├── .gitignore ├── LICENSE ├── README.md ├── Vagrantfile ├── aws-ubuntu.pkr.hcl ├── data └── .gitkeep ├── localhost.yml ├── playbook.yml └── roles ├── aws ├── defaults │ └── main.yml ├── tasks │ └── main.yml └── templates │ └── shellscript ├── azure ├── defaults │ └── main.yml └── tasks │ └── main.yml ├── devops ├── defaults │ └── main.yml └── tasks │ └── main.yml ├── gcp └── tasks │ └── main.yml ├── kubernetes ├── defaults │ └── main.yml └── tasks │ └── main.yml └── ubuntu ├── defaults └── main.yml └── tasks └── main.yml /.gitignore: -------------------------------------------------------------------------------- 1 | .vagrant 2 | .vscode 3 | data 4 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Cloud Testing VM 2 | 3 | This is the necessary scripts to build and run a Ubuntu virtual machine that has a number of common cloud assessment tools pre-installed. It uses a combination of Vagrant and Ansible to deploy the VM and configure it if running locally. You can also build a version as an AWS AMI. 4 | 5 | ## Tools 6 | 7 | These should all be present in the path by default. 8 | 9 | | Tool | Description | URL | 10 | | ------------------ | ----------------------------------------------------------- | -------------------------------------------------- | 11 | | `aws` | AWS CLI | | 12 | | `az` | Azure CLI | | 13 | | `gcloud` | Google Cloud Platform CLI | | 14 | | `kubectl` | CLI for interacting with Kubernetes clusters | | 15 | | `amicontained` | Container introspection and runtime enumeration | | 16 | | `am-i-isolated` | Container introspection and runtime enumeration | | 17 | | `auger` | Tool for accessing objects stored in etcd directly | | 18 | | `aws-vault` | Secure storage of AWS credentials | | 19 | | `azurehound` | Azure collector for Bloodhound CE | | 20 | | `bloodhound` | Entra ID, Azure and Active Directory permission mapping\* | | 21 | | `cartography` | Resource relationship mapper | | 22 | | `checkov` | Terraform static analysis and security auditing | | 23 | | `cloudfox` | AWS Exploitation toolkit | | 24 | | `cloudsplaining` | Identify risks in IAM policies | | 25 | | `detect-secrets` | Scan for secrets in code repositories (docker image) | | 26 | | `enumerate-iam` | Find permissions for a given set of AWS IAM credentials | | 27 | | `etcdctl` | CLI client for etcd | | 28 | | `freezer` | Download tool for IceKube | | 29 | | `iamgraph` | Graph out role assumption through an AWS organization | | 30 | | `iamspy` | IAM policy evaluator using formal methods | | 31 | | `icekube` | Kubernetes attack path graph generation | | 32 | | `jq` | JSON parser and processor | | 33 | | `kics` | Infrastructure as code vulnerability scanner (docker image) | | 34 | | `kubectl-who-can` | Query and enumerate permissions in a Kubernetes cluster | | 35 | | `kubehound` | Kubernetes identity and permission graphing | | 36 | | `pacu` | AWS exploitation framework | | 37 | | `pmapper` | AWS IAM evaluator | | 38 | | `prowler` | AWS security auditing tooling | | 39 | | `roadtools` | Entra ID reconnaissance framework | | 40 | | `rbac-lookup` | Tool for looking up Kubernetes roles and cluster roles | | 41 | | `scoutsuite` | Multi-cloud audit tool | | 42 | | `stratus-red-team` | Multi-cloud TTP simulation tool | | 43 | | `terrascan` | Terraform code scanning tool (docker image) | | 44 | | `tfsec` | Terraform code scanning tool (docker image) | | 45 | | `trivy` | Container CVE & security issue scanner (docker container) | | 46 | | `yq` | YAML parser and processor | | 47 | 48 | \*Bloodhound is the Bloodhound CE version, included as a `docker-compose` file in `~/bloodhound/`. Follow