting if the curl operation fails
SPLUNK_CHECK=$(curl -ks -m 2 https://192.168.38.105:8000/en-US/account/login?return_to=%2Fen-US%2F | grep -c 'This browser is not supported by Splunk')
FLEET_CHECK=$(curl -ks -m 2 https://192.168.38.105:8412 | grep -c 'Kolide Fleet')
ATA_CHECK=$(curl --fail --write-out "%{http_code}" -ks https://192.168.38.103 -m 2)
VELOCIRAPTOR_CHECK=$(curl -ks -m 2 https://192.168.38.105:9999 | grep -c 'app.html')
GUACAMOLE_CHECK=$(curl -ks -m 2 'http://192.168.38.105:8080/guacamole/#/' | grep -c 'Apache Software')
[[ $ATA_CHECK == 401 ]] && ATA_CHECK=1
echo "[*] Verifying that Splunk is running and reachable..."
if [ "$SPLUNK_CHECK" -lt 1 ]; then
(echo >&2 "${ERROR} Warning: Splunk was unreachable and may not have installed correctly.")
else
(echo >&2 "${GOODTOGO} Fleet is running and reachable.")
fi
echo ""
echo "[*] Verifying that Fleet is running and reachable..."
if [ "$FLEET_CHECK" -lt 1 ]; then
(echo >&2 "${ERROR} Warning: Fleet was unreachable and may not have installed correctly.")
else
(echo >&2 "${GOODTOGO} Fleet is running and reachable.")
fi
echo ""
echo "[*] Verifying that Microsoft ATA is running and reachable..."
if [ "$ATA_CHECK" -lt 1 ]; then
(echo >&2 "${ERROR} Warning: Microsoft ATA was unreachable and may not have installed correctly.")
else
(echo >&2 "${GOODTOGO} Microsoft ATA is running and reachable.")
fi
echo ""
echo "[*] Verifying that the Velociraptor service is running and reachable..."
if [ "$VELOCIRAPTOR_CHECK" -lt 1 ]; then
(echo >&2 "${ERROR} Warning: Velociraptor was unreachable and may not have installed correctly.")
else
(echo >&2 "${GOODTOGO} Velociraptor is running and reachable.")
fi
echo ""
echo "[*] Verifying that Guacamole is running and reachable..."
if [ "$GUACAMOLE_CHECK" -lt 1 ]; then
(echo >&2 "${ERROR} Warning: Guacamole was unreachable and may not have installed correctly.")
else
(echo >&2 "${GOODTOGO} Guacamole is running and reachable.")
fi
}
post_build_checks
exit 0

