├── .github └── ISSUE_TEMPLATE │ ├── bug_report.md │ └── feature_request.md ├── .gitignore ├── LICENSE ├── README.md ├── config ├── config.json ├── install.sh └── requirements.txt ├── logo.png ├── modules ├── .gitignore ├── ansible.py ├── c2.py ├── create.py ├── dns_records.py ├── firewall.py ├── godaddy.py ├── gophish.py ├── letsencrypt.py ├── mail_server.py ├── providers │ ├── .gitignore │ ├── aws.py │ ├── digitalocean.py │ └── template.py ├── redirector.py └── webserver.py ├── overlord.py ├── projects └── .gitignore └── redbaron ├── README.md ├── data ├── playbooks │ ├── .gitignore │ └── playbook.yml ├── plugins │ └── terraform-provider-godaddy_v1.7.3_x4 ├── scripts │ ├── core_deps.sh │ ├── get_public_ip.sh │ ├── gophish.sh │ ├── gophish │ │ ├── gophish.service │ │ └── gophish_service.sh │ ├── iredmail.sh │ └── tools │ │ ├── cobaltstrike.sh │ │ ├── covenant.sh │ │ ├── dnscat2.sh │ │ ├── empire.sh │ │ ├── godoh.sh │ │ ├── metasploit.sh │ │ ├── ptf.sh │ │ ├── silenttrinity.sh │ │ └── sliver.sh └── templates │ └── ssh_config.tpl └── modules ├── ansible ├── README.md ├── main.tf ├── outputs.tf ├── variables.tf └── versions.tf ├── aws ├── create-dns-record │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── create-dns-txt-record │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── create-hosted-zone │ ├── README.md │ ├── locals.tf │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── create-vpc │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ └── versions.tf ├── dns-c2 │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── security_group.tf │ ├── variables.tf │ └── versions.tf ├── dns-local-rdir │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── security_group.tf │ ├── variables.tf │ └── versions.tf ├── dns-rdir │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── security_group.tf │ ├── variables.tf │ └── versions.tf ├── http-c2 │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── security_group.tf │ ├── variables.tf │ └── versions.tf ├── http-rdir │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── security_group.tf │ ├── variables.tf │ └── versions.tf ├── mail-server │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── security_group.tf │ ├── variables.tf │ └── versions.tf ├── phishing-server-gophish │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── security_group.tf │ ├── variables.tf │ └── versions.tf └── phishing-server │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── security_group.tf │ ├── variables.tf │ └── versions.tf ├── digitalocean ├── create-dns-record │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── create-domain │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── dns-c2 │ ├── README.md │ ├── firewall.tf │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── dns-local-rdir │ ├── README.md │ ├── firewall.tf │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── dns-rdir │ ├── README.md │ ├── firewall.tf │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── http-c2 │ ├── README.md │ ├── firewall.tf │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── http-rdir │ ├── README.md │ ├── firewall.tf │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── mail-server │ ├── README.md │ ├── firewall.tf │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── phishing-server-gophish │ ├── README.md │ ├── firewall.tf │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf └── phishing-server │ ├── README.md │ ├── firewall.tf │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── godaddy └── redirect-nameservers │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf └── letsencrypt ├── aws ├── create-cert-dns-aws │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── create-cert-dns-gophish-aws │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf └── create-cert-webserver-aws │ ├── README.md │ ├── main.tf │ ├── variables.tf │ └── versions.tf └── digitalocean ├── create-cert-dns-do ├── README.md ├── main.tf ├── outputs.tf ├── variables.tf └── versions.tf ├── create-cert-dns-gophish-do ├── README.md ├── main.tf ├── outputs.tf ├── variables.tf └── versions.tf └── create-cert-webserver-do ├── README.md ├── main.tf ├── variables.tf └── versions.tf /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Create a report to help us improve 4 | title: '' 5 | labels: '' 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Describe the bug** 11 | A clear and concise description of what the bug is. 12 | 13 | **To Reproduce** 14 | Steps to reproduce the behavior: 15 | 1. Go to '...' 16 | 2. Click on '....' 17 | 3. Scroll down to '....' 18 | 4. See error 19 | 20 | **Expected behavior** 21 | A clear and concise description of what you expected to happen. 22 | 23 | **Screenshots** 24 | If applicable, add screenshots to help explain your problem. 25 | 26 | **Desktop (please complete the following information):** 27 | - OS: [e.g. iOS] 28 | - Version [e.g. 22] 29 | 30 | **Additional context** 31 | Add any other context about the problem here. 32 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature request 3 | about: Suggest an idea for this project 4 | title: '' 5 | labels: '' 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Is your feature request related to a problem? Please describe.** 11 | A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] 12 | 13 | **Describe the solution you'd like** 14 | A clear and concise description of what you want to happen. 15 | 16 | **Describe alternatives you've considered** 17 | A clear and concise description of any alternative solutions or features you've considered. 18 | 19 | **Additional context** 20 | Add any other context or screenshots about the feature request here. 21 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | redbaron/data/plugins/ 2 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2019 QSecure 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Overlord – Red Teaming Automation 2 | 3 | ![License](https://img.shields.io/badge/License-MIT-darkred.svg) 4 | [![Black Hat Arsenal 2020](https://img.shields.io/badge/2020-Black%20Hat%20Arsenal-lightgrey.svg)](https://www.blackhat.com/us-20/arsenal/schedule/index.html#overlord-red-teaming-automation-19846) 5 | ![GitHub stars](https://img.shields.io/github/stars/qsecure-labs/overlord) 6 | 7 |

8 | 9 |

10 | 11 | 12 | 13 | Overlord provides a python-based console CLI which is used to build Red Teaming infrastructure in an automated way. The user has to provide inputs by using the tool’s modules (e.g. C2, Email Server, HTTP web delivery server, Phishing server etc.) and the full infra / modules and scripts will be generated automatically on a cloud provider of choice. Currently supports AWS and Digital Ocean. The tool is still under development and it was inspired and uses the [Red-Baron](https://github.com/byt3bl33d3r/Red-Baron) Terraform implementation found on Github. 14 | 15 | A demo infrastructure was set up in our blog post https://qsecure.com.cy/resources/publications/overlord/. 16 | 17 | For the full documentation of the tool visit the Wiki tab at https://github.com/qsecure-labs/overlord/wiki. 18 | 19 | # Installation 20 | 21 | ```bash 22 | git clone https://github.com/qsecure-labs/overlord.git 23 | cd overlord/config 24 | chmod +x install.sh 25 | sudo ./install.sh 26 | ``` 27 | 28 | ## Acknowledgments 29 | 30 | This project could not be created without the awsome work for Marcello Salvati [@byt3bl33d3r](https://twitter.com/byt3bl33d3r) with the [RedBaron](https://github.com/byt3bl33d3r/Red-Baron) Project. 31 | That is the reason why we are referencing the name of RedBaron on our project as well. 32 | 33 | As Marcello stated on his acknowledgments, further thanks to: 34 | 35 | 1. [@_RastaMouse's](https://twitter.com/_RastaMouse) two-part blogpost on 'Automated Red Team Infrastructure Deployment with Terraform' Part [1](https://rastamouse.me/2017/08/automated-red-team-infrastructure-deployment-with-terraform---part-1/) and [2](https://rastamouse.me/2017/09/automated-red-team-infrastructure-deployment-with-terraform---part-2/) 36 | 2. [@bluscreenofjeff's](https://twitter.com/bluscreenofjeff) with his amazing Wiki on [Read Team Infrastucture](https://github.com/bluscreenofjeff/Red-Team-Infrastructure-Wiki) 37 | 3. [@spotheplanet's](https://twitter.com/spotheplanet) blog post on [Red team infrastructure](https://ired.team/offensive-security/red-team-infrastructure) 38 | 39 | ## Official Discord Channel 40 | 41 | Come hang out on Discord! 42 | 43 | [![Porchetta Industries](https://discordapp.com/api/guilds/736724457258745996/widget.png?style=banner3)](https://discord.gg/sEkn3aa) 44 | 45 | ## Disclaimer 46 | Overlord comes without warranty and is meant to be used by penetration testers during approved red teaming assessments and/or social enigneering assessments. Overlord's developers and QSecure decline all responsibility in case the tool is used for malicious purposes or in any illegal context. 47 | -------------------------------------------------------------------------------- /config/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "mod_redirector": { 3 | "module": "redirector", 4 | "type": "http", 5 | "region": "LON1", 6 | "redirector_id": "", 7 | "provider": "digitalocean", 8 | "size": "s-1vcpu-1gb", 9 | "id": "" 10 | }, 11 | "mod_c2": { 12 | "module": "c2", 13 | "type": "http", 14 | "redirectors": 1, 15 | "tools": [], 16 | "region": "LON1", 17 | "provider": "digitalocean", 18 | "size": "s-1vcpu-1gb", 19 | "id": "", 20 | "distro": "debian" 21 | }, 22 | "mod_dns_record": { 23 | "module": "dns_record", 24 | "provider": "digitalocean", 25 | "type": "A", 26 | "name": "@", 27 | "records": {}, 28 | "counter": 1, 29 | "ttl": "10", 30 | "priority": 1 31 | }, 32 | "mod_gophish": { 33 | "module": "gophish", 34 | "redirectors": 1, 35 | "region": "LON1", 36 | "provider": "digitalocean", 37 | "size": "s-1vcpu-1gb", 38 | "id": "" 39 | }, 40 | "mod_letsencrypt": { 41 | "module": "letsencrypt", 42 | "id": "", 43 | "domain_name": "", 44 | "mod_id": "", 45 | "email": "kokos@example.com" 46 | }, 47 | "mod_mail": { 48 | "module": "mail", 49 | "domain_name": "", 50 | "subdomain": "mail", 51 | "region": "LON1", 52 | "provider": "digitalocean", 53 | "size": "s-1vcpu-1gb", 54 | "id": "", 55 | "allowed_ips": [] 56 | }, 57 | "mod_webserver": { 58 | "module": "webserver", 59 | "redirectors": 1, 60 | "region": "LON1", 61 | "provider": "digitalocean", 62 | "size": "s-1vcpu-1gb", 63 | "id": "" 64 | }, 65 | "mod_godaddy": { 66 | "module": "godaddy", 67 | "provider": "digitalocean", 68 | "domain": "", 69 | "id": "" 70 | }, 71 | "mod_ansible": { 72 | "module": "ansible", 73 | "hosts": [], 74 | "playbook": "", 75 | "id": "" 76 | }, 77 | "mod_firewall": { 78 | "module": "firewall", 79 | "provider": "digitalocean", 80 | "protocol": "tcp", 81 | "port": "", 82 | "address": "0.0.0.0/0", 83 | "rule": "inbound", 84 | "mod_id": "" 85 | }, 86 | "aws": { 87 | "regions": ["us-east-2", "us-east-1", "us-west-1", "us-west-2", "ap-east-1", "ap-south-1", "ap-northeast-3", "ap-northeast-2", "ap-southeast-1", "ap-southeast-2", "ap-northeast-1", "ca-central-1", "cn-north-1", "cn-northwest-1", "eu-central-1", "eu-west-1", "eu-west-2", "eu-west-3", "eu-north-1", "me-south-1", "sa-east-1", "us-gov-east-1", "us-gov-west-1"], 88 | "size": ["t2.nano", "t2.micro", "t2.small", "t2.medium", "t2.large", "t2.xlarge", "t2.2xlarge", "a1.medium", "a1.large", "a1.xlarge", "a1.2xlarge", "a1.4xlarge", "t3.nano", "t3.micro", "t3.small", "t3.medium", "t3.large", "t3.xlarge", "t3.2xlarge", "t3a.nano", "t3a.micro", "t3a.small", "t3a.medium", "t3a.large", "t3a.xlarge", "t3a.2xlarge"], 89 | "default_region": "eu-west-1", 90 | "default_size": "t2.micro", 91 | "supported_distros": ["debian","kali","ubuntu"], 92 | "amis": { 93 | "ap-northeast-1-debian": "ami-b6b568d0", 94 | "ap-northeast-2-debian": "ami-b7479dd9", 95 | "ap-south-1-debian": "ami-02aded6d", 96 | "ap-southeast-1-debian": "ami-d76019b4", 97 | "ap-southeast-2-debian": "ami-8359bae1", 98 | "ca-central-1-debian": "ami-3709b053", 99 | "eu-central-1-debian": "ami-8bb70be4", 100 | "eu-west-1-debian": "ami-ce76a7b7", 101 | "eu-west-2-debian": "ami-a6f9ebc2", 102 | "sa-east-1-debian": "ami-f5c7b899", 103 | "us-east-1-debian": "ami-71b7750b", 104 | "us-east-2-debian": "ami-dab895bf", 105 | "us-west-1-debian": "ami-58eedd38", 106 | "us-west-2-debian": "ami-c032f6b8", 107 | "ap-northeast-1-kali": "ami-0d701fcae946c61ed", 108 | "ap-northeast-2-kali": "ami-0fbd27bb0a724c459", 109 | "ap-south-1-kali": "ami-055e6bebd7c5e24c2", 110 | "ap-southeast-1-kali": "ami-01027fa676ff2da3d", 111 | "ap-southeast-2-kali": "ami-02811a36e6f758099", 112 | "ca-central-1-kali": "ami-0f394074fe16decd6", 113 | "eu-central-1-kali": "ami-0b61a044e0ae0d17d", 114 | "eu-west-1-kali": "ami-0ac0bf7b0683eb820", 115 | "eu-west-2-kali": "ami-071d0c011e7ab12f5", 116 | "sa-east-1-kali": "ami-00c9b2d0ec9e3835c", 117 | "us-east-1-kali": "ami-0c11557d0e4e9c896", 118 | "us-east-2-kali": "ami-00f7390b60c41a3c0", 119 | "us-west-1-kali": "ami-09aa8451f267643a9", 120 | "us-west-2-kali": "ami-0a967289406d51ad4", 121 | "ap-northeast-1-ubuntu": "ami-0f29c17df60493658", 122 | "ap-northeast-2-ubuntu": "ami-065a2f32a35b7c52f", 123 | "ap-south-1-ubuntu": "ami-05a3a2a452701c0ff", 124 | "ap-southeast-1-ubuntu": "ami-05405da5795c2f2e7", 125 | "ap-southeast-2-ubuntu": "ami-0243fb2a9c789bb43", 126 | "ca-central-1-ubuntu": "ami-07d2c94058f3ca045", 127 | "eu-central-1-ubuntu": "ami-07d14b5d47292e022", 128 | "eu-west-1-ubuntu": "ami-014aff0119d738e34", 129 | "eu-west-2-ubuntu": "ami-0339455b66e82a8ca", 130 | "sa-east-1-ubuntu": "ami-0a32099c90454cc7a", 131 | "us-east-1-ubuntu": "ami-07d1c0a30a7814597", 132 | "us-east-2-ubuntu": "ami-083af2bfea9e15579", 133 | "us-west-1-ubuntu": "ami-0b3f68410f4d4fed6", 134 | "us-west-2-ubuntu": "ami-0652b0a864db01553"} 135 | }, 136 | "digitalocean": { 137 | "regions": ["NYC1", "NYC2", "NYC2", "SFO1", "SFO2", "AMS2", "AMS1", "LON1", "FRA1", "TOR1", "BLR1"], 138 | "size": ["s-1vcpu-1gb"], 139 | "default_region": "LON1", 140 | "default_size": "s-1vcpu-1gb", 141 | "supported_distros": ["debian","ubuntu"] 142 | }, 143 | "providers_list": ["digitalocean", "aws"], 144 | "distros": ["debian","kali","ubuntu"] 145 | } -------------------------------------------------------------------------------- /config/install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # install all the packages required 4 | sudo apt install python3 5 | sudo apt install python3-pip 6 | sudo apt install wget 7 | sudo apt install unzip 8 | sudo apt install curl 9 | sudo apt install autossh 10 | 11 | # install the python requirements from the txt 12 | pip3 install -r requirements.txt 13 | 14 | # download terraform binary 15 | wget https://releases.hashicorp.com/terraform/0.12.26/terraform_0.12.26_linux_amd64.zip 16 | unzip terraform_0.12.26_linux_amd64.zip 17 | sudo mv terraform /opt/terraform 18 | rm terraform_0.12.26_linux_amd64.zip 19 | 20 | # download godaddy plugin for terraform 21 | wget https://github.com/n3integration/terraform-godaddy/releases/download/v1.7.3/terraform-godaddy_linux_amd64.tgz 22 | tar -xvzf terraform-godaddy_linux_amd64.tgz 23 | rm terraform-godaddy_linux_amd64.tgz 24 | sudo mv terraform-godaddy_linux_amd64 ../redbaron/data/plugins/terraform-provider-godaddy_v1.7.3_x4 -------------------------------------------------------------------------------- /config/requirements.txt: -------------------------------------------------------------------------------- 1 | cmd2 2 | prettytable 3 | PTable 4 | ansible -------------------------------------------------------------------------------- /logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qsecure-labs/overlord/fb3f7a8394179032c3099d1041abdf105ed0bd32/logo.png -------------------------------------------------------------------------------- /modules/.gitignore: -------------------------------------------------------------------------------- 1 | __pycache__ -------------------------------------------------------------------------------- /modules/godaddy.py: -------------------------------------------------------------------------------- 1 | import cmd2 2 | from cmd2.ansi import Fg 3 | import os 4 | import argparse 5 | from prettytable import PrettyTable 6 | from prettytable import MSWORD_FRIENDLY 7 | import random 8 | import string 9 | import json 10 | 11 | module = {} 12 | campaign_list = [] 13 | domain_list =[] 14 | class main(list): 15 | """Main function to initialize variables and calls the cmd2 package for the godaddy module """ 16 | def __init__(self,campaign,domains,mod,project_id): 17 | global campaign_list 18 | campaign_list = campaign 19 | global domain_list 20 | domain_list = domains 21 | if mod is not None: 22 | global module 23 | module = mod 24 | 25 | # Call cmd_main class 26 | i = cmd_main() 27 | i.prompt = "(" + cmd2.ansi.style("Overlord", fg=Fg.RED, bg=None,bold=True, underline=False) + " : " + cmd2.ansi.style( project_id, fg=Fg.DARK_GRAY, bg=None,bold=True, underline=False) + cmd2.ansi.style("/godaddy", fg=Fg.BLUE, bg=None,bold=True, underline=False) +")" +"$> " 28 | i.cmdloop() 29 | 30 | def hide_cmd2_modules(self): 31 | # Remove most of the functionalities of the cmd2 package 32 | self.hidden_commands.append('py') 33 | self.hidden_commands.append('alias') 34 | self.hidden_commands.append('macro') 35 | self.hidden_commands.append('script') 36 | self.hidden_commands.append('shortcuts') 37 | self.hidden_commands.append('pyscript') 38 | self.hidden_commands.append('run_pyscript') 39 | self.hidden_commands.append('edit') 40 | self.hidden_commands.append('run_script') 41 | self.hidden_commands.append('quit') 42 | self.hidden_commands.append('load') 43 | 44 | class cmd_main(cmd2.Cmd): 45 | """cmd2 instance for godaddy module""" 46 | # The mod dictionary for the godaddy module 47 | mod = {} 48 | 49 | providers_list = [] 50 | 51 | def __init__(self): 52 | super().__init__() 53 | global module 54 | global domain_list 55 | # Hide the Quit funcitionality 56 | hide_cmd2_modules(self) 57 | 58 | dir_path = "config" 59 | if os.path.exists(dir_path+"/config.json"): 60 | with open(dir_path+'/config.json', 'r') as filehandle: 61 | config = json.load(filehandle) 62 | self.mod = config["mod_godaddy"] 63 | self.providers_list = config["providers_list"] 64 | self.module_domain_parser.choices = domain_list 65 | 66 | else: 67 | print("The config/config.json file does not exists! Exiting...") 