Skip to content

Commit

Permalink
Add more comments. Move mutex name.
Browse files Browse the repository at this point in the history
  • Loading branch information
@reuteras
reuteras committed Dec 21, 2023
1 parent 2b33513 commit 8027f45
Show file tree
Hide file tree
Showing 17 changed files with 171 additions and 211 deletions.
34 changes: 16 additions & 18 deletions downloadFiles.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,10 @@
. .\resources\download\common.ps1

# Check if sandbox is running
if ( tasklist | findstr WindowsSandbox ) {
Write-DateLog "Sandbox can't be running during install or upgrade."
Exit
}

if ($args.Count -eq 0) {
Write-DateLog "No arguments given. Will download all files."
Expand All @@ -11,13 +15,6 @@ if ($args.Count -eq 0) {
$all = $false
}

if ($all -or $args -contains "--bash" -or $args -contains "--node" -or $args -contains "--python") {
if ( tasklist | findstr WindowsSandbox ) {
Write-DateLog "Sandbox can't be running during install or upgrade."
Exit
}
}

if ($all -eq $false) {
if (! (Test-Path "$TOOLS\bin" )) {
Write-DateLog "No tools directory found. You have to run this script without arguments first."
Expand Down Expand Up @@ -46,8 +43,6 @@ if (! (Test-Path -Path ".\log" )) {
Get-Date > ".\log\log.txt"
Get-Date > ".\log\jobs.txt"

# The scripts git and http are needed by the Python script.
# Most scripts need http.ps1.
# Get GitHub password from user input
if ($all -or $args -contains "--http" -or $args -contains "--release" -or $args -contains "--didier") {
write-dateLog "Use GitHub token to avoid problems with rate limits."
Expand All @@ -58,10 +53,8 @@ if ($all -or $args -contains "--http" -or $args -contains "--release" -or $args
$null = $GH_USER
}

if ($all -or $args -contains "--http") {
Write-DateLog "Download files via HTTP."
.\resources\download\http.ps1
}
Write-DateLog "Download files needed in Sandboxes."
. .\resources\download\basic.ps1

if ($all -or $args -contains "--bash") {
Write-DateLog "Download packages for Git for Windows (bash)."
Expand All @@ -78,17 +71,22 @@ if ($all -or $args -contains "--git") {
.\resources\download\git.ps1
}

if ($all -or $args -contains "--release") {
Write-DateLog "Download releases from GitHub."
.\resources\download\release.ps1
}

if ($all -or $args -contains "--python") {
Write-Output "" > .\log\python.txt
Write-DateLog "Setup Python and install packages."
Start-Job -FilePath .\resources\download\python.ps1 -WorkingDirectory $PWD\resources\download -ArgumentList $PSScriptRoot | Out-Null
}

if ($all -or $args -contains "--http") {
Write-DateLog "Download files via HTTP."
.\resources\download\http.ps1
}

if ($all -or $args -contains "--release") {
Write-DateLog "Download releases from GitHub."
.\resources\download\release.ps1
}

if ($all -or $args -contains "--didier") {
Write-DateLog "Download Didier Stevens tools."
.\resources\download\didier.ps1
Expand Down
40 changes: 33 additions & 7 deletions enrichment.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,16 @@ if (-not (Test-Path -Path ${enrichmentDirectory})) {
New-Item -ItemType Directory -Path ${enrichmentDirectory} -Force | Out-Null
}

# Get the current date
$DATE = Get-Date -Format "yyyy-MM-dd"

# Read config file
if (-not (Test-Path -Path "${PWD}\config.ps1")) {
Write-Output "Please create a config.ps1 to download Maxmind databases"
} else {
. .\config.ps1
}

# Download Tor exit nodes
$folderUrl = "https://collector.torproject.org/archive/exit-lists/"
$torsaveDirectory = "${enrichmentDirectory}\tor"
Expand All @@ -22,7 +32,12 @@ if (-not (Test-Path -Path $torsaveDirectory)) {
New-Item -ItemType Directory -Path $torsaveDirectory -Force | Out-Null
}

# Download all exit files

#
# TOR exit nodes
#

# Download all exit files for TOR
$webClient = New-Object System.Net.WebClient
$files = $webClient.DownloadString($folderUrl).Split("`n") | Select-String -Pattern '<a href="(exit[^"]+)"' | ForEach-Object { $_.Matches.Groups[1].Value }