265
Vagrant/prepare.ps1 Normal file
View File

@@ -0,0 +1,265 @@
#Requires -Version 4.0
<#
.Synopsis
This script is used to ensure prerequisites for DetectionLab
are properly installed.
.DESCRIPTION
This scripts runs a series of tests. It checks:
* If Packer and Vagrant are installed
* If VirtualBox and/or VMware are installed
* If the proper vagrant plugins are available
* Various aspects of system health
If you encounter issues, feel free to open an issue at
https://github.com/clong/DetectionLab/issues
.EXAMPLE
./prepare.ps1
This runs a series of checks to ensure your system will successfully be
able to build DetectionLab.
#>
$VAGRANT_DIR = Split-Path -Parent -Path $MyInvocation.MyCommand.Definition
$checkmark = ([char]8730)
function install_checker {
param(
[string]$Name
)
$results = Get-ItemProperty 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\*' | Select-Object DisplayName
$results += Get-ItemProperty 'HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*' | Select-Object DisplayName
forEach ($result in $results) {
if ($result -like "*$Name*") {
return $true
}
}
return $false
}
function check_packer_path {
# Check if Packer is in path
Try {
Get-Command packer.exe -ErrorAction Stop | Out-Null
}
Catch {
Write-Host ' [-] Packer was not found in your PATH.' -ForegroundColor yellow
Write-Host ' [-] This is only needed if you plan to build your own boxes, otherwise you can ignore this message.' -ForegroundColor yellow
}
}
function check_vagrant_path {
# Check if Vagrant is in path
Try {
Get-Command vagrant.exe -ErrorAction Stop | Out-Null
}
Catch {
Write-Host ' [!] Vagrant was not found in your PATH. Please correct this before continuing.' -ForegroundColor red
Write-Host ' [!] Correct this by installing Vagrant with Choco or downloading from https://www.vagrantup.com/downloads.html' -ForegroundColor red
Break
}
# Check Vagrant version >= 2.2.9
[System.Version]$vagrant_version = $(vagrant --version).Split(' ')[1]
[System.Version]$version_comparison = 2.2.9
if ($vagrant_version -lt $version_comparison) {
Write-Host ' [-] It is highly recommended to use Vagrant 2.2.9 or above before continuing' -ForegroundColor yellow
}
else {
Write-Host ' ['$($checkmark)'] Your version of Vagrant ('$vagrant_version') is supported' -ForegroundColor Green
}
}
# Returns false if not installed or true if installed
function check_virtualbox_installed {
Write-Host ''
Write-Host '[+] Checking if Virtualbox is installed...'
if (install_checker -Name "VirtualBox") {
Write-Host ' ['$($checkmark)'] Virtualbox found.' -ForegroundColor green
return $true
}
else {
return $false
}
}
function check_vmware_workstation_installed {
Write-Host ''
Write-Host '[+] Checking if VMware Workstation is installed...'
if (install_checker -Name "VMware Workstation") {
Write-Host ' ['$($checkmark)'] VMware Workstation found.' -ForegroundColor green
return $true
}
else {
return $false
}
}
function check_vmware_vagrant_plugin_installed {
Write-Host ''
Write-Host '[+] Checking if the vagrant_vmware_desktop plugin is installed...'
if (vagrant plugin list | Select-String 'vagrant-vmware-workstation') {
Write-Host ' [!] The vagrant VMware Workstation plugin is no longer supported.' -ForegroundColor red
Write-Host ' [-] Please upgrade to the VMware Desktop plugin: https://www.vagrantup.com/docs/vmware/installation.html' -ForegroundColor yellow
Write-Host ' [-] Please also uninstall the vagrant-vmware-fusion plugin and install the vmware-vagrant-desktop plugin' -ForegroundColor yellow
Write-Host ' [-] HINT: `vagrant plugin uninstall vagrant-vmware-workstation; vagrant plugin install vagrant-vmware-desktop`' -ForegroundColor yellow
return $false
}
if (vagrant plugin list | Select-String 'vagrant-vmware-desktop') {
Write-Host ' ['$($checkmark)'] Vagrant VMware Desktop plugin found.' -ForegroundColor green
return $true
}
else {
Write-Host ' [!] VMware Workstation is installed, but the vagrant-vmware-desktop plugin is not.' -ForegroundColor red
Write-Host ' [-] Visit https://www.vagrantup.com/vmware/index.html#buy-now for more information on how to purchase ($80) and install it' -ForegroundColor yellow
Write-Host ' [-] VMware Workstation will not be listed as a provider until the Vagrant plugin has been installed.' -ForegroundColor yellow
Write-Host ' [-] NOTE: The plugin does not work with trial versions of VMware Workstation' -ForegroundColor yellow
return $false
}
}
function check_vagrant_vmware_utility_installed {
Write-Host ''
Write-Host '[+] Checking if the Vagrant VMware Utility is installed...'
if (install_checker -Name "Vagrant VMware Utility") {
Write-Host ' ['$($checkmark)'] Vagrant VMware Utility is installed' -ForegroundColor green
return $true
}
else {
Write-Host ' [!] To use VMware Workstation as a provider, you need to install the Vagrant VMware Utility.' -ForegroundColor Red
Write-Host ' [-] To download and install it, visit https://www.vagrantup.com/docs/providers/vmware/vagrant-vmware-utility'
return $false
}
}
function list_providers {
[cmdletbinding()]
param()
$vboxInstalled = 0
$vmwareInstalled = 0
if (check_virtualbox_installed) {
$vboxInstalled = 1
}
if (check_vmware_workstation_installed) {
