BanditLab-aarch64.yaml

apt:
  sources:
    dotnet_backports:
      source: deb [arch="arm64","amd64"] https://ppa.launchpadcontent.net/dotnet/backports/ubuntu/ $RELEASE main
      key: |
        -----BEGIN PGP PUBLIC KEY BLOCK-----
        
        mQINBGWzzawBEAD0r2+MRyiDtGRmCZ+S15spTUY9/l/0bKIZp5S+WTfd1NlSzkCl
        +XYQa4cy9+jzeAgosiN0Brx8X1ohYo2uRc4+yEZaODpuR4X5roAabLEE9/R3n9XL
        HJ0pqLiieqmsHcICqMFNYLc7eG3ttN3knRRbKQBk/P6UpJhcWRIex4Oeo5RK5pS3
        zCJzRCwqf/rZFfcHgssXSXjDqnYONOuNNyxp0qHG3PG3WVUjnnjx3tWI33T/Qiat
        FNJh3wW3Y+wMuRUuB04DymVgVoFBB2xWu158GtpuKrFQ7xf3ZSD4JgcwCx2pXQ+E
        P7GEm+S7ARk1hnN4vto3oqg8h6QdVbjaO+E+u7snmneC0GPCLlj9cvrKnRXEwJag
        oj+t0g7sR8iSbjfnLxAAPfPRpHnLCk/NjtB6kASJxggUEsRe3mcO+9WgvF/w85np
        or0L+AvPSnnUxrLybwKLT+0TbSOA3CKGAOfSAqCS77hbRjdjuzSoh5O7IQUZOrJJ
        XzfKZylSbW/t1mSZbmLMxB3aD/HfDeWLS3JWOQVMDCGCVE9yh6P9X0B/5UEYp5mu
        nQ34rttqMCu9gBPR93f21kz3dUoA5m/OSkvqrAwqgarlPKdQnjcthJGI0l+xU1fI
        fqC3wDjYIgJ+DCGl7OyLW7htMj+ZY7eJbHHXN4AMAwDFQcicW42VVnrIVwARAQAB
        tCJMYXVuY2hwYWQgUFBBIGZvciAuTkVUIEAgQ2Fub25pY2FsiQJOBBMBCgA4FiEE
        RaPxJxWb6eUBeBHGISWxZOjl0/oFAmWzzawCGwMFCwkIBwIGFQoJCAsCBBYCAwEC
        HgECF4AACgkQISWxZOjl0/poJA//U5RZZxAAWxWGj9qyelawo7KecLWImcFUDcnI
        2mfQOB9havZYcOcjenYiJTxKoJ4lRQzGbA/ssGea07zRtdaP/pyWv6iWfVsX3Dvl
        hwetndbkllbUKoFEQndyxKuK+JBaM3YLDqUVJhJp3w5Jn2IqfnWkZnGf3vZWFCtY
        Alobynkqnv0EVX4FteHG+/T4ouTXCkJVwMtekDdCkYXOE7mWWcRW7KAeHq/wI85T
        HaWR6jWjhsF9U0wjludVGeeoL6F8FGaHxbTbn7pQR8Epz92hl9+tQkyxjtjuXDtj
        TWvI1buewpzHujk5AXknLabmuFCGl/AHxYB6i4briBvar0SRy3x9XszvMiEtb69V
        ApepUcG/PmlUb5X0KofDoQ7btS56HxPRnScOyWX/tUccod41s7Tsx5eGYTEcZjRh
        FBYgjqhnMkcFoEpFx9Wt2Z2cRpZXzc07uz3WAF8eb3QcOkFrwySogVDhdF+cHvGI
        RyD27ZbxEsQDIr2hCgOdDg/Cvz9uvN5WhiFL/xM82idIWfczF1rkFb9p6AxR9c26
        99oVl+UOLTSPlPmsgtDwOTwc0EYjspEit30BQWQUEN4VaQlGpGLJxshs8hGf57fq
        5i/EmixUuQvkThlBZIdSkAeFhwS0mnGmcOQmfCE/6hBqBCgDEDspJPW56SGOVZMo
        yRDdXGU=
        =zcgX
        -----END PGP PUBLIC KEY BLOCK-----
    google-cloud-sdk:
      source: deb [arch="arm64","amd64"] https://packages.cloud.google.com/apt cloud-sdk main
      key: |
        -----BEGIN PGP PUBLIC KEY BLOCK-----