68 | return True 69 | 70 | # Check if the editmodule functionality was used 71 | if module: 72 | self.mod = dict(module) 73 | else: 74 | self.mod["id"] = randomString() 75 | 76 | 77 | def do_back(self, arg): 78 | """Return to main menu""" 79 | return True 80 | 81 | 82 | def do_clear(self, arg): 83 | """Clears screen""" 84 | os.system('clear') 85 | 86 | def do_info(self,mod): 87 | """Prints variable table""" 88 | if mod: 89 | x = PrettyTable() 90 | x.title = mod["module"] + "/"+ mod["id"] 91 | x.field_names = ["VARIABLE", "VALUE", "REQUIRED", "DESCRITPION"] 92 | x.add_row(["id", mod["id"], "N/A", "Module ID"]) 93 | x.add_row(["provider", mod["provider"], "N/A", "Autoloaded from domain"]) 94 | x.add_row(["domain", mod["domain"], "yes", "Domain to be used"]) 95 | x.align["DESCRITPION"] = "l" 96 | else: 97 | x = PrettyTable() 98 | x.title = 'Godaddy module' 99 | x.field_names = ["VARIABLE", "VALUE", "REQUIRED", "DESCRITPION"] 100 | x.add_row(["id", self.mod["id"], "N/A", "Module ID"]) 101 | x.add_row(["provider", self.mod["provider"], "N/A", "Autoloaded from domain"]) 102 | x.add_row(["domain", self.mod["domain"], "yes", "Domain to be used"]) 103 | x.align["DESCRITPION"] = "l" 104 | print(x) 105 | 106 | # set command 107 | # create the top-level parser for the set command 108 | set_parser = argparse.ArgumentParser(prog='set') 109 | set_subparsers = set_parser.add_subparsers(title='set-commands', help='Sets the variables of the module') 110 | 111 | # create the parser for the "domain" sub-command 112 | parser_domain = set_subparsers.add_parser('domain', help='Domain to be used') 113 | module_domain_parser = parser_domain.add_argument('domain',choices=providers_list, type=str, help='example : [set domain ]') 114 | 115 | def set_domain(self, arg): 116 | """Sets the domain variable""" 117 | exception_flag = False 118 | for mod in campaign_list: 119 | if mod["module"] == "dns_record": 120 | if arg.domain == list(mod["records"].keys())[0]: 121 | self.mod["domain"]= arg.domain 122 | self.mod["provider"]= mod["provider"] 123 | exception_flag = False 124 | break 125 | else: 126 | exception_flag = True 127 | 128 | if exception_flag: 129 | print ("A DNS record must be set for the specified domain before redirecting the NS!") 130 | 131 | #Set handler functions for the sub-commands 132 | parser_domain.set_defaults(func=set_domain) 133 | 134 | @cmd2.with_argparser(set_parser) 135 | def do_set(self, args): 136 | """Set the variables for the module""" 137 | func = getattr(args, 'func', None) 138 | if func is not None: 139 | # Call whatever sub-command function was selected 140 | func(self, args) 141 | else: 142 | # No sub-command was provided, so call help 143 | self.do_help('help') 144 | 145 | def do_add(self,args): 146 | """Adds c2 module to the project """ 147 | global module 148 | module = self.mod 149 | if self.mod["domain"]: 150 | module = self.mod 151 | return True 152 | else: 153 | print("The domain can not be None!") 154 | # Command categories 155 | CMD_CAT_GENERAL = 'General (type help )' 156 | CMD_CAT_MODULE = 'Module (type help )' 157 | 158 | cmd2.categorize((do_add,do_set), CMD_CAT_MODULE) 159 | cmd2.categorize(do_info, CMD_CAT_GENERAL) 160 | 161 | def randomString(stringLength=6): 162 | """Generate a random string of fixed length """ 163 | letters = string.ascii_uppercase 164 | return ''.join(random.choice(letters) for i in range(stringLength)) 165 | -------------------------------------------------------------------------------- /modules/providers/.gitignore: -------------------------------------------------------------------------------- 1 | __pycache__ 2 | -------------------------------------------------------------------------------- /modules/providers/template.py: -------------------------------------------------------------------------------- 1 | class main(): 2 | 3 | #Redirector 4 | def redirector(c): 5 | output = f"""""" 6 | return output 7 | 8 | #C2 9 | def c2(c): 10 | scripts = ', '.join('"../../redbaron/data/scripts/tools/{0}.sh"'.format(s) for s in c["tools"]) 11 | if c["redirectors"] > 0: 12 | output = f"""""" 13 | else: 14 | output = f"""""" 15 | return output 16 | 17 | #WebServer 18 | def webserver(c): 19 | if c["redirectors"] > 0: 20 | output = f"""""" 21 | else: 22 | output = f"""""" 23 | return output 24 | 25 | #Gophish: 26 | def gophish(c): 27 | if c["redirectors"] > 0: 28 | output = f"""""" 29 | else: 30 | output = f"""""" 31 | return output 32 | 33 | #Mail 34 | def mail(c,my_nets_1,my_nets_2): 35 | output=f"""""" 36 | 37 | #Dns Records 38 | def dns_records_type(c,record): 39 | output=f"""""" 40 | return output 41 | -------------------------------------------------------------------------------- /projects/.gitignore: -------------------------------------------------------------------------------- 1 | * 2 | -------------------------------------------------------------------------------- /redbaron/README.md: -------------------------------------------------------------------------------- 1 | # Red Baron 2 | 3 |

4 | baron 5 |

6 | 7 | 8 | Red Baron is a set of [modules](https://www.terraform.io/docs/modules/index.html) and custom/third-party providers for [Terraform](https://www.terraform.io/) which tries to automate creating resilient, disposable, secure and agile infrastructure for Red Teams. 9 | 10 | # Modules 11 | Each module has its own README.md containing all the necessary information to load and execute. 12 | 13 | # Tool & Module Documentation 14 | The official github can be found : https://github.com/byt3bl33d3r/Red-Baron 15 | For detailed documentation on the tool and each module please see Red Baron's [wiki](https://github.com/coalfire/pentest-red-baron/wiki). 16 | 17 | # License 18 | 19 | The Red Baron repository is licensed under the GNU General Public License v3.0. 20 | -------------------------------------------------------------------------------- /redbaron/data/playbooks/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qsecure-labs/overlord/fb3f7a8394179032c3099d1041abdf105ed0bd32/redbaron/data/playbooks/.gitignore -------------------------------------------------------------------------------- /redbaron/data/playbooks/playbook.yml: -------------------------------------------------------------------------------- 1 | - name: Download Impacket 2 | gather_facts: false 3 | hosts: all 4 | tasks: 5 | - name: Install git 6 | apt: 7 | name: git 8 | state: present 9 | update_cache: yes 10 | become: true 11 | - name: git clone Impacket 12 | git: 13 | repo: https://github.com/CoreSecurity/impacket.git 14 | dest: /tmp/impacket 15 | become: true -------------------------------------------------------------------------------- /redbaron/data/plugins/terraform-provider-godaddy_v1.7.3_x4: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qsecure-labs/overlord/fb3f7a8394179032c3099d1041abdf105ed0bd32/redbaron/data/plugins/terraform-provider-godaddy_v1.7.3_x4 -------------------------------------------------------------------------------- /redbaron/data/scripts/core_deps.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Sometimes running apt-get install on AWS seems to produce a 503 error from the debian mirrors 4 | # have absolutely zero clue what's going on, but just running the command again seems to fix it 5 | 6 | sudo apt-get update 7 | cmd="sudo apt-get install -y tmux git dirmngr debconf-utils curl wget build-essential vim gcc socat certbot mosh" 8 | until eval $cmd 9 | do 10 | sleep 10 11 | done 12 | -------------------------------------------------------------------------------- /redbaron/data/scripts/get_public_ip.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | echo {\"ip\":\""`curl -qs http://ifconfig.me`"\"} -------------------------------------------------------------------------------- /redbaron/data/scripts/gophish.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | sudo apt install unzip -y 4 | 5 | #Install Gophish 6 | cd /opt 7 | wget https://github.com/gophish/gophish/releases/download/v0.11.0/gophish-v0.11.0-linux-64bit.zip 8 | unzip gophish-v0.11.0-linux-64bit.zip -d gophish 9 | rm gophish-v0.11.0-linux-64bit.zip 10 | cd gophish 11 | chmod +x /opt/gophish/gophish 12 | sed -i 's/127.0.0.1/0.0.0.0/g' config.json # replace localhost to open 13 | 14 | #gophish service 15 | chmod +x /tmp/gophish.sh 16 | systemctl start gophish.service 17 | 18 | #create readme file 19 | echo "systemctl start gophish.service (start the service)" >> /opt/gophish/OVERLORD_README.txt 20 | echo "systemctl stop gophish.service (stop the service)" >>/opt/gophish/OVERLORD_README.txt 21 | 22 | sleep 20s 23 | 24 | cat /var/log/gophish.err | grep 'Please login with the username admin and the password' > /opt/gophish/password.txt 25 | -------------------------------------------------------------------------------- /redbaron/data/scripts/gophish/gophish.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Gophish service 3 | After=network-online.target 4 | 5 | [Service] 6 | Environment="GOPHISH_BIN_PATH=/opt/gophish/" 7 | Environment="GOPHISH_LOG_PATH=/var/log/" 8 | ExecStart=/bin/bash /tmp/gophish.sh 9 | RestartSec=1 10 | Restart=on-failure 11 | 12 | [Install] 13 | WantedBy=multi-user.target -------------------------------------------------------------------------------- /redbaron/data/scripts/gophish/gophish_service.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | GOPHISH_LOG_FILE=gophish.log 4 | GOPHISH_ERR_FILE=gophish.err 5 | 6 | check_bin_path() { 7 | if [[ -z "$GOPHISH_BIN_PATH" ]]; then 8 | exit 1 9 | fi 10 | } 11 | 12 | check_log_path() { 13 | if [[ -z "$GOPHISH_LOG_PATH" ]]; then 14 | exit 2 15 | fi 16 | } 17 | 18 | create_new_log_err() { 19 | GOPHISH_STAMP=`date +%Y%m%d%H%M%S-%N` 20 | if [[ -e $GOPHISH_LOG_PATH$GOPHISH_LOG_FILE ]]; then 21 | mv $GOPHISH_LOG_PATH$GOPHISH_LOG_FILE $GOPHISH_LOG_PATH$GOPHISH_LOG_FILE-$GOPHISH_STAMP 22 | fi 23 | 24 | if [[ -e $GOPHISH_LOG_PATH$GOPHISH_ERR_FILE ]]; then 25 | mv $GOPHISH_LOG_PATH$GOPHISH_ERR_FILE $GOPHISH_LOG_PATH$GOPHISH_ERR_FILE-$GOPHISH_STAMP 26 | fi 27 | 28 | touch $GOPHISH_LOG_PATH$GOPHISH_LOG_FILE 29 | touch $GOPHISH_LOG_PATH$GOPHISH_ERR_FILE 30 | } 31 | 32 | launch_gophish() { 33 | cd $GOPHISH_BIN_PATH 34 | ./gophish >> $GOPHISH_LOG_PATH$GOPHISH_LOG_FILE 2>> $GOPHISH_LOG_PATH$GOPHISH_ERR_FILE 35 | } 36 | 37 | check_bin_path 38 | check_log_path 39 | create_new_log_err 40 | launch_gophish -------------------------------------------------------------------------------- /redbaron/data/scripts/iredmail.sh: -------------------------------------------------------------------------------- 1 | #bin/bash 2 | 3 | wget https://github.com/iredmail/iRedMail/archive/refs/tags/1.5.0.tar.gz 4 | tar -xf 1.5.0.tar.gz 5 | 6 | cd iRedMail-1.5.0 7 | 8 | echo -e "AUTO_USE_EXISTING_CONFIG_FILE=y \ 9 | \nAUTO_INSTALL_WITHOUT_CONFIRM=y \ 10 | \nAUTO_CLEANUP_REMOVE_SENDMAIL=y \ 11 | \nAUTO_CLEANUP_REMOVE_MOD_PYTHON=y \ 12 | \nAUTO_CLEANUP_REPLACE_FIREWALL_RULES=y \ 13 | \nAUTO_CLEANUP_RESTART_IPTABLES=y \ 14 | \nAUTO_CLEANUP_REPLACE_MYSQL_CONFIG=y \ 15 | \nAUTO_CLEANUP_RESTART_POSTFIX=n \ 16 | \nbash iRedMail.sh" > new_iR.sh 17 | 18 | chmod 777 new_iR.sh 19 | 20 | echo -e "export STORAGE_BASE_DIR='/var/vmail' 21 | export WEB_SERVER='NGINX' 22 | export BACKEND_ORIG='MYSQL' 23 | export BACKEND='MYSQL' 24 | export VMAIL_DB_BIND_PASSWD='changeme!' 25 | export VMAIL_DB_ADMIN_PASSWD='changeme!' 26 | export MLMMJADMIN_API_AUTH_TOKEN='changeme!' 27 | export NETDATA_DB_PASSWD='changeme!' 28 | export MYSQL_ROOT_PASSWD='changeme!' 29 | export FIRST_DOMAIN='domain-to-change.com' 30 | export DOMAIN_ADMIN_PASSWD_PLAIN='changeme!' 31 | export USE_IREDADMIN='YES' 32 | export USE_ROUNDCUBE='YES' 33 | export USE_NETDATA='YES' 34 | export USE_FAIL2BAN='NO' 35 | export AMAVISD_DB_PASSWD='changeme!' 36 | export IREDADMIN_DB_PASSWD='changeme!' 37 | export RCM_DB_PASSWD='changeme!' 38 | export SOGO_DB_PASSWD='changeme!' 39 | export SOGO_SIEVE_MASTER_PASSWD='changeme!' 40 | export IREDAPD_DB_PASSWD='changeme!' 41 | #EOF" > config 42 | 43 | yes | ./new_iR.sh 44 | 45 | -------------------------------------------------------------------------------- /redbaron/data/scripts/tools/cobaltstrike.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | CSTRIKE_KEY='xxxx-xxxx-xxxx-xxxx' 4 | 5 | sudo apt install openjdk-11-jdk -y 6 | sudo update-java-alternatives -s java-1.11.0-openjdk-amd64 -y 7 | 8 | token=`curl -s https://www.cobaltstrike.com/download -d "dlkey=${CSTRIKE_KEY}" | grep 'href="/downloads/' | cut -d '/' -f3` 9 | curl -s https://www.cobaltstrike.com/downloads/${token}/cobaltstrike-dist.tgz -o /tmp/cobaltstrike.tgz 10 | 11 | echo ${CSTRIKE_KEY} > ~/.cobaltstrike.license 12 | sudo cp ~/.cobaltstrike.license /root/.cobaltstrike.license 13 | 14 | mkdir ~/cobaltstrike 15 | tar zxf /tmp/cobaltstrike.tgz -C ~/ 16 | rm /tmp/cobaltstrike.tgz 17 | 18 | git clone https://github.com/rsmudge/Malleable-C2-Profiles.git ~/cobaltstrike/c2-profiles 19 | git clone https://github.com/killswitch-GUI/CobaltStrike-ToolKit ~/cobaltstrike/cs-toolkit 20 | 21 | cd ~/cobaltstrike 22 | ./update 23 | -------------------------------------------------------------------------------- /redbaron/data/scripts/tools/covenant.sh: -------------------------------------------------------------------------------- 1 | sudo wget https://packages.microsoft.com/config/debian/10/packages-microsoft-prod.deb -O packages-microsoft-prod.deb 2 | #replace https://packages.microsoft.com/config/debian/10/packages-microsoft-prod.deb with the correct distreo package (debian package tested on DO ubuntu and it works) 3 | sudo apt install -y apt-transport-https 4 | sudo dpkg -i packages-microsoft-prod.deb 5 | sudo apt-get update 6 | sudo apt-get install -y dotnet-sdk-3.1 7 | git clone --recurse-submodules https://github.com/cobbr/Covenant 8 | cd Covenant/Covenant 9 | dotnet build -------------------------------------------------------------------------------- /redbaron/data/scripts/tools/dnscat2.sh: -------------------------------------------------------------------------------- 1 | cmd="sudo apt-get install -y ruby-dev" 2 | until eval $cmd 3 | do 4 | sleep 10 5 | done 6 | git clone https://github.com/iagox86/dnscat2.git 7 | cd dnscat2/server 8 | sudo apt-get install gcc make 9 | sudo gem install bundler 10 | sudo bundle install 11 | -------------------------------------------------------------------------------- /redbaron/data/scripts/tools/empire.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | git clone https://github.com/BC-SECURITY/Empire.git 3 | cd Empire 4 | sudo pip3 install poetry 5 | sudo ./setup/install.sh <<< "RandomSTRING" 6 | sudo poetry install -------------------------------------------------------------------------------- /redbaron/data/scripts/tools/godoh.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | #install Go 4 | 5 | wget https://dl.google.com/go/go1.12.5.linux-amd64.tar.gz 6 | tar -xvf go1.12.5.linux-amd64.tar.gz 7 | mv go /usr/local 8 | rm go1.12.5.linux-amd64.tar.gz 9 | cd /opt && mkdir goapps && cd goapps 10 | export GOROOT=/usr/local/go #its better to change the .profile file of root 11 | export GOPATH=/opt/goapps 12 | export PATH=$GOPATH/bin:$GOROOT/bin:$PATH 13 | go version 14 | go env 15 | 16 | #Update .profile file 17 | 18 | echo "export GOROOT=/usr/local/go" >> /root/.profile 19 | echo "export GOPATH=/opt/goapps" >> /root/.profile 20 | echo "export PATH=$GOPATH/bin:$GOROOT/bin:$PATH" >> /root/.profile 21 | 22 | #Installation of go-dep 23 | 24 | wget http://tw.archive.ubuntu.com/ubuntu/pool/universe/g/go-dep/go-dep_0.5.4-2_amd64.deb 25 | dpkg -i go-dep_0.5.4-2_amd64.deb 26 | 27 | #Installation of goDoH/ 28 | 29 | git clone https://github.com/sensepost/goDoH.git /opt/goapps/src/github.com/goDoH 30 | cd /opt/goapps/src/github.com/goDoH && dep init 31 | cd /opt/goapps/src/github.com/goDoH && dep ensure 32 | cd /opt/goapps/src/github.com/goDoH && make key 33 | cd /opt/goapps/src/github.com/goDoH && mkdir upx_temp 34 | cd /opt/goapps/src/github.com/goDoH/upx_temp && wget https://github.com/upx/upx/releases/download/v3.95/upx-3.95-amd64_linux.tar.xz 35 | cd /opt/goapps/src/github.com/goDoH/upx_temp && tar xf upx-3.95-amd64_linux.tar.xz 36 | mv /opt/goapps/src/github.com/goDoH/upx_temp/upx-3.95-amd64_linux/upx /usr/local/bin 37 | cd /opt/goapps/src/github.com/goDoH/ && make 38 | -------------------------------------------------------------------------------- /redbaron/data/scripts/tools/metasploit.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | sudo curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > /tmp/msfinstall 4 | sudo chmod 755 /tmp/msfinstall 5 | sudo /tmp/msfinstall 6 | -------------------------------------------------------------------------------- /redbaron/data/scripts/tools/ptf.sh: -------------------------------------------------------------------------------- 1 | cmd="sudo apt-get install -y python" 2 | until eval $cmd 3 | do 4 | sleep 10 5 | done 6 | git clone https://github.com/trustedsec/ptf.git /opt/ptf 7 | cd /opt/ptf/ && sudo ./ptf<< EOF 8 | use modules/exploitation/install_update_all 9 | yes 10 | use modules/intelligence/install_update_all 11 | yes 12 | use modules/post_exploitaion/install_update_all 13 | yes 14 | use modules/powershell/install_update_all 15 | yes 16 | use modules/vulnerability-analysis/install_update_all 17 | yes 18 | EOF 19 | 20 | #we can use the ptf framework to install specific tools: 21 | #use modules/exploitation/metasploit 22 | #run 23 | -------------------------------------------------------------------------------- /redbaron/data/scripts/tools/silenttrinity.sh: -------------------------------------------------------------------------------- 1 | #I could not make it to work via overlord to be one clean installation. 2 | cmd="sudo apt-get install -y make build-essential libssl-dev zlib1g-dev libbz2-dev libreadline-dev libsqlite3-dev wget curl llvm libncurses5-dev libncursesw5-dev xz-utils tk-dev libffi-dev liblzma-dev python-openssl git python3-pip" 3 | until eval $cmd 4 | do 5 | sleep 10 6 | done 7 | curl -L https://github.com/pyenv/pyenv-installer/raw/master/bin/pyenv-installer | bash 8 | cat <<'EOF' >> ~/.bashrc 9 | export PATH="$HOME/.pyenv/bin:$PATH" 10 | eval "$(pyenv init -)" 11 | eval "$(pyenv virtualenv-init -)" 12 | EOF 13 | source ~/.bashrc 14 | $HOME/.pyenv/bin/pyenv install 3.7-dev 15 | git clone https://github.com/byt3bl33d3r/SILENTTRINITY 16 | #cd SILENTTRINITY 17 | # $HOME/.pyenv/bin/pyenv local 3.7-dev 18 | # Run this two commands on the machine 19 | echo " pip3 install pipenv && pipenv install && pipenv shell" >> RunMe.sh 20 | echo "pip3 install -r requirements.txt" >> RunMe.sh 21 | 22 | # pip3 install pipenv && pipenv install && pipenv shell 23 | # pip3 install -r requirements.txt -------------------------------------------------------------------------------- /redbaron/data/scripts/tools/sliver.