if ((check_vmware_vagrant_plugin_installed) -and (check_vagrant_vmware_utility_installed)) {
$vmwareInstalled = 1
}
}
# Warn users if Virtualbox and VMware Workstation are both installed.
if (( $vboxInstalled -eq 1 ) -and ( $vmwareInstalled -eq 1 )) {
Write-Host " [-] Both VMware Workstation and Virtualbox appear to be installed on this system." -ForegroundColor Yellow
Write-Host " [-] Please consider setting the VAGRANT_DEFAULT_PROVIDER environment variable to prevent confusion." -ForegroundColor Yellow
Write-Host " [-] More details can be found here: https://www.vagrantup.com/docs/providers/default" -ForegroundColor Yellow
Write-Host " [-] Additionally, please ensure only one providers' network adapters are active at any given time." -ForegroundColor Yellow
}
if (($vboxInstalled -eq 0) -and ($vmwareInstalled -eq 0)) {
Write-Error ' [!] You need to install a provider such as VirtualBox or VMware Workstation to continue.' -ForegroundColor red
Write-Error ' [!] Virtualbox is free, the VMware Vagrant Plugin costs $80.' -ForegroundColor red
break
}
Write-Host ''
Write-Host '[+] Enumerating available providers...'
Write-Host "[+] Available Providers: "
if ($vboxInstalled -eq 1) {
Write-Host ' [*] virtualbox' -ForegroundColor green
}
if ($vmwareInstalled -eq 1) {
Write-Host ' [*] vmware_desktop' -ForegroundColor green
}
}
function preflight_checks {
Write-Host ''
Write-Host '[+] Checking if CredentialGuard is enabled...'
# Verify CredentialGuard isn't enabled
if (('CredentialGuard' -match ((Get-ComputerInfo).DeviceGuardSecurityServicesConfigured) -eq "True")) {
Write-Host ' [!] CredentialGuard appears to be enabled on this system which can cause issues with Virtualbox.' -ForegroundColor red
Write-Host ' [!] See this thread for more info: https://forums.virtualbox.org/viewtopic.php?f=25&t=82106' -ForegroundColor red
}
Write-Host ''
Write-Host '[+] Checking if any boxes have been manually built...'
if ((Get-ChildItem "$VAGRANT_DIR\..\Boxes\*.box").Count -gt 0) {
Write-Host ' [-] You seem to have at least one .box file present in the Boxes directory already.' -ForegroundColor yellow
Write-Host ' [-] If you would like to use the pre-built boxes, please remove all .box files from the Boxes directory' -ForegroundColor yellow
}
else {
Write-Host ' ['$($checkmark)'] No custom Packer boxes found' -ForegroundColor green
}
# Check to see that no Vagrant instances exist
Write-Host ''
Write-Host '[+] Checking if any Vagrant instances have been created...'
$CurrentDir = Get-Location
Set-Location "$VAGRANT_DIR"
if (($(vagrant status) | Select-String -Pattern "not[ _]created").Count -ne 4) {
Write-Host ' [-] You appear to have already created at least one Vagrant instance.' -ForegroundColor yellow
vagrant status | Select-String 'not[ _]created' -NotMatch | Select-String -Pattern 'logger|dc|wef|win10'
Write-Host ''
Write-Host ' [-] If you want to start with a fresh install, you should run `vagrant destroy -f` to remove existing instances.' -ForegroundColor yellow
}
else {
Write-Host ' ['$($checkmark)'] No Vagrant instances have been created' -ForegroundColor green
}
Set-Location $CurrentDir
# Check available disk space. Recommend 80GB free, warn if less
Write-Host ''
Write-Host '[+] Checking available disk space...'
$drives = Get-PSDrive | Where-Object { $_.Provider -like '*FileSystem*' }
$drivesList = @()
forEach ($drive in $drives) {
if ($drive.free -lt 80GB) {
$DrivesList = $DrivesList + $drive
}
}
if ($DrivesList.Count -gt 0) {
Write-Host " [-] The following drives have less than 80GB of free space. They should not be used for deploying DetectionLab" -ForegroundColor yellow
forEach ($drive in $DrivesList) {
Write-Host " [*] $($drive.Name)" -ForegroundColor yellow
}
Write-Host ' [-] You can safely ignore this warning if you are deploying DetectionLab to a different drive.' -ForegroundColor yellow
}
else {
Write-Host ' ['$($checkmark)'] You have more than 80GB of free space on your primary partition' -ForegroundColor green
}
# Ensure the vagrant-reload plugin is installed
Write-Host ''
Write-Host '[+] Checking if vagrant-reload is installed...'
if (-Not (vagrant plugin list | Select-String 'vagrant-reload')) {
Write-Host ' [-] The vagrant-reload plugin is required and not currently installed. This script will attempt to install it now.' -ForegroundColor yellow
(vagrant plugin install 'vagrant-reload')
if ($LASTEXITCODE -ne 0) {
Write-Host ' [!] Unable to install the vagrant-reload plugin. Please try to do so manually via `vagrant plugin install vagrant-reload` and re-run this script.' -ForegroundColor red
break
}
}
else {
Write-Host ' ['$($checkmark)'] The vagrant-reload plugin is installed' -ForegroundColor green
}
}
# Run check functions
Write-Host ''
Write-Host '[+] Begining pre-build checks for DetectionLab'
Write-Host ''
Write-Host '[+] Checking for necessary tools in PATH...'
check_packer_path
check_vagrant_path
preflight_checks
list_providers
Write-Host ''
Write-Host 'To get started building DetectionLab, simply cd to DetectionLab/Vagrant'
Write-Host 'and run "vagrant up". If you run into any issues along the way, check out'
Write-Host 'the troubleshooting and known issues page: https://www.detectionlab.network/deployment/troubleshooting/'
Write-Host ''

