trinitor/DetectionLab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
3151668a7f485e21b275ab01a4399bc580852188
DetectionLab/Vagrant/scripts/install-velociraptor.ps1
Chris Long 3151668a7f Update install-velociraptor.ps1
2021-04-27 00:04:08 -07:00

40 lines
2.3 KiB
PowerShell
Raw Blame History

# Purpose: Installs velociraptor on the host
# Add a hosts entry to avoid DNS issues
If (Select-String -Path "c:\windows\system32\drivers\etc\hosts" -Pattern "logger") {
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Hosts file already updated. Moving on."
} Else {
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Adding logger to the hosts file"
Add-Content "c:\windows\system32\drivers\etc\hosts" " 192.168.38.105 logger"
}
# Downloads and install the latest Velociraptor release
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Determining latest release of Velociraptor..."
# GitHub requires TLS 1.2 as of 2/27
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
# Disabling the progress bar speeds up IWR https://github.com/PowerShell/PowerShell/issues/2138
$ProgressPreference = 'SilentlyContinue'
$tag = (Invoke-WebRequest "https://api.github.com/repos/Velocidex/velociraptor/releases" -UseBasicParsing | ConvertFrom-Json)[0].tag_name
# Workaround hardcoded URL until this issue gets fixed: https://github.com/Velocidex/velociraptor/issues/528
$velociraptorDownloadUrl = "https://github.com/Velocidex/velociraptor/releases/download/v0.5.8/velociraptor-v0.5.8-windows-amd64.msi"
#$velociraptorDownloadUrl = "https://github.com/Velocidex/velociraptor/releases/download/$tag/velociraptor-$tag-windows-amd64.msi"
$velociraptorMSIPath = 'C:\Users\vagrant\AppData\Local\Temp\velociraptor.msi'
$velociraptorLogFile = 'c:\Users\vagrant\AppData\Local\Temp\velociraptor_install.log'
If (-not (Test-Path $velociraptorLogFile)) {
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading Velociraptor..."
Invoke-WebRequest -Uri "$velociraptorDownloadUrl" -OutFile $velociraptorMSIPath
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Installing Velociraptor..."
Start-Process C:\Windows\System32\msiexec.exe -ArgumentList "/i $velociraptorMSIPath /quiet /qn /norestart /log $velociraptorLogFile" -wait
Copy-Item "c:\vagrant\resources\velociraptor\Velociraptor.config.yaml" "C:\Program Files\Velociraptor"
Restart-Service Velociraptor
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Velociraptor successfully installed!"
} Else {
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Velociraptor was already installed. Moving On."
}
If ((Get-Service -name Velociraptor).Status -ne "Running")
{
Throw "Velociraptor service is not running"
}
Reference in New Issue View Git Blame Copy Permalink