Open-source release for Alpha version
This commit is contained in:
Ahmed Allam
128
containers/docker-entrypoint.sh
Normal file
128
containers/docker-entrypoint.sh
Normal file
@@ -0,0 +1,128 @@
|
||||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
if [ -z "$CAIDO_PORT" ] || [ -z "$STRIX_TOOL_SERVER_PORT" ]; then
|
||||
echo "Error: CAIDO_PORT and STRIX_TOOL_SERVER_PORT must be set."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
caido-cli --listen 127.0.0.1:${CAIDO_PORT} \
|
||||
--allow-guests \
|
||||
--no-logging \
|
||||
--no-open \
|
||||
--import-ca-cert /app/certs/ca.p12 \
|
||||
--import-ca-cert-pass "" > /dev/null 2>&1 &
|
||||
|
||||
echo "Waiting for Caido API to be ready..."
|
||||
for i in {1..30}; do
|
||||
if curl -s -o /dev/null http://localhost:${CAIDO_PORT}/graphql; then
|
||||
echo "Caido API is ready."
|
||||
break
|
||||
fi
|
||||
sleep 1
|
||||
done
|
||||
|
||||
sleep 2
|
||||
|
||||
echo "Fetching API token..."
|
||||
TOKEN=$(curl -s -X POST \
|
||||
-H "Content-Type: application/json" \
|
||||
-d '{"query":"mutation LoginAsGuest { loginAsGuest { token { accessToken } } }"}' \
|
||||
http://localhost:${CAIDO_PORT}/graphql | jq -r '.data.loginAsGuest.token.accessToken')
|
||||
|
||||
if [ -z "$TOKEN" ] || [ "$TOKEN" == "null" ]; then
|
||||
echo "Failed to get API token from Caido."
|
||||
curl -s -X POST -H "Content-Type: application/json" -d '{"query":"mutation { loginAsGuest { token { accessToken } } }"}' http://localhost:${CAIDO_PORT}/graphql
|
||||
exit 1
|
||||
fi
|
||||
|
||||
export CAIDO_API_TOKEN=$TOKEN
|
||||
echo "Caido API token has been set."
|
||||
|
||||
echo "Creating a new Caido project..."
|
||||
CREATE_PROJECT_RESPONSE=$(curl -s -X POST \
|
||||
-H "Content-Type: application/json" \
|
||||
-H "Authorization: Bearer $TOKEN" \
|
||||
-d '{"query":"mutation CreateProject { createProject(input: {name: \"sandbox\", temporary: true}) { project { id } } }"}' \
|
||||
http://localhost:${CAIDO_PORT}/graphql)
|
||||
|
||||
PROJECT_ID=$(echo $CREATE_PROJECT_RESPONSE | jq -r '.data.createProject.project.id')
|
||||
|
||||
if [ -z "$PROJECT_ID" ] || [ "$PROJECT_ID" == "null" ]; then
|
||||
echo "Failed to create Caido project."
|
||||
echo "Response: $CREATE_PROJECT_RESPONSE"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "Caido project created with ID: $PROJECT_ID"
|
||||
|
||||
echo "Selecting Caido project..."
|
||||
SELECT_RESPONSE=$(curl -s -X POST \
|
||||
-H "Content-Type: application/json" \
|
||||
-H "Authorization: Bearer $TOKEN" \
|
||||
-d '{"query":"mutation SelectProject { selectProject(id: \"'$PROJECT_ID'\") { currentProject { project { id } } } }"}' \
|
||||
http://localhost:${CAIDO_PORT}/graphql)
|
||||
|
||||
SELECTED_ID=$(echo $SELECT_RESPONSE | jq -r '.data.selectProject.currentProject.project.id')
|
||||
|
||||
if [ "$SELECTED_ID" != "$PROJECT_ID" ]; then
|
||||
echo "Failed to select Caido project."
|
||||
echo "Response: $SELECT_RESPONSE"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "✅ Caido project selected successfully."
|
||||
|
||||
echo "Configuring system-wide proxy settings..."
|
||||
|
||||
cat << EOF | sudo tee /etc/profile.d/proxy.sh
|
||||
export http_proxy=http://127.0.0.1:${CAIDO_PORT}
|
||||
export https_proxy=http://127.0.0.1:${CAIDO_PORT}
|
||||
export HTTP_PROXY=http://127.0.0.1:${CAIDO_PORT}
|
||||
export HTTPS_PROXY=http://127.0.0.1:${CAIDO_PORT}
|
||||
export ALL_PROXY=http://127.0.0.1:${CAIDO_PORT}
|
||||
export REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
|
||||
export SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
|
||||
export CAIDO_API_TOKEN=${TOKEN}
|
||||
EOF
|
||||
|
||||
cat << EOF | sudo tee /etc/environment
|
||||
http_proxy=http://127.0.0.1:${CAIDO_PORT}
|
||||
https_proxy=http://127.0.0.1:${CAIDO_PORT}
|
||||
HTTP_PROXY=http://127.0.0.1:${CAIDO_PORT}
|
||||
HTTPS_PROXY=http://127.0.0.1:${CAIDO_PORT}
|
||||
ALL_PROXY=http://127.0.0.1:${CAIDO_PORT}
|
||||
CAIDO_API_TOKEN=${TOKEN}
|
||||
EOF
|
||||
|
||||
cat << EOF | sudo tee /etc/wgetrc
|
||||
use_proxy=yes
|
||||
http_proxy=http://127.0.0.1:${CAIDO_PORT}
|
||||
https_proxy=http://127.0.0.1:${CAIDO_PORT}
|
||||
EOF
|
||||
|
||||
echo "source /etc/profile.d/proxy.sh" >> ~/.bashrc
|
||||
echo "source /etc/profile.d/proxy.sh" >> ~/.zshrc
|
||||
|
||||
source /etc/profile.d/proxy.sh
|
||||
|
||||
echo "✅ System-wide proxy configuration complete"
|
||||
|
||||
echo "Adding CA to browser trust store..."
|
||||
sudo -u pentester mkdir -p /home/pentester/.pki/nssdb
|
||||
sudo -u pentester certutil -N -d sql:/home/pentester/.pki/nssdb --empty-password
|
||||
sudo -u pentester certutil -A -n "Testing Root CA" -t "C,," -i /app/certs/ca.crt -d sql:/home/pentester/.pki/nssdb
|
||||
echo "✅ CA added to browser trust store"
|
||||
|
||||
echo "Starting tool server..."
|
||||
cd /app && \
|
||||
STRIX_SANDBOX_MODE=true \
|
||||
STRIX_SANDBOX_TOKEN=${STRIX_SANDBOX_TOKEN} \
|
||||
CAIDO_API_TOKEN=${TOKEN} \
|
||||
poetry run uvicorn strix.runtime.tool_server:app --host 0.0.0.0 --port ${STRIX_TOOL_SERVER_PORT} &
|
||||
|
||||
echo "✅ Tool server started in background"
|
||||
|
||||
cd /workspace
|
||||
|
||||
exec "$@"
|
||||
Reference in New Issue
Block a user