246
Vagrant/prepare.sh Executable file
View File

@@ -0,0 +1,246 @@
#! /bin/bash
# This script is meant to verify that your system is configured to
# build DetectionLab successfully.
# Only MacOS and Linux are supported. Use prepare.ps1 for Windows.
# If you encounter issues, feel free to open an issue at
# https://github.com/clong/DetectionLab/issues
ERROR=$(tput setaf 1; echo -n " [!]"; tput sgr0)
GOODTOGO=$(tput setaf 2; echo -n " [✓]"; tput sgr0)
INFO=$(tput setaf 3; echo -n " [-]"; tput sgr0)
print_usage() {
echo "Usage: ./prepare.sh"
exit 0
}
check_packer_path() {
# Check for existence of Packer in PATH
if ! which packer >/dev/null; then
(echo >&2 "${INFO} Packer was not found in your PATH.")
(echo >&2 "${INFO} This is only needed if you plan to build you own boxes, otherwise you can ignore this message.")
else
(echo >&2 "${GOODTOGO} Packer was found in your PATH")
fi
}
check_vagrant_path() {
# Check for existence of Vagrant in PATH
if ! which vagrant >/dev/null; then
(echo >&2 "${ERROR} Vagrant was not found in your PATH.")
(echo >&2 "${ERROR} Please correct this before continuing. Exiting.")
(echo >&2 "${ERROR} Correct this by installing Vagrant with Homebrew or downloading from https://www.vagrantup.com/downloads.html")
exit 1
else
(echo >&2 "${GOODTOGO} Vagrant was found in your PATH")
fi
check_curl_path(){
# Check to see if curl is in PATH - needed for post-install checks
if ! which curl >/dev/null; then
(echo >&2 "${ERROR} Please install curl and make sure it is in your PATH.")
exit 1
else
(echo >&2 "${GOODTOGO} Curl was found in your PATH")
fi
}
# Ensure Vagrant >= 2.2.9
# https://unix.stackexchange.com/a/285928
VAGRANT_VERSION="$(vagrant --version | cut -d ' ' -f 2)"
REQUIRED_VERSION="2.2.9"
# If the version of Vagrant is not greater or equal to the required version
if ! [ "$(printf '%s\n' "$REQUIRED_VERSION" "$VAGRANT_VERSION" | sort -V | head -n1)" = "$REQUIRED_VERSION" ]; then
(echo >&2 "${ERROR} WARNING: It is highly recommended to use Vagrant $REQUIRED_VERSION or above before continuing")
else
(echo >&2 "${GOODTOGO} Your version of Vagrant ($VAGRANT_VERSION) is supported")
fi
}
# Returns 0 if not installed or 1 if installed
check_virtualbox_installed() {
if which VBoxManage >/dev/null; then
echo "1"
else
echo "0"
fi
}
# Returns 0 if not installed or 1 if installed
# Check for VMWare Workstation on Linux
check_vmware_workstation_installed() {
if which vmrun >/dev/null; then
echo "1"
else
echo "0"
fi
}
# Returns 0 if not installed or 1 if installed
check_vmware_fusion_installed() {
if [ -e "/Applications/VMware Fusion.app" ]; then
echo "1"
else
echo "0"
fi
}
# Returns 0 if not installed or 1 if installed
check_vmware_desktop_vagrant_plugin_installed() {
LEGACY_PLUGIN_CHECK="$(vagrant plugin list | grep -c 'vagrant-vmware-fusion')"
if [ "$LEGACY_PLUGIN_CHECK" -gt 0 ]; then
(echo >&2 "${ERROR} The VMware Fusion Vagrant plugin is deprecated and is no longer supported.")
(echo >&2 "${INFO} Please upgrade to the VMware Desktop plugin: https://www.vagrantup.com/docs/vmware/installation.html")
(echo >&2 "${INFO} Please also uninstall the vagrant-vmware-fusion plugin and install the vmware-vagrant-desktop plugin")
(echo >&2 "${INFO} HINT: \`vagrant plugin uninstall vagrant-vmware-fusion && vagrant plugin install vagrant-vmware-desktop\`")
(echo >&2 "${INFO} NOTE: The VMware plugin does not work with trial versions of VMware Fusion")
echo "0"
fi
VMWARE_DESKTOP_PLUGIN_PRESENT="$(vagrant plugin list | grep -c 'vagrant-vmware-desktop')"
if [ "$VMWARE_DESKTOP_PLUGIN_PRESENT" -eq 0 ]; then
(echo >&2 "VMWare Fusion or Workstation is installed, but the vagrant-vmware-desktop plugin is not.")
(echo >&2 "Visit https://www.hashicorp.com/blog/introducing-the-vagrant-vmware-desktop-plugin for more information on how to purchase and install it")
(echo >&2 "VMWare Fusion or Workstation will not be listed as a provider until the vagrant-vmware-desktop plugin has been installed.")
echo "0"
else
echo "1"
fi
}
check_vagrant_vmware_utility_installed() {
# Ensure the helper utility is installed: https://www.vagrantup.com/docs/providers/vmware/vagrant-vmware-utility
if pgrep -f vagrant-vmware-utility > /dev/null; then
echo "1"
else
echo "0"
fi
}
# List the available Vagrant providers present on the system
list_providers() {
VBOX_PRESENT=0
VMWARE_FUSION_PRESENT=0
if [ "$(uname)" == "Darwin" ]; then
# Detect Providers on OSX
VBOX_PRESENT=$(check_virtualbox_installed)
VMWARE_FUSION_PRESENT=$(check_vmware_fusion_installed)
VMWARE_WORKSTATION_PRESENT=0 # Workstation doesn't exist on Darwain-based OS
VAGRANT_VMWARE_DESKTOP_PLUGIN_PRESENT=$(check_vmware_desktop_vagrant_plugin_installed)
VAGRANT_VMWARE_UTILITY_PRESENT=$(check_vagrant_vmware_utility_installed)
else
VBOX_PRESENT=$(check_virtualbox_installed)
