Giter Site home page Giter Site logo

warhorse's Introduction

Warhorse Logo

Red Team Attack Infrastructure Automation

CURRENT STATUS - BETA

Table of contents

Overview

Warhorse consist of a fully featured Ansible playbook to deploy infrastructure in the cloud for conducting covert “Red Team” Penetration test. This playbook is highly customizable and has operational security out of box. The design of this playbook is much more then automation. This playbook implements real world TTP’s to avoid detection, gather raw attack data, lower operational cost and speedup time to compromise. The primary goals of this project are to get software installed quickly and securely so tools can be used, and tactics can be implemented and shared. In addition, this project aims to lower deployment error and generate live attack intel that would otherwise not be gathered because of the time cost of creation and deployment.

Features

  • Pure Ansible playbook with low dependencies and easy modification.
  • Cloud provider support (AWS)
  • Security from the ground up
    • White listed IP for management interfaces
    • Randomly generated passwords
    • Operating system hardening
    • Automated backup
    • Local Secret encryption with Ansible vault
    • API keys created per services that require them.
  • Docker containers for each application. Avoids dependence issues and allows for the creation management and removal of complex software stacks.
  • Low cost operation with single ec2 host.
  • Easily add and remove docker containers to create a stack that fits your engagement
  • Bottom up build everything is created and removed on-demand

Containers

Management

  • Traefik
  • Netdata
  • Lair
  • Watchtower
  • Backup (Borg/rclone to S3)
  • Grafana (Coming Soon)

Command And Control

  • Cobalt Strike

OSINT

  • Spiderfoot (Coming Soon)

Cloud Obfuscation

  • API Gateway (Coming Soon)
  • AWS Cloudfront (Coming Soon)
  • C2 Redirectors (Coming Soon)

Setup

Requirements

  • AWS API Key (Administrator Role)
  • Domain Name added to route53
  • Ansible 2.7
  • Boto 2
  • Boto 3
  • awscli

If your on a new system, we'll need to do some preliminary tasks. Assuming we have git, Python, pip and other obvious essentials like Ansible installed, let's get started...

At a terminal, enter the following:

# Clone the project
git clone https://github.com/war-horse/warhorse

# Make sure awscli and boto are installed
pip install awscli boto boto3

# Configure aws credentials
aws configure

Help with AWS configuration can be found here: http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html

# Setup a vault password
vi ~/.vault_passs
chmod 400 ~/.vault_pass

# Modifiy varables 
 inventory/group_vars/all/all.yml

Usage

BUILD TIME AROUND 10min

To launch the infrastructure, use the following command.

$ ansible-playbook -i inventory/hosts create.yml --vault-password-file ~/.vault_pass

To use with Cobalt strike you must provided a Cobalt strike key. This key is only required during the first build. If you do not provided a key Cobalt strike will not build.

ansible-playbook -i inventory/hosts create.yml --vault-password-file ~/.vault_pass --extra-vars "vault_cs_key=0000-0000-0000-0000"

If you would like to modify only one container for example cobaltstrike-docker you can use tags to save time running checks that are not needed

ansible-playbook -i inventory/hosts create.yml --vault-password-file ~/.vault_pass -t cobaltstrike-docker

To destroy your entire setup to included backups run the following command.

ansible-playbook -i inventory/hosts destroy.yml --vault-password-file ~/.vault_pass --tags destroy-all

To just remove for example cobaltstrike-docker you could run the following

ansible-playbook -i inventory/hosts destroy.yml --vault-password-file ~/.vault_pass --tags cobaltstrike-docker::destroy

What's Next?

This project is rapidly evolving. I have plans to continue active development and will utilize during my own engagements and modify and improve when necessary. I will be created better documentation as this project stabilizes. This playbook may not work at all feel free to make push request.

Dependencies

Ansible Roles

Author Information

Ralph May

https://github.com/ralphte

warhorse's People

Contributors

warhorse-bot avatar

Stargazers

avatar

Watchers

avatar

Forkers

superuser5 benheise

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.