instructions in their repo to use it. 49 | 50 | ## Local Use 51 | 52 | ### Prerequisites 53 | 54 | - Vagrant [https://www.vagrantup.com/](https://www.vagrantup.com/) 55 | - Virtualbox 56 | - The vagrant-vbguest Vagrant plugin (once vagrant is installed, run `vagrant plugin install vagrant-vbguest`) 57 | 58 | ### Setup 59 | 60 | - Run `vagrant up` to build the VM 61 | - Run `vagrant ssh` to get a terminal inside the VM 62 | - Tools are on the path. 63 | 64 | ## AWS AMI Building 65 | 66 | - `packer init aws-ubuntu.pkr.hcl` 67 | - `packer build aws-ubuntu.pkr.hcl` while configured with the right AWS profile 68 | 69 | ## TO DO 70 | 71 | - Update docs to detail how to build AMIs 72 | - Update packer to build local VMs for virtualbox and VMWare 73 | - Update packer to create vagrant boxes for virtualbox and vmware 74 | 75 | ### Tools to add 76 | 77 | - 78 | - Powershell 79 | - 80 | - 81 | - 82 | - All the project discovery stuff 83 | -------------------------------------------------------------------------------- /Vagrantfile: -------------------------------------------------------------------------------- 1 | # -*- mode: ruby -*- 2 | # vi: set ft=ruby : 3 | 4 | Vagrant.configure("2") do |config| 5 | config.vm.box = "bento/ubuntu-24.04" 6 | config.vm.synced_folder "./data", "/hostdata" 7 | 8 | config.vm.provider "virtualbox" do |vb| 9 | # Don't display the VirtualBox GUI when booting the machine - change to true if you want the GUI 10 | vb.gui = false 11 | # Customize the amount of memory on the VM: 12 | vb.memory = "4096" 13 | end 14 | 15 | # Provision cloud tools into VM 16 | config.vm.provision "ansible_local" do |ansible| 17 | ansible.playbook = "playbook.yml" 18 | end 19 | end 20 | -------------------------------------------------------------------------------- /aws-ubuntu.pkr.hcl: -------------------------------------------------------------------------------- 1 | variable "ami_prefix" { 2 | type = string 3 | default = "cloud-testing-vm" 4 | } 5 | 6 | locals { 7 | timestamp = regex_replace(timestamp(), "[- TZ:]", "") 8 | tags = { 9 | Name = "Cloud Testing Image" 10 | } 11 | } 12 | 13 | packer { 14 | required_plugins { 15 | amazon = { 16 | source = "github.com/hashicorp/amazon" 17 | version = ">= 1" 18 | } 19 | ansible = { 20 | source = "github.com/hashicorp/ansible" 21 | version = ">= 1" 22 | } 23 | } 24 | } 25 | 26 | source "amazon-ebs" "ubuntu" { 27 | ami_name = "${var.ami_prefix}-${local.timestamp}" 28 | instance_type = "t3.medium" 29 | region = "eu-west-2" 30 | source_ami_filter { 31 | filters = { 32 | name = "ubuntu/images/*/ubuntu-noble-24.04-amd64-server-*" 33 | root-device-type = "ebs" 34 | virtualization-type = "hvm" 35 | } 36 | most_recent = true 37 | owners = ["099720109477"] 38 | } 39 | ssh_username = "ubuntu" 40 | 41 | run_volume_tags = local.tags 42 | tags = local.tags 43 | 44 | launch_block_device_mappings { 45 | device_name = "/dev/sda1" 46 | volume_size = 50 47 | volume_type = "gp2" 48 | delete_on_termination = true 49 | } 50 | 51 | temporary_iam_instance_profile_policy_document { 52 | Statement { 53 | Effect = "Allow" 54 | Action = [ 55 | "ssm:DescribeAssociation", 56 | "ssm:GetDeployablePatchSnapshotForInstance", 57 | "ssm:GetDocument", 58 | "ssm:DescribeDocument", 59 | "ssm:GetManifest", 60 | "ssm:GetParameter", 61 | "ssm:GetParameters", 62 | "ssm:ListAssociations", 63 | "ssm:ListInstanceAssociations", 64 | "ssm:PutInventory", 65 | "ssm:PutComplianceItems", 66 | "ssm:PutConfigurePackageResult", 67 | "ssm:UpdateAssociationStatus", 68 | "ssm:UpdateInstanceAssociationStatus", 69 | "ssm:UpdateInstanceInformation", 70 | "ssmmessages:CreateControlChannel", 