VMWARE_WORKSTATION_PRESENT=$(check_vmware_workstation_installed)
VMWARE_FUSION_PRESENT=0 # Fusion doesn't exist on non-Darwin OS
VAGRANT_VMWARE_DESKTOP_PLUGIN_PRESENT=$(check_vmware_desktop_vagrant_plugin_installed)
VAGRANT_VMWARE_UTILITY_PRESENT=$(check_vagrant_vmware_utility_installed)
fi
(echo >&2 "Available Providers:")
if [ "$VBOX_PRESENT" == "1" ]; then
(echo >&2 "${GOODTOGO} virtualbox")
fi
if [[ $VMWARE_FUSION_PRESENT -eq 1 ]] && [[ $VAGRANT_VMWARE_DESKTOP_PLUGIN_PRESENT -eq 1 ]] && [[ $VAGRANT_VMWARE_UTILITY_PRESENT -eq 1 ]]; then
(echo >&2 "${GOODTOGO} vmware_desktop")
fi
if [[ $VMWARE_WORKSTATION_PRESENT -eq 1 ]] && [[ $VAGRANT_VMWARE_DESKTOP_PLUGIN_PRESENT -eq 1 ]] && [[ $VAGRANT_VMWARE_UTILITY_PRESENT -eq 1 ]]; then
(echo >&2 "${GOODTOGO} vmware_desktop")
fi
if [[ $VBOX_PRESENT -eq 0 ]] && [[ $VMWARE_FUSION_PRESENT -eq 0 ]] && [[ $VMWARE_WORKSTATION -eq 0 ]]; then
(echo >&2 "${ERROR} You need to install a provider such as VirtualBox or VMware Fusion/Workstation to build DetectionLab.")
exit 1
fi
}
# Check to see if boxes exist in the "Boxes" directory already
check_boxes_built() {
BOXES_BUILT=$(find "$VAGRANT_DIR"/../Boxes -name "*.box" | wc -l)
if [ "$BOXES_BUILT" -gt 0 ]; then
(echo >&2 "${INFO} WARNING: You seem to have at least one .box file present in the Boxes directory already.")
(echo >&2 "${INFO} If you would like to use the pre-built boxes, please remove all files from the Boxes directory.")
(echo >&2 "${INFO} See https://www.detectionlab.network/customization/buildpackerboxes/ for more information about this message")
else
(echo >&2 "${GOODTOGO} No custom built boxes found")
fi
}
# Check to see if any Vagrant instances exist already
check_vagrant_instances_exist() {
cd "$VAGRANT_DIR"|| exit 1
# Vagrant status has the potential to return a non-zero error code, so we work around it with "|| true"
VAGRANT_STATUS_OUTPUT=$(vagrant status)
VAGRANT_BUILT=$(echo "$VAGRANT_STATUS_OUTPUT" | grep -c 'not created') || true
if [ "$VAGRANT_BUILT" -ne 4 ]; then
(echo >&2 "${INFO} You appear to have already created at least one Vagrant instance:")
# shellcheck disable=SC2164
cd "$VAGRANT_DIR" && echo "$VAGRANT_STATUS_OUTPUT" | grep -v 'not created' | grep -E 'logger|dc|wef|win10'
(echo >&2 "${INFO} If you want to start with a fresh install, you should run \`vagrant destroy -f\` to remove existing instances.")
else
(echo >&2 "${GOODTOGO} No Vagrant instances have been created yet")
fi
}
check_vagrant_reload_plugin() {
# Ensure the vagrant-reload plugin is installed
VAGRANT_RELOAD_PLUGIN_INSTALLED=$(vagrant plugin list | grep -c 'vagrant-reload')
if [ "$VAGRANT_RELOAD_PLUGIN_INSTALLED" != "1" ]; then
(echo >&2 "${ERROR} The vagrant-reload plugin is required and was not found. This script will attempt to install it now.")
if ! $(which vagrant) plugin install "vagrant-reload"; then
(echo >&2 "Unable to install the vagrant-reload plugin. Please try to do so manually and re-run this script.")
exit 1
else
(echo >&2 "${GOODTOGO} The vagrant-reload plugin was successfully installed!")
fi
else
(echo >&2 "${GOODTOGO} The vagrant-reload plugin is currently installed")
fi
}
# Check available disk space. Recommend 80GB free, warn if less.
check_disk_free_space() {
FREE_DISK_SPACE=$(df -m "$HOME" | tr -s ' ' | grep '/' | cut -d ' ' -f 4)
if [ "$FREE_DISK_SPACE" -lt 80000 ]; then
(echo >&2 -e "Warning: You appear to have less than 80GB of HDD space free on your primary partition. If you are using a separate parition, you may ignore this warning.\n")
(df >&2 -m "$HOME")
(echo >&2 "")
else
(echo >&2 "${GOODTOGO} You have more than 80GB of free space on your primary partition")
fi
}
main() {
# Get location of prepare.sh
# https://stackoverflow.com/questions/59895/getting-the-source-directory-of-a-bash-script-from-within
VAGRANT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
(echo >&2 "[+] Checking for necessary tools in PATH...")
check_packer_path
check_vagrant_path
check_curl_path
(echo >&2 "")
(echo >&2 "[+] Checking if any boxes have been manually built...")
check_boxes_built
(echo >&2 "")
(echo >&2 "[+] Checking for disk free space...")
check_disk_free_space
(echo >&2 "")
(echo >&2 "[+] Checking if any Vagrant instances have been created...")
check_vagrant_instances_exist
(echo >&2 "")
(echo >&2 "[+] Checking if the vagrant-reload plugin is installed...")
check_vagrant_reload_plugin
(echo >&2 "")
(echo >&2 "[+] Enumerating available providers...")
list_providers
(echo >&2 '')
# shellcheck disable=SC2016
(echo >&2 'To get started building DetectionLab, run `vagrant up`.')
(echo >&2 'If you run into any issues along the way, check out the troubleshooting and known issues page: ')
(echo >&2 'https://www.detectionlab.network/deployment/troubleshooting/')
}
main
exit 0