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Install sliver pre-requisites 4 | sudo apt install unzip mingw-w64 binutils-mingw-w64 g++-mingw-w64 wget -y 5 | 6 | # Install MSF nightly installer, sliver uses this for some functionality 7 | curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && \ 8 | chmod 755 msfinstall && \ 9 | ./msfinstall 10 | 11 | # Install the latest sliver. This grepping is ugly, don't judge me. 12 | LOCATION=$(wget -qO - https://github.com/BishopFox/sliver/releases/latest \ 13 | | grep -w "sliver-server_linux.zip" \ 14 | | cut -d '"' -f 2 \ 15 | | grep "zip" \ 16 | | grep -v sig) \ 17 | ; wget -cq https://github.com$LOCATION 18 | 19 | mkdir ~/sliver 20 | unzip sliver-server_linux.zip -d ~/sliver 21 | rm sliver-server_linux.zip 22 | chmod +x /sliver/sliver-server -------------------------------------------------------------------------------- /redbaron/data/templates/ssh_config.tpl: -------------------------------------------------------------------------------- 1 | Host ${name} 2 | HostName ${hostname} 3 | User ${user} 4 | IdentityFile ${identityfile} -------------------------------------------------------------------------------- /redbaron/modules/ansible/README.md: -------------------------------------------------------------------------------- 1 | # ansible 2 | 3 | Runs an ansible playbook on a specific resource 4 | 5 | # Arguments 6 | 7 | | Name | Value Type | Description 8 | |---------------------------| ------------ | ----------- 9 | |`playbook` | String | Playbook to run 10 | |`ip` | String | Host to run playbook on 11 | |`user` | String | User to authenticate as over SSH 12 | |`arguments` | List(string) | Additional Ansible arguments 13 | |`envs` | List(string) | Environment variable to pass to Ansible 14 | 15 | 16 | # Outputs 17 | 18 | | Name | Value Type | Description 19 | |---------------------------| ------------ | ----------- 20 | |`arguments` | List(string) | Additional Ansible arguments 21 | |`envs` | List(string) | Environment variable to pass to Ansible 22 | -------------------------------------------------------------------------------- /redbaron/modules/ansible/main.tf: -------------------------------------------------------------------------------- 1 | resource "null_resource" "ansible_provisioner" { 2 | triggers = { 3 | policy_sha1 = filesha1(var.playbook) 4 | } 5 | 6 | provisioner "local-exec" { 7 | command = "ansible-playbook --private-key=ssh_keys/${var.ip} --user ${var.user} -i ${var.ip}, ${var.playbook} -e ansible_python_interpreter=/usr/bin/python3" 8 | 9 | environment = { 10 | ANSIBLE_HOST_KEY_CHECKING = "False" 11 | } 12 | } 13 | 14 | lifecycle { 15 | create_before_destroy = true 16 | } 17 | } 18 | 19 | -------------------------------------------------------------------------------- /redbaron/modules/ansible/outputs.tf: -------------------------------------------------------------------------------- 1 | output "arguments" { 2 | value = var.arguments 3 | description = "Arguments" 4 | } 5 | 6 | output "envs" { 7 | value = var.envs 8 | description = "Environment variables" 9 | } 10 | 11 | -------------------------------------------------------------------------------- /redbaron/modules/ansible/variables.tf: -------------------------------------------------------------------------------- 1 | variable "playbook" { 2 | description = "Playbook to run" 3 | } 4 | 5 | variable "ip" { 6 | description = "Host to run playbook on" 7 | } 8 | 9 | variable "user" { 10 | description = "User to authenticate as" 11 | } 12 | 13 | variable "arguments" { 14 | default = [] 15 | type = list(string) 16 | description = "Arguments" 17 | } 18 | 19 | variable "envs" { 20 | default = [] 21 | type = list(string) 22 | description = "Environment variables" 23 | } 24 | 25 | -------------------------------------------------------------------------------- /redbaron/modules/ansible/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /redbaron/modules/aws/create-dns-record/README.md: -------------------------------------------------------------------------------- 1 | # create-dns-record 2 | 3 | Adds records to a domain using AWS Route53 4 | 5 | # Arguments 6 | 7 | | Name | Value Type | Description 8 | |---------------------------| ---------- | ----------- 9 | |`type` | String | The record type to add. Valid values are A, AAAA, CAA, CNAME, MX, NAPTR, NS, PTR, SOA, SPF, SRV and TXT. 10 | |`name` | String | Use @ to create the record at the root of the domain or enter a hostname to create it elsewhere. A records are for IPv4 addresses only and tell a request where your domain should direct to. 11 | |`counter` | Integer | Number of records to add. Default value is 1 12 | |`ttl` | Integer | The TTL of the record(s). Default value is 300 13 | |`records` | Map(any) | A map of records to add. Domains as keys and IPs as values. 14 | |`zone` | String | AWS ZoneID of the Route53 for that domain 15 | 16 | # Outputs 17 | 18 | | Name | Value Type | Description 19 | |---------------------------| ---------- | ----------- 20 | |`records` | Map(any) | Map containing the records added to the domain. Domains as keys and IPs as values. 21 | 22 | -------------------------------------------------------------------------------- /redbaron/modules/aws/create-dns-record/main.tf: -------------------------------------------------------------------------------- 1 | # Time delay 2 | resource "null_resource" "previous" {} 3 | 4 | resource "time_sleep" "wait_60_seconds" { 5 | depends_on = [null_resource.previous] 6 | 7 | create_duration = "60s" 8 | } 9 | 10 | # Add a record to the domain 11 | resource "aws_route53_record" "record" { 12 | count = var.counter 13 | zone_id = var.zone 14 | name = var.name 15 | type = var.type 16 | ttl = var.ttl 17 | records = var.records[element(keys(var.records), count.index)] 18 | depends_on = [time_sleep.wait_60_seconds] 19 | } 20 | 21 | -------------------------------------------------------------------------------- /redbaron/modules/aws/create-dns-record/outputs.tf: -------------------------------------------------------------------------------- 1 | output "records" { 2 | value = var.records 3 | } 4 | 5 | -------------------------------------------------------------------------------- /redbaron/modules/aws/create-dns-record/variables.tf: -------------------------------------------------------------------------------- 1 | variable "type" { 2 | } 3 | 4 | variable "name" { 5 | } 6 | 7 | variable "counter" { 8 | default = 1 9 | } 10 | 11 | variable "ttl" { 12 | default = 600 13 | } 14 | 15 | variable "records" { 16 | type = map(any) 17 | default = {} 18 | } 19 | 20 | variable "zone" { 21 | } 22 | 23 | -------------------------------------------------------------------------------- /redbaron/modules/aws/create-dns-record/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /redbaron/modules/aws/create-dns-txt-record/README.md: -------------------------------------------------------------------------------- 1 | # create-dns-txt-record 2 | 3 | Adds records to a domain using AWS Route53 4 | 5 | # Arguments 6 | 7 | | Name | Value Type | Description 8 | |---------------------------| ------------ | ----------- 9 | |`type` | String | The record type to add. Valid values are A, AAAA, CAA, CNAME, MX, NAPTR, NS, PTR, SOA, SPF, SRV and TXT. 10 | |`name` | String | Use @ to create the record at the root of the domain or enter a hostname to create it elsewhere. A records are for IPv4 addresses only and tell a request where your domain should direct to. 11 | |`ttl` | Integer | The TTL of the record(s). Default value is 300 12 | |`records` | List(string) | A map of records to add. Domains as keys and IPs as values. 13 | |`zone` | String | AWS ZoneID of the Route53 for that domain 14 | 15 | # Outputs 16 | 17 | | Name | Value Type | Description 18 | |---------------------------| ---------- | ----------- 19 | |`records` | Map | Map containing the records added to the domain. Domains as keys and IPs as values. 20 | 21 | -------------------------------------------------------------------------------- /redbaron/modules/aws/create-dns-txt-record/main.tf: -------------------------------------------------------------------------------- 1 | # Time delay 2 | resource "null_resource" "previous" {} 3 | 4 | resource "time_sleep" "wait_60_seconds" { 5 | depends_on = [null_resource.previous] 6 | 7 | create_duration = "60s" 8 | } 9 | 10 | # Add a TXT record to the domain 11 | resource "aws_route53_record" "dev-ns" { 12 | zone_id = var.zone 13 | name = var.name 14 | type = var.type 15 | ttl = var.ttl 16 | records = var.records 17 | depends_on = [time_sleep.wait_60_seconds] 18 | } 19 | 20 | -------------------------------------------------------------------------------- /redbaron/modules/aws/create-dns-txt-record/outputs.tf: -------------------------------------------------------------------------------- 1 | output "records" { 2 | value = var.records 3 | } 4 | 5 | -------------------------------------------------------------------------------- /redbaron/modules/aws/create-dns-txt-record/variables.tf: -------------------------------------------------------------------------------- 1 | variable "type" { 2 | } 3 | 4 | variable "name" { 5 | } 6 | 7 | variable "ttl" { 8 | default = 600 9 | } 10 | 11 | variable "records" { 12 | type = list(string) 13 | default = [] 14 | } 15 | 16 | variable "zone" { 17 | } 18 | 19 | -------------------------------------------------------------------------------- /redbaron/modules/aws/create-dns-txt-record/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /redbaron/modules/aws/create-hosted-zone/README.md: -------------------------------------------------------------------------------- 1 | # create-hosted-zone 2 | 3 | Creates a hosted zone for a domain in AWS Route53. 4 | 5 | # Arguments 6 | 7 | | Name | Value Type | Description 8 | |---------------------------| ---------- | ----------- 9 | |`public_hosted_zones` | List(string) | The domain to create a hosted zone for. 10 | |`delegation_set_name` | String | Create a shared delegation set among specefied hosted zones domains if not empty. (nmutually exclusive to 'delegation_set_id'). 11 | |`delegation_set_id` | String | Assign specified hosted zones to a delegation set specified by ID if not empty. (mutually exclusive to 'delegation_set_reference_name'). 12 | |`custom_subdomain_ns` | List(string) | Hosted zones for subdomains require nameserver to be specified explicitly. You can use this variable to add a list of custom nameserver IP addresses. If left empty it will be populated by four AWS default nameserver. 13 | |`default_subdomain_ns_ttl` | String | Hosted zones for subdomains require nameserver to be specified explicitly. This sets their default TTL. 14 | |`tags` | Map(string) | The resource tags that should be added to all hosted zone resources. 15 | |`comment` | String | Comments to be added in the Route53 16 | 17 | 18 | # Outputs 19 | 20 | | Name | Value Type | Description 21 | |---------------------------| ---------- | ----------- 22 | |`zone_id` | String | The created hosted zone ID. 23 | |`name_servers` | Array | The name servers for this zone. 24 | -------------------------------------------------------------------------------- /redbaron/modules/aws/create-hosted-zone/locals.tf: -------------------------------------------------------------------------------- 1 | # ------------------------------------------------------------------------------------------------- 2 | # Booleans to determine which resource "type" to build 3 | # ------------------------------------------------------------------------------------------------- 4 | 5 | locals { 6 | is_name_delegated = var.delegation_set_name != "" && var.delegation_set_id == "" ? true : false 7 | is_id_delegated = var.delegation_set_name == "" && var.delegation_set_id != "" ? true : false 8 | is_undelegated = var.delegation_set_name == "" && var.delegation_set_id == "" ? true : false 9 | is_custom_ns = length(var.custom_subdomain_ns) != 0 ? true : false 10 | } 11 | 12 | # ------------------------------------------------------------------------------------------------- 13 | # Split Domains from Subdomains in hosted zones 14 | # ------------------------------------------------------------------------------------------------- 15 | 16 | locals { 17 | # The following will split out domains and subdomains from public hosted zones as both require 18 | # different configuration. Subdomains will also need NS server to be specified. 19 | # 20 | # Compact will remove any empty elements (previously included either domains or subdomains) 21 | # flatten will convert [map('key' => val),..] into flat list without 'key' 22 | public_domains = compact(flatten(null_resource.public_domains.*.triggers.key)) 23 | 24 | public_subdomains = compact(flatten(null_resource.public_subdomains.*.triggers.key)) 25 | } 26 | 27 | resource "null_resource" "public_domains" { 28 | count = length(var.public_hosted_zones) 29 | 30 | triggers = { 31 | "key" = replace( 32 | var.public_hosted_zones[count.index], 33 | "/^[-_A-Za-z0-9]+\\.[A-Za-z0-9]+$/", 34 | "", 35 | ) == "" ? var.public_hosted_zones[count.index] : "" 36 | } 37 | } 38 | 39 | resource "null_resource" "public_subdomains" { 40 | count = length(var.public_hosted_zones) 41 | 42 | triggers = { 43 | "key" = replace( 44 | var.public_hosted_zones[count.index], 45 | "/^[-_A-Za-z0-9]+\\.[A-Za-z0-9]+$/", 46 | "", 47 | ) == "" ? "" : var.public_hosted_zones[count.index] 48 | } 49 | } 50 | 51 | # ------------------------------------------------------------------------------------------------- 52 | # Resource local mappings for outputs 53 | # ------------------------------------------------------------------------------------------------- 54 | #locals { 55 | # name_delegated_public_domains_ns = ["${null_resource.name_delegated_public_domains_ns.*.triggers.key}"] 56 | # id_delegated_public_domains_ns = ["${null_resource.id_delegated_public_domains_ns.*.triggers.key}"] 57 | # undelegated_public_domains_ns = ["${null_resource.undelegated_public_domains_ns.*.triggers.key}"] 58 | # 59 | # name_delegated_public_subdomains_ns = ["${null_resource.name_delegated_public_subdomains_ns.*.triggers.key}"] 60 | # id_delegated_public_subdomains_ns = ["${null_resource.id_delegated_public_subdomains_ns.*.triggers.key}"] 61 | # undelegated_public_subdomains_ns = ["${null_resource.undelegated_public_subdomains_ns.*.triggers.key}"] 62 | #} 63 | # 64 | #resource "null_resource" "name_delegated_public_domains_ns" { 65 | # count = "${local.is_name_delegated ? length(local.public_domains) : 0}" 66 | # 67 | # triggers = "${map("key", 68 | # join(",", aws_route53_zone.name_delegated_public_domains.*.name_servers[count.index]) 69 | # )}" 70 | #} 71 | # 72 | #resource "null_resource" "id_delegated_public_domains_ns" { 73 | # count = "${local.is_id_delegated ? length(local.public_domains) : 0}" 74 | # 75 | # triggers = "${map("key", 76 | # join(",", aws_route53_zone.id_delegated_public_domains.*.name_servers[count.index]) 77 | # )}" 78 | #} 79 | # 80 | #resource "null_resource" "undelegated_public_domains_ns" { 81 | # count = "${local.is_undelegated ? length(local.public_subdomains) : 0}" 82 | # 83 | # triggers = "${map("key", 84 | # join(",", aws_route53_zone.undelegated_public_subdomains.*.name_servers[count.index]) 85 | # )}" 86 | #} 87 | # 88 | #resource "null_resource" "name_delegated_public_subdomains_ns" { 89 | # count = "${local.is_name_delegated ? length(local.public_subdomains) : 0}" 90 | # 91 | # triggers = "${map("key", 92 | # join(",", aws_route53_zone.name_delegated_public_subdomains.*.name_servers[count.index]) 93 | # )}" 94 | #} 95 | # 96 | #resource "null_resource" "id_delegated_public_subdomains_ns" { 97 | # count = "${local.is_id_delegated ? length(local.public_subdomains) : 0}" 98 | # 99 | # triggers = "${map("key", 100 | # join(",", aws_route53_zone.id_delegated_public_subdomains.*.name_servers[count.index]) 101 | # )}" 102 | #} 103 | # 104 | #resource "null_resource" "undelegated_public_subdomains_ns" { 105 | # count = "${local.is_undelegated ? length(local.public_subdomains) : 0}" 106 | # 107 | # triggers = "${map("key", 108 | # join(",", aws_route53_zone.undelegated_public_subdomains.*.name_servers[count.index]) 109 | # )}" 110 | #} 111 | -------------------------------------------------------------------------------- /redbaron/modules/aws/create-hosted-zone/outputs.tf: -------------------------------------------------------------------------------- 1 | # ------------------------------------------------------------------------------------------------- 2 | # Route53 Delegation Sets 3 | # ------------------------------------------------------------------------------------------------- 4 | 5 | output "created_delegation_set_id" { 6 | description = "The ID of the shared delegation set applied to all zones that has been created by this module if it was specified by name." 7 | value = element(concat(aws_route53_delegation_set.new.*.id, [""]), 0) 8 | } 9 | 10 | output "created_delegation_set_name" { 11 | description = "The name of the shared delegation set applied to all zones that has been created by this module if it was specified by name." 12 | value = element( 13 | concat(aws_route53_delegation_set.new.*.reference_name, [""]), 14 | 0, 15 | ) 16 | } 17 | 18 | output "created_delegation_set_name_servers" { 19 | description = "A list of name servers of the shared delegation set applied to all zones that has been created by this module if it was specified by name." 20 | value = [flatten(aws_route53_delegation_set.new.*.name_servers)] 21 | } 22 | 23 | output "existing_delegation_set_id" { 24 | description = "The ID of the shared delegation set applied to all zones that alreday existed and was specified by its ID." 25 | value = element( 26 | concat(data.aws_route53_delegation_set.existing.*.id, [""]), 27 | 0, 28 | ) 29 | } 30 | 31 | output "existing_delegation_set_name" { 32 | description = "The name of the shared delegation set applied to all zones that alreday existed and was specified by its ID." 33 | value = element( 34 | concat( 35 | data.aws_route53_delegation_set.existing.*.reference_name, 36 | [""], 37 | ), 38 | 0, 39 | ) 40 | } 41 | 42 | output "existing_delegation_set_name_servers" { 43 | description = "A list of name servers of the shared delegation set applied to all zones that alreday existed and was specified by its ID." 44 | value = [flatten(data.aws_route53_delegation_set.existing.*.name_servers)] 45 | } 46 | 47 | # ------------------------------------------------------------------------------------------------- 48 | # Route53 Zone Settings 49 | # ------------------------------------------------------------------------------------------------- 50 | 51 | output "public_zones_delegation_set_id" { 52 | description = "The ID of the shared delegation set applied to all zones that is actually used by the zones." 53 | value = element( 54 | concat( 55 | aws_route53_delegation_set.new.*.id, 56 | data.aws_route53_delegation_set.existing.*.id, 57 | [""], 58 | ), 59 | 0, 60 | ) 61 | } 62 | 63 | output "public_zones" { 64 | description = "List of created public zones." 65 | 66 | value = [ 67 | concat( 68 | aws_route53_zone.name_delegated_public_domains.*.name, 69 | aws_route53_zone.id_delegated_public_domains.*.name, 70 | aws_route53_zone.undelegated_public_domains.*.name, 71 | aws_route53_zone.name_delegated_public_subdomains.*.name, 72 | aws_route53_zone.id_delegated_public_subdomains.*.name, 73 | aws_route53_zone.undelegated_public_subdomains.*.name, 74 | ), 75 | ] 76 | } 77 | 78 | output "public_zones_ids" { 79 | description = "List of zone-id mappings for created public zones." 80 | 81 | value = concat( 82 | formatlist("%v", aws_route53_zone.name_delegated_public_domains.*.id), 83 | formatlist("%v", aws_route53_zone.id_delegated_public_domains.*.id), 84 | formatlist("%v", aws_route53_zone.undelegated_public_domains.*.id), 85 | formatlist("%v", aws_route53_zone.name_delegated_public_subdomains.*.id), 86 | formatlist("%v", aws_route53_zone.id_delegated_public_subdomains.*.id), 87 | formatlist("%v", aws_route53_zone.undelegated_public_subdomains.*.id), 88 | ) 89 | } 90 | 91 | output "name_servers" { 92 | description = "List of NS mappings for created public zones." 93 | 94 | value = concat( 95 | aws_route53_zone.name_delegated_public_domains.*.name_servers, 96 | aws_route53_zone.id_delegated_public_domains.*.name_servers, 97 | aws_route53_zone.undelegated_public_domains.*.name_servers, 98 | aws_route53_zone.name_delegated_public_subdomains.*.name_servers, 99 | aws_route53_zone.id_delegated_public_subdomains.*.name_servers, 100 | aws_route53_zone.undelegated_public_subdomains.*.name_servers, 101 | ) 102 | } 103 | 104 | -------------------------------------------------------------------------------- /redbaron/modules/aws/create-hosted-zone/variables.tf: -------------------------------------------------------------------------------- 1 | # ------------------------------------------------------------------------------------------------- 2 | # Hosted Zone definitions 3 | # ------------------------------------------------------------------------------------------------- 4 | variable "public_hosted_zones" { 5 | description = "List of domains or subdomains for which to create public hosted zones." 6 | type = list(string) 7 | default = [] 8 | } 9 | 10 | variable "delegation_set_name" { 11 | description = "Create a shared delegation set among specefied hosted zones domains if not empty. (nmutually exclusive to 'delegation_set_id')." 12 | default = "" 13 | } 14 | 15 | variable "delegation_set_id" { 16 | description = "Assign specified hosted zones to a delegation set specified by ID if not empty. (mutually exclusive to 'delegation_set_reference_name')." 