Install

Plan and provision your ThreatPipes instance.

Prerequisites

Operating Systems

ThreatPipes is supported on:

  • Ubuntu 16 (or greater)

  • Kali 2018 (or greater)

  • Debian 9 (or greater)

  • MacOS 10.14 (or greater)

Unofficially, ThreatPipes has been successfully installed on other 64-bit Linux operating systems but we do not support these at this time.

Dependencies

To run ThreatPipes you need to be running Python >=3.6 ensuring python3-venv is installed.

  • 2x six-core

  • 2+ GHz CPU

  • 8GB RAM

  • 20GB Free disk space

Install

Ubuntu 16 (or greater) / Kali 2018 (or greater) / Debian 9 (or greater)

Install

$ apt-get update
$ apt-get install python3-venv
$ wget https://gitlab.com/threatpipes/threatpipes-downloads/raw/latest/latest/threatpipes.tar.gz
$ tar xvzf threatpipes.tar.gz
$ cd threatpipes
$ ./threatpipes.sh prodinstall

ThreatPipes will start on 127.0.0.1:5001 (localhost:5001).

You can modify the threatpipes.defaults file to change the IP/port ThreatPipes binds to. Make sure to stop ThreatPipes first if it is already running.

It is strongly recommended you run ThreatPipes over SSL if making your instance available on the internet (0.0.0.0:5001).

Run

To stop and start the daemon:

# Stop
$ systemctl stop threatpipes
# Start
$ systemctl start threatpipes
# Restart
$ systemctl restart threatpipes
# Status
$ systemctl status threatpipes

Warning: before stopping make sure any running scans complete. This command will not wait for scans to complete before stopping ThreatPipes.

MacOS 10.14 (or greater)

Install

$ curl "https://gitlab.com/threatpipes/threatpipes-downloads/raw/latest/latest/threatpipes.tar.gz" -o threatpipes.tar.gz
$ tar xvzf threatpipes.tar.gz
$ cd threatpipes
$ ./threatpipes.sh prodinstall

ThreatPipes will start on 127.0.0.1:5001 (localhost:5001).

You can modify the threatpipes.defaults file to change the IP/port ThreatPipes binds to. Make sure to stop ThreatPipes first if it is already running.

It is strongly recommended you run ThreatPipes over SSL if making your instance available on the internet (0.0.0.0:5001).

Run

To stop and start the daemon:

# Stop
$ launchctl bootout gui/`id -u` "$HOME/Library/LaunchAgents/com.threatpipes.webserver.plist"
# Start
$ launchctl bootstrap gui/`id -u` "$HOME/Library/LaunchAgents/com.threatpipes.webserver.plist"

Warning: before stopping make sure any running scans complete. This command will not wait for scans to complete before stopping ThreatPipes.

Running for the first time

Create your first user

Create first user

After the installation is finished, you'll be able to access ThreatPipes by navigating to the IP/port you started ThreatPipes on.

After creating the first user, you can add in the user management interface in the UI. Read more in Configure ThreatPipes.

Security

Secure your server

Almost all ThreatPipes modules require access to the internet to function (because they use cloud services to obtain data).

Therefore you need to expose your server to the public internet. As a result, it is important you consider the security of your instance.

At an absolute minimum you need to open the port you access the UI on (default 5001).

SSL

It is strongly recommended you run ThreatPipes over SSL.

ThreatPipes will serve HTTPS (and only that) if it detects the existence of a public certificate and key file in the ThreatPipes root directory. This means whatever port you set the software to listen on is the port TLS/SSL will be used.

It is not possible to serve both HTTP and HTTPS simultaneously on different ports.

To add your own SSL certificates place two files in the ThreatPipes root directory:

  1. threatpipes.crt (RSA public key in PEM format)

  2. threatpipes.key (RSA private key in PEM format).

If you are doing this after having already started ThreatPipes for the first time you will need to restart ThreatPipes.

If you create self-signed certificates it is likely that your browser will show insecure warnings (and probably take a very long time to perform handshakes).

Proxy

Some features of ThreatPipes utilise TOR features. TOR is not installed with ThreatPipes. You must install it manually.

For Linux/BSD

  1. Go to the Tor download page and download the stand-alone package for your platform.

  2. Compile/Install the package as per the instructions provided.

  3. Run Tor as follows:

tor --SocksPort 9050 --ControlPort 9051

Output from the process should indicate any errors and general status updates, but a message like this would indicate you are successfully set up:

[notice] Tor has successfully opened a circuit. Looks like client functionality is working.

Upgrade

You can see the version of ThreatPipes you are running by clicking "About" in the ThreatPipes navigation bar.

ThreatPipes version check

The server will periodically check for the latest version by querying the version endpoint here:

https://gitlab.com/threatpipes/threatpipes-downloads/raw/latest/VERSION.TXT

ThreatPipes update available

If an update is available you will see a download icon in the navigation bar. You can follow the links to download the latest ThreatPipes package.

You can install the new package by stopping ThreatPipes, and installing the update in the same way as described in Installing ThreatPipes. Doing so will replace updated files, but will not affect any data.

Before upgrading, make sure you stop ThreatPipes.

Uninstall

You can completely uninstall ThreatPipes by removing the ThreatPipes root directory and log files.

$ cd THREATPIPES_HOME
$ ./threatpipes.sh produninstall
$ cd ..
$ rm -r threatpipes

Before uninstalling, make sure you stop ThreatPipes.