        mQENBGCRt7MBCADkYJHHQQoL6tKrW/LbmfR9ljz7ib2aWno4JO3VKQvLwjyUMPpq
        /SXXMOnx8jXwgWizpPxQYDRJ0SQXS9ULJ1hXRL/OgMnZAYvYDeV2jBnKsAIEdiG/
        e1qm8P4W9qpWJc+hNq7FOT13RzGWRx57SdLWSXo0KeY38r9lvjjOmT/cuOcmjwlD
        T9XYf/RSO+yJ/AsyMdAr+ZbDeQUd9HYJiPdI04lGaGM02MjDMnx+monc+y54t+Z+
        ry1WtQdzoQt9dHlIPlV1tR+xV5DHHsejCZxu9TWzzSlL5wfBBeEz7R/OIzivGJpW
        QdJzd+2QDXSRg9q2XYWP5ZVtSgjVVJjNlb6ZABEBAAG0VEFydGlmYWN0IFJlZ2lz
        dHJ5IFJlcG9zaXRvcnkgU2lnbmVyIDxhcnRpZmFjdC1yZWdpc3RyeS1yZXBvc2l0
        b3J5LXNpZ25lckBnb29nbGUuY29tPokBTgQTAQoAOBYhBDW6oLM+nrOW9ZyoOMC6
        XObcYxWjBQJgkbezAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEMC6XObc
        YxWj+igIAMFh6DrAYMeq9sbZ1ZG6oAMrinUheGQbEqe76nIDQNsZnhDwZ2wWqgVC
        7DgOMqlhQmOmzm7M6Nzmq2dvPwq3xC2OeI9fQyzjT72deBTzLP7PJok9PJFOMdLf
        ILSsUnmMsheQt4DUO0jYAX2KUuWOIXXJaZ319QyoRNBPYa5qz7qXS7wHLOY89IDq
        fHt6Aud8ER5zhyOyhytcYMeaGC1g1IKWmgewnhEq02FantMJGlmmFi2eA0EPD02G
        C3742QGqRxLwjWsm5/TpyuU24EYKRGCRm7QdVIo3ugFSetKrn0byOxWGBvtu4fH8
        XWvZkRT+u+yzH1s5yFYBqc2JTrrJvRWZAQ0EYoi11AEIANaYpM1kRhaBfLvcW8oV
        jl9Guji0Y1rgF7hNlbfBmly30KPwSPKRTtL0Q+gncR0qnEWW0dG7tBsOLotZI0Dh
        fHCe51CtgbGfHHpG7UoEcXEeEt9ay8VwYzCK3/OenG0i31TOoKbZhMRbk1SfNDit
        dipVArYUsbjB5gnlsrCRj5mydEmnPF0cYnSkGKrCQxPxt9B0nKZQGjCf5J65DYcS
        p+NUywhF7R3B4PY8dZ5aj19NezPVDlpuIZyTI5XKg33/8OBK8tShxRxmyta9g9o3
        6jyVdM7cZgUY1WzHTr2vFquR4KM6mJA5atCbLBchJC51y6xKCaaB+xFlhbsUMHLk
        xCsAEQEAAbRRUmFwdHVyZSBBdXRvbWF0aWMgU2lnbmluZyBLZXkgKGNsb3VkLXJh
        cHR1cmUtc2lnbmluZy1rZXktMjAyMi0wMy0wNy0wOF8wMV8wMS5wdWIpiQEiBBMB
        CAAWBQJiiLXUCRC1PcgNE+3vBQIbAwIZAQAAwagH/3xAE0gg3dDYPdpqGt+RvprF
        3nnM7BHS2euK4lGg8eg26is6kK/1pYwy9AAI1aTGy8nEQXw5RvOFJiMBHnfhEOKC
        NN62MraLbAovP+QmNlu4XhlczKcKbjR5WbVdmpTrdT1dHZHGZemnI2kypA70uvMY
        Sc0m6HbeJxpljqejXZrHKbFyV7/5IKZ1rygMB9rSLIDaLKD95TTlu5m/ngwLpEHX
        dC1L7y86soMavtFin9Vi9DNhab5yToO+VpVfpUHnUGQuXbdJCSfJkgkFU+by21Tr
        kTKuuAbWMsscVcNSon9Gk0qr48LNaLK3i7LcB9crz1FzMu7e7GIPQJAjRPfW78i5
        AQ0EYoi11AEIAMgwwl1FyDQ+G/v4KtnPfFETwVvPwA35gIuKBB4fQH2WKPGSMAWv
        62EHQis67uu7A1j6a90/p0B7BS6v6kloiMR77izwkEQVvgHEl8EE+4RsZLFuLg48
        Qm7BPndMwkwSzv6AjEIKbCKhOCBMGnonMOxP9x0F7JYK6wJDANamqhgKhRYkutRD
        p06Ujuzqn6IhQ0hqa3IELBviLOzbsd0SlfyC872sR21xvvf30fI7egPiAeBy4WK5
        lOm9Yd2f1ZjA8Yzqekk0btyu0udy1NHRw/0q61I83OnJJ4CeIfHwv15t0P2008JY
        L4605wZGtwF4TOeRiHULiTN0/U5Gbm6meScAEQEAAYkBHwQYAQgAEwUCYoi11AkQ
        tT3IDRPt7wUCGwwAAEmYCACFE+T90WPvVtT9RNeuQSRlnMT0nNSBqf+23JGtXpBs
        VkAEHJ/iliMGP7IsrDfbzT/8la6sqjHa7MSrWF1c951EcgJG6HUWN3TSi1pD7AYX
        eRjvjOVaK8Hpanq2cv1JNDWhVgFS/seFIegnmyEQvJ53HEfG6tSAUAP6lsVciIrx
        ycAd9dMkxyuY+kL5hYQL8N6ojIRw0+TNGG1FK4RFdyrWf4om8xQAowP+17PC+6PM
        FppJZqmZ2caa1GOMvsjFR4ZqZVY7AtBtSv7fgzDN14l1wvx9q/ksDxSTS6XJ5d3C
        IArwUpCyLEj7Fm/PsdSzyWfilnAbD9Om871wyQeiC2DN
        =gsYm
        -----END PGP PUBLIC KEY BLOCK-----