17 | default = "" 18 | } 19 | 20 | variable "custom_subdomain_ns" { 21 | description = "Hosted zones for subdomains require nameserver to be specified explicitly. You can use this variable to add a list of custom nameserver IP addresses. If left empty it will be populated by four AWS default nameserver." 22 | type = list(string) 23 | default = [] 24 | } 25 | 26 | variable "default_subdomain_ns_ttl" { 27 | description = "Hosted zones for subdomains require nameserver to be specified explicitly. This sets their default TTL." 28 | default = "30" 29 | } 30 | 31 | # ------------------------------------------------------------------------------------------------- 32 | # Resource Tagging/Naming 33 | # ------------------------------------------------------------------------------------------------- 34 | variable "tags" { 35 | description = "The resource tags that should be added to all hosted zone resources." 36 | type = map(string) 37 | default = {} 38 | } 39 | 40 | variable "comment" { 41 | description = "The hosted zone comment that should be added to all hosted zone resources." 42 | default = "Managed by Terraform" 43 | } 44 | 45 | -------------------------------------------------------------------------------- /redbaron/modules/aws/create-hosted-zone/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /redbaron/modules/aws/create-vpc/README.md: -------------------------------------------------------------------------------- 1 | # create-vpc 2 | 3 | Creates a VPC, Subnet, Internet Gateway, Route Table and a Route Table association. 4 | 5 | # Outputs 6 | 7 | | Name | Value Type | Description 8 | |---------------------------| ---------- | ----------- 9 | |`subnet_id` | String | ID of created subnet 10 | |`vpc_id` | String | ID of created VPC 11 | 12 | -------------------------------------------------------------------------------- /redbaron/modules/aws/create-vpc/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_vpc" "default" { 2 | cidr_block = "10.0.0.0/16" 3 | enable_dns_hostnames = true 4 | } 5 | 6 | resource "aws_subnet" "default" { 7 | vpc_id = aws_vpc.default.id 8 | cidr_block = "10.0.0.0/24" 9 | } 10 | 11 | resource "aws_internet_gateway" "default" { 12 | vpc_id = aws_vpc.default.id 13 | } 14 | 15 | resource "aws_route_table" "default" { 16 | vpc_id = aws_vpc.default.id 17 | 18 | route { 19 | cidr_block = "0.0.0.0/0" 20 | gateway_id = aws_internet_gateway.default.id 21 | } 22 | } 23 | 24 | resource "aws_route_table_association" "default" { 25 | subnet_id = aws_subnet.default.id 26 | route_table_id = aws_route_table.default.id 27 | } 28 | 29 | -------------------------------------------------------------------------------- /redbaron/modules/aws/create-vpc/outputs.tf: -------------------------------------------------------------------------------- 1 | output "subnet_id" { 2 | value = aws_subnet.default.id 3 | } 4 | 5 | output "vpc_id" { 6 | value = aws_vpc.default.id 7 | } 8 | 9 | -------------------------------------------------------------------------------- /redbaron/modules/aws/create-vpc/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /redbaron/modules/aws/dns-c2/README.md: -------------------------------------------------------------------------------- 1 | # dns-c2 2 | 3 | Creates a DNS C2 server in AWS. SSH keys for each instance will be outputted to the ssh_keys folder. 4 | 5 | # Arguments 6 | 7 | | Name | Value Type | Description 8 | |---------------------------| ------------ | ----------- 9 | |`subnet_id` | String | Subnet ID to create instance in. 10 | |`vpc_id` | String | ID of VPC to create instance in. 11 | |`counter` | Integer | Number of instances to launch. Defaults to 1. 12 | |`instance_type` | String | Instance type to launch. Defaults to "t2.medium" 13 | |`install` | List(string) | Scripts to run on instance creation. Defaults to "./scripts/core_deps.sh". 14 | |`amis` | Map(string) | The ami which is to be installed (according to the distro specified) 15 | |`user` | String | User to be used to login with SSH (different for each distro on AWS) 16 | 17 | 18 | # Outputs 19 | 20 | | Name | Value Type | Description 21 | |---------------------------| ---------- | ----------- 22 | |`ips` | List | IPs of created instances. 23 | -------------------------------------------------------------------------------- /redbaron/modules/aws/dns-c2/main.tf: -------------------------------------------------------------------------------- 1 | data "aws_region" "current" { 2 | } 3 | 4 | resource "random_id" "server" { 5 | count = var.counter 6 | byte_length = 4 7 | } 8 | 9 | resource "tls_private_key" "ssh" { 10 | count = var.counter 11 | algorithm = "RSA" 12 | rsa_bits = 4096 13 | } 14 | 15 | resource "aws_key_pair" "dns-c2" { 16 | count = var.counter 17 | key_name = "dns-c2-key-${random_id.server[count.index].hex}" 18 | public_key = tls_private_key.ssh[count.index].public_key_openssh 19 | } 20 | 21 | resource "aws_instance" "dns-c2" { 22 | count = var.counter 23 | 24 | tags = { 25 | Name = "dns-c2-${random_id.server[count.index].hex}" 26 | } 27 | 28 | ami = var.amis[data.aws_region.current.name] 29 | instance_type = var.instance_type 30 | key_name = aws_key_pair.dns-c2[count.index].key_name 31 | vpc_security_group_ids = [aws_security_group.dns-c2[count.index].id] 32 | subnet_id = var.subnet_id 33 | associate_public_ip_address = true 34 | 35 | provisioner "remote-exec" { 36 | scripts = concat(["../../redbaron/data/scripts/core_deps.sh"], var.install) 37 | 38 | connection { 39 | host = coalesce(self.public_ip, self.private_ip) 40 | type = "ssh" 41 | user = var.user 42 | private_key = tls_private_key.ssh[count.index].private_key_pem 43 | } 44 | } 45 | 46 | provisioner "local-exec" { 47 | command = "echo \"${tls_private_key.ssh[count.index].private_key_pem}\" > ssh_keys/${self.public_ip} && echo \"${tls_private_key.ssh[count.index].public_key_openssh}\" > ssh_keys/${self.public_ip}.pub && chmod 600 ssh_keys/*" 48 | } 49 | 50 | provisioner "local-exec" { 51 | when = destroy 52 | command = "rm ssh_keys/${self.public_ip}*" 53 | } 54 | } 55 | 56 | data "template_file" "ssh_config" { 57 | count = var.counter 58 | 59 | template = file("../../redbaron/data/templates/ssh_config.tpl") 60 | 61 | depends_on = [aws_instance.dns-c2] 62 | 63 | vars = { 64 | name = "dns_c2_${aws_instance.dns-c2[count.index].public_ip}" 65 | hostname = aws_instance.dns-c2[count.index].public_ip 66 | user = var.user 67 | identityfile = "${abspath(path.root)}/ssh_keys/${aws_instance.dns-c2[count.index].public_ip}" 68 | } 69 | } 70 | 71 | resource "null_resource" "gen_ssh_config" { 72 | count = var.counter 73 | 74 | triggers = { 75 | template_rendered = data.template_file.ssh_config[count.index].rendered 76 | } 77 | 78 | provisioner "local-exec" { 79 | command = "echo '${data.template_file.ssh_config[count.index].rendered}' > ssh_configs/config_${random_id.server[count.index].hex}" 80 | } 81 | 82 | provisioner "local-exec" { 83 | when = destroy 84 | command = "rm ssh_configs/config_${random_id.server[count.index].hex}" 85 | } 86 | } 87 | 88 | -------------------------------------------------------------------------------- /redbaron/modules/aws/dns-c2/outputs.tf: -------------------------------------------------------------------------------- 1 | output "ips" { 2 | value = [aws_instance.dns-c2.*.public_ip] 3 | } 4 | 5 | -------------------------------------------------------------------------------- /redbaron/modules/aws/dns-c2/security_group.tf: -------------------------------------------------------------------------------- 1 | data "external" "get_public_ip" { 2 | program = ["bash", "../../redbaron/data/scripts/get_public_ip.sh"] 3 | } 4 | 5 | resource "aws_security_group" "dns-c2" { 6 | count = var.counter 7 | 8 | name = "dns-c2-${random_id.server[count.index].hex}" 9 | description = "Security group created by Red Baron" 10 | vpc_id = var.vpc_id 11 | 12 | ingress { 13 | from_port = 22 14 | to_port = 22 15 | protocol = "tcp" 16 | cidr_blocks = ["${data.external.get_public_ip.result["ip"]}/32"] 17 | } 18 | ingress { # rule for covenant admin panel 19 | from_port = 7443 20 | to_port = 7443 21 | protocol = "tcp" 22 | cidr_blocks = ["${data.external.get_public_ip.result["ip"]}/32"] 23 | } 24 | ingress { 25 | from_port = 53 26 | to_port = 53 27 | protocol = "udp" 28 | cidr_blocks = ["0.0.0.0/0"] 29 | } 30 | ingress { 31 | from_port = 60000 32 | to_port = 61000 33 | protocol = "udp" 34 | cidr_blocks = ["0.0.0.0/0"] 35 | } 36 | egress { 37 | from_port = 53 38 | to_port = 53 39 | protocol = "udp" 40 | cidr_blocks = ["0.0.0.0/0"] 41 | } 42 | egress { 43 | from_port = 80 44 | to_port = 80 45 | protocol = "tcp" 46 | cidr_blocks = ["0.0.0.0/0"] 47 | } 48 | egress { 49 | from_port = 443 50 | to_port = 443 51 | protocol = "tcp" 52 | cidr_blocks = ["0.0.0.0/0"] 53 | } 54 | } 55 | 56 | -------------------------------------------------------------------------------- /redbaron/modules/aws/dns-c2/variables.tf: -------------------------------------------------------------------------------- 1 | variable "subnet_id" { 2 | } 3 | 4 | variable "vpc_id" { 5 | } 6 | 7 | variable "counter" { 8 | default = 1 9 | } 10 | 11 | variable "instance_type" { 12 | default = "t2.medium" 13 | } 14 | 15 | variable "install" { 16 | type = list(string) 17 | default = [] 18 | } 19 | 20 | variable "amis" { 21 | type = map(string) 22 | default = { 23 | // Taken from https://wiki.debian.org/Cloud/AmazonEC2Image/Stretch 24 | "ap-northeast-1" = "ami-b6b568d0" 25 | "ap-northeast-2" = "ami-b7479dd9" 26 | "ap-south-1" = "ami-02aded6d" 27 | "ap-southeast-1" = "ami-d76019b4" 28 | "ap-southeast-2" = "ami-8359bae1" 29 | "ca-central-1" = "ami-3709b053" 30 | "eu-central-1" = "ami-8bb70be4" 31 | "eu-west-1" = "ami-ce76a7b7" 32 | "eu-west-2" = "ami-a6f9ebc2" 33 | "sa-east-1" = "ami-f5c7b899" 34 | "us-east-1" = "ami-71b7750b" 35 | "us-east-2" = "ami-dab895bf" 36 | "us-west-1" = "ami-58eedd38" 37 | "us-west-2" = "ami-c032f6b8" 38 | } 39 | } 40 | 41 | variable "user" { 42 | default = "admin" 43 | } 44 | 45 | -------------------------------------------------------------------------------- /redbaron/modules/aws/dns-c2/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /redbaron/modules/aws/dns-local-rdir/README.md: -------------------------------------------------------------------------------- 1 | # dns-rdir 2 | 3 | Creates a DNS Redirector server in AWS. SSH keys for each instance will be outputted to the ssh_keys folder. The redirector points to an internal server of choice using the autossh tool. 4 | 5 | # Arguments 6 | 7 | | Name | Value Type | Description 8 | |---------------------------| ---------- | ----------- 9 | |`subnet_id` | String | Subnet ID to create instance in. 10 | |`vpc_id` | String | ID of VPC to create instance in. 11 | |`redirect_to` | List(string) | List of IPs to redirect DNS traffic to. 12 | |`counter` | Integer | Number of instances to launch. Defaults to 1. 13 | |`instance_type` | String | Instance type to launch. Defaults to "t2.medium" 14 | |`amis` | Map(string) | The ami which is to be installed (according to the distro specified) 15 | 16 | # Outputs 17 | 18 | | Name | Value Type | Description 19 | |---------------------------| ---------- | ----------- 20 | |`ips` | List | IPs of created instances. 21 | -------------------------------------------------------------------------------- /redbaron/modules/aws/dns-local-rdir/main.tf: -------------------------------------------------------------------------------- 1 | data "aws_region" "current" { 2 | } 3 | 4 | resource "random_id" "server" { 5 | count = var.counter 6 | byte_length = 4 7 | } 8 | 9 | resource "tls_private_key" "ssh" { 10 | count = var.counter 11 | algorithm = "RSA" 12 | rsa_bits = 4096 13 | } 14 | 15 | resource "aws_key_pair" "dns-rdir" { 16 | count = var.counter 17 | key_name = "dns-rdir-key-${random_id.server[count.index].hex}" 18 | public_key = tls_private_key.ssh[count.index].public_key_openssh 19 | } 20 | 21 | resource "aws_instance" "dns-rdir" { 22 | count = var.counter 23 | 24 | tags = { 25 | Name = "dns-rdir-${random_id.server[count.index].hex}" 26 | } 27 | 28 | ami = var.amis[data.aws_region.current.name] 29 | instance_type = var.instance_type 30 | key_name = aws_key_pair.dns-rdir[count.index].key_name 31 | vpc_security_group_ids = [aws_security_group.dns-rdir[count.index].id] 32 | subnet_id = var.subnet_id 33 | associate_public_ip_address = true 34 | 35 | provisioner "remote-exec" { 36 | inline = [ 37 | "sudo apt-get update", 38 | "sudo apt-get install -y tmux socat", 39 | "tmux new -d \"sudo socat udp4-LISTEN:53,fork tcp4:localhost:2222\"", 40 | ] 41 | 42 | connection { 43 | host = coalesce(self.public_ip, self.private_ip) 44 | type = "ssh" 45 | user = "admin" 46 | private_key = tls_private_key.ssh[count.index].private_key_pem 47 | } 48 | } 49 | 50 | provisioner "local-exec" { 51 | command = "echo \"${tls_private_key.ssh[count.index].private_key_pem}\" > ssh_keys/${self.public_ip} && echo \"${tls_private_key.ssh[count.index].public_key_openssh}\" > ssh_keys/${self.public_ip}.pub && chmod 600 ssh_keys/*" 52 | } 53 | 54 | provisioner "local-exec" { 55 | when = destroy 56 | command = "rm ssh_keys/${self.public_ip}*" 57 | } 58 | } 59 | 60 | data "template_file" "ssh_config" { 61 | count = var.counter 62 | 63 | template = file("../../redbaron/data/templates/ssh_config.tpl") 64 | 65 | depends_on = [aws_instance.dns-rdir] 66 | 67 | vars = { 68 | name = "dns_rdir_${aws_instance.dns-rdir[count.index].public_ip}" 69 | hostname = aws_instance.dns-rdir[count.index].public_ip 70 | user = "admin" 71 | identityfile = "${abspath(path.root)}/ssh_keys/${aws_instance.dns-rdir[count.index].public_ip}" 72 | } 73 | } 74 | 75 | resource "null_resource" "gen_ssh_config" { 76 | count = var.counter 77 | 78 | triggers = { 79 | template_rendered = data.template_file.ssh_config[count.index].rendered 80 | } 81 | 82 | provisioner "local-exec" { 83 | command = "echo '${data.template_file.ssh_config[count.index].rendered}' > ssh_configs/config_${random_id.server[count.index].hex}" 84 | } 85 | 86 | provisioner "local-exec" { 87 | when = destroy 88 | command = "rm ssh_configs/config_${random_id.server[count.index].hex}" 89 | } 90 | } 91 | 92 | -------------------------------------------------------------------------------- /redbaron/modules/aws/dns-local-rdir/outputs.tf: -------------------------------------------------------------------------------- 1 | output "ips" { 2 | value = [aws_instance.dns-rdir.*.public_ip] 3 | } 4 | 5 | -------------------------------------------------------------------------------- /redbaron/modules/aws/dns-local-rdir/security_group.tf: -------------------------------------------------------------------------------- 1 | data "external" "get_public_ip" { 2 | program = ["bash", "../../redbaron/data/scripts/get_public_ip.sh"] 3 | } 4 | 5 | resource "aws_security_group" "dns-rdir" { 6 | count = var.counter 7 | 8 | name = "dns-rdir-${random_id.server[count.index].hex}" 9 | description = "Security group created by Red Baron" 10 | vpc_id = var.vpc_id 11 | 12 | ingress { 13 | from_port = 22 14 | to_port = 22 15 | protocol = "tcp" 16 | cidr_blocks = ["${data.external.get_public_ip.result["ip"]}/32"] 17 | } 18 | ingress { 19 | from_port = 53 20 | to_port = 53 21 | protocol = "udp" 22 | cidr_blocks = ["0.0.0.0/0"] 23 | } 24 | ingress { 25 | from_port = 60000 26 | to_port = 61000 27 | protocol = "udp" 28 | cidr_blocks = ["0.0.0.0/0"] 29 | } 30 | egress { 31 | from_port = 53 32 | to_port = 53 33 | protocol = "udp" 34 | cidr_blocks = ["0.0.0.0/0"] 35 | } 36 | egress { 37 | from_port = 80 38 | to_port = 80 39 | protocol = "tcp" 40 | cidr_blocks = ["0.0.0.0/0"] 41 | } 42 | egress { 43 | from_port = 443 44 | to_port = 443 45 | protocol = "tcp" 46 | cidr_blocks = ["0.0.0.0/0"] 47 | } 48 | } 49 | 50 | -------------------------------------------------------------------------------- /redbaron/modules/aws/dns-local-rdir/variables.tf: -------------------------------------------------------------------------------- 1 | variable "subnet_id" { 2 | } 3 | 4 | variable "vpc_id" { 5 | } 6 | 7 | variable "redirect_to" { 8 | type = list(string) 9 | } 10 | 11 | variable "counter" { 12 | default = 1 13 | } 14 | 15 | variable "instance_type" { 16 | default = "t2.medium" 17 | } 18 | 19 | variable "amis" { 20 | type = map(string) 21 | default = { 22 | // Taken from https://wiki.debian.org/Cloud/AmazonEC2Image/Stretch 23 | "ap-northeast-1" = "ami-b6b568d0" 24 | "ap-northeast-2" = "ami-b7479dd9" 25 | "ap-south-1" = "ami-02aded6d" 26 | "ap-southeast-1" = "ami-d76019b4" 27 | "ap-southeast-2" = "ami-8359bae1" 28 | "ca-central-1" = "ami-3709b053" 29 | "eu-central-1" = "ami-8bb70be4" 30 | "eu-west-1" = "ami-ce76a7b7" 31 | "eu-west-2" = "ami-a6f9ebc2" 32 | "sa-east-1" = "ami-f5c7b899" 33 | "us-east-1" = "ami-71b7750b" 34 | "us-east-2" = "ami-dab895bf" 35 | "us-west-1" = "ami-58eedd38" 36 | "us-west-2" = "ami-c032f6b8" 37 | } 38 | } 39 | 40 | -------------------------------------------------------------------------------- /redbaron/modules/aws/dns-local-rdir/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /redbaron/modules/aws/dns-rdir/README.md: -------------------------------------------------------------------------------- 1 | # dns-rdir 2 | 3 | Creates a DNS Redirector server in AWS. SSH keys for each instance will be outputted to the ssh_keys folder. 4 | 5 | # Arguments 6 | 7 | | Name | Value Type | Description 8 | |---------------------------| ---------- | ----------- 9 | |`subnet_id` | String | Subnet ID to create instance in. 10 | |`vpc_id` | String | ID of VPC to create instance in. 11 | |`redirect_to` | List(string) | List of IPs to redirect DNS traffic to. 12 | |`counter` | Integer | Number of instances to launch. Defaults to 1. 13 | |`instance_type` | String | Instance type to launch. Defaults to "t2.medium" 14 | |`amis` | Map(string) | The ami which is to be installed (according to the distro specified) 15 | 16 | # Outputs 17 | 18 | | Name | Value Type | Description 19 | |---------------------------| ---------- | ----------- 20 | |`ips` | List | IPs of created instances. 