11
Vagrant/scripts/MakeWindows10GreatAgain.ps1
View File

@@ -11,15 +11,6 @@ if ($onedrive) {
}
c:\Windows\SysWOW64\OneDriveSetup.exe /uninstall
# Fix in 1903
#Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Removing Microsoft Store and Edge shortcuts from the taskbar..."
#$appname = "Microsoft Edge"
#((New-Object -Com Shell.Application).NameSpace('shell:::{4234d49b-0245-4df3-b780-3893943456e1}').Items() | ?{$_.Name -eq $appname}).Verbs() | ?{$_.Name.replace('&','') -match 'Unpin from taskbar'} | %{$_.DoIt(); $exec = $true}
#$appname = "Microsoft Store"
#((New-Object -Com Shell.Application).NameSpace('shell:::{4234d49b-0245-4df3-b780-3893943456e1}').Items() | ?{$_.Name -eq $appname}).Verbs() | ?{$_.Name.replace('&','') -match 'Unpin from taskbar'} | %{$_.DoIt(); $exec = $true}
#$appname = "Mail"
#((New-Object -Com Shell.Application).NameSpace('shell:::{4234d49b-0245-4df3-b780-3893943456e1}').Items() | ?{$_.Name -eq $appname}).Verbs() | ?{$_.Name.replace('&','') -match 'Unpin from taskbar'} | %{$_.DoIt(); $exec = $true}
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Disabling automatic screen turnoff in order to prevent screen locking..."
powercfg -change -monitor-timeout-ac 0
powercfg -change -standby-timeout-ac 0
@@ -28,6 +19,8 @@ powercfg -change -hibernate-timeout-ac 0
# Download and install ShutUp10
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading ShutUp10..."
[Net.ServicePointManager]::SecurityProtocol = "tls12, tls11, tls"
# Disabling the progress bar speeds up IWR https://github.com/PowerShell/PowerShell/issues/2138
$ProgressPreference = 'SilentlyContinue'
$shutUp10DownloadUrl = "https://dl5.oo-software.com/files/ooshutup10/OOSU10.exe"
$shutUp10RepoPath = "C:\Users\vagrant\AppData\Local\Temp\OOSU10.exe"
if (-not (Test-Path $shutUp10RepoPath)) {

2
Vagrant/scripts/download_palantir_wef.ps1
View File

@@ -8,6 +8,8 @@ If (-not (Test-Path $wefRepoPath))
{
# GitHub requires TLS 1.2 as of 2/1/2018
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
# Disabling the progress bar speeds up IWR https://github.com/PowerShell/PowerShell/issues/2138
$ProgressPreference = 'SilentlyContinue'
Invoke-WebRequest -Uri "https://github.com/palantir/windows-event-forwarding/archive/master.zip" -OutFile $wefRepoPath
Expand-Archive -path "$wefRepoPath" -destinationpath 'c:\Users\vagrant\AppData\Local\Temp' -Force
}

4
Vagrant/scripts/install-microsoft-ata.ps1
View File

@@ -45,6 +45,8 @@ If (-not (Test-Path "C:\Program Files\Microsoft Advanced Threat Analytics\Center
If ($download -eq $true)
{
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading $title..."
# Disabling the progress bar speeds up IWR https://github.com/PowerShell/PowerShell/issues/2138
$ProgressPreference = 'SilentlyContinue'
Invoke-WebRequest -Uri $downloadUrl -OutFile "$env:temp\$title.iso"
$actualHash = (Get-FileHash -Algorithm SHA256 -Path "$env:temp\$title.iso").Hash
If (-not ($actualHash -eq $fileHash))
@@ -111,6 +113,8 @@ Invoke-Command -computername dc -Credential (new-object pscredential("windomain\
If (-not (Test-Path "$env:temp\gatewaysetup.zip")) {
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) [$env:computername] Downloading ATA Lightweight Gateway from WEF now..."
# Disabling the progress bar speeds up IWR https://github.com/PowerShell/PowerShell/issues/2138
$ProgressPreference = 'SilentlyContinue'
Invoke-WebRequest -uri https://wef/api/management/softwareUpdates/gateways/deploymentPackage -UseBasicParsing -OutFile "$env:temp\gatewaysetup.zip" -Credential (new-object pscredential("wef\vagrant", (convertto-securestring -AsPlainText -Force -String "vagrant")))
Expand-Archive -Path "$env:temp\gatewaysetup.zip" -DestinationPath "$env:temp\gatewaysetup" -Force
}

