commit 15a788436a8b1381e908499a8d30eb094bdc4417
Author: tabledevil <tabledevil@gmail.com>
Date:   Tue Nov 28 18:32:50 2023 +0100

    first commit

diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..080ecf0
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,17 @@
+FROM alpine as builder
+ADD 'https://github.com/Yamato-Security/hayabusa/releases/download/v2.10.1/hayabusa-2.10.1-all-platforms.zip' /hayabusa.zip
+RUN apk add -U unzip git
+RUN mkdir /opt/hayabusa && cd /opt/hayabusa && unzip /hayabusa.zip
+RUN chmod +x /opt/hayabusa/hayabusa-2.10.1-lin-musl
+RUN ln /opt/hayabusa/hayabusa-2.10.1-lin-musl /opt/hayabusa/hayabusa
+RUN chmod +x /opt/hayabusa/hayabusa
+RUN /opt/hayabusa/hayabusa update-rules -r /opt/hayabusa/rules/
+
+From alpine
+COPY --from=0 /opt/hayabusa /opt/hayabusa
+ENV PATH="${PATH}:/opt/hayabusa"
+RUN apk add -U bash
+WORKDIR /data
+RUN mkdir /output && touch /output/notmounted
+ADD start.sh /root/start.sh
+CMD ["/bin/bash","/root/start.sh"]
diff --git a/start.sh b/start.sh
new file mode 100644
index 0000000..0bd5ea5
--- /dev/null
+++ b/start.sh
@@ -0,0 +1,35 @@
+#!/bin/sh
+#check if folder was mounted under /data
+if [[ ! -d /data ]] ; then
+    echo "[!] No Folder was mounted to /data"
+    echo "[=] Make sure a folder containig the Windows Logs (evtx) is mounted. Example:"
+    echo "[=]"
+    echo "[>] # docker run -it --rm -v /path/to/logfiles:/data tabledevil/apthunter"
+    exit 1
+fi
+
+#check which destination is writeable /data or /output
+if [[ ! -f /output/notmounted ]] && [[ -w /output ]] ; then
+    echo "[!] Output folder was mounted and is writeable"
+    echo "[>] Using /output as destination for report"
+    output="/output"
+else
+    if [[ -w /data ]] ; then
+        echo "[!] Mounted folder /data can be written"
+        echo "[>] Using /data as destination for report"
+        output="/data"
+    else
+        echo "[!] No writeable output folder available"
+        echo "[=] Make sure either the folder mounted under /data is writable ..."
+        echo "[>] # docker run -it --rm -v /path/to/logfiles:/data tabledevil/apthunter"
+        echo "[=] ... or mount a writable folder to /output"
+        echo "[>] # docker run -it --rm -v /path/to/logfiles:/data:ro -v /path/for/report:/output tabledevil/apthunter"
+        exit 1
+    fi
+fi
+
+#set output-destination
+output="${output}/hayabusa_$(date +%s)"
+echo "output is goint to : ${output}"
+
+hayabusa csv-timeline -p timesketch-verbose -r /opt/hayabusa/rules/ -w -m low -U -H "${output}".html -o "${output}.ts.csv" -C -d /data