21 | -------------------------------------------------------------------------------- /redbaron/modules/aws/dns-rdir/main.tf: -------------------------------------------------------------------------------- 1 | data "aws_region" "current" { 2 | } 3 | 4 | resource "random_id" "server" { 5 | count = var.counter 6 | byte_length = 4 7 | } 8 | 9 | resource "tls_private_key" "ssh" { 10 | count = var.counter 11 | algorithm = "RSA" 12 | rsa_bits = 4096 13 | } 14 | 15 | resource "aws_key_pair" "dns-rdir" { 16 | count = var.counter 17 | key_name = "dns-rdir-key-${random_id.server[count.index].hex}" 18 | public_key = tls_private_key.ssh[count.index].public_key_openssh 19 | } 20 | 21 | resource "aws_instance" "dns-rdir" { 22 | count = var.counter 23 | 24 | tags = { 25 | Name = "dns-rdir-${random_id.server[count.index].hex}" 26 | } 27 | 28 | ami = var.amis[data.aws_region.current.name] 29 | instance_type = var.instance_type 30 | key_name = aws_key_pair.dns-rdir[count.index].key_name 31 | vpc_security_group_ids = [aws_security_group.dns-rdir[count.index].id] 32 | subnet_id = var.subnet_id 33 | associate_public_ip_address = true 34 | 35 | provisioner "remote-exec" { 36 | inline = [ 37 | "sudo apt-get update", 38 | "sudo apt-get install -y tmux socat", 39 | "tmux new -d \"sudo socat udp4-recvfrom:53,reuseaddr,fork udp4-sendto:${element(var.redirect_to, count.index)}:53\"", 40 | ] 41 | 42 | connection { 43 | host = coalesce(self.public_ip, self.private_ip) 44 | type = "ssh" 45 | user = "admin" 46 | private_key = tls_private_key.ssh[count.index].private_key_pem 47 | } 48 | } 49 | 50 | provisioner "local-exec" { 51 | command = "echo \"${tls_private_key.ssh[count.index].private_key_pem}\" > ssh_keys/${self.public_ip} && echo \"${tls_private_key.ssh[count.index].public_key_openssh}\" > ssh_keys/${self.public_ip}.pub && chmod 600 ssh_keys/*" 52 | } 53 | 54 | provisioner "local-exec" { 55 | when = destroy 56 | command = "rm ssh_keys/${self.public_ip}*" 57 | } 58 | } 59 | 60 | data "template_file" "ssh_config" { 61 | count = var.counter 62 | 63 | template = file("../../redbaron/data/templates/ssh_config.tpl") 64 | 65 | depends_on = [aws_instance.dns-rdir] 66 | 67 | vars = { 68 | name = "dns_rdir_${aws_instance.dns-rdir[count.index].public_ip}" 69 | hostname = aws_instance.dns-rdir[count.index].public_ip 70 | user = "admin" 71 | identityfile = "${abspath(path.root)}/ssh_keys/${aws_instance.dns-rdir[count.index].public_ip}" 72 | } 73 | } 74 | 75 | resource "null_resource" "gen_ssh_config" { 76 | count = var.counter 77 | 78 | triggers = { 79 | template_rendered = data.template_file.ssh_config[count.index].rendered 80 | } 81 | 82 | provisioner "local-exec" { 83 | command = "echo '${data.template_file.ssh_config[count.index].rendered}' > ssh_configs/config_${random_id.server[count.index].hex}" 84 | } 85 | 86 | provisioner "local-exec" { 87 | when = destroy 88 | command = "rm ssh_configs/config_${random_id.server[count.index].hex}" 89 | } 90 | } 91 | 92 | -------------------------------------------------------------------------------- /redbaron/modules/aws/dns-rdir/outputs.tf: -------------------------------------------------------------------------------- 1 | output "ips" { 2 | value = [aws_instance.dns-rdir.*.public_ip] 3 | } 4 | -------------------------------------------------------------------------------- /redbaron/modules/aws/dns-rdir/security_group.tf: -------------------------------------------------------------------------------- 1 | data "external" "get_public_ip" { 2 | program = ["bash", "../../redbaron/data/scripts/get_public_ip.sh"] 3 | } 4 | 5 | resource "aws_security_group" "dns-rdir" { 6 | count = var.counter 7 | 8 | name = "dns-rdir-${random_id.server[count.index].hex}" 9 | description = "Security group created by Red Baron" 10 | vpc_id = var.vpc_id 11 | 12 | ingress { 13 | from_port = 22 14 | to_port = 22 15 | protocol = "tcp" 16 | cidr_blocks = ["${data.external.get_public_ip.result["ip"]}/32"] 17 | } 18 | ingress { 19 | from_port = 53 20 | to_port = 53 21 | protocol = "udp" 22 | cidr_blocks = ["0.0.0.0/0"] 23 | } 24 | ingress { 25 | from_port = 60000 26 | to_port = 61000 27 | protocol = "udp" 28 | cidr_blocks = ["0.0.0.0/0"] 29 | } 30 | egress { 31 | from_port = 53 32 | to_port = 53 33 | protocol = "udp" 34 | cidr_blocks = ["0.0.0.0/0"] 35 | } 36 | egress { 37 | from_port = 80 38 | to_port = 80 39 | protocol = "tcp" 40 | cidr_blocks = ["0.0.0.0/0"] 41 | } 42 | egress { 43 | from_port = 443 44 | to_port = 443 45 | protocol = "tcp" 46 | cidr_blocks = ["0.0.0.0/0"] 47 | } 48 | } 49 | 50 | -------------------------------------------------------------------------------- /redbaron/modules/aws/dns-rdir/variables.tf: -------------------------------------------------------------------------------- 1 | variable "subnet_id" { 2 | } 3 | 4 | variable "vpc_id" { 5 | } 6 | 7 | variable "redirect_to" { 8 | type = list(string) 9 | } 10 | 11 | variable "counter" { 12 | default = 1 13 | } 14 | 15 | variable "instance_type" { 16 | default = "t2.medium" 17 | } 18 | 19 | variable "amis" { 20 | type = map(string) 21 | default = { 22 | // Taken from https://wiki.debian.org/Cloud/AmazonEC2Image/Stretch 23 | "ap-northeast-1" = "ami-b6b568d0" 24 | "ap-northeast-2" = "ami-b7479dd9" 25 | "ap-south-1" = "ami-02aded6d" 26 | "ap-southeast-1" = "ami-d76019b4" 27 | "ap-southeast-2" = "ami-8359bae1" 28 | "ca-central-1" = "ami-3709b053" 29 | "eu-central-1" = "ami-8bb70be4" 30 | "eu-west-1" = "ami-ce76a7b7" 31 | "eu-west-2" = "ami-a6f9ebc2" 32 | "sa-east-1" = "ami-f5c7b899" 33 | "us-east-1" = "ami-71b7750b" 34 | "us-east-2" = "ami-dab895bf" 35 | "us-west-1" = "ami-58eedd38" 36 | "us-west-2" = "ami-c032f6b8" 37 | } 38 | } 39 | 40 | -------------------------------------------------------------------------------- /redbaron/modules/aws/dns-rdir/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /redbaron/modules/aws/http-c2/README.md: -------------------------------------------------------------------------------- 1 | # http-c2 2 | 3 | Creates a HTTP C2 server in AWS. SSH keys for each instance will be outputted to the ssh_keys folder. 4 | 5 | # Arguments 6 | 7 | | Name | Value Type | Description 8 | |---------------------------| ------------ | ----------- 9 | |`subnet_id` | String | Subnet ID to create instance in. 10 | |`vpc_id` | String | ID of VPC to create instance in. 11 | |`counter` | Integer | Number of instances to launch. Defaults to 1. 12 | |`instance_type` | String | Instance type to launch. Defaults to "t2.medium" 13 | |`install` | List(string) | Scripts to run on instance creation. Defaults to "./scripts/core_deps.sh". 14 | |`amis` | Map(string) | The ami which is to be installed (according to the distro specified) 15 | |`user` | String | User to be used to login with SSH (different for each distro on AWS) 16 | 17 | # Outputs 18 | 19 | | Name | Value Type | Description 20 | |---------------------------| ---------- | ----------- 21 | |`ips` | List | IPs of created instances. 22 | -------------------------------------------------------------------------------- /redbaron/modules/aws/http-c2/main.tf: -------------------------------------------------------------------------------- 1 | data "aws_region" "current" { 2 | } 3 | 4 | resource "random_id" "server" { 5 | count = var.counter 6 | byte_length = 4 7 | } 8 | 9 | resource "tls_private_key" "ssh" { 10 | count = var.counter 11 | algorithm = "RSA" 12 | rsa_bits = 4096 13 | } 14 | 15 | resource "aws_key_pair" "http-c2" { 16 | count = var.counter 17 | key_name = "http-c2-key-${random_id.server[count.index].hex}" 18 | public_key = tls_private_key.ssh[count.index].public_key_openssh 19 | } 20 | 21 | resource "aws_instance" "http-c2" { 22 | // Currently, variables in provider fields are not supported :( 23 | // This severely limits our ability to spin up instances in diffrent regions 24 | // https://github.com/hashicorp/terraform/issues/11578 25 | 26 | //provider = "aws.${element(var.regions, count.index)}" 27 | 28 | count = var.counter 29 | 30 | tags = { 31 | Name = "http-c2-${random_id.server[count.index].hex}" 32 | } 33 | 34 | ami = var.amis[data.aws_region.current.name] 35 | instance_type = var.instance_type 36 | key_name = aws_key_pair.http-c2[count.index].key_name 37 | vpc_security_group_ids = [aws_security_group.http-c2[count.index].id] 38 | subnet_id = var.subnet_id 39 | associate_public_ip_address = true 40 | 41 | provisioner "remote-exec" { 42 | scripts = concat(["../../redbaron/data/scripts/core_deps.sh"], var.install) 43 | 44 | connection { 45 | host = coalesce(self.public_ip, self.private_ip) 46 | type = "ssh" 47 | user = var.user 48 | private_key = tls_private_key.ssh[count.index].private_key_pem 49 | } 50 | } 51 | 52 | provisioner "local-exec" { 53 | command = "echo \"${tls_private_key.ssh[count.index].private_key_pem}\" > ssh_keys/${self.public_ip} && echo \"${tls_private_key.ssh[count.index].public_key_openssh}\" > ssh_keys/${self.public_ip}.pub && chmod 600 ssh_keys/*" 54 | } 55 | 56 | provisioner "local-exec" { 57 | when = destroy 58 | command = "rm ssh_keys/${self.public_ip}*" 59 | } 60 | } 61 | 62 | data "template_file" "ssh_config" { 63 | count = var.counter 64 | 65 | template = file("../../redbaron/data/templates/ssh_config.tpl") 66 | 67 | depends_on = [aws_instance.http-c2] 68 | 69 | vars = { 70 | name = "http_c2_${aws_instance.http-c2[count.index].public_ip}" 71 | hostname = aws_instance.http-c2[count.index].public_ip 72 | user = var.user 73 | identityfile = "${abspath(path.root)}/ssh_keys/${aws_instance.http-c2[count.index].public_ip}" 74 | } 75 | } 76 | 77 | resource "null_resource" "gen_ssh_config" { 78 | count = var.counter 79 | 80 | triggers = { 81 | template_rendered = data.template_file.ssh_config[count.index].rendered 82 | } 83 | 84 | provisioner "local-exec" { 85 | command = "echo '${data.template_file.ssh_config[count.index].rendered}' > ssh_configs/config_${random_id.server[count.index].hex}" 86 | } 87 | 88 | provisioner "local-exec" { 89 | when = destroy 90 | command = "rm ssh_configs/config_${random_id.server[count.index].hex}" 91 | } 92 | } 93 | 94 | -------------------------------------------------------------------------------- /redbaron/modules/aws/http-c2/outputs.tf: -------------------------------------------------------------------------------- 1 | output "ips" { 2 | value = [aws_instance.http-c2.*.public_ip] 3 | } 4 | 5 | -------------------------------------------------------------------------------- /redbaron/modules/aws/http-c2/security_group.tf: -------------------------------------------------------------------------------- 1 | data "external" "get_public_ip" { 2 | program = ["bash", "../../redbaron/data/scripts/get_public_ip.sh"] 3 | } 4 | 5 | resource "aws_security_group" "http-c2" { 6 | count = var.counter 7 | 8 | name = "http-c2-${random_id.server[count.index].hex}" 9 | description = "Security group created by Red Baron" 10 | vpc_id = var.vpc_id 11 | 12 | ingress { 13 | from_port = 22 14 | to_port = 22 15 | protocol = "tcp" 16 | cidr_blocks = ["${data.external.get_public_ip.result["ip"]}/32"] 17 | } 18 | ingress { # rule for covenant admin panel 19 | from_port = 7443 20 | to_port = 7443 21 | protocol = "tcp" 22 | cidr_blocks = ["${data.external.get_public_ip.result["ip"]}/32"] 23 | } 24 | ingress { # rule for cobaltstrike 25 | from_port = 50050 26 | to_port = 50050 27 | protocol = "tcp" 28 | cidr_blocks = ["${data.external.get_public_ip.result["ip"]}/32"] 29 | } 30 | ingress { 31 | from_port = 80 32 | to_port = 80 33 | protocol = "tcp" 34 | cidr_blocks = ["0.0.0.0/0"] 35 | } 36 | ingress { 37 | from_port = 443 38 | to_port = 443 39 | protocol = "tcp" 40 | cidr_blocks = ["0.0.0.0/0"] 41 | } 42 | ingress { 43 | from_port = 60000 44 | to_port = 61000 45 | protocol = "udp" 46 | cidr_blocks = ["0.0.0.0/0"] 47 | } 48 | egress { 49 | from_port = 53 50 | to_port = 53 51 | protocol = "udp" 52 | cidr_blocks = ["0.0.0.0/0"] 53 | } 54 | egress { 55 | from_port = 80 56 | to_port = 80 57 | protocol = "tcp" 58 | cidr_blocks = ["0.0.0.0/0"] 59 | } 60 | egress { 61 | from_port = 443 62 | to_port = 443 63 | protocol = "tcp" 64 | cidr_blocks = ["0.0.0.0/0"] 65 | } 66 | } 67 | 68 | -------------------------------------------------------------------------------- /redbaron/modules/aws/http-c2/variables.tf: -------------------------------------------------------------------------------- 1 | variable "subnet_id" { 2 | } 3 | 4 | variable "vpc_id" { 5 | } 6 | 7 | variable "counter" { 8 | default = 1 9 | } 10 | 11 | variable "instance_type" { 12 | default = "t2.medium" 13 | } 14 | 15 | variable "install" { 16 | type = list(string) 17 | default = [] 18 | } 19 | 20 | variable "amis" { 21 | type = map(string) 22 | default = { 23 | // Taken from https://wiki.debian.org/Cloud/AmazonEC2Image/Stretch 24 | "ap-northeast-1" = "ami-b6b568d0" 25 | "ap-northeast-2" = "ami-b7479dd9" 26 | "ap-south-1" = "ami-02aded6d" 27 | "ap-southeast-1" = "ami-d76019b4" 28 | "ap-southeast-2" = "ami-8359bae1" 29 | "ca-central-1" = "ami-3709b053" 30 | "eu-central-1" = "ami-8bb70be4" 31 | "eu-west-1" = "ami-ce76a7b7" 32 | "eu-west-2" = "ami-a6f9ebc2" 33 | "sa-east-1" = "ami-f5c7b899" 34 | "us-east-1" = "ami-71b7750b" 35 | "us-east-2" = "ami-dab895bf" 36 | "us-west-1" = "ami-58eedd38" 37 | "us-west-2" = "ami-c032f6b8" 38 | } 39 | } 40 | 41 | variable "user" { 42 | default = "admin" 43 | } 44 | 45 | -------------------------------------------------------------------------------- /redbaron/modules/aws/http-c2/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /redbaron/modules/aws/http-rdir/README.md: -------------------------------------------------------------------------------- 1 | # http-rdir 2 | 3 | Creates a HTTP Redirector server in AWS. SSH keys for each instance will be outputted to the ssh_keys folder. 4 | 5 | # Arguments 6 | 7 | | Name | Value Type | Description 8 | |---------------------------| ---------- | ----------- 9 | |`subnet_id` | String | Subnet ID to create instance in. 10 | |`vpc_id` | String | ID of VPC to create instance in. 11 | |`redirect_to` | List(string) | List of IPs to redirect DNS traffic to. 12 | |`counter` | Integer | Number of instances to launch. Defaults to 1. 13 | |`instance_type` | String | Instance type to launch. Defaults to "t2.medium" 14 | |`amis` | Map(string) | The ami which is to be installed (according to the distro specified) 15 | 16 | # Outputs 17 | 18 | | Name | Value Type | Description 19 | |---------------------------| ---------- | ----------- 20 | |`ips` | List | IPs of created instances. 21 | -------------------------------------------------------------------------------- /redbaron/modules/aws/http-rdir/main.tf: -------------------------------------------------------------------------------- 1 | data "aws_region" "current" { 2 | } 3 | 4 | resource "random_id" "server" { 5 | count = var.counter 6 | byte_length = 4 7 | } 8 | 9 | resource "tls_private_key" "ssh" { 10 | count = var.counter 11 | algorithm = "RSA" 12 | rsa_bits = 4096 13 | } 14 | 15 | resource "aws_key_pair" "http-rdir" { 16 | count = var.counter 17 | key_name = "http-rdir-key-${random_id.server[count.index].hex}" 18 | public_key = tls_private_key.ssh[count.index].public_key_openssh 19 | } 20 | 21 | resource "aws_instance" "http-rdir" { 22 | count = var.counter 23 | 24 | tags = { 25 | Name = "http-rdir-${random_id.server[count.index].hex}" 26 | } 27 | 28 | ami = var.amis[data.aws_region.current.name] 29 | instance_type = var.instance_type 30 | key_name = aws_key_pair.http-rdir[count.index].key_name 31 | vpc_security_group_ids = [aws_security_group.http-rdir[count.index].id] 32 | subnet_id = var.subnet_id 33 | associate_public_ip_address = true 34 | 35 | provisioner "remote-exec" { 36 | inline = [ 37 | "sudo apt-get update", 38 | "sudo apt-get install -y tmux socat apache2 certbot python3-certbot-apache", 39 | "sudo a2enmod rewrite proxy proxy_http ssl", 40 | "sudo systemctl stop apache2", 41 | "tmux new -d \"sudo socat TCP4-LISTEN:80,fork TCP4:${element(var.redirect_to, count.index)}:${var.http-port}\" ';' split \"sudo socat TCP4-LISTEN:443,fork TCP4:${element(var.redirect_to, count.index)}:${var.https-port}\"", 42 | ] 43 | 44 | connection { 45 | host = coalesce(self.public_ip, self.private_ip) 46 | type = "ssh" 47 | user = "admin" 48 | private_key = tls_private_key.ssh[count.index].private_key_pem 49 | } 50 | } 51 | 52 | provisioner "local-exec" { 53 | command = "echo \"${tls_private_key.ssh[count.index].private_key_pem}\" > ssh_keys/${self.public_ip} && echo \"${tls_private_key.ssh[count.index].public_key_openssh}\" > ssh_keys/${self.public_ip}.pub && chmod 600 ssh_keys/*" 54 | } 55 | 56 | provisioner "local-exec" { 57 | when = destroy 58 | command = "rm ssh_keys/${self.public_ip}*" 59 | } 60 | } 61 | 62 | data "template_file" "ssh_config" { 63 | count = var.counter 64 | 65 | template = file("../../redbaron/data/templates/ssh_config.tpl") 66 | 67 | depends_on = [aws_instance.http-rdir] 68 | 69 | vars = { 70 | name = "dns_rdir_${aws_instance.http-rdir[count.index].public_ip}" 71 | hostname = aws_instance.http-rdir[count.index].public_ip 72 | user = "admin" 73 | identityfile = "${abspath(path.root)}/ssh_keys/${aws_instance.http-rdir[count.index].public_ip}" 74 | } 75 | } 76 | 77 | resource "null_resource" "gen_ssh_config" { 78 | count = var.counter 79 | 80 | triggers = { 81 | template_rendered = data.template_file.ssh_config[count.index].rendered 82 | } 83 | 84 | provisioner "local-exec" { 85 | command = "echo '${data.template_file.ssh_config[count.index].rendered}' > ssh_configs/config_${random_id.server[count.index].hex}" 86 | } 87 | 88 | provisioner "local-exec" { 89 | when = destroy 90 | command = "rm ssh_configs/config_${random_id.server[count.index].hex}" 91 | } 92 | } 93 | 94 | -------------------------------------------------------------------------------- /redbaron/modules/aws/http-rdir/outputs.tf: -------------------------------------------------------------------------------- 1 | output "ips" { 2 | value = [aws_instance.http-rdir.*.public_ip] 3 | } 4 | 5 | -------------------------------------------------------------------------------- /redbaron/modules/aws/http-rdir/security_group.tf: -------------------------------------------------------------------------------- 1 | data "external" "get_public_ip" { 2 | program = ["bash", "../../redbaron/data/scripts/get_public_ip.sh"] 3 | } 4 | 5 | resource "aws_security_group" "http-rdir" { 6 | count = var.counter 7 | # name = "${random_string.name_sg.result}" 8 | name = "http-c2-rdir-${random_id.server[count.index].hex}" 9 | description = "Security group created by Red Baron" 10 | vpc_id = var.vpc_id 11 | 12 | ingress { 13 | from_port = 22 14 | to_port = 22 15 | protocol = "tcp" 16 | cidr_blocks = ["${data.external.get_public_ip.result["ip"]}/32"] 17 | } 18 | ingress { 19 | from_port = 80 20 | to_port = 80 21 | protocol = "tcp" 22 | cidr_blocks = ["0.0.0.0/0"] 23 | } 24 | ingress { 25 | from_port = 443 26 | to_port = 443 27 | protocol = "tcp" 28 | cidr_blocks = ["0.0.0.0/0"] 29 | } 30 | ingress { 31 | from_port = 60000 32 | to_port = 61000 33 | protocol = "udp" 34 | cidr_blocks = ["0.0.0.0/0"] 35 | } 36 | egress { 37 | from_port = 53 38 | to_port = 53 39 | protocol = "udp" 40 | cidr_blocks = ["0.0.0.0/0"] 41 | } 42 | egress { 43 | from_port = 80 44 | to_port = 80 45 | protocol = "tcp" 46 | cidr_blocks = ["0.0.0.0/0"] 47 | } 48 | egress { 49 | from_port = 443 50 | to_port = 443 51 | protocol = "tcp" 52 | cidr_blocks = ["0.0.0.0/0"] 53 | } 54 | } 55 | 56 | -------------------------------------------------------------------------------- /redbaron/modules/aws/http-rdir/variables.tf: -------------------------------------------------------------------------------- 1 | variable "subnet_id" { 2 | } 3 | 4 | variable "vpc_id" { 5 | } 6 | 7 | variable "redirect_to" { 8 | type = list(string) 9 | } 10 | 11 | variable "counter" { 12 | default = 1 13 | } 14 | 15 | variable "instance_type" { 16 | default = "t2.medium" 17 | } 18 | 19 | variable "http-port" { 20 | default = 80 21 | } 22 | 23 | variable "https-port" { 24 | default = 443 25 | } 26 | 27 | variable "amis" { 28 | type = map(string) 29 | default = { 30 | // Taken from https://wiki.debian.org/Cloud/AmazonEC2Image/Stretch 31 | "ap-northeast-1" = "ami-b6b568d0" 32 | "ap-northeast-2" = "ami-b7479dd9" 33 | "ap-south-1" = "ami-02aded6d" 34 | "ap-southeast-1" = "ami-d76019b4" 35 | "ap-southeast-2" = "ami-8359bae1" 36 | "ca-central-1" = "ami-3709b053" 37 | "eu-central-1" = "ami-8bb70be4" 38 | "eu-west-1" = "ami-ce76a7b7" 39 | "eu-west-2" = "ami-a6f9ebc2" 40 | "sa-east-1" = "ami-f5c7b899" 41 | "us-east-1" = "ami-71b7750b" 42 | "us-east-2" = "ami-dab895bf" 43 | "us-west-1" = "ami-58eedd38" 44 | "us-west-2" = "ami-c032f6b8" 45 | } 46 | } 47 | 48 | -------------------------------------------------------------------------------- /redbaron/modules/aws/http-rdir/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /redbaron/modules/aws/mail-server/README.md: -------------------------------------------------------------------------------- 1 | # mail-server 2 | 3 | Creates a Mail Server on AWS. By default, Overlord will also use the iRedMail script to configure the mail server. 