71 | "ssmmessages:CreateDataChannel", 72 | "ssmmessages:OpenControlChannel", 73 | "ssmmessages:OpenDataChannel", 74 | "ec2messages:AcknowledgeMessage", 75 | "ec2messages:DeleteMessage", 76 | "ec2messages:FailMessage", 77 | "ec2messages:GetEndpoint", 78 | "ec2messages:GetMessages", 79 | "ec2messages:SendReply" 80 | ] 81 | Resource = ["*"] 82 | } 83 | Version = "2012-10-17" 84 | } 85 | 86 | # skip_create_ami = true 87 | } 88 | 89 | build { 90 | name = "build-testing-vm" 91 | 92 | sources = [ 93 | "source.amazon-ebs.ubuntu" 94 | ] 95 | 96 | provisioner "ansible" { 97 | playbook_file = "./playbook.yml" 98 | extra_arguments = ["--scp-extra-args", "'-O'", "--ssh-extra-args", "-o IdentitiesOnly=yes -o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedAlgorithms=+ssh-rsa"] 99 | } 100 | 101 | provisioner "shell" { 102 | environment_vars = [ 103 | "TEST=testing" 104 | ] 105 | 106 | inline = [ 107 | "echo testing", 108 | "echo $TEST", 109 | ] 110 | } 111 | } 112 | -------------------------------------------------------------------------------- /data/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/cloud-security-vm/e9e0740c5f4c50f7e2c61f5b7d3f0e3fdeb98539/data/.gitkeep -------------------------------------------------------------------------------- /localhost.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | connection: local 4 | become: true 5 | vars: 6 | ansible_remote_tmp: /tmp 7 | roles: 8 | - role: ubuntu 9 | - role: aws 10 | - role: azure 11 | - role: gcp 12 | - role: kubernetes 13 | - role: devops 14 | -------------------------------------------------------------------------------- /playbook.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: default 3 | remote_user: ubuntu 4 | become: true 5 | vars: 6 | ansible_remote_tmp: /tmp 7 | roles: 8 | - role: ubuntu 9 | - role: aws 10 | - role: azure 11 | - role: gcp 12 | - role: kubernetes 13 | - role: devops 14 | -------------------------------------------------------------------------------- /roles/aws/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | aws_vault_install_location: /usr/local/bin/aws-vault 3 | iamspy_install_location: /usr/local/bin/iamspy 4 | iamgraph_install_location: /usr/local/bin/iamgraph 5 | pacu_install_location: /usr/local/bin/pacu 6 | pmapper_install_location: /usr/local/bin/pmapper 7 | prowler_install_location: /usr/local/bin/prowler 8 | scoutsuite_install_location: /usr/local/bin/scout 9 | cloudfox_install_location: /usr/local/bin/ 10 | stratus_red_team_install_location: /usr/local/bin/ 11 | 12 | aws_vault_version: v7.2.0 13 | cloudfox_version: v1.14.2 14 | stratus_red_team_version: v2.16.0 15 | 16 | other_python_tools: 17 | - {name: enumerate-iam, repo: https://github.com/skybound1/enumerate-iam, script: enumerate-iam.py} 18 | - {name: pmapper, repo: https://github.com/Fennerr/PMapper, script: pmapper.py} 19 | -------------------------------------------------------------------------------- /roles/aws/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Require unzip 3 | apt: 4 | name: unzip 5 | state: latest 6 | 7 | - name: Download aws cli v2 installer 8 | unarchive: 9 | src: "https://awscli.amazonaws.com/awscli-exe-linux-{{ ansible_architecture }}.zip" 10 | dest: /tmp/ 11 | remote_src: true 12 | creates: /tmp/aws 13 | mode: 0755 14 | 15 | - name: Run the installer 16 | command: 17 | cmd: /tmp/aws/install 18 | creates: /usr/local/bin/aws 19 | 20 | - name: Download aws-vault 21 | get_url: 22 | url: https://github.com/99designs/aws-vault/releases/download/{{aws_vault_version}}/aws-vault-linux-amd64 23 | dest: /usr/bin/aws-vault 24 | mode: '0755' 25 | become: yes 