This tutorial covers installation of the server on various operating systems.
Debian Linux
This guide will walk you through installing SpecterInsight on most Debian distributions including Kali and Ubuntu. This tutorial assumes that you have already registered an account and downloaded SpecterInsight.
Install Postgres
SpecterInsight leverages Postgres as the back end data store for all data that needs to be retrieved by server application. The easiest way to setup Postgres is to run a docker container. We’ll demonstrate setting up a container locally as an example.
docker run --name postgresql -e POSTGRES_USER=postgres -e POSTGRES_PASSWORD=postgres -p 5432:5432 -v /data:/var/lib/postgresql/data -d postgres
- postgresql is the name of the Docker Container.
- -e POSTGRES_USER is the parameter that sets a unique username to the Postgres database.
- -e POSTGRES_PASSWORD is the parameter that allows you to set the password of the Postgres database.
- -p 5432:5432 is the parameter that establishes a connection between the Host Port and Docker Container Port. In this case, both ports are given as 5432, which indicates requests sent to the Host Ports will automatically redirect to the Docker Container Port. In addition, 5432 is also the same port where PostgreSQL will be accepting requests from the client.
- -v is the parameter that synchronizes the postgres data with the local folder. This ensures that postgres data will be safely present within the Home Directory even if the Docker Container is terminated.
- -d is the parameter that runs the Docker Container in the detached mode, i.e., in the background. If you accidentally close or terminate the Command Prompt, the Docker Container will still run in the background.
- postgres is the name of the Docker image that was previously downloaded to run the Docker Container.
Configure SpecterInsight Settings
Next, you will need to tell the SpecterInsight server where it can find the postgres database and how to authenticate with it. The server cannot run without the database. These configuration options are stored in /settings/settings.json.
Set Database.Host to your IP of the host where your postgres container is running. Set the Database.Username and Database.Password based on your container setup. Once you run SpecterInsight, it will initialize the database and create all of the necessary tables.
{
"Database": {
"Host": "192.168.1.100",
"Database": "specter",
"Username": "postgres",
"Password": "postgres"
},
"Authentication": {
"Secret": "1e49a7aeb6624570824ef6d5cc30544e"
},
"Elastic": {
"Uri": "http://192.168.1.100:9200",
"ValidateServerCertificate": false,
"Index": "specter",
"Username": "elastic",
"Password": "elastic",
"MaxDepth": 6
}
}
Note: The server cannot run without a PostgreSQL instance to connect to; however, it can run without an ELK instance. If there are ELK settings, but no actual service listening, then the server will take an additional 30 – 60 seconds to startup as it tries to connect to the ELK API. If that fails, the server will continue on and attempt to reconnect periodically.
Install Dependencies
wget https://packages.microsoft.com/config/ubuntu/22.04/packages-microsoft-prod.deb -O packages-microsoft-prod.deb
sudo dpkg -i packages-microsoft-prod.deb
rm packages-microsoft-prod.deb
sudo apt-get update
sudo apt-get install -y aspnetcore-runtime-9.0
Start the Server
To start the server, run the following commands. A default configuration file is provided that will work for most installations. On startup, SpecterInsight will setup and configure the database, create the default admin account, and start the management API on HTTPS port 1337.
cd server
dotnet ./SpecterInsight.Server.Host.dll
⚠️ Any IP address can connect to the management port (TCP 1337). We recommend not exposing this port to the open internet.
Start the Client
The SpecterInsight client GUI is also written in .NET and leverages the AvaloniaUI to provide a consistent user experience across multiple platforms. Run the following commands to start the client.
cd client
dotnet ./SpecterInsight.UI.dll
You should now see the SpecterInsight GUI. Click the “Login” button to authenticate with the server. The standard port is 1337.
Default Credentials
A default user is created on first startup. The default credentials are:
Username: admin
Password: specter
Permission Issues
Some users have reported permission issues with their installation. If you run into that issue, try running the following commands. This will grant execute privileges to directories (making the traversable), makes the user kali the owner, and adds RW permissions.
sudo chown -R kali:kali /home/kali/SpecterInsight
sudo chmod -R u+rw /home/kali/SpecterInsight
sudo find /home/kali/SpecterInsight -type d -exec chmod u+x {} +
Windows
This guide will walk you through installing SpecterInsight on most Windows 10 and above systems. This tutorial assumes that you have already registered an account and downloaded SpecterInsight.
Install PostgreSQL Server for Windows
For detailed instructions on a basic installation of PostgreSQL, follow this tutorial here: https://practicalsecurityanalytics.com/how-to-install-postgresql-on-windows/
Return to this tutorial when you are finished.
