Mike Goffin edited this page Jun 4, 2014 · 1 revision

runscript is a management command that comes with CRITs that allows you to execute scripts that come with Services.

Let's look at the help:

$ python runscript -h
Usage: runscript [options] <location> <script> -- <script argument 1> ...

Runs scripts using the CRITs environment.
<location>:	"crits_scripts" (without quotes) to run a CRITs script 
		or "foo" (without quotes) where foo is the name of a service.
<script>:	the name of the script to run.

  -e, --environ-auth    Authenticate using 'CRITS_USER' and 'CRITS_PASSWORD'
                        environment variables (overrides -u and -p).
  -u USERNAME, --username=USERNAME
                        Username to log in with (will prompt if not provided).
  -p PASSWORD, --password=PASSWORD
                        Password to log in with (will prompt if not provided).

You'll notice the options for a username and password. runscript requires authentication to CRITs for it to work. This allows script developers to track who is running scripts and what they are doing. If you run a command using runscript you can also look at your Profile page in the UI and notice that it tracks these attempts there. This will help you in the event someone is using your account to run scripts without your permission (which means they have your password!). Some scripts, though, are really useful as cronjobs. Instead of requiring you to put a username and password in plain text, you can use the -e option and store those values in a user's environment.

In the crits_services repository you'll notice a service called crits_scripts. That is the name of the service that we are telling runscript to find the script we want to run. It expects that contained within that service is a scripts directory containing all of the scripts it can call.

Inside of the scripts directory for the crits_scripts service you'll notice a file Let's see how to use that script:

$ python runscript crits_scripts add_file -- -h
Usage: [options]

  -h, --help            show this help message and exit
                        scanned FILENAME
  -s SOURCE, --source=SOURCE
  -p PARENT, --parent=PARENT
                        parent md5
  -P PARENT_TYPE, --parent-type=PARENT_TYPE
                        parent type (Sample, PCAP, ...)
  -t TROJAN, --trojan=TROJAN
  -r REFERENCE, --reference=REFERENCE
                        reference field
                        bucket list

You'll notice the -- separator. That tells the command that we are now passing in options to and not to runscript. You can also see that it prompted me to authenticate. It will not show the username or password as you are typing.

Many services come with scripts like this. It is encouraged to include scripts with your Services so the command-line users can perform operations as easy as they can through the UI. Most heavy lifting bulk-type operations require command-line tools to do so they can be handled differently. Also, sensitive operations like mass-removal is something that is not in the UI to keep users from accidentally removing things they didn't mean to. Those operations are left to command-line scripts where admins are left to handle the responsibility.

You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.