4 | 5 | # Arguments 6 | 7 | | Name | Value Type | Description 8 | |---------------------------| ---------- | ----------- 9 | |`subnet_id` | String | Subnet ID to create instance in. 10 | |`vpc_id` | String | ID of VPC to create instance in. 11 | |`redirect_to` | List(string) | List of IPs to redirect DNS traffic to. 12 | |`counter` | Integer | Number of instances to launch. Defaults to 1. 13 | |`path` | String | Local path to retrieve the iredmail bash script 14 | |`instance_type` | String | Instance type to launch. Defaults to "t2.medium" 15 | |`amis` | Map(string) | The ami which is to be installed (according to the distro specified) 16 | 17 | # Outputs 18 | 19 | | Name | Value Type | Description 20 | |---------------------------| ---------- | ----------- 21 | |`ips` | List | IPs of created instances. 22 | -------------------------------------------------------------------------------- /redbaron/modules/aws/mail-server/main.tf: -------------------------------------------------------------------------------- 1 | data "aws_region" "current" { 2 | } 3 | 4 | resource "random_id" "server" { 5 | count = var.counter 6 | byte_length = 4 7 | } 8 | 9 | resource "tls_private_key" "ssh" { 10 | count = var.counter 11 | algorithm = "RSA" 12 | rsa_bits = 4096 13 | } 14 | 15 | resource "aws_key_pair" "mail-server" { 16 | count = var.counter 17 | key_name = "mail-server-key-${random_id.server[count.index].hex}" 18 | public_key = tls_private_key.ssh[count.index].public_key_openssh 19 | } 20 | 21 | resource "aws_instance" "mail-server" { 22 | count = var.counter 23 | 24 | tags = { 25 | Name = "mail-server-${random_id.server[count.index].hex}" 26 | } 27 | 28 | ami = var.amis[data.aws_region.current.name] 29 | instance_type = var.instance_type 30 | key_name = aws_key_pair.mail-server[count.index].key_name 31 | vpc_security_group_ids = [aws_security_group.mail-server[count.index].id] 32 | subnet_id = var.subnet_id 33 | associate_public_ip_address = true 34 | 35 | provisioner "local-exec" { 36 | command = "echo \"${tls_private_key.ssh[count.index].private_key_pem}\" > ssh_keys/${self.public_ip} && echo \"${tls_private_key.ssh[count.index].public_key_openssh}\" > ssh_keys/${self.public_ip}.pub && chmod 600 ssh_keys/*" 37 | } 38 | 39 | provisioner "local-exec" { 40 | when = destroy 41 | command = "rm ssh_keys/${self.public_ip}*" 42 | } 43 | 44 | provisioner "remote-exec" { 45 | inline = [ 46 | "sudo apt-get update", 47 | "sudo apt-get install -y tmux", 48 | ] 49 | 50 | connection { 51 | host = coalesce(self.public_ip, self.private_ip) 52 | type = "ssh" 53 | user = "admin" 54 | private_key = tls_private_key.ssh[count.index].private_key_pem 55 | } 56 | } 57 | 58 | provisioner "file" { 59 | source = var.path 60 | destination = "/tmp/iredmail.sh" 61 | 62 | connection { 63 | host = coalesce(self.public_ip, self.private_ip) 64 | type = "ssh" 65 | user = "admin" 66 | private_key = tls_private_key.ssh[count.index].private_key_pem 67 | } 68 | } 69 | 70 | provisioner "remote-exec" { 71 | inline = [ 72 | "chmod +x /tmp/iredmail.sh", 73 | "sudo /tmp/iredmail.sh", 74 | ] 75 | 76 | connection { 77 | host = coalesce(self.public_ip, self.private_ip) 78 | type = "ssh" 79 | user = "admin" 80 | private_key = tls_private_key.ssh[count.index].private_key_pem 81 | } 82 | } 83 | } 84 | 85 | data "template_file" "ssh_config" { 86 | count = var.counter 87 | 88 | template = file("../../redbaron/data/templates/ssh_config.tpl") 89 | 90 | depends_on = [aws_instance.mail-server] 91 | 92 | vars = { 93 | name = "dns_rdir_${aws_instance.mail-server[count.index].public_ip}" 94 | hostname = aws_instance.mail-server[count.index].public_ip 95 | user = "admin" 96 | identityfile = "${abspath(path.root)}/ssh_keys/${aws_instance.mail-server[count.index].public_ip}" 97 | } 98 | } 99 | 100 | resource "null_resource" "gen_ssh_config" { 101 | count = var.counter 102 | 103 | triggers = { 104 | template_rendered = data.template_file.ssh_config[count.index].rendered 105 | } 106 | 107 | provisioner "local-exec" { 108 | command = "echo '${data.template_file.ssh_config[count.index].rendered}' > ssh_configs/config_${random_id.server[count.index].hex}" 109 | } 110 | 111 | provisioner "local-exec" { 112 | when = destroy 113 | command = "rm ssh_configs/config_${random_id.server[count.index].hex}" 114 | } 115 | } 116 | 117 | -------------------------------------------------------------------------------- /redbaron/modules/aws/mail-server/outputs.tf: -------------------------------------------------------------------------------- 1 | output "ips" { 2 | value = [aws_instance.mail-server.*.public_ip] 3 | } 4 | -------------------------------------------------------------------------------- /redbaron/modules/aws/mail-server/security_group.tf: -------------------------------------------------------------------------------- 1 | data "external" "get_ip" { 2 | program = ["bash", "../../redbaron/data/scripts/get_public_ip.sh"] 3 | } 4 | 5 | resource "aws_security_group" "mail-server" { 6 | count = var.counter 7 | 8 | name = "mail-server-${random_id.server[count.index].hex}" 9 | description = "Security group created by Red Baron" 10 | vpc_id = var.vpc_id 11 | 12 | ingress { 13 | from_port = 22 14 | to_port = 22 15 | protocol = "tcp" 16 | cidr_blocks = ["${data.external.get_ip.result["ip"]}/32"] 17 | } 18 | 19 | ingress { 20 | from_port = 80 21 | to_port = 80 22 | protocol = "tcp" 23 | cidr_blocks = ["${data.external.get_ip.result["ip"]}/32"] 24 | } 25 | 26 | ingress { 27 | from_port = 443 28 | to_port = 443 29 | protocol = "tcp" 30 | cidr_blocks = ["${data.external.get_ip.result["ip"]}/32"] 31 | } 32 | 33 | ingress { 34 | from_port = 25 35 | to_port = 25 36 | protocol = "tcp" 37 | cidr_blocks = ["0.0.0.0/0"] 38 | } 39 | 40 | ingress { 41 | from_port = 587 42 | to_port = 587 43 | protocol = "tcp" 44 | cidr_blocks = ["0.0.0.0/0"] 45 | } 46 | 47 | ingress { 48 | from_port = 143 49 | to_port = 143 50 | protocol = "tcp" 51 | cidr_blocks = ["0.0.0.0/0"] 52 | } 53 | 54 | ingress { 55 | from_port = 993 56 | to_port = 993 57 | protocol = "tcp" 58 | cidr_blocks = ["0.0.0.0/0"] 59 | } 60 | 61 | ingress { 62 | from_port = 995 63 | to_port = 995 64 | protocol = "tcp" 65 | cidr_blocks = ["0.0.0.0/0"] 66 | } 67 | 68 | ingress { 69 | from_port = 110 70 | to_port = 110 71 | protocol = "tcp" 72 | cidr_blocks = ["0.0.0.0/0"] 73 | } 74 | 75 | ingress { 76 | from_port = 60000 77 | to_port = 61000 78 | protocol = "udp" 79 | cidr_blocks = ["0.0.0.0/0"] 80 | } 81 | 82 | egress { 83 | from_port = 53 84 | to_port = 53 85 | protocol = "udp" 86 | cidr_blocks = ["0.0.0.0/0"] 87 | } 88 | 89 | egress { 90 | from_port = 80 91 | to_port = 80 92 | protocol = "tcp" 93 | cidr_blocks = ["0.0.0.0/0"] 94 | } 95 | 96 | egress { 97 | from_port = 443 98 | to_port = 443 99 | protocol = "tcp" 100 | cidr_blocks = ["0.0.0.0/0"] 101 | } 102 | 103 | egress { 104 | from_port = 25 105 | to_port = 25 106 | protocol = "tcp" 107 | cidr_blocks = ["0.0.0.0/0"] 108 | } 109 | 110 | egress { 111 | from_port = 143 112 | to_port = 143 113 | protocol = "tcp" 114 | cidr_blocks = ["0.0.0.0/0"] 115 | } 116 | 117 | egress { 118 | from_port = 587 119 | to_port = 587 120 | protocol = "tcp" 121 | cidr_blocks = ["0.0.0.0/0"] 122 | } 123 | 124 | egress { 125 | from_port = 993 126 | to_port = 993 127 | protocol = "tcp" 128 | cidr_blocks = ["0.0.0.0/0"] 129 | } 130 | 131 | egress { 132 | from_port = 995 133 | to_port = 995 134 | protocol = "tcp" 135 | cidr_blocks = ["0.0.0.0/0"] 136 | } 137 | 138 | egress { 139 | from_port = 110 140 | to_port = 110 141 | protocol = "tcp" 142 | cidr_blocks = ["0.0.0.0/0"] 143 | } 144 | } 145 | 146 | -------------------------------------------------------------------------------- /redbaron/modules/aws/mail-server/variables.tf: -------------------------------------------------------------------------------- 1 | variable "subnet_id" { 2 | } 3 | 4 | variable "vpc_id" { 5 | } 6 | 7 | variable "counter" { 8 | default = 1 9 | } 10 | 11 | variable "path" { 12 | } 13 | 14 | variable "instance_type" { 15 | default = "t2.micro" 16 | } 17 | 18 | variable "amis" { 19 | type = map(string) 20 | default = { 21 | // Taken from https://wiki.debian.org/Cloud/AmazonEC2Image/Stretch 22 | "ap-northeast-1" = "ami-b6b568d0" 23 | "ap-northeast-2" = "ami-b7479dd9" 24 | "ap-south-1" = "ami-02aded6d" 25 | "ap-southeast-1" = "ami-d76019b4" 26 | "ap-southeast-2" = "ami-8359bae1" 27 | "ca-central-1" = "ami-3709b053" 28 | "eu-central-1" = "ami-8bb70be4" 29 | "eu-west-1" = "ami-ce76a7b7" 30 | "eu-west-2" = "ami-a6f9ebc2" 31 | "sa-east-1" = "ami-f5c7b899" 32 | "us-east-1" = "ami-71b7750b" 33 | "us-east-2" = "ami-dab895bf" 34 | "us-west-1" = "ami-58eedd38" 35 | "us-west-2" = "ami-c032f6b8" 36 | } 37 | } 38 | 39 | -------------------------------------------------------------------------------- /redbaron/modules/aws/mail-server/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /redbaron/modules/aws/phishing-server-gophish/README.md: -------------------------------------------------------------------------------- 1 | # phishing-server 2 | 3 | Creates an instance in AWS to be used as a phishing server (with Gophish installed). SSH keys for each instance will be outputted to the ssh_keys folder. 4 | 5 | # Arguments 6 | 7 | | Name | Value Type | Description 8 | |---------------------------| ------------ | ----------- 9 | |`subnet_id` | String | Subnet ID to create instance in. 10 | |`vpc_id` | String | ID of VPC to create instance in. 11 | |`counter` | Integer | Number of instances to launch. Defaults to 1. 12 | |`instance_type` | String | Instance type to launch. Defaults to "t2.medium" 13 | |`install` | List(string) | Scripts to run on instance creation. Defaults to "./scripts/core_deps.sh". 14 | |`amis` | Map(string) | The ami which is to be installed (according to the distro specified) 15 | 16 | # Outputs 17 | 18 | | Name | Value Type | Description 19 | |---------------------------| ---------- | ----------- 20 | |`ips` | List | IPs of created instances. 21 | -------------------------------------------------------------------------------- /redbaron/modules/aws/phishing-server-gophish/main.tf: -------------------------------------------------------------------------------- 1 | data "aws_region" "current" { 2 | } 3 | 4 | resource "random_id" "server" { 5 | count = var.counter 6 | byte_length = 4 7 | } 8 | 9 | resource "tls_private_key" "ssh" { 10 | count = var.counter 11 | algorithm = "RSA" 12 | rsa_bits = 4096 13 | } 14 | 15 | resource "aws_key_pair" "gophish-server" { 16 | count = var.counter 17 | key_name = "gophish-server-key-${random_id.server[count.index].hex}" 18 | public_key = tls_private_key.ssh[count.index].public_key_openssh 19 | } 20 | 21 | resource "aws_instance" "gophish-server" { 22 | count = var.counter 23 | 24 | tags = { 25 | Name = "gophish-server-${random_id.server[count.index].hex}" 26 | } 27 | 28 | ami = var.amis[data.aws_region.current.name] 29 | instance_type = var.instance_type 30 | key_name = aws_key_pair.gophish-server[count.index].key_name 31 | vpc_security_group_ids = [aws_security_group.gophish-server[count.index].id] 32 | subnet_id = var.subnet_id 33 | associate_public_ip_address = true 34 | 35 | provisioner "local-exec" { 36 | command = "echo \"${tls_private_key.ssh[count.index].private_key_pem}\" > ssh_keys/${self.public_ip} && echo \"${tls_private_key.ssh[count.index].public_key_openssh}\" > ssh_keys/${self.public_ip}.pub && chmod 600 ssh_keys/*" 37 | } 38 | 39 | provisioner "local-exec" { 40 | when = destroy 41 | command = "rm ssh_keys/${self.public_ip}*" 42 | } 43 | 44 | provisioner "remote-exec" { 45 | inline = [ 46 | "sudo apt-get update", 47 | "sudo apt-get install -y tmux", 48 | ] 49 | 50 | connection { 51 | host = coalesce(self.public_ip, self.private_ip) 52 | type = "ssh" 53 | user = "admin" 54 | private_key = tls_private_key.ssh[count.index].private_key_pem 55 | } 56 | } 57 | 58 | provisioner "remote-exec" { 59 | scripts = concat(["../../redbaron/data/scripts/core_deps.sh"], var.install) 60 | 61 | connection { 62 | host = coalesce(self.public_ip, self.private_ip) 63 | type = "ssh" 64 | user = "admin" 65 | private_key = tls_private_key.ssh[count.index].private_key_pem 66 | } 67 | } 68 | 69 | provisioner "file" { 70 | source = "../../redbaron/data/scripts/gophish/gophish.service" 71 | destination = "/tmp/gophish.service" 72 | connection { 73 | host = coalesce(self.public_ip, self.private_ip) 74 | type = "ssh" 75 | user = "admin" 76 | private_key = tls_private_key.ssh[count.index].private_key_pem 77 | } 78 | } 79 | 80 | provisioner "remote-exec" { 81 | inline = [ 82 | "sudo mv /tmp/gophish.service /lib/systemd/system/gophish.service", 83 | ] 84 | 85 | connection { 86 | host = coalesce(self.public_ip, self.private_ip) 87 | type = "ssh" 88 | user = "admin" 89 | private_key = tls_private_key.ssh[count.index].private_key_pem 90 | } 91 | } 92 | 93 | provisioner "file" { 94 | source = "../../redbaron/data/scripts/gophish/gophish_service.sh" 95 | destination = "/tmp/gophish.sh" 96 | connection { 97 | host = coalesce(self.public_ip, self.private_ip) 98 | type = "ssh" 99 | user = "admin" 100 | private_key = tls_private_key.ssh[count.index].private_key_pem 101 | } 102 | } 103 | 104 | provisioner "file" { 105 | source = "../../redbaron/data/scripts/gophish.sh" 106 | destination = "/tmp/gophish_install.sh" 107 | connection { 108 | host = coalesce(self.public_ip, self.private_ip) 109 | type = "ssh" 110 | user = "admin" 111 | private_key = tls_private_key.ssh[count.index].private_key_pem 112 | } 113 | } 114 | 115 | provisioner "remote-exec" { 116 | inline = [ 117 | "sudo chmod 777 /tmp/gophish_install.sh", 118 | "sudo /tmp/gophish_install.sh", 119 | ] 120 | 121 | connection { 122 | host = coalesce(self.public_ip, self.private_ip) 123 | type = "ssh" 124 | user = "admin" 125 | private_key = tls_private_key.ssh[count.index].private_key_pem 126 | } 127 | } 128 | } 129 | 130 | data "template_file" "ssh_config" { 131 | count = var.counter 132 | 133 | template = file("../../redbaron/data/templates/ssh_config.tpl") 134 | 135 | depends_on = [aws_instance.gophish-server] 136 | 137 | vars = { 138 | name = "dns_rdir_${aws_instance.gophish-server[count.index].public_ip}" 139 | hostname = aws_instance.gophish-server[count.index].public_ip 140 | user = "admin" 141 | identityfile = "${abspath(path.root)}/ssh_keys/${aws_instance.gophish-server[count.index].public_ip}" 142 | } 143 | } 144 | 145 | resource "null_resource" "gen_ssh_config" { 146 | count = var.counter 147 | 148 | triggers = { 149 | template_rendered = data.template_file.ssh_config[count.index].rendered 150 | } 151 | 152 | provisioner "local-exec" { 153 | command = "echo '${data.template_file.ssh_config[count.index].rendered}' > ssh_configs/config_${random_id.server[count.index].hex}" 154 | } 155 | 156 | provisioner "local-exec" { 157 | when = destroy 158 | command = "rm ssh_configs/config_${random_id.server[count.index].hex}" 159 | } 160 | } 161 | 162 | -------------------------------------------------------------------------------- /redbaron/modules/aws/phishing-server-gophish/outputs.tf: -------------------------------------------------------------------------------- 1 | output "ips" { 2 | value = [aws_instance.gophish-server.*.public_ip] 3 | } 4 | 5 | -------------------------------------------------------------------------------- /redbaron/modules/aws/phishing-server-gophish/security_group.tf: -------------------------------------------------------------------------------- 1 | data "external" "get_ip" { 2 | program = ["bash", "../../redbaron/data/scripts/get_public_ip.sh"] 3 | } 4 | 5 | resource "aws_security_group" "gophish-server" { 6 | count = var.counter 7 | 8 | name = "gophish-server-${random_id.server[count.index].hex}" 9 | description = "Security group created by Red Baron" 10 | vpc_id = var.vpc_id 11 | 12 | ingress { 13 | from_port = 22 14 | to_port = 22 15 | protocol = "tcp" 16 | cidr_blocks = ["${data.external.get_ip.result["ip"]}/32"] 17 | } 18 | 19 | ingress { 20 | from_port = 3333 21 | to_port = 3333 22 | protocol = "tcp" 23 | cidr_blocks = ["${data.external.get_ip.result["ip"]}/32"] 24 | } 25 | 26 | ingress { 27 | from_port = 80 28 | to_port = 80 29 | protocol = "tcp" 30 | cidr_blocks = ["0.0.0.0/0"] 31 | } 32 | 33 | ingress { 34 | from_port = 443 35 | to_port = 443 36 | protocol = "tcp" 37 | cidr_blocks = ["0.0.0.0/0"] 38 | } 39 | 40 | ingress { 41 | from_port = 60000 42 | to_port = 61000 43 | protocol = "udp" 44 | cidr_blocks = ["0.0.0.0/0"] 45 | } 46 | 47 | egress { 48 | from_port = 53 49 | to_port = 53 50 | protocol = "udp" 51 | cidr_blocks = ["0.0.0.0/0"] 52 | } 53 | 54 | egress { 55 | from_port = 80 56 | to_port = 80 57 | protocol = "tcp" 58 | cidr_blocks = ["0.0.0.0/0"] 59 | } 60 | 61 | egress { 62 | from_port = 443 63 | to_port = 443 64 | protocol = "tcp" 65 | cidr_blocks = ["0.0.0.0/0"] 66 | } 67 | 68 | egress { 69 | from_port = 25 70 | to_port = 25 71 | protocol = "tcp" 72 | cidr_blocks = ["0.0.0.0/0"] 73 | } 74 | 75 | egress { 76 | from_port = 587 77 | to_port = 587 78 | protocol = "tcp" 79 | cidr_blocks = ["0.0.0.0/0"] 80 | } 81 | } 82 | 83 | -------------------------------------------------------------------------------- /redbaron/modules/aws/phishing-server-gophish/variables.tf: -------------------------------------------------------------------------------- 1 | variable "subnet_id" { 2 | } 3 | 4 | variable "vpc_id" { 5 | } 6 | 7 | variable "counter" { 8 | default = 1 9 | } 10 | 11 | variable "instance_type" { 12 | default = "t2.micro" 13 | } 14 | 15 | variable "install" { 16 | type = list(string) 17 | default = [] 18 | } 19 | 20 | variable "amis" { 21 | type = map(string) 22 | default = { 23 | // Taken from https://wiki.debian.org/Cloud/AmazonEC2Image/Stretch 24 | "ap-northeast-1" = "ami-b6b568d0" 25 | "ap-northeast-2" = "ami-b7479dd9" 26 | "ap-south-1" = "ami-02aded6d" 27 | "ap-southeast-1" = "ami-d76019b4" 28 | "ap-southeast-2" = "ami-8359bae1" 29 | "ca-central-1" = "ami-3709b053" 30 | "eu-central-1" = "ami-8bb70be4" 31 | "eu-west-1" = "ami-ce76a7b7" 32 | "eu-west-2" = "ami-a6f9ebc2" 33 | "sa-east-1" = "ami-f5c7b899" 34 | "us-east-1" = "ami-71b7750b" 35 | "us-east-2" = "ami-dab895bf" 36 | "us-west-1" = "ami-58eedd38" 37 | "us-west-2" = "ami-c032f6b8" 38 | } 39 | } 40 | 41 | -------------------------------------------------------------------------------- /redbaron/modules/aws/phishing-server-gophish/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /redbaron/modules/aws/phishing-server/README.md: -------------------------------------------------------------------------------- 1 | # phishing-server 2 | 3 | Creates an instance in AWS to be used as a phishing server. SSH keys for each instance will be outputted to the ssh_keys folder. 4 | 5 | # Arguments 6 | 7 | | Name | Value Type | Description 8 | |---------------------------| ---------- | ----------- 9 | |`subnet_id` | String | Subnet ID to create instance in. 10 | |`vpc_id` | String | ID of VPC to create instance in. 11 | |`counter` | Integer | Number of instances to launch. Defaults to 1. 12 | |`instance_type` | String | Instance type to launch. Defaults to "t2.medium" 13 | |`amis` | Map(string) | The ami which is to be installed (according to the distro specified) 14 | 15 | # Outputs 16 | 17 | | Name | Value Type | Description 18 | |---------------------------| ---------- | ----------- 19 | |`ips` | List | IPs of created instances. 