Integration Thor with Velociraptor
Closed this issue · 6 comments
Hello everyone,
I downloaded the yaml files from the repository, compressed them into a zip file and uploaded them to velociraptor. I cannot use any of the preconfigured scanners as they ask for api keys which I do not have. I have to give a talk on this and need to show the functionality.
Thank you.
hi @coos60 ,
the artifact Generic.Scanner.ThorZIP does not ask for api-keys/tokens. It just needs the THOR zip file (e.g. THOR lite which is free) and optionally additional cmdline args.
So for THOR lite you would download THOR lite, unpack it, add your THOR lite license, repack (everything) and upload it to the Generic.Scanner.ThorZIP artifact 'Tools -> ThorZIP'.
hi @coos60 ,
you can also try THOR cloud lite with Generic.Scanner.ThorCloud
(you get the token param from the "Launcher" options http URL)
this might be easier/faster :)
thanks for the support. I solved it. The only problem with thor cloud lite running in velociraptor is the timeout. It fails to complete operations.