2
Vagrant/scripts/install-osquery.ps1
View File

@@ -11,6 +11,8 @@ If (-not ($service)) {
# Download the flags file from the Palantir osquery-configuration Github
# GitHub requires TLS 1.2 as of 2/1/2018
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
# Disabling the progress bar speeds up IWR https://github.com/PowerShell/PowerShell/issues/2138
$ProgressPreference = 'SilentlyContinue'
Invoke-WebRequest -Uri "https://raw.githubusercontent.com/palantir/osquery-configuration/master/Classic/Endpoints/Windows/osquery.flags" -OutFile $flagfile
## Use the TLS config

74
Vagrant/scripts/install-redteam.ps1
View File

@@ -3,6 +3,11 @@
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Installing Red Team Tooling..."
$hostname = $(hostname)
# Disabling the progress bar speeds up IWR https://github.com/PowerShell/PowerShell/issues/2138
$ProgressPreference = 'SilentlyContinue'
# GitHub requires TLS 1.2 as of 2/27
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
# Windows Defender should be disabled already by O&O ShutUp10 and the GPO
If ($hostname -eq "win10") {
# Adding Defender exclusions just in case
@@ -18,75 +23,78 @@ If ($hostname -ne "win10" -And (Get-Service -Name WinDefend -ErrorAction Silentl
Try {
Uninstall-WindowsFeature Windows-Defender -ErrorAction Stop
Uninstall-WindowsFeature Windows-Defender-Features -ErrorAction Stop
}
Catch {
} Catch {
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Windows Defender did not uninstall successfully..."
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) We'll try again during install-red-team.ps1"
}
}
Else {
} Else {
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Windows Defender has already been disabled or uninstalled."
}
# Purpose: Downloads and unzips a copy of the latest Mimikatz trunk
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Determining latest release of Mimikatz..."
# GitHub requires TLS 1.2 as of 2/27
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$tag = (Invoke-WebRequest "https://api.github.com/repos/gentilkiwi/mimikatz/releases" -UseBasicParsing | ConvertFrom-Json)[0].tag_name
$mimikatzDownloadUrl = "https://github.com/gentilkiwi/mimikatz/releases/download/$tag/mimikatz_trunk.zip"
$mimikatzRepoPath = 'C:\Users\vagrant\AppData\Local\Temp\mimikatz_trunk.zip'
if (-not (Test-Path $mimikatzRepoPath)) {
If (-not (Test-Path $mimikatzRepoPath)) {
Invoke-WebRequest -Uri "$mimikatzDownloadUrl" -OutFile $mimikatzRepoPath
Expand-Archive -path "$mimikatzRepoPath" -destinationpath 'c:\Tools\Mimikatz' -Force
}
else {
} Else {
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Mimikatz was already installed. Moving On."
}
# Download and unzip a copy of PowerSploit
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading Powersploit..."
# GitHub requires TLS 1.2 as of 2/27
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$powersploitDownloadUrl = "https://github.com/PowerShellMafia/PowerSploit/archive/dev.zip"
$powersploitRepoPath = "C:\Users\vagrant\AppData\Local\Temp\powersploit.zip"
if (-not (Test-Path $powersploitRepoPath)) {
If (-not (Test-Path $powersploitRepoPath)) {
Invoke-WebRequest -Uri "$powersploitDownloadUrl" -OutFile $powersploitRepoPath
Expand-Archive -path "$powersploitRepoPath" -destinationpath 'c:\Tools\PowerSploit' -Force
Copy-Item "c:\Tools\PowerSploit\PowerSploit-dev\*" "$Env:windir\System32\WindowsPowerShell\v1.0\Modules" -Recurse -Force
}
else {
} Else {
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) PowerSploit was already installed. Moving On."
}
# Download and unzip a copy of Atomic Red Team
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading Atomic Red Team..."
# GitHub requires TLS 1.2 as of 2/27
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$atomicRedTeamDownloadUrl = "https://github.com/redcanaryco/atomic-red-team/archive/master.zip"
$atomicRedTeamRepoPath = "C:\Users\vagrant\AppData\Local\Temp\atomic_red_team.zip"
if (-not (Test-Path $atomicRedTeamRepoPath)) {
Invoke-WebRequest -Uri "$atomicRedTeamDownloadUrl" -OutFile "$atomicRedTeamRepoPath"
Expand-Archive -path "$atomicRedTeamRepoPath" -destinationpath 'c:\Tools\Atomic Red Team' -Force
}
else {
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Atomic Red Team was already installed. Moving On."
}
# Download and unzip a copy of BadBlood
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading BadBlood..."
# GitHub requires TLS 1.2 as of 2/27
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$badbloodDownloadUrl = "https://github.com/davidprowe/BadBlood/archive/master.zip"
$badbloodRepoPath = "C:\Users\vagrant\AppData\Local\Temp\badblood.zip"
if (-not (Test-Path $badbloodRepoPath)) {
If (-not (Test-Path $badbloodRepoPath)) {
Invoke-WebRequest -Uri "$badbloodDownloadUrl" -OutFile "$badbloodRepoPath"
Expand-Archive -path "$badbloodRepoPath" -destinationpath 'c:\Tools\BadBlood' -Force
# Lower the number of default users to be created by BadBlood
$invokeBadBloodPath = "c:\Tools\BadBlood\BadBlood-master\Invoke-BadBlood.ps1"
((Get-Content -path $invokeBadBloodPath -Raw) -replace '1000..5000','500..1500') | Set-Content -Path $invokeBadBloodPath
}
else {
} Else {
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) BadBlood was already installed. Moving On."
}
# Download and install Invoke-AtomicRedTeam
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading Invoke-AtomicRedTeam and atomic tests..."
If (-not (Test-Path "C:\Tools\AtomicRedTeam")) {
Install-PackageProvider -Name NuGet -Force
IEX (IWR 'https://raw.githubusercontent.com/redcanaryco/invoke-atomicredteam/master/install-atomicredteam.ps1' -UseBasicParsing);
Install-AtomicRedTeam -getAtomics -InstallPath "c:\Tools\AtomicRedTeam"
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Updating Profile.ps1 to import the Invoke-AtomicRedTeam module..."
Add-Content -Path C:\Windows\System32\WindowsPowerShell\v1.0\Profile.ps1 'Import-Module "C:\Tools\AtomicRedTeam\invoke-atomicredteam\Invoke-AtomicRedTeam.psd1" -Force
$PSDefaultParameterValues = @{"Invoke-AtomicTest:PathToAtomicsFolder"="C:\Tools\AtomicRedTeam\atomics"}' -Force
} Else {
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Invoke-AtomicRedTeam was already installed. Moving On."
}
# Purpose: Downloads the latest release of PurpleSharpNewtonsoft.Json.dll
New-Item -Path "c:\Tools\" -Name "PurpleSharp" -ItemType "directory"
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Determining latest release of Purplesharp..."
$tag = (Invoke-WebRequest "https://api.github.com/repos/mvelazc0/PurpleSharp/releases" -UseBasicParsing | ConvertFrom-Json)[0].tag_name
$purplesharpDownloadUrl = "https://github.com/mvelazc0/PurpleSharp/releases/download/$tag/PurpleSharp.exe"
$purplesharpDllDownloadURL = "https://github.com/mvelazc0/PurpleSharp/releases/download/$tag/Newtonsoft.Json.dll"
If (-not (Test-Path "c:\Tools\PurpleSharp\PurpleSharp.exe")) {
Invoke-WebRequest -Uri $purplesharpDownloadUrl -OutFile "c:\Tools\PurpleSharp\PurpleSharp.exe"
Invoke-WebRequest -Uri $purplesharpDllDownloadUrl -OutFile "c:\Tools\PurpleSharp\Newtonsoft.Json.dll"
}
Else {
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) PurpleSharp was already installed. Moving On."
}
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Red Team tooling installation complete!"

