ShellSweepX ‐ Quick Start - splunk/ShellSweep GitHub Wiki

ShellSweepX Quickstart Guide

This guide will help you set up and run both the ShellSweepX server and client components quickly.

Server Setup

Prerequisites

  • Python 3.8+
  • pip (Python package manager)
  • Git

Steps

  1. Clone the Repository

    git clone https://github.com/splunk/shellsweep.git
cd shellsweepx

  2. Set Up a Virtual Environment

    python -m venv venv
source venv/bin/activate  # On Windows, use `venv\Scripts\activate`

  3. Install Dependencies

    pip install -r requirements.txt

  4. Start the Server

    python run.py

  5. Access the Web Interface

    • Open a web browser and navigate to http://localhost:8080

Client Setup

Windows Agent

  1. Download Agent Scripts
    • From the web interface, go to Agents page
    • Download shellsweep_agent.ps1 or shellsweep_scan.ps1

Linux Agent

  1. Download Agent Scripts
    • From the web interface, go to Agents page
    • Download shellsweep_agent.py and shellsweep_scan.sh

Quick Configuration

  1. Set Up YARA Rules

    • Go to Settings page in the web interface
    • Add or import YARA rules for enhanced detection

  2. Configure AI Integration

    • In Settings, add your GPT or Claude API key
    • Customize the AI prompt if needed

  3. Adjust Agent Configuration

    • On the Agents page, modify the scan paths and file extensions
    • Click "Save Configuration" to update all connected agents

First Scan

  1. Manual Upload

    • Go to Analysis page
    • Use the file upload feature to scan individual files

  2. Agent Scan

    • Agents will automatically scan based on their configuration
    • Results will appear in the Analysis page

  3. View Results

    • Check the Dashboard for an overview of detections
    • Use the Analysis page to dive deep into individual files
    • Trigger AI triage on suspicious files for in-depth analysis

Troubleshooting

  • Ensure firewall allows communication on the configured port
  • Check logs/shellsweepx.log for server-side issues
  • For agent issues, review the console output or local log files

Next Steps

  • Set up regular agent scans using task scheduler (Windows) or cron (Linux)
  • Integrate with your SIEM or ticketing system using the API endpoints
  • Regularly update YARA rules and review AI triage prompts for optimal detection

For more detailed information, refer to the full documentation.