26 | 27 | - name: Install tools from PyPI 28 | ansible.builtin.pip: 29 | name: "{{ item }}" 30 | state: latest 31 | virtualenv: "/opt/{{ item }}" 32 | with_items: 33 | - cartography 34 | - checkov 35 | - cloudsplaining 36 | - prowler 37 | - scoutsuite 38 | 39 | - name: Install tools from GitHub 40 | ansible.builtin.pip: 41 | name: "git+{{ item.url }}" 42 | virtualenv: "/opt/{{ item.name }}" 43 | with_items: 44 | - url: "https://github.com/WithSecureLabs/IAMSpy" 45 | name: iamspy 46 | - url: "https://github.com/WithSecureLabs/IAMGraph" 47 | name: iamgraph 48 | - url: "https://github.com/RhinoSecurityLabs/pacu" 49 | name: pacu 50 | 51 | - name: Clone other python tools 52 | ansible.builtin.git: 53 | repo: "{{ item.repo }}" 54 | dest: "/opt/{{ item.name }}" 55 | with_items: "{{ other_python_tools }}" 56 | 57 | - name: Create virtualenvs for python tools that don't install nicely 58 | command: 59 | cmd: "python3 -m venv /opt/{{ item.name }}/pyenv" 60 | creates: "/opt/{{ item.name }}/pyenv" 61 | with_items: "{{ other_python_tools }}" 62 | 63 | - name: Install virtualenvs for python tools 64 | pip: 65 | requirements: "/opt/{{ item.name }}/requirements.txt" 66 | virtualenv: "/opt/{{ item.name }}/pyenv" 67 | with_items: "{{ other_python_tools }}" 68 | 69 | - name: Add caller scripts for python tools 70 | ansible.builtin.template: 71 | src: shellscript 72 | dest: /usr/local/bin/{{ item.name }} 73 | owner: root 74 | group: root 75 | mode: '0755' 76 | with_items: "{{ other_python_tools }}" 77 | 78 | - name: Establish symlinks 79 | ansible.builtin.file: 80 | src: "{{ item.src }}" 81 | dest: "{{ item.dest }}" 82 | state: link 83 | with_items: 84 | - src: /opt/scoutsuite/bin/scout 85 | dest: "{{ scoutsuite_install_location }}" 86 | - src: /opt/prowler/bin/prowler 87 | dest: "{{ prowler_install_location }}" 88 | - src: /opt/iamspy/bin/iamspy 89 | dest: "{{ iamspy_install_location }}" 90 | - src: /opt/iamgraph/bin/iamgraph 91 | dest: "{{ iamgraph_install_location }}" 92 | - src: /opt/pacu/bin/pacu 93 | dest: "{{ pacu_install_location }}" 94 | 95 | - name: Download cloudfox 96 | unarchive: 97 | src: "https://github.com/BishopFox/cloudfox/releases/download/{{ cloudfox_version }}/cloudfox-linux-amd64.zip" 98 | dest: "{{ cloudfox_install_location }}" 99 | include: 100 | - cloudfox/cloudfox 101 | remote_src: yes 102 | owner: root 103 | group: root 104 | mode: '0755' 105 | creates: "{{ cloudfox_install_location }}/cloudfox" 106 | extra_opts: 107 | - -j 108 | - -d 109 | - "{{ cloudfox_install_location }}" 110 | 111 | - name: Download Stratus Red Team 112 | unarchive: 113 | src: " https://github.com/DataDog/stratus-red-team/releases/download/{{ stratus_red_team_version }}/stratus-red-team_Linux_x86_64.tar.gz" 114 | dest: "{{ stratus_red_team_install_location }}" 115 | include: 116 | - stratus 117 | remote_src: yes 118 | owner: root 119 | group: root 120 | mode: '0755' 121 | creates: "{{ stratus_red_team_install_location }}/stratus" 122 | 123 | - name: Set cloudfox and straus red team permissions 124 | ansible.builtin.file: 125 | path: "{{ item }}" 126 | mode: "0755" 127 | with_items: 128 | - "{{ cloudfox_install_location }}/cloudfox" 129 | - "{{ stratus_red_team_install_location }}/stratus" 130 | -------------------------------------------------------------------------------- /roles/aws/templates/shellscript: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | 3 | /opt/{{ item.name }}/pyenv/bin/python /opt/{{ item.name }}/{{ item.script }} $@ -------------------------------------------------------------------------------- /roles/azure/defaults/main.yml: -------------------------------------------------------------------------------- 1 | bloodhound_directory: /opt/bloodhound 2 | 3 | roadrecon_install_location: /usr/local/bin/roadrecon 4 | roadtx_install_location: /usr/local/bin/roadtx -------------------------------------------------------------------------------- /roles/azure/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: Ensure apt prerequisites are in place 2 | apt: 3 | name: 4 | - ca-certificates 5 | - curl 6 | - apt-transport-https 7 | - lsb-release 8 | - gnupg 9 | - xz-utils 10 | state: present 11 | update_cache: yes 12 | 13 | - name: Require unzip 14 | apt: 15 | name: unzip 16 | state: latest 17 | 18 | - name: Add Microsoft Apt Key 19 | apt_key: 20 | url: https://packages.microsoft.com/keys/microsoft.asc 21 | state: present 22 | 23 | - name: Add azure CLI apt repository 24 | apt_repository: 25 | repo: "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ {{ ansible_distribution_release|lower }} main" 26 | state: present 27 | 28 | - name: Add Azure CLI 29 | apt: 30 | name: azure-cli 31 | state: present 32 | update_cache: yes 33 | 34 | - name: Download AzureHound 35 | unarchive: 36 | src: "https://github.com/BloodHoundAD/AzureHound/releases/download/rolling/azurehound-linux-amd64.zip" 37 | dest: "/tmp/" 38 | remote_src: yes 39 | 40 | - name: Install AzureHound 41 | copy: 42 | src: /tmp/azurehound 43 | dest: /usr/local/bin/azurehound 44 | remote_src: yes 45 | mode: "0755" 46 | 47 | - name: Create a bloodhound directory if it does not exist 48 | ansible.builtin.file: 49 | path: "{{ bloodhound_directory }}" 50 | state: directory 51 | mode: '0755' 52 | 53 | - name: Get Bloodhound docker-compose file 54 | get_url: 55 | url: https://github.com/SpecterOps/BloodHound/blob/main/examples/docker-compose/docker-compose.yml 56 | dest: "{{ bloodhound_directory }}/docker-compose.yml" 57 | mode: '0755' 58 | 59 | - name: Pull bloodhound docker images 60 | docker_image: 61 | name: "{{ item }}" 62 | source: pull 63 | with_items: 64 | - docker.io/library/postgres:13.2 65 | - docker.io/library/neo4j:4.4 66 | - docker.io/specterops/bloodhound:latest 67 | 68 | - name: Install ROADtools 69 | ansible.builtin.pip: 70 | name: "{{ item }}" 71 | state: latest 72 | virtualenv: "/opt/{{ item }}" 73 | with_items: 74 | - roadrecon 75 | - roadtx 76 | 77 | - name: Establish symlinks 78 | ansible.builtin.file: 79 | src: "{{ item.src }}" 80 | dest: "{{ item.dest }}" 81 | state: link 82 | with_items: 83 | - src: /opt/roadrecon/bin/roadrecon 84 | dest: "{{ roadrecon_install_location }}" 85 | - src: /opt/roadtx/bin/roadtx 86 | dest: "{{ roadtx_install_location }}" 87 | 88 | 89 | 90 | # TODO: Couldn't get primary or secondary install methods working. Bloody Microsoft. 91 | # Docs here: https://learn.microsoft.com/en-us/powershell/scripting/install/install-ubuntu?view=powershell-7.4 92 | # - name: Add Powershell 93 | # apt: 94 | # deb: https://github.com/PowerShell/PowerShell/releases/download/v7.4.5/powershell_7.4.5-1.deb_amd64.deb 95 | # state: present -------------------------------------------------------------------------------- /roles/devops/defaults/main.yml: -------------------------------------------------------------------------------- 1 | devops_pip_packages: 2 | - detect-secrets 3 | - trufflehog 4 | 5 | devops_docker_images: 6 | - aquasec/tfsec 7 | - aquasec/trivy 8 | - checkmarx/kics 9 | - tenable/terrascan 10 | -------------------------------------------------------------------------------- /roles/devops/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: Install DevOps tools from PyPI 2 | ansible.builtin.pip: 3 | name: "{{ item }}" 4 | state: