greysec/phi-scanner
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
phi-scanner/start_malware_pipeline.sh
T
Hermes Agent bd6ba4ed1b Add greysec-tools pipeline scripts 
- fibratus_rabbitmq_bridge.py
- variant_event_consumer.py
- start_malware_pipeline.sh
- pre-flight-vm-check.sh
- email_to_crm.py
- prowler_csv_to_supabase.py
2026-05-09 00:13:30 -05:00

68 lines
2.7 KiB
Bash
Raw Permalink Blame History

#!/bin/bash
# start_malware_pipeline.sh — starts all GreySec malware pipeline components
set -e
echo "[pipeline] Starting GreySec Malware Pipeline..."
# 1. Ensure RabbitMQ is running
systemctl is-active rabbitmq-server --quiet && echo "[pipeline] RabbitMQ OK" || (echo "[pipeline] Starting RabbitMQ..."; sudo systemctl start rabbitmq-server)
# 2. Ensure Docker container is running
if docker ps --format '{{.Names}}' | grep -q litterbox-windows; then
echo "[pipeline] litterbox-windows container OK"
else
echo "[pipeline] Starting litterbox-windows container..."
cd ~/greysec/tools/LitterBox/Docker
docker-compose up -d litterbox-windows
fi
# 3. Wait for Whiskers to be responsive
echo "[pipeline] Waiting for Whiskers API..."
for i in $(seq 1 30); do
if curl -s --connect-timeout 2 http://localhost:8081/api/info | grep -q "WIN-UQTTF6G24EJ"; then
echo "[pipeline] Whiskers OK"
break
fi
echo "[pipeline] Waiting... ($i/30)"
sleep 2
done
# 4. Start fibratus_rabbitmq_bridge if not running
if ! pgrep -f "fibratus_rabbitmq_bridge.py" > /dev/null 2>&1; then
echo "[pipeline] Starting fibratus_rabbitmq_bridge..."
nohup python3 -u /home/ghstshdw/bin/greysec/fibratus_rabbitmq_bridge.py \
--whiskers-url http://localhost:8081 \
--rabbitmq-host localhost \
--rabbitmq-user litterbox_pipeline \
--rabbitmq-pass "pipeline_pass123" \
--rabbitmq-vhost litterbox \
--hostname WIN-UQTTF6G24EJ \
--poll-interval 5 \
>> /home/ghstshdw/.hermes/logs/bridge.log 2>&1 &
echo "[pipeline] Bridge started (PID $!)"
else
echo "[pipeline] fibratus_rabbitmq_bridge already running"
fi
# 5. Start variant_event_consumer if not running
mkdir -p /home/ghstshdw/greysec/logs
if ! pgrep -f "variant_event_consumer.py" > /dev/null 2>&1; then
echo "[pipeline] Starting variant_event_consumer..."
nohup python3 /home/ghstshdw/bin/greysec/variant_event_consumer.py \
--db-host localhost --db-port 5432 --db-name greysecthreat \
--db-user greysec --db-pass "GreySecDBPass2026!" \
--rabbitmq-host localhost --rabbitmq-user litterbox_pipeline \
--rabbitmq-pass "pipeline_pass123" --rabbitmq-vhost litterbox \
--queue whiskers.events \
>> /home/ghstshdw/greysec/logs/variant_consumer.log 2>&1 &
echo "[pipeline] Consumer started (PID $!)"
else
echo "[pipeline] variant_event_consumer already running"
fi
echo "[pipeline] All components started."
echo "[pipeline] noVNC: http://localhost:8006/"
echo "[pipeline] RabbitMQ: http://localhost:15672"
echo "[pipeline] Bridge log: /home/ghstshdw/.hermes/logs/bridge.log"
echo "[pipeline] Consumer log: /home/ghstshdw/greysec/logs/variant_consumer.log"
Reference in New Issue View Git Blame Copy Permalink