2
Vagrant/scripts/install-velociraptor.ps1
View File

@@ -12,6 +12,8 @@ If (Select-String -Path "c:\windows\system32\drivers\etc\hosts" -Pattern "logger
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Determining latest release of Velociraptor..."
# GitHub requires TLS 1.2 as of 2/27
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
# Disabling the progress bar speeds up IWR https://github.com/PowerShell/PowerShell/issues/2138
$ProgressPreference = 'SilentlyContinue'
$tag = (Invoke-WebRequest "https://api.github.com/repos/Velocidex/velociraptor/releases" -UseBasicParsing | ConvertFrom-Json)[0].tag_name
# Workaround hardcoded URL until this issue gets fixed: https://github.com/Velocidex/velociraptor/issues/528
$velociraptorDownloadUrl = "https://github.com/Velocidex/velociraptor/releases/download/v0.4.7/velociraptor-v0.4.7-1-windows-amd64.msi"

10
Vagrant/scripts/provision.ps1
View File

@@ -1,6 +1,7 @@
# Purpose: Sets timezone to UTC, sets hostname, creates/joins domain.
# Source: https://github.com/StefanScherer/adfs2
$ProfilePath = "C:\Windows\System32\WindowsPowerShell\v1.0\profile.ps1"
$box = Get-ItemProperty -Path HKLM:SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName -Name "ComputerName"
$box = $box.ComputerName.ToString().ToLower()
@@ -10,6 +11,15 @@ c:\windows\system32\tzutil.exe /s "UTC"
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Checking if Windows evaluation is expiring soon or expired..."
. c:\vagrant\scripts\fix-windows-expiration.ps1
If (!(Test-Path $ProfilePath)) {
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Disabling the Invoke-WebRequest download progress bar globally for speed improvements."
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) See https://github.com/PowerShell/PowerShell/issues/2138 for more info"
New-Item -Path $ProfilePath | Out-Null
If (!(Get-Content $Profilepath| % { $_ -match "SilentlyContinue" } )) {
Add-Content -Path $ProfilePath -Value "$ProgressPreference = 'SilentlyContinue'"
}
}
# Ping DetectionLab server for usage statistics
curl -userAgent "DetectionLab-$box" "https://ping.detectionlab.network/$box" -UseBasicParsing | out-null