latest 5 | virtualenv: "/opt/{{ item }}" 6 | with_items: "{{ devops_pip_packages }}" 7 | 8 | - name: Pull docker images 9 | docker_image: 10 | name: "{{ item }}" 11 | source: pull 12 | with_items: "{{ devops_docker_images }}" -------------------------------------------------------------------------------- /roles/gcp/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: Add Cloud SDK apt repository key 2 | apt_key: 3 | url: https://packages.cloud.google.com/apt/doc/apt-key.gpg 4 | state: "present" 5 | 6 | - name: Add Cloud SDK apt repository 7 | apt_repository: 8 | repo: "deb http://packages.cloud.google.com/apt cloud-sdk main" 9 | state: "present" 10 | 11 | - name: Ensure Google Cloud SDK is installed 12 | apt: 13 | name: google-cloud-sdk 14 | state: "present" 15 | update_cache: "yes" -------------------------------------------------------------------------------- /roles/kubernetes/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | kubectl_install_location: /usr/local/bin/kubectl 3 | yq_install_location: /usr/local/bin/yq 4 | amicontained_install_location: /usr/local/bin/amicontained 5 | rbac_lookup_install_location: /usr/local/bin/rbac-lookup 6 | kubectl_who_can_install_location: /usr/local/bin/kubectl-who-can 7 | etcdctl_install_location: /usr/local/bin/etcdctl 8 | auger_install_location: /usr/local/bin/auger 9 | icekube_install_location: /usr/local/bin/icekube 10 | kubehound_install_location: /usr/local/bin/kubehound 11 | 12 | kubernetes_apt_packages: 13 | - ca-certificates 14 | - gnupg 15 | - curl 16 | - jq 17 | - libcap2-bin # capsh 18 | 19 | kubernetes_docker_images: 20 | - skybound/net-utils 21 | - neo4j:5 22 | - registry:2 23 | - ghcr.io/datadog/kubehound-graph:latest 24 | - ghcr.io/datadog/kubehound-ui:latest 25 | - ghcr.io/edera-dev/am-i-isolated:nightly 26 | -------------------------------------------------------------------------------- /roles/kubernetes/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Install kubernetes dependancies 3 | apt: 4 | name: "{{ kubernetes_apt_packages }}" 5 | state: latest 6 | 7 | - name: Check if kubectl present 8 | stat: 9 | path: "{{ kubectl_install_location }}" 10 | register: kubectl_present 11 | 12 | - name: Get latest kubectl version 13 | uri: 14 | url: https://dl.k8s.io/release/stable.txt 15 | return_content: true 16 | register: kubectl_version 17 | 18 | - name: Install from downloads 19 | uri: 20 | url: "{{ item.url }}" 21 | dest: "{{ item.dest }}" 22 | mode: "0755" 23 | creates: "{{ item.dest }}" 24 | with_items: 25 | - url: "https://dl.k8s.io/release/{{ kubectl_version.content }}/bin/linux/amd64/kubectl" 26 | dest: "{{ kubectl_install_location }}" 27 | - url: https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 28 | dest: "{{ yq_install_location }}" 29 | - url: https://github.com/genuinetools/amicontained/releases/download/v0.4.9/amicontained-linux-amd64 30 | dest: "{{ amicontained_install_location }}" 31 | 32 | - name: Install from downloads - archived 33 | unarchive: 34 | src: "{{ item.url }}" 35 | include: "{{ item.include }}" 36 | dest: "{{ item.dest | dirname }}" 37 | remote_src: true 38 | mode: "0755" 39 | creates: "{{ item.dest }}" 40 | with_items: 41 | - url: https://github.com/FairwindsOps/rbac-lookup/releases/download/v0.10.1/rbac-lookup_0.10.1_Linux_x86_64.tar.gz 42 | include: 43 | - rbac-lookup 44 | dest: "{{ rbac_lookup_install_location }}" 45 | - url: https://github.com/aquasecurity/kubectl-who-can/releases/download/v0.4.0/kubectl-who-can_linux_x86_64.tar.gz 46 | include: 47 | - kubectl-who-can 48 | dest: "{{ kubectl_who_can_install_location }}" 49 | 50 | - name: Pull docker images 