Install-AtomicRedTeam Script (#450)

* Initial Commit * Update install-atomicredteam.ps1 * Update install-atomicredteam.ps1 * Update install-atomicredteam.ps1 * Final @caseysmithrc Please review. * license fix license update * Update install-atomicredteam.ps1
2019-02-06 11:52:40 -07:00
parent 8e2ec0aae1
commit ec383fbb3c
2 changed files with 152 additions and 14 deletions
@@ -1,23 +1,26 @@
 # Invoke-AtomicRedTeam

-## Requires Installation of PowerShell-Yaml
+## Setup

-```powershell
-Install-Module -Name powershell-yaml  
-```
+### Install Atomic Red Team

-For Additional Details:
-    [PowerShell-Yaml](https://github.com/cloudbase/powershell-yaml)
+Get started quickly with our simple Powershell [script](install-atomicredteam.ps1).

-## Basic usage Examples
+### Manual

-#### Load PowerShell Script

-```powershell
-Import-Module .\Invoke-AtomicRedTeam.psm1  
-```
+`set-executionpolicy Unrestricted`

-#### Execute Single Test
+[PowerShell-Yaml](https://github.com/cloudbase/powershell-yaml) is required to parse Atomic yaml files:
+
+
+`Install-Module -Name powershell-yaml`
+
+`Import-Module .\Invoke-AtomicRedTeam.psm1`
+
+## Getting Started
+
+### Execute a Single Test

 ```powershell
 $T1117 = Get-AtomicTechnique -Path ..\..\atomics\T1117\T1117.yaml
@@ -81,5 +84,3 @@ Get-ChildItem $AtomicFilePath -Recurse -Filter *.yaml -File | ForEach-Object {
 }
 $AllAtomicTests.GetEnumerator() | Foreach-Object { Invoke-AtomicTest $_.Value -GenerateOnly }
 ```
-
-### Feedback Welcome
@@ -0,0 +1,137 @@
+#Requires -RunAsAdministrator
+[CmdletBinding()]
+Param(
+  [Parameter(Mandatory=$False,Position=0)]
+  [string]$InstallPath = 'C:\AtomicRedTeam',
+
+  [Parameter(Mandatory=$False,Position=0)]
+  [string]$DownloadPath = 'C:\AtomicRedTeam'
+
+ )
+
+function Install-AtomicRedTeam {
+<#
+    .SYNOPSIS
+
+        This is a simple script to download and install Atomic Red Team Invoke-AtomicRedTeam Powershell Framework.
+
+        Atomic Function: Install-AtomicRedTeam
+        Author: Red Canary Research
+        License: MIT License
+        Required Dependencies: powershell-yaml
+        Optional Dependencies: None
+
+    .PARAMETER DownloadPath
+
+    Specifies the desired path to download Atomic Red Team.
+
+    .PARAMETER InstallPath
+
+        Specifies the desired path for where to install Atomic Red Team.
+
+    .EXAMPLE
+
+        Install Atomic Red Team
+        PS> Install-AtomicRedTeam.ps1
+
+    .EXAMPLE
+
+        Execute a single test
+        $T1117 = Get-AtomicTechnique -Path ..\..\atomics\T1117\T1117.yaml
+        Invoke-AtomicTest $T1117
+
+    .EXAMPLE
+
+        Informational Stream
+        Invoke-AtomicTest $T1117 -InformationAction Continue
+
+    .EXAMPLE
+
+        Verbose Stream
+        Invoke-AtomicTest $T1117 -Verbose
+
+    .EXAMPLE
+
+        Debug Stream
+        Invoke-AtomicTest $T1117 -Debug
+
+    .EXAMPLE
+
+        What if
+        If you would like to see what would happen without running the test
+        Invoke-AtomicTest $T1117 -WhatIf
+
+    .EXAMPLE
+
+
+        To run all tests without confirming them run using the Confirm switch to false
+
+        Invoke-AtomicTest $T1117 -Confirm:$false
+        Or you can set your $ConfirmPreference to 'Medium'
+
+        $ConfirmPreference = 'Medium'
+        Invoke-AtomicTest $T1117
+
+    .EXAMPLE
+
+        [System.Collections.HashTable]$AllAtomicTests = @{}
+        $AtomicFilePath = 'C:\AtomicRedTeam\atomics\'
+        Get-ChildItem $AtomicFilePath -Recurse -Filter *.yaml -File | ForEach-Object {
+            $currentTechnique = [System.IO.Path]::GetFileNameWithoutExtension($_.FullName)
+            $parsedYaml = (ConvertFrom-Yaml (Get-Content $_.FullName -Raw ))
+            $AllAtomicTests.Add($currentTechnique, $parsedYaml);
+        }
+        $AllAtomicTests.GetEnumerator() | Foreach-Object { Invoke-AtomicTest $_.Value -GenerateOnly }
+
+    .NOTES
+
+    Use the '-Verbose' option to print detailed information.
+
+#>
+
+
+write-verbose "Directory Creation"
+
+if(!(Test-Path -Path $InstallPath )){
+    New-Item -ItemType directory -Path $InstallPath
+	write-verbose "Setting Execution Policy to Unrestricted"
+	set-executionpolicy Unrestricted
+
+	write-verbose "Setting variables for remote URL and download Path"
+	$url = "https://github.com/redcanaryco/atomic-red-team/archive/master.zip"
+	$path = "$DownloadPath\master.zip"
+	[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
+	$webClient = new-object System.Net.WebClient
+	write-verbose "Beginning download from Github"
+	$webClient.DownloadFile( $url, $path )
+
+	write-verbose "Extracting ART to C:\AtomicRedTeam\"
+	expand-archive -LiteralPath "$DownloadPath\master.zip" -DestinationPath "$InstallPath"
+
+	write-verbose "Installing NuGet PackageProvider"
+	Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force
+
+	write-verbose "Installing powershell-yaml"
+	Install-Module -Name powershell-yaml -Force
+
+	write-verbose "Importing invoke-atomicRedTeam module"
+	Import-Module "$InstallPath\atomic-red-team-master\execution-frameworks\Invoke-AtomicRedTeam\Invoke-AtomicRedTeam\Invoke-AtomicRedTeam.psm1"
+
+	write-verbose "Changing current work directory Invoke-AtomicRedTeam"
+	cd "$InstallPath\atomic-red-team-master\execution-frameworks\Invoke-AtomicRedTeam\Invoke-AtomicRedTeam\"
+
+	write-verbose "Clearing screen"
+	clear
+
+	Write-Host "Installation of Invoke-AtomicRedTeam is complete" -Fore Yellow
+
+}
+else
+{
+	Write-Verbose "Atomic Already exists at $InstallPath"
+	exit
+
+
+}
+}
+Install-AtomicRedTeam