Install Dependencies
Download and install the latest version of .NET for Windows from the Microsoft website: https://dotnet.microsoft.com/en-us/download/dotnet/
Start the Server
To start the server, run the following commands. A default configuration file is provided that will work for most installations. On startup, SpecterInsight will setup and configure the database, create the default admin account, and start the management API on HTTPS port 1337.
cd server
./SpecterInsight.Server.Host.exe
Start the Client
The SpecterInsight client GUI is also written in .NET and leverages the AvaloniaUI to provide a consistent user experience across multiple platforms. Run the following commands to start the client.
cd client
./SpecterInsight.UI.exe
Why:
C:\Users\Administrator\Downloads\SpecterInsight\server>SpecterInsight.Server.Host.exe
Unhandled exception. Npgsql.NpgsqlException (0x80004005): Failed to connect to 192.168.1.100:5432
—> System.TimeoutException: The operation has timed out.
at Npgsql.TaskTimeoutAndCancellation.ExecuteAsync(Func`2 getTaskFunc, NpgsqlTimeout timeout, CancellationToken cancellationToken)
at Npgsql.Internal.NpgsqlConnector.ConnectAsync(NpgsqlTimeout timeout, CancellationToken cancellationToken)
at Npgsql.Internal.NpgsqlConnector.ConnectAsync(NpgsqlTimeout timeout, CancellationToken cancellationToken)
at Npgsql.Internal.NpgsqlConnector.RawOpen(SslMode sslMode, NpgsqlTimeout timeout, Boolean async, CancellationToken cancellationToken, Boolean isFirstAttempt)
at Npgsql.Internal.NpgsqlConnector.g__OpenCore|216_1(NpgsqlConnector conn, SslMode sslMode, NpgsqlTimeout timeout, Boolean async, CancellationToken cancellationToken, Boolean isFirstAttempt)
at Npgsql.Internal.NpgsqlConnector.Open(NpgsqlTimeout timeout, Boolean async, CancellationToken cancellationToken)
at Npgsql.PoolingDataSource.OpenNewConnector(NpgsqlConnection conn, NpgsqlTimeout timeout, Boolean async, CancellationToken cancellationToken)
at Npgsql.PoolingDataSource.g__RentAsync|28_0(NpgsqlConnection conn, NpgsqlTimeout timeout, Boolean async, CancellationToken cancellationToken)
at Npgsql.NpgsqlConnection.g__OpenAsync|45_0(Boolean async, CancellationToken cancellationToken)
at Npgsql.NpgsqlDataSourceCommand.ExecuteReader(CommandBehavior behavior, Boolean async, CancellationToken cancellationToken)
at Npgsql.NpgsqlCommand.ExecuteNonQuery(Boolean async, CancellationToken cancellationToken)
at SpecterInsight.Server.Services.Database.DatabaseService.CreateAccountTableAsync() in C:\Users\helpdesk\Desktop\Workspace\repos\SpecterInsight\src\SpecterInsight.Server\Services\Database\AccountTable.cs:line 21
at SpecterInsight.Server.Services.Database.DatabaseService.EnsureDatabaseSchemaAsync() in C:\Users\helpdesk\Desktop\Workspace\repos\SpecterInsight\src\SpecterInsight.Server\Services\Database\DatabaseService.cs:line 93
at SpecterInsight.Server.Services.Database.DatabaseExtensions.AddSpecterDatabase(IServiceCollection services, IConfiguration configuration, Boolean dropDatabase) in C:\Users\helpdesk\Desktop\Workspace\repos\SpecterInsight\src\SpecterInsight.Server\Services\Database\DatabaseService.cs:line 35
at SpecterInsight.Server.KestrelManagementServer.Build(String[] args, IConfiguration configuration) in C:\Users\helpdesk\Desktop\Workspace\repos\SpecterInsight\src\SpecterInsight.Server\KestrelManagementServer.cs:line 197
at SpecterInsight.Server.KestrelManagementServer.Build(String[] args) in C:\Users\helpdesk\Desktop\Workspace\repos\SpecterInsight\src\SpecterInsight.Server\KestrelManagementServer.cs:line 164
at SpecterInsight.Server.Host.Program.Main(String[] args) in C:\Users\helpdesk\Desktop\Workspace\repos\SpecterInsight\src\SpecterInsight.Server.Host\Program.cs:line 4
at SpecterInsight.Server.Host.Program.(String[] args)
SpecterInsight depends upon postgresql for data storage. It won’t start without it. It sounds like the SpecterInsight server was unable to contact the postgresql server.
Unhandled exception. Npgsql.NpgsqlException (0x80004005): Failed to connect to 192.168.1.100:5432
—> System.TimeoutException: The operation has timed out.
I would recommend updating the settings.json file with the right IP address for your postgresql instance or troubleshooting connectivity from the SpecterInsight server to the postgresql service.