51 | docker_image: 52 | name: "{{ item }}" 53 | source: pull 54 | loop: "{{ kubernetes_docker_images }}" 55 | 56 | - name: Create auger clone dir 57 | file: 58 | path: /opt/auger 59 | state: directory 60 | mode: "0755" 61 | 62 | - name: Clone auger 63 | git: 64 | repo: "https://github.com/jpbetz/auger" 65 | dest: /opt/auger 66 | 67 | - name: Build auger 68 | command: 69 | chdir: /opt/auger 70 | cmd: make release 71 | creates: /opt/auger/build/auger 72 | 73 | - name: Link auger to install dir 74 | file: 75 | src: /opt/auger/build/auger 76 | dest: "{{ auger_install_location }}" 77 | mode: "0755" 78 | state: hard 79 | 80 | - name: Download etcdctl 81 | unarchive: 82 | src: https://github.com/etcd-io/etcd/releases/download/v3.4.27/etcd-v3.4.27-linux-amd64.tar.gz 83 | remote_src: true 84 | include: 85 | - etcd-v3.4.27-linux-amd64/etcdctl 86 | dest: /opt/ 87 | creates: /opt/etcd-v3.4.27-linux-amd64/etcdctl 88 | 89 | - name: Link etcdctl to install dir 90 | file: 91 | src: /opt/etcd-v3.4.27-linux-amd64/etcdctl 92 | dest: "{{ etcdctl_install_location }}" 93 | mode: "0755" 94 | state: hard 95 | 96 | - name: Install tools from GitHub 97 | ansible.builtin.pip: 98 | name: "git+{{ item.url }}" 99 | virtualenv: "/opt/{{ item.name }}" 100 | with_items: 101 | - url: "https://github.com/WithSecureLabs/IceKube" 102 | name: icekube 103 | 104 | - name: Establish symlinks 105 | ansible.builtin.file: 106 | src: "{{ item.src }}" 107 | dest: "{{ item.dest }}" 108 | state: link 109 | with_items: 110 | - src: /opt/icekube/bin/icekube 111 | dest: "{{ icekube_install_location }}" 112 | 113 | - name: Download and install KubeHound 114 | ansible.builtin.get_url: 115 | url: https://github.com/DataDog/KubeHound/releases/latest/download/kubehound-Linux-x86_64 116 | dest: "{{ kubehound_install_location }}" 117 | mode: '0755' 118 | 119 | -------------------------------------------------------------------------------- /roles/ubuntu/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | iodine_install_location: /usr/local/bin/iodine 3 | 4 | packages: 5 | - python3 6 | - python3-pip 7 | - python3-virtualenv 8 | - python3-poetry 9 | - python3-venv 10 | - python-is-python3 11 | - build-essential 12 | - nmap 13 | - gnupg 14 | - ca-certificates 15 | - curl 16 | - jq 17 | - libcap2-bin # capsh -------------------------------------------------------------------------------- /roles/ubuntu/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Upgrade packages 3 | apt: 4 | update_cache: true 5 | name: "*" 6 | state: latest 7 | 8 | - name: Install apt requirements 9 | apt: 10 | name: "{{ packages }}" 11 | state: latest 12 | 13 | - name: Add docker apt key 14 | apt_key: 15 | url: https://download.docker.com/linux/ubuntu/gpg 16 | state: present 17 | 18 | - name: Add docker apt repos 19 | apt_repository: 20 | repo: "deb https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable" 21 | state: present 22 | 23 | - name: Install docker 24 | apt: 25 | update_cache: true 26 | name: "{{ item }}" 27 | state: latest 28 | loop: 29 | - docker-ce 30 | - docker-ce-cli 31 | - containerd.io 32 | - docker-buildx-plugin 33 | - docker-compose-plugin 34 | 35 | - name: Clone iodine 36 | git: 37 | repo: "https://github.com/yarrick/iodine" 38 | dest: /opt/iodine 39 | 40 | - name: Build iodine 41 | command: 42 | chdir: /opt/iodine 43 | cmd: make 44 | creates: /opt/iodine/bin/iodine 45 | 46 | - name: Link iodine to install dir 47 | file: 48 | src: /opt/iodine/bin/iodine 49 | dest: "{{ iodine_install_location }}" 50 | mode: "0755" 51 | state: hard 52 | --------------------------------------------------------------------------------