packages:
  - aeskeyfind
  - afflib-tools
  - binwalk
  - getxattr
  - cewl
  - dc3dd
  - dislocker
  - dnsrecon
  - ewf-tools
  - exifprobe
  - fcrackzip
  - forensic-artifacts
  - forensics-colorize
  - galleta
  - hashdeep
  - pff-tools
  - mc
  - recoverdm
  - scrounge-ntfs
  - sleuthkit
  - ssdeep
  - wipe
  - yara
  - ext3grep
  - libimage-exiftool-perl
  - unblob
  - binvis
  - testdisk
  - chntpw
  - geoip-bin
  - mblaze
  - mboxgrep
  - pev
  - tshark
  - unar
  - tesseract-ocr
  - libvshadow-utils
  - dotnet-runtime-6.0
  - python3.12-venv
  - python3-pip
  - extundelete
  - libarchive-tools
  - ugrep
  - apt-transport-https
  - parallel
  - nikto
  - jq
  - xmlstarlet
  - attr
  - poppler-utils
  - xq



runcmd:
 - sudo -u ubuntu sh -c 'curl -skL https://github.com/0CM/BanditLab/raw/main/packages/BanditLabGetTools_aarch64.sh | bash'
 - sudo -u ubuntu sh -c 'git clone https://github.com/SigmaHQ/sigma $HOME/tools/chainsaw/sigma'
 - sudo -u ubuntu sh -c 'git clone https://github.com/CISOfy/lynis $HOME/tools/lynis'
 - sudo -u ubuntu python3 -m venv /home/ubuntu/pyapps
 - sudo -u ubuntu python3 -m venv /home/ubuntu/pyflare
 - sudo -u ubuntu /home/ubuntu/pyflare/bin/python3 -m pip install flare-capa
 - sudo -u ubuntu /home/ubuntu/pyapps/bin/python3 -m pip install peepdf-3 pdfid oletools pyhindsight browserexport windowsprefetch xlsxgrep tabulate dnspython wheel domaintools_api evtxtract
 - sudo -u ubuntu /home/ubuntu/pyapps/bin/python3 -m pip install https://github.com/msuhanov/dfir_ntfs/archive/1.1.18.tar.gz
 - sudo -u ubuntu /home/ubuntu/pyapps/bin/python3 -m pip install git+https://github.com/cisagov/ioc-scanner.git
 - sudo -u ubuntu /home/ubuntu/pyapps/bin/python3 -m pip install git+https://github.com/cclgroupltd/ccl_chromium_reader.git
 - sudo -u ubuntu sh -c 'git clone https://github.com/CISOfy/lynis $HOME/tools/lynis'
 - sudo -u ubuntu chmod 755 /home/ubuntu/pyapps/bin/hindsight.py
 - sudo -u ubuntu chmod 755 /home/ubuntu/pyapps/bin/hindsight_gui.py
 - sudo -u ubuntu sh -c 'sudo snap install multipass-sshfs'
 