20 | -------------------------------------------------------------------------------- /redbaron/modules/aws/phishing-server/main.tf: -------------------------------------------------------------------------------- 1 | data "aws_region" "current" { 2 | } 3 | 4 | resource "random_id" "server" { 5 | count = var.counter 6 | byte_length = 4 7 | } 8 | 9 | resource "tls_private_key" "ssh" { 10 | count = var.counter 11 | algorithm = "RSA" 12 | rsa_bits = 4096 13 | } 14 | 15 | resource "aws_key_pair" "phishing-server" { 16 | count = var.counter 17 | key_name = "phishing-server-key-${random_id.server[count.index].hex}" 18 | public_key = tls_private_key.ssh[count.index].public_key_openssh 19 | } 20 | 21 | resource "aws_instance" "phishing-server" { 22 | count = var.counter 23 | 24 | tags = { 25 | Name = "phishing-server-${random_id.server[count.index].hex}" 26 | } 27 | 28 | ami = var.amis[data.aws_region.current.name] 29 | instance_type = var.instance_type 30 | key_name = aws_key_pair.phishing-server[count.index].key_name 31 | vpc_security_group_ids = [aws_security_group.phishing-server[count.index].id] 32 | subnet_id = var.subnet_id 33 | associate_public_ip_address = true 34 | 35 | provisioner "remote-exec" { 36 | inline = [ 37 | "sudo apt-get update", 38 | "sudo apt-get install -y tmux apache2 certbot python3-certbot-apache", 39 | "sudo a2enmod ssl", 40 | "sudo systemctl stop apache2", 41 | ] 42 | 43 | connection { 44 | host = coalesce(self.public_ip, self.private_ip) 45 | type = "ssh" 46 | user = "admin" 47 | private_key = tls_private_key.ssh[count.index].private_key_pem 48 | } 49 | } 50 | 51 | provisioner "local-exec" { 52 | command = "echo \"${tls_private_key.ssh[count.index].private_key_pem}\" > ssh_keys/${self.public_ip} && echo \"${tls_private_key.ssh[count.index].public_key_openssh}\" > ssh_keys/${self.public_ip}.pub && chmod 600 ssh_keys/*" 53 | } 54 | 55 | provisioner "local-exec" { 56 | when = destroy 57 | command = "rm ssh_keys/${self.public_ip}*" 58 | } 59 | } 60 | 61 | data "template_file" "ssh_config" { 62 | count = var.counter 63 | 64 | template = file("../../redbaron/data/templates/ssh_config.tpl") 65 | 66 | depends_on = [aws_instance.phishing-server] 67 | 68 | vars = { 69 | name = "dns_rdir_${aws_instance.phishing-server[count.index].public_ip}" 70 | hostname = aws_instance.phishing-server[count.index].public_ip 71 | user = "admin" 72 | identityfile = "${abspath(path.root)}/ssh_keys/${aws_instance.phishing-server[count.index].public_ip}" 73 | } 74 | } 75 | 76 | resource "null_resource" "gen_ssh_config" { 77 | count = var.counter 78 | 79 | triggers = { 80 | template_rendered = data.template_file.ssh_config[count.index].rendered 81 | } 82 | 83 | provisioner "local-exec" { 84 | command = "echo '${data.template_file.ssh_config[count.index].rendered}' > ssh_configs/config_${random_id.server[count.index].hex}" 85 | } 86 | 87 | provisioner "local-exec" { 88 | when = destroy 89 | command = "rm ssh_configs/config_${random_id.server[count.index].hex}" 90 | } 91 | } 92 | 93 | -------------------------------------------------------------------------------- /redbaron/modules/aws/phishing-server/outputs.tf: -------------------------------------------------------------------------------- 1 | output "ips" { 2 | value = [aws_instance.phishing-server.*.public_ip] 3 | } 4 | -------------------------------------------------------------------------------- /redbaron/modules/aws/phishing-server/security_group.tf: -------------------------------------------------------------------------------- 1 | data "external" "get_public_ip" { 2 | program = ["bash", "../../redbaron/data/scripts/get_public_ip.sh"] 3 | } 4 | 5 | resource "aws_security_group" "phishing-server" { 6 | count = var.counter 7 | 8 | name = "phishing-server-${random_id.server[count.index].hex}" 9 | description = "Security group created by Red Baron" 10 | vpc_id = var.vpc_id 11 | 12 | ingress { 13 | from_port = 22 14 | to_port = 22 15 | protocol = "tcp" 16 | cidr_blocks = ["${data.external.get_public_ip.result["ip"]}/32"] 17 | } 18 | ingress { 19 | from_port = 80 20 | to_port = 80 21 | protocol = "tcp" 22 | cidr_blocks = ["0.0.0.0/0"] 23 | } 24 | ingress { 25 | from_port = 443 26 | to_port = 443 27 | protocol = "tcp" 28 | cidr_blocks = ["0.0.0.0/0"] 29 | } 30 | ingress { 31 | from_port = 60000 32 | to_port = 61000 33 | protocol = "udp" 34 | cidr_blocks = ["0.0.0.0/0"] 35 | } 36 | egress { 37 | from_port = 53 38 | to_port = 53 39 | protocol = "udp" 40 | cidr_blocks = ["0.0.0.0/0"] 41 | } 42 | egress { 43 | from_port = 80 44 | to_port = 80 45 | protocol = "tcp" 46 | cidr_blocks = ["0.0.0.0/0"] 47 | } 48 | egress { 49 | from_port = 443 50 | to_port = 443 51 | protocol = "tcp" 52 | cidr_blocks = ["0.0.0.0/0"] 53 | } 54 | } 55 | 56 | -------------------------------------------------------------------------------- /redbaron/modules/aws/phishing-server/variables.tf: -------------------------------------------------------------------------------- 1 | variable "subnet_id" { 2 | } 3 | 4 | variable "vpc_id" { 5 | } 6 | 7 | variable "counter" { 8 | default = 1 9 | } 10 | 11 | variable "instance_type" { 12 | default = "t2.medium" 13 | } 14 | 15 | variable "amis" { 16 | type = map(string) 17 | default = { 18 | // Taken from https://wiki.debian.org/Cloud/AmazonEC2Image/Stretch 19 | "ap-northeast-1" = "ami-b6b568d0" 20 | "ap-northeast-2" = "ami-b7479dd9" 21 | "ap-south-1" = "ami-02aded6d" 22 | "ap-southeast-1" = "ami-d76019b4" 23 | "ap-southeast-2" = "ami-8359bae1" 24 | "ca-central-1" = "ami-3709b053" 25 | "eu-central-1" = "ami-8bb70be4" 26 | "eu-west-1" = "ami-ce76a7b7" 27 | "eu-west-2" = "ami-a6f9ebc2" 28 | "sa-east-1" = "ami-f5c7b899" 29 | "us-east-1" = "ami-71b7750b" 30 | "us-east-2" = "ami-dab895bf" 31 | "us-west-1" = "ami-58eedd38" 32 | "us-west-2" = "ami-c032f6b8" 33 | } 34 | } 35 | 36 | -------------------------------------------------------------------------------- /redbaron/modules/aws/phishing-server/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /redbaron/modules/digitalocean/create-dns-record/README.md: -------------------------------------------------------------------------------- 1 | # create-dns-record 2 | 3 | Adds records to a domain using DigitalOcean. Then runs certbot to create a TLS certificate. 4 | 5 | # Arguments 6 | 7 | | Name | Required | Value Type | Description 8 | |---------------------------| -------- | ---------- | ----------- 9 | |`type` | Yes | String | The record type to add. Valid values are A, AAAA, CAA, CNAME, MX, NAPTR, NS, PTR, SOA, SPF, SRV and TXT. 10 | |`name` | Yes | String | Use @ to create the record at the root of the domain or enter a hostname to create it elsewhere. A records are for IPv4 addresses only and tell a request where your domain should direct to. 11 | |`domain` | Yes | String | Domain to be used 12 | |`counter` | No | Integer | Number of records to add. Default value is 1 13 | |`ttl` | No | Integer | The TTL of the record(s). Default value is 300 14 | |`records` | Yes | Map(any) | A map of records to add. Domains as keys and IPs as values. 15 | |`priority` | Yes | String | Priority weight 16 | 17 | # Outputs 18 | 19 | | Name | Value Type | Description 20 | |---------------------------| ---------- | ----------- 21 | |`records` | Map | Map containing the records added to the domain. Domains as keys and IPs as values. 22 | 23 | -------------------------------------------------------------------------------- /redbaron/modules/digitalocean/create-dns-record/main.tf: -------------------------------------------------------------------------------- 1 | # Add a record to the domain 2 | resource "null_resource" "previous" {} 3 | 4 | resource "time_sleep" "wait_60_seconds" { 5 | depends_on = [null_resource.previous] 6 | 7 | create_duration = "60s" 8 | } 9 | 10 | resource "digitalocean_record" "record" { 11 | name = var.name 12 | count = var.counter 13 | domain = var.domain 14 | type = var.type 15 | value = var.records[element(keys(var.records), count.index)] 16 | ttl = var.ttl 17 | priority = var.priority 18 | depends_on = [time_sleep.wait_60_seconds] 19 | } 20 | 21 | -------------------------------------------------------------------------------- /redbaron/modules/digitalocean/create-dns-record/outputs.tf: -------------------------------------------------------------------------------- 1 | output "records" { 2 | value = var.records 3 | } 4 | 5 | -------------------------------------------------------------------------------- /redbaron/modules/digitalocean/create-dns-record/variables.tf: -------------------------------------------------------------------------------- 1 | variable "type" { 2 | } 3 | 4 | variable "name" { 5 | } 6 | 7 | variable "domain" { 8 | } 9 | 10 | variable "counter" { 11 | default = 1 12 | } 13 | 14 | variable "ttl" { 15 | default = 600 16 | } 17 | 18 | variable "records" { 19 | type = map(any) 20 | } 21 | 22 | variable "priority" { 23 | default = "10" 24 | } 25 | 26 | -------------------------------------------------------------------------------- /redbaron/modules/digitalocean/create-dns-record/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /redbaron/modules/digitalocean/create-domain/README.md: -------------------------------------------------------------------------------- 1 | # create-domain 2 | 3 | Adds a domain list to Digital Ocean 4 | 5 | # Arguments 6 | 7 | | Name | Value Type | Description 8 | |---------------------------| ------------ | ----------- 9 | |`name` | List(string) | The domain names to add 10 | |`counter` | Integer | The domain names to add 11 | 12 | # Output 13 | | Name | Value Type | Description 14 | |---------------------------| ---------- | ----------- 15 | |`domain_name` | LIST | Domain name list 16 | -------------------------------------------------------------------------------- /redbaron/modules/digitalocean/create-domain/main.tf: -------------------------------------------------------------------------------- 1 | # Add a record to the domain 2 | resource "digitalocean_domain" "default" { 3 | count = var.counter 4 | name = var.name[count.index] 5 | } 6 | 7 | -------------------------------------------------------------------------------- /redbaron/modules/digitalocean/create-domain/outputs.tf: -------------------------------------------------------------------------------- 1 | output "domain_name" { 2 | value = var.name 3 | } 4 | 5 | -------------------------------------------------------------------------------- /redbaron/modules/digitalocean/create-domain/variables.tf: -------------------------------------------------------------------------------- 1 | variable "name" { 2 | type = list(string) 3 | } 4 | 5 | variable "counter" { 6 | default = 1 7 | } 8 | 9 | -------------------------------------------------------------------------------- /redbaron/modules/digitalocean/create-domain/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /redbaron/modules/digitalocean/dns-c2/README.md: -------------------------------------------------------------------------------- 1 | # dns-c2 2 | 3 | Creates a DNS C2 server in DigitalOcean. SSH keys for each droplet will be outputted to the ssh_keys folder. 4 | 5 | # Arguments 6 | 7 | | Name | Value Type | Description 8 | |---------------------------| ------------ | ----------- 9 | |`install` | List(string) | Scripts to run on droplet creation. Defaults to "./scripts/core_deps.sh". 10 | |`counter` | Integer | Number of droplets to launch. Defaults to 1. 11 | |`distro` | String | Number of droplets to launch. Defaults to 1. 12 | |`size` | String | Droplet size to launch. Defaults to `1gb with 25 GB disk`. 13 | |`regions` | List(string) | Regions to create Droplet(s) in. Defaults to `NYC1`. Accepted values are NYC1/2/3, SFO1/2, AMS2/3, SGP1, LON1, FRA1, TOR1, BLR1. 14 | |`available_regions` | Map(string) | Regions to choose from in the regions variable 15 | 16 | # Outputs 17 | 18 | | Name | Value Type | Description 19 | |---------------------------| ---------- | ----------- 20 | |`ips` | List | IPs of created droplets. -------------------------------------------------------------------------------- /redbaron/modules/digitalocean/dns-c2/firewall.tf: -------------------------------------------------------------------------------- 1 | data "external" "get_public_ip" { 2 | program = ["bash", "../../redbaron/data/scripts/get_public_ip.sh"] 3 | } 4 | 5 | resource "random_id" "firewall" { 6 | byte_length = 4 7 | } 8 | 9 | resource "digitalocean_firewall" "web" { 10 | name = "dns-c2-only-allow-dns-http-ssh-${random_id.firewall.hex}" 11 | 12 | droplet_ids = digitalocean_droplet.dns-c2.*.id 13 | 14 | inbound_rule { 15 | protocol = "tcp" 16 | port_range = "53" 17 | source_addresses = ["0.0.0.0/0", "::/0"] 18 | } 19 | inbound_rule { 20 | protocol = "udp" 21 | port_range = "53" 22 | source_addresses = ["0.0.0.0/0", "::/0"] 23 | } 24 | inbound_rule { 25 | protocol = "tcp" 26 | port_range = "22" 27 | source_addresses = ["${data.external.get_public_ip.result["ip"]}/32"] 28 | } 29 | inbound_rule { # Rule for covenant admin panel 30 | protocol = "tcp" 31 | port_range = "7443" 32 | source_addresses = ["${data.external.get_public_ip.result["ip"]}/32"] 33 | } 34 | inbound_rule { 35 | protocol = "udp" 36 | port_range = "60000-61000" 37 | source_addresses = ["0.0.0.0/0", "::/0"] 38 | } 39 | 40 | outbound_rule { 41 | protocol = "tcp" 42 | port_range = "53" 43 | destination_addresses = ["0.0.0.0/0", "::/0"] 44 | } 45 | outbound_rule { 46 | protocol = "udp" 47 | port_range = "53" 48 | destination_addresses = ["0.0.0.0/0", "::/0"] 49 | } 50 | outbound_rule { 51 | protocol = "tcp" 52 | port_range = "443" 53 | destination_addresses = ["0.0.0.0/0", "::/0"] 54 | } 55 | outbound_rule { 56 | protocol = "tcp" 57 | port_range = "80" 58 | destination_addresses = ["0.0.0.0/0", "::/0"] 59 | } 60 | } 61 | 62 | -------------------------------------------------------------------------------- /redbaron/modules/digitalocean/dns-c2/main.tf: -------------------------------------------------------------------------------- 1 | resource "random_id" "server" { 2 | count = var.counter 3 | byte_length = 4 4 | } 5 | 6 | resource "tls_private_key" "ssh" { 7 | count = var.counter 8 | algorithm = "RSA" 9 | rsa_bits = 4096 10 | } 11 | 12 | resource "digitalocean_ssh_key" "ssh_key" { 13 | count = var.counter 14 | name = "dns-c2-key-${random_id.server[count.index].hex}" 15 | public_key = tls_private_key.ssh[count.index].public_key_openssh 16 | } 17 | 18 | resource "digitalocean_droplet" "dns-c2" { 19 | count = var.counter 20 | image = var.distro 21 | name = "dns-c2-${random_id.server[count.index].hex}" 22 | region = var.available_regions[element(var.regions, count.index)] 23 | ssh_keys = [digitalocean_ssh_key.ssh_key[count.index].id] 24 | size = var.size 25 | 26 | provisioner "remote-exec" { 27 | scripts = concat(["../../redbaron/data/scripts/core_deps.sh"], var.install) 28 | 29 | connection { 30 | host = self.ipv4_address 31 | type = "ssh" 32 | user = "root" 33 | private_key = tls_private_key.ssh[count.index].private_key_pem 34 | } 35 | } 36 | 37 | provisioner "local-exec" { 38 | command = "echo \"${tls_private_key.ssh[count.index].private_key_pem}\" > ssh_keys/${self.ipv4_address} && echo \"${tls_private_key.ssh[count.index].public_key_openssh}\" > ssh_keys/${self.ipv4_address}.pub && chmod 600 ssh_keys/*" 39 | } 40 | 41 | provisioner "local-exec" { 42 | when = destroy 43 | command = "rm ssh_keys/${self.ipv4_address}*" 44 | } 45 | } 46 | 47 | data "template_file" "ssh_config" { 48 | count = var.counter 49 | 50 | template = file("../../redbaron/data/templates/ssh_config.tpl") 51 | 52 | depends_on = [digitalocean_droplet.dns-c2] 53 | 54 | vars = { 55 | name = "dns_c2_${digitalocean_droplet.dns-c2[count.index].ipv4_address}" 56 | hostname = digitalocean_droplet.dns-c2[count.index].ipv4_address 57 | user = "root" 58 | identityfile = "${abspath(path.root)}/ssh_keys/${digitalocean_droplet.dns-c2[count.index].ipv4_address}" 59 | } 60 | } 61 | 62 | resource "null_resource" "gen_ssh_config" { 63 | count = var.counter 64 | 65 | triggers = { 66 | template_rendered = data.template_file.ssh_config[count.index].rendered 67 | } 68 | 69 | provisioner "local-exec" { 70 | command = "echo '${data.template_file.ssh_config[count.index].rendered}' > ssh_configs/config_${random_id.server[count.index].hex}" 71 | } 72 | 73 | provisioner "local-exec" { 74 | when = destroy 75 | command = "rm ssh_configs/config_${random_id.server[count.index].hex}" 76 | } 77 | } 78 | 79 | -------------------------------------------------------------------------------- /redbaron/modules/digitalocean/dns-c2/outputs.tf: -------------------------------------------------------------------------------- 1 | output "ips" { 2 | value = [digitalocean_droplet.dns-c2.*.ipv4_address] 3 | } 4 | 5 | -------------------------------------------------------------------------------- /redbaron/modules/digitalocean/dns-c2/variables.tf: -------------------------------------------------------------------------------- 1 | variable "install" { 2 | type = list(string) 3 | default = [] 4 | } 5 | 6 | variable "counter" { 7 | default = 1 8 | } 9 | 10 | variable "distro" { 11 | default = "debian-9-x64" 12 | } 13 | 14 | variable "size" { 15 | default = "s-1vcpu-1gb" 16 | } 17 | 18 | variable "regions" { 19 | type = list(string) 20 | default = ["LON1"] 21 | } 22 | 23 | variable "available_regions" { 24 | type = map(string) 25 | default = { 26 | "NYC1" = "nyc1" 27 | "NYC2" = "nyc2" 28 | "NYC3" = "nyc3" 29 | "SFO1" = "sfo1" 30 | "SFO2" = "sfo2" 31 | "AMS2" = "ams2" 32 | "AMS3" = "ams3" 33 | "SGP1" = "sgp1" 34 | "LON1" = "lon1" 35 | "FRA1" = "fra1" 36 | "TOR1" = "tor1" 37 | "BLR1" = "blr1" 38 | } 39 | } 40 | 41 | -------------------------------------------------------------------------------- /redbaron/modules/digitalocean/dns-c2/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /redbaron/modules/digitalocean/dns-local-rdir/README.md: -------------------------------------------------------------------------------- 1 | # dns-rdir 2 | 3 | Creates a DNS Redirector droplet in DigitalOcean. SSH keys for each droplet will be outputted to the ssh_keys folder. The redirector points to an internal server of choice using the autossh tool. 4 | 5 | # Arguments 6 | 7 | | Name | Value Type | Description 8 | |---------------------------| ---------- | ----------- 9 | |`redirect_to` | List(string) | List of IPs to redirect DNS traffic to. 10 | |`counter` | Integer | Number of droplets to launch. Defaults to `1`. 11 | |`size` | String | Droplet size to launch. Defaults to `1gb with 25 GB disk`. 12 | |`regions` | List(string) | Regions to create Droplet(s) in. Defaults to `NYC1`. Accepted values are NYC1/2/3, SFO1/2, AMS2/3, SGP1, LON1, FRA1, TOR1, BLR1. 13 | |`available_regions` | Map(string) | Regions to choose from in the regions variable 14 | 15 | # Outputs 16 | 17 | | Name | Value Type | Description 18 | |---------------------------| ---------- | ----------- 19 | |`ips` | List | IPs of created droplets. -------------------------------------------------------------------------------- /redbaron/modules/digitalocean/dns-local-rdir/firewall.tf: -------------------------------------------------------------------------------- 1 | data "external" "get_public_ip" { 2 | program = ["bash", "../../redbaron/data/scripts/get_public_ip.sh"] 3 | } 4 | 5 | resource "random_id" "firewall" { 6 | byte_length = 4 7 | } 8 | 9 | resource "digitalocean_firewall" "web" { 10 | name = "dns-rdir-only-allow-dns-http-ssh-${random_id.firewall.hex}" 11 | 12 | droplet_ids = digitalocean_droplet.dns-rdir.