Expand All @@ -34,7 +49,9 @@ foreach ($file in $files) {
}
$webClient.Dispose()

$DATE = Get-Date -Format "yyyy-MM-dd"
#
# MAC address lookup files
#

# Get manuf file for MAC address lookup
$manufSaveDirectory = "${enrichmentDirectory}\manuf"
Expand All @@ -48,11 +65,9 @@ Write-Output "Downloading $manufUrl to $manufSavePath"
Invoke-WebRequest -Uri $manufUrl -OutFile $manufSavePath
Copy-Item -Path $manufSavePath -Destination "${manufSaveDirectory}\manuf-${DATE}.txt"

if (-not (Test-Path -Path "${PWD}\config.ps1")) {
Write-Output "Please create a config.ps1 to download Maxmind databases"
} else {
. .\config.ps1
}
#
# Maxmind GeoLite2 databases
#

# Check if the Maxmind license key is set
if (-not $MAXMIND_LICENSE_KEY) {
Expand Down Expand Up @@ -87,6 +102,10 @@ if (-not $MAXMIND_LICENSE_KEY) {
Copy-Item -Path $savePath -Destination "${maxmindSaveDirectory}\GeoLite2-Country-${DATE}.tar.gz"
}

#
# Download the latest version of Suricata rules
#

# Download the latest version of Suricata rules
$suricataUrl = "https://rules.emergingthreats.net/open/suricata-5.0/emerging.rules.zip"
$suricataSaveDirectory = "${enrichmentDirectory}\suricata"
Expand All @@ -101,6 +120,10 @@ Write-Output "Downloading $suricataUrl to $suricataSavePath"
Invoke-WebRequest -Uri $suricataUrl -OutFile $suricataSavePath
Copy-Item -Path $suricataSavePath -Destination "${suricataSaveDirectory}\emerging-${DATE}.rules.zip"

#
# Download the latest version of Snort rules
#

# Download the latest version of Snort rules
$snortUrl = "https://www.snort.org/downloads/community/community-rules.tar.gz"
$snortSaveDirectory = "${enrichmentDirectory}\snort"
Expand All @@ -115,7 +138,10 @@ Write-Output "Downloading $snortUrl to $snortSavePath"
Invoke-WebRequest -Uri $snortUrl -OutFile $snortSavePath
Copy-Item -Path $snortSavePath -Destination "${snortSaveDirectory}\community-rules-${DATE}.rules.tar.gz"

#
# Git repositories for enrichment
#

if (! (Get-Command git )) {
Write-Output "Need git to checkout git repositories."
Exit
Expand Down
1 change: 0 additions & 1 deletion resources/download/bash.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,6 @@ $ROOT_PATH = Resolve-Path "$ScriptRoot\..\..\"
Write-DateLog "Download packages for Git for Windows (bash)."
Write-Output "" > .\log\bash.txt

$mutexName = "Global\dfirwsMutex"
$mutex = New-Object System.Threading.Mutex($false, $mutexName)

if (Test-Path -Path $ROOT_PATH\tmp\downloads\bash ) {
Expand Down
2 changes: 2 additions & 0 deletions resources/download/common.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,12 @@ $PSDefaultParameterValues['Out-File:Encoding'] = 'utf8'
$SETUP_PATH=".\downloads"
$TEMP="C:\tmp"
$TOOLS=".\mount\Tools"
$mutexName = "Global\dfirwsMutex"

$null=$SETUP_PATH
$null=$TEMP
$null=$TOOLS
$null=$mutexName

<#
.SYNOPSIS
Expand Down
1 change: 1 addition & 0 deletions resources/download/git.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ $repourls = `
"https://github.com/mari-mari/CapaExplorer.git", `
"https://github.com/MarkBaggett/ese-analyst.git", `
"https://github.com/mattifestation/CimSweep.git", `
"https://github.com/Neo23x0/signature-base.git", `
"https://github.com/netspooky/scare.git", `
"https://github.com/ninewayhandshake/capa-explorer.git", `
"https://github.com/pan-unit42/dotnetfile.git", `
Expand Down
Loading

0 comments on commit 8027f45

Please sign in to comment.