write_files:
  - path: /home/ubuntu/.bashrc
    owner: ubuntu:ubuntu
    permissions: '0644'
    content: |
        # Aliases and other customization for Binary Bandits Forensic VM
        alias mftecmd="/home/ubuntu/tools/EZTools/MFTECmd/MFTECmd"
        alias amcacheparser="/home/ubuntu/tools/EZTools/AmcacheParser/AmcacheParser"
        alias bstrings="/home/ubuntu/tools/EZTools/bstrings/bstrings"
        alias evtxecmd="/home/ubuntu/tools/EZTools/EvtxECmd/EvtxECmd"
        alias jlecmd="/home/ubuntu/tools/EZTools/JLECmd/JLECmd"
        alias lecmd="/home/ubuntu/tools/EZTools/LECmd/LECmd"
        alias rbcmd="/home/ubuntu/tools/EZTools/RBCmd/RBCmd"
        alias recmd="/home/ubuntu/tools/EZTools/RECmd/RECmd"
        alias srumecmd="/home/ubuntu/tools/EZTools/SrumECmd/SrumECmd"
        alias recentfilecacheparser="/home/ubuntu/tools/EZTools/RecentFileCacheParser/RecentFileCacheParser"
        alias sqlecmd="/home/ubuntu/tools/EZTools/SQLECmd/SQLECmd"
        alias wxtcmd="/home/ubuntu/tools/EZTools/WxTCmd/WxTCmd"
        alias rla="/home/ubuntu/tools/EZTools/rla/rla"
        alias sidr="/home/ubuntu/tools/sidr/sidr"
        alias vt="/home/ubuntu/tools/vt/vt"
        alias noseyparker="/home/ubuntu/tools/noseyparker/bin/noseyparker"
        alias trufflehog="/home/ubuntu/tools/trufflehog/trufflehog"
        alias timeliner="/home/ubuntu/tools/timeliner/timeliner"
        alias pyapps="source $HOME/pyapps/bin/activate"
        alias peepdf="source $HOME/pyapps/bin/activate&&peepdf"
        alias pdfid="source $HOME/pyapps/bin/activate&&pdfid"
        alias fat_parser="source $HOME/pyapps/bin/activate&&fat_parser"
        alias ntfs_parser="source $HOME/pyapps/bin/activate&&ntfs_parser"
        alias hindsight="source $HOME/pyapps/bin/activate&&hindsight.py"
        alias hindsight_gui="source $HOME/pyapps/bin/activate&&hindsight_gui.py"
        alias browserexport="source $HOME/pyapps/bin/activate&&browserexport"
        alias prefetch="source $HOME/pyapps/bin/activate&&prefetch.py"
        alias xlsxgrep="source $HOME/pyapps/bin/activate&&xlsxgrep"
        alias ioc-scan="source $HOME/pyapps/bin/activate&&ioc-scan"
        alias capa="source $HOME/pyflare/bin/activate&&capa"
        alias installazurecli="curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash"
        alias installgcloudcli="sudo snap install google-cloud-cli --classic"
        alias installgcloudsdk="sudo snap install google-cloud-sdk --classic"
        alias installpwsh="sudo -u ubuntu sh -c 'wget --no-check-certificate -qO- https://github.com/PowerShell/PowerShell/releases/download/v7.4.4/powershell-7.4.4-linux-arm64.tar.gz | tar -xz -C $HOME/tools/ --one-top-level=powershell && chmod 755 $HOME/tools/powershell/pwsh && sudo ln -s $HOME/tools/powershell/pwsh /usr/bin/pwsh'"
        
        
    append: true
    defer: true