This pipeline analyses binary files.
Tools run in the pipeline
Poll for new files in git repository
decompile-binaryto identify the compiler used in the binary sample, then run snowman-decompiler OR python-extract-code depending on the compiler identification
ioc_stringsfor files extracted by binwalk
feature_extractorfor ioc_strings' output
Contains the scripts for the pipeline
The results will be written to tool specific folder under master branch
- Files to be analysed
- Place to put API keys for the feature_extractor (and possibly other configuration files)
How to set up the pipeline
USING THE SCRIPT
You can set up the pipeline to the pilot environment with
sudo ./setup-pipeline.sh [+] Cloning the pipelines.git Available pipelines 1) document-pipeline 2) pdf-pipeline 3) pdf-pipeline Private registry version 4) pe-pipeline 5) Quit Your choice:
Or you can give the desired pipeline as an argument:
sudo ./setup-pipeline.sh pe-pipeline
The setup will copy the pilot environment's SSH keys to Gitlab using a private access token, and modify the pipeline's credentials to use resources with SSH.
Setup concourse (tutorial)
Setup a git repository with branch:master, with the files included in the "scripts" folder.
Setup branch:sample-source for the samples.
Create branch:configuration with the files from the "conf" folder.
Edit the credentials.yml with the details of your git and your ssh key.
Login to concourse:
fly -t CONCOURSE_TARGET_NAME login -c http://127.0.0.1:8080 -u CONCOURSE_USERNAME -p CONCOURSE_PASSWORD
- Set up the pipeline:
fly -t CONCOURSE_TARGET_NAME sp -c pipeline.yml -p pe-pipeline -l credentials.yml
- Unpause the pipeline:
fly -t CONCOURSE_TARGET_NAME unpause-pipeline -p pe-pipeline
- Upload your samples to sample-source -branch