Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
runscript is a management command that comes with CRITs that allows you to execute scripts that come with Services.
Let's look at the help:
$ python manage.py runscript -h Usage: manage.py runscript [options] <location> <script> -- <script argument 1> ... Runs scripts using the CRITs environment. <location>: "crits_scripts" (without quotes) to run a CRITs script or "foo" (without quotes) where foo is the name of a service. <script>: the name of the script to run. Options: -e, --environ-auth Authenticate using 'CRITS_USER' and 'CRITS_PASSWORD' environment variables (overrides -u and -p). -u USERNAME, --username=USERNAME Username to log in with (will prompt if not provided). -p PASSWORD, --password=PASSWORD Password to log in with (will prompt if not provided).
You'll notice the options for a username and password.
runscript requires authentication to CRITs for it to work. This allows script developers to track who is running scripts and what they are doing. If you run a command using
runscript you can also look at your Profile page in the UI and notice that it tracks these attempts there. This will help you in the event someone is using your account to run scripts without your permission (which means they have your password!). Some scripts, though, are really useful as cronjobs. Instead of requiring you to put a username and password in plain text, you can use the
-e option and store those values in a user's environment.
In the crits_services repository you'll notice a service called
crits_scripts. That is the name of the service that we are telling runscript to find the script we want to run. It expects that contained within that service is a
scripts directory containing all of the scripts it can call.
Inside of the
scripts directory for the
crits_scripts service you'll notice a file
add_file.py. Let's see how to use that script:
$ python manage.py runscript crits_scripts add_file -- -h Username: Password: Usage: manage.py [options] Options: -h, --help show this help message and exit -f FILENAME, --file=FILENAME scanned FILENAME -s SOURCE, --source=SOURCE source -p PARENT, --parent=PARENT parent md5 -P PARENT_TYPE, --parent-type=PARENT_TYPE parent type (Sample, PCAP, ...) -t TROJAN, --trojan=TROJAN trojan -r REFERENCE, --reference=REFERENCE reference field -b BUCKET_LIST, --bucket=BUCKET_LIST bucket list
You'll notice the
-- separator. That tells the command that we are now passing in options to
add_file.py and not to
runscript. You can also see that it prompted me to authenticate. It will not show the username or password as you are typing.
Many services come with scripts like this. It is encouraged to include scripts with your Services so the command-line users can perform operations as easy as they can through the UI. Most heavy lifting bulk-type operations require command-line tools to do so they can be handled differently. Also, sensitive operations like mass-removal is something that is not in the UI to keep users from accidentally removing things they didn't mean to. Those operations are left to command-line scripts where admins are left to handle the responsibility.