*.id 13 | 14 | inbound_rule { 15 | protocol = "tcp" 16 | port_range = "53" 17 | source_addresses = ["0.0.0.0/0", "::/0"] 18 | } 19 | inbound_rule { 20 | protocol = "udp" 21 | port_range = "53" 22 | source_addresses = ["0.0.0.0/0", "::/0"] 23 | } 24 | inbound_rule { 25 | protocol = "tcp" 26 | port_range = "22" 27 | source_addresses = ["${data.external.get_public_ip.result["ip"]}/32"] 28 | } 29 | inbound_rule { 30 | protocol = "udp" 31 | port_range = "60000-61000" 32 | source_addresses = ["0.0.0.0/0", "::/0"] 33 | } 34 | 35 | outbound_rule { 36 | protocol = "tcp" 37 | port_range = "53" 38 | destination_addresses = ["0.0.0.0/0", "::/0"] 39 | } 40 | outbound_rule { 41 | protocol = "udp" 42 | port_range = "53" 43 | destination_addresses = ["0.0.0.0/0", "::/0"] 44 | } 45 | outbound_rule { 46 | protocol = "tcp" 47 | port_range = "443" 48 | destination_addresses = ["0.0.0.0/0", "::/0"] 49 | } 50 | outbound_rule { 51 | protocol = "tcp" 52 | port_range = "80" 53 | destination_addresses = ["0.0.0.0/0", "::/0"] 54 | } 55 | } 56 | 57 | -------------------------------------------------------------------------------- /redbaron/modules/digitalocean/dns-local-rdir/main.tf: -------------------------------------------------------------------------------- 1 | resource "random_id" "server" { 2 | count = var.counter 3 | byte_length = 4 4 | } 5 | 6 | resource "tls_private_key" "ssh" { 7 | count = var.counter 8 | algorithm = "RSA" 9 | rsa_bits = 4096 10 | } 11 | 12 | resource "digitalocean_ssh_key" "ssh_key" { 13 | count = var.counter 14 | name = "dns-rdir-key-${random_id.server[count.index].hex}" 15 | public_key = tls_private_key.ssh[count.index].public_key_openssh 16 | } 17 | 18 | resource "digitalocean_droplet" "dns-rdir" { 19 | count = var.counter 20 | image = "debian-9-x64" 21 | name = "dns-rdir-${random_id.server[count.index].hex}" 22 | region = var.available_regions[element(var.regions, count.index)] 23 | ssh_keys = [digitalocean_ssh_key.ssh_key[count.index].id] 24 | size = var.size 25 | 26 | provisioner "remote-exec" { 27 | inline = [ 28 | "apt-get update", 29 | "apt-get install -y tmux socat", 30 | "tmux new -d \"socat udp4-LISTEN:53,fork tcp4:localhost:2222\"", 31 | ] 32 | 33 | connection { 34 | host = self.ipv4_address 35 | type = "ssh" 36 | user = "root" 37 | private_key = tls_private_key.ssh[count.index].private_key_pem 38 | } 39 | } 40 | 41 | provisioner "local-exec" { 42 | command = "echo \"${tls_private_key.ssh[count.index].private_key_pem}\" > ssh_keys/${self.ipv4_address} && echo \"${tls_private_key.ssh[count.index].public_key_openssh}\" > ssh_keys/${self.ipv4_address}.pub && chmod 600 ssh_keys/*" 43 | } 44 | 45 | provisioner "local-exec" { 46 | when = destroy 47 | command = "rm ssh_keys/${self.ipv4_address}*" 48 | } 49 | } 50 | 51 | data "template_file" "ssh_config" { 52 | count = var.counter 53 | 54 | template = file("../../redbaron/data/templates/ssh_config.tpl") 55 | 56 | depends_on = [digitalocean_droplet.dns-rdir] 57 | 58 | vars = { 59 | name = "dns_rdir_${digitalocean_droplet.dns-rdir[count.index].ipv4_address}" 60 | hostname = digitalocean_droplet.dns-rdir[count.index].ipv4_address 61 | user = "root" 62 | identityfile = "${abspath(path.root)}/ssh_keys/${digitalocean_droplet.dns-rdir[count.index].ipv4_address}" 63 | } 64 | } 65 | 66 | resource "null_resource" "gen_ssh_config" { 67 | count = var.counter 68 | 69 | triggers = { 70 | template_rendered = data.template_file.ssh_config[count.index].rendered 71 | } 72 | 73 | provisioner "local-exec" { 74 | command = "echo '${data.template_file.ssh_config[count.index].rendered}' > ssh_configs/config_${random_id.server[count.index].hex}" 75 | } 76 | 77 | provisioner "local-exec" { 78 | when = destroy 79 | command = "rm ssh_configs/config_${random_id.server[count.index].hex}" 80 | } 81 | } 82 | 83 | -------------------------------------------------------------------------------- /redbaron/modules/digitalocean/dns-local-rdir/outputs.tf: -------------------------------------------------------------------------------- 1 | output "ips" { 2 | value = [digitalocean_droplet.dns-rdir.*.ipv4_address] 3 | } 4 | -------------------------------------------------------------------------------- /redbaron/modules/digitalocean/dns-local-rdir/variables.tf: -------------------------------------------------------------------------------- 1 | variable "redirect_to" { 2 | type = list(string) 3 | } 4 | 5 | variable "counter" { 6 | default = 1 7 | } 8 | 9 | variable "size" { 10 | default = "s-1vcpu-1gb" 11 | } 12 | 13 | variable "regions" { 14 | type = list(string) 15 | default = ["LON1"] 16 | } 17 | 18 | variable "available_regions" { 19 | type = map(string) 20 | default = { 21 | "NYC1" = "nyc1" 22 | "NYC2" = "nyc2" 23 | "NYC3" = "nyc3" 24 | "SFO1" = "sfo1" 25 | "SFO2" = "sfo2" 26 | "AMS2" = "ams2" 27 | "AMS3" = "ams3" 28 | "SGP1" = "sgp1" 29 | "LON1" = "lon1" 30 | "FRA1" = "fra1" 31 | "TOR1" = "tor1" 32 | "BLR1" = "blr1" 33 | } 34 | } 35 | 36 | -------------------------------------------------------------------------------- /redbaron/modules/digitalocean/dns-local-rdir/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /redbaron/modules/digitalocean/dns-rdir/README.md: -------------------------------------------------------------------------------- 1 | # dns-rdir 2 | 3 | Creates a DNS Redirector droplet in DigitalOcean. SSH keys for each droplet will be outputted to the ssh_keys folder. 4 | 5 | # Arguments 6 | 7 | | Name | Value Type | Description 8 | |---------------------------| ---------- | ----------- 9 | |`redirect_to` | List(string) | List of IPs to redirect DNS traffic to. 10 | |`counter` | Integer | Number of droplets to launch. Defaults to `1`. 11 | |`size` | String | Droplet size to launch. Defaults to `1gb with 25 GB disk`. 12 | |`regions` | List(string) | Regions to create Droplet(s) in. Defaults to `NYC1`. Accepted values are NYC1/2/3, SFO1/2, AMS2/3, SGP1, LON1, FRA1, TOR1, BLR1. 13 | |`available_regions` | Map(string) | Regions to choose from in the regions variable 14 | 15 | # Outputs 16 | 17 | | Name | Value Type | Description 18 | |---------------------------| ---------- | ----------- 19 | |`ips` | List | IPs of created droplets. -------------------------------------------------------------------------------- /redbaron/modules/digitalocean/dns-rdir/firewall.tf: -------------------------------------------------------------------------------- 1 | data "external" "get_public_ip" { 2 | program = ["bash", "../../redbaron/data/scripts/get_public_ip.sh"] 3 | } 4 | 5 | resource "random_id" "firewall" { 6 | byte_length = 4 7 | } 8 | 9 | resource "digitalocean_firewall" "web" { 10 | name = "dns-rdir-only-allow-dns-http-ssh-${random_id.firewall.hex}" 11 | 12 | droplet_ids = digitalocean_droplet.dns-rdir.*.id 13 | 14 | inbound_rule { 15 | protocol = "tcp" 16 | port_range = "53" 17 | source_addresses = ["0.0.0.0/0", "::/0"] 18 | } 19 | inbound_rule { 20 | protocol = "udp" 21 | port_range = "53" 22 | source_addresses = ["0.0.0.0/0", "::/0"] 23 | } 24 | inbound_rule { 25 | protocol = "tcp" 26 | port_range = "22" 27 | source_addresses = ["${data.external.get_public_ip.result["ip"]}/32"] 28 | } 29 | inbound_rule { 30 | protocol = "udp" 31 | port_range = "60000-61000" 32 | source_addresses = ["0.0.0.0/0", "::/0"] 33 | } 34 | 35 | outbound_rule { 36 | protocol = "tcp" 37 | port_range = "53" 38 | destination_addresses = ["0.0.0.0/0", "::/0"] 39 | } 40 | outbound_rule { 41 | protocol = "udp" 42 | port_range = "53" 43 | destination_addresses = ["0.0.0.0/0", "::/0"] 44 | } 45 | outbound_rule { 46 | protocol = "tcp" 47 | port_range = "443" 48 | destination_addresses = ["0.0.0.0/0", "::/0"] 49 | } 50 | outbound_rule { 51 | protocol = "tcp" 52 | port_range = "80" 53 | destination_addresses = ["0.0.0.0/0", "::/0"] 54 | } 55 | } 56 | 57 | -------------------------------------------------------------------------------- /redbaron/modules/digitalocean/dns-rdir/main.tf: -------------------------------------------------------------------------------- 1 | resource "random_id" "server" { 2 | count = var.counter 3 | byte_length = 4 4 | } 5 | 6 | resource "tls_private_key" "ssh" { 7 | count = var.counter 8 | algorithm = "RSA" 9 | rsa_bits = 4096 10 | } 11 | 12 | resource "digitalocean_ssh_key" "ssh_key" { 13 | count = var.counter 14 | name = "dns-rdir-key-${random_id.server[count.index].hex}" 15 | public_key = tls_private_key.ssh[count.index].public_key_openssh 16 | } 17 | 18 | resource "digitalocean_droplet" "dns-rdir" { 19 | count = var.counter 20 | image = "debian-9-x64" 21 | name = "dns-rdir-${random_id.server[count.index].hex}" 22 | region = var.available_regions[element(var.regions, count.index)] 23 | ssh_keys = [digitalocean_ssh_key.ssh_key[count.index].id] 24 | size = var.size 25 | 26 | provisioner "remote-exec" { 27 | inline = [ 28 | "apt-get update", 29 | "apt-get install -y tmux socat", 30 | "tmux new -d \"socat udp4-recvfrom:53,reuseaddr,fork udp4-sendto:${element(var.redirect_to, count.index)}:53\"", 31 | ] 32 | 33 | connection { 34 | host = self.ipv4_address 35 | type = "ssh" 36 | user = "root" 37 | private_key = tls_private_key.ssh[count.index].private_key_pem 38 | } 39 | } 40 | 41 | provisioner "local-exec" { 42 | command = "echo \"${tls_private_key.ssh[count.index].private_key_pem}\" > ssh_keys/${self.ipv4_address} && echo \"${tls_private_key.ssh[count.index].public_key_openssh}\" > ssh_keys/${self.ipv4_address}.pub && chmod 600 ssh_keys/*" 43 | } 44 | 45 | provisioner "local-exec" { 46 | when = destroy 47 | command = "rm ssh_keys/${self.ipv4_address}*" 48 | } 49 | } 50 | 51 | data "template_file" "ssh_config" { 52 | count = var.counter 53 | 54 | template = file("../../redbaron/data/templates/ssh_config.tpl") 55 | 56 | depends_on = [digitalocean_droplet.dns-rdir] 57 | 58 | vars = { 59 | name = "dns_rdir_${digitalocean_droplet.dns-rdir[count.index].ipv4_address}" 60 | hostname = digitalocean_droplet.dns-rdir[count.index].ipv4_address 61 | user = "root" 62 | identityfile = "${abspath(path.root)}/ssh_keys/${digitalocean_droplet.dns-rdir[count.index].ipv4_address}" 63 | } 64 | } 65 | 66 | resource "null_resource" "gen_ssh_config" { 67 | count = var.counter 68 | 69 | triggers = { 70 | template_rendered = data.template_file.ssh_config[count.index].rendered 71 | } 72 | 73 | provisioner "local-exec" { 74 | command = "echo '${data.template_file.ssh_config[count.index].rendered}' > ssh_configs/config_${random_id.server[count.index].hex}" 75 | } 76 | 77 | provisioner "local-exec" { 78 | when = destroy 79 | command = "rm ssh_configs/config_${random_id.server[count.index].hex}" 80 | } 81 | } 82 | 83 | -------------------------------------------------------------------------------- /redbaron/modules/digitalocean/dns-rdir/outputs.tf: -------------------------------------------------------------------------------- 1 | output "ips" { 2 | value = [digitalocean_droplet.dns-rdir.*.ipv4_address] 3 | } 4 | 5 | -------------------------------------------------------------------------------- /redbaron/modules/digitalocean/dns-rdir/variables.tf: -------------------------------------------------------------------------------- 1 | variable "redirect_to" { 2 | type = list(string) 3 | } 4 | 5 | variable "counter" { 6 | default = 1 7 | } 8 | 9 | variable "size" { 10 | default = "s-1vcpu-1gb" 11 | } 12 | 13 | variable "regions" { 14 | type = list(string) 15 | default = ["LON1"] 16 | } 17 | 18 | variable "available_regions" { 19 | type = map(string) 20 | default = { 21 | "NYC1" = "nyc1" 22 | "NYC2" = "nyc2" 23 | "NYC3" = "nyc3" 24 | "SFO1" = "sfo1" 25 | "SFO2" = "sfo2" 26 | "AMS2" = "ams2" 27 | "AMS3" = "ams3" 28 | "SGP1" = "sgp1" 29 | "LON1" = "lon1" 30 | "FRA1" = "fra1" 31 | "TOR1" = "tor1" 32 | "BLR1" = "blr1" 33 | } 34 | } 35 | 36 | -------------------------------------------------------------------------------- /redbaron/modules/digitalocean/dns-rdir/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /redbaron/modules/digitalocean/http-c2/README.md: -------------------------------------------------------------------------------- 1 | # http-c2 2 | 3 | Creates a HTTP C2 server in DigitalOcean. SSH keys for each droplet will be outputted to the ssh_keys folder. 4 | 5 | # Arguments 6 | 7 | | Name | Value Type | Description 8 | |---------------------------| ------------ | ----------- 9 | |`install` | List(string) | Scripts to run on droplet creation. Defaults to "./scripts/core_deps.sh". 10 | |`counter` | Integer | Number of droplets to launch. Defaults to 1. 11 | |`distro` | String | Number of droplets to launch. Defaults to 1. 12 | |`size` | String | Droplet size to launch. Defaults to `1gb with 25 GB disk`. 13 | |`regions` | List(string) | Regions to create Droplet(s) in. Defaults to `NYC1`. Accepted values are NYC1/2/3, SFO1/2, AMS2/3, SGP1, LON1, FRA1, TOR1, BLR1. 14 | |`available_regions` | Map(string) | Regions to choose from in the regions variable 15 | 16 | 17 | # Outputs 18 | 19 | | Name | Value Type | Description 20 | |---------------------------| ---------- | ----------- 21 | |`ips` | List | IPs of created droplets. -------------------------------------------------------------------------------- /redbaron/modules/digitalocean/http-c2/firewall.tf: -------------------------------------------------------------------------------- 1 | data "external" "get_public_ip" { 2 | program = ["bash", "../../redbaron/data/scripts/get_public_ip.sh"] 3 | } 4 | 5 | resource "random_id" "firewall" { 6 | byte_length = 4 7 | } 8 | 9 | resource "digitalocean_firewall" "web" { 10 | name = "http-c2-only-allow-dns-http-ssh-${random_id.firewall.hex}" 11 | 12 | droplet_ids = digitalocean_droplet.http-c2.*.id 13 | 14 | inbound_rule { 15 | protocol = "tcp" 16 | port_range = "443" 17 | source_addresses = ["0.0.0.0/0", "::/0"] 18 | } 19 | inbound_rule { 20 | protocol = "tcp" 21 | port_range = "80" 22 | source_addresses = ["0.0.0.0/0", "::/0"] 23 | } 24 | inbound_rule { 25 | protocol = "tcp" 26 | port_range = "22" 27 | source_addresses = ["${data.external.get_public_ip.result["ip"]}/32"] 28 | } 29 | inbound_rule { # Rule for covenant admin panel 30 | protocol = "tcp" 31 | port_range = "7443" 32 | source_addresses = ["${data.external.get_public_ip.result["ip"]}/32"] 33 | } 34 | inbound_rule { # Rule for cobaltstrike 35 | protocol = "tcp" 36 | port_range = "50050" 37 | source_addresses = ["${data.external.get_public_ip.result["ip"]}/32"] 38 | } 39 | inbound_rule { 40 | protocol = "udp" 41 | port_range = "60000-61000" 42 | source_addresses = ["0.0.0.0/0", "::/0"] 43 | } 44 | 45 | outbound_rule { 46 | protocol = "tcp" 47 | port_range = "53" 48 | destination_addresses = ["0.0.0.0/0", "::/0"] 49 | } 50 | outbound_rule { 51 | protocol = "udp" 52 | port_range = "53" 53 | destination_addresses = ["0.0.0.0/0", "::/0"] 54 | } 55 | outbound_rule { 56 | protocol = "tcp" 57 | port_range = "443" 58 | destination_addresses = ["0.0.0.0/0", "::/0"] 59 | } 60 | outbound_rule { 61 | protocol = "tcp" 62 | port_range = "80" 63 | destination_addresses = ["0.0.0.0/0", "::/0"] 64 | } 65 | } 66 | 67 | -------------------------------------------------------------------------------- /redbaron/modules/digitalocean/http-c2/main.tf: -------------------------------------------------------------------------------- 1 | resource "random_id" "server" { 2 | count = var.counter 3 | byte_length = 4 4 | } 5 | 6 | resource "tls_private_key" "ssh" { 7 | count = var.counter 8 | algorithm = "RSA" 9 | rsa_bits = 4096 10 | } 11 | 12 | resource "digitalocean_ssh_key" "ssh_key" { 13 | count = var.counter 14 | name = "http-c2-key-${random_id.server[count.index].hex}" 15 | public_key = tls_private_key.ssh[count.index].public_key_openssh 16 | } 17 | 18 | resource "digitalocean_droplet" "http-c2" { 19 | count = var.counter 20 | image = var.distro 21 | name = "http-c2-${random_id.server[count.index].hex}" 22 | region = var.available_regions[element(var.regions, count.index)] 23 | ssh_keys = [digitalocean_ssh_key.ssh_key[count.index].id] 24 | size = var.size 25 | 26 | provisioner "remote-exec" { 27 | scripts = concat(["../../redbaron/data/scripts/core_deps.sh"], var.install) 28 | 29 | connection { 30 | host = self.ipv4_address 31 | type = "ssh" 32 | user = "root" 33 | private_key = tls_private_key.ssh[count.index].private_key_pem 34 | } 35 | } 36 | 37 | provisioner "local-exec" { 38 | command = "echo \"${tls_private_key.ssh[count.index].private_key_pem}\" > ssh_keys/${self.ipv4_address} && echo \"${tls_private_key.ssh[count.index].public_key_openssh}\" > ssh_keys/${self.ipv4_address}.pub && chmod 600 ssh_keys/*" 39 | } 40 | 41 | provisioner "local-exec" { 42 | when = destroy 43 | command = "rm ssh_keys/${self.ipv4_address}*" 44 | } 45 | } 46 | 47 | data "template_file" "ssh_config" { 48 | count = var.counter 49 | 50 | template = file("../../redbaron/data/templates/ssh_config.tpl") 51 | 52 | depends_on = [digitalocean_droplet.http-c2] 53 | 54 | vars = { 55 | name = "http_c2_${digitalocean_droplet.http-c2[count.index].ipv4_address}" 56 | hostname = digitalocean_droplet.http-c2[count.index].ipv4_address 57 | user = "root" 58 | identityfile = "${abspath(path.root)}/ssh_keys/${digitalocean_droplet.http-c2[count.index].ipv4_address}" 59 | } 60 | } 61 | 62 | resource "null_resource" "gen_ssh_config" { 63 | count = var.counter 64 | 65 | triggers = { 66 | template_rendered = data.template_file.ssh_config[count.index].rendered 67 | } 68 | 69 | provisioner "local-exec" { 70 | command = "echo '${data.template_file.ssh_config[count.index].rendered}' > ssh_configs/config_${random_id.server[count.index].hex}" 71 | } 72 | 73 | provisioner "local-exec" { 74 | when = destroy 75 | command = "rm ssh_configs/config_${random_id.server[count.index].hex}" 76 | } 77 | } 78 | 79 | -------------------------------------------------------------------------------- /redbaron/modules/digitalocean/http-c2/outputs.tf: -------------------------------------------------------------------------------- 1 | output "ips" { 2 | value = [digitalocean_droplet.http-c2.*.ipv4_address] 3 | } 4 | -------------------------------------------------------------------------------- /redbaron/modules/digitalocean/http-c2/variables.tf: -------------------------------------------------------------------------------- 1 | variable "install" { 2 | type = list(string) 3 | default = [] 4 | } 5 | 6 | variable "counter" { 7 | default = 1 8 | } 9 | 10 | variable "distro" { 11 | default = "debian-9-x64" 12 | } 13 | 14 | variable "size" { 15 | default = "s-1vcpu-1gb" 16 | } 17 | 18 | variable "regions" { 19 | type = list(string) 20 | default = ["LON1"] 21 | } 22 | 23 | variable "available_regions" { 24 | type = map(string) 25 | default = { 26 | "NYC1" = "nyc1" 27 | "NYC2" = "nyc2" 28 | "NYC3" = "nyc3" 29 | "SFO1" = "sfo1" 30 | "SFO2" = "sfo2" 31 | "AMS2" = "ams2" 32 | "AMS3" = "ams3" 33 | "SGP1" = "sgp1" 34 | "LON1" = "lon1" 35 | "FRA1" = "fra1" 36 | "TOR1" = "tor1" 37 | "BLR1" = "blr1" 38 | } 39 | } 40 | 41 | -------------------------------------------------------------------------------- /redbaron/modules/digitalocean/http-c2/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /redbaron/modules/digitalocean/http-rdir/README.md: -------------------------------------------------------------------------------- 1 | # http-rdir 2 | 3 | Creates a HTTP Redirector droplet in DigitalOcean. SSH keys for each droplet will be outputted to the ssh_keys folder. 4 | 5 | # Arguments 6 | 7 | | Name | Value Type | Description 8 | |---------------------------| ---------- | ----------- 9 | |`redirect_to` | List(string) | List of IPs to redirect DNS traffic to. 10 | |`counter` | Integer | Number of droplets to launch. Defaults to `1`. 11 | |`size` | String | Droplet size to launch. Defaults to `1gb with 25 GB disk`. 12 | |`regions` | List(string) | Regions to create Droplet(s) in. Defaults to `NYC1`. Accepted values are NYC1/2/3, SFO1/2, AMS2/3, SGP1, LON1, FRA1, TOR1, BLR1. 13 | |`http-port` | Integer | HTTP port to be used 14 | |`https-port` | Integer | HTTPS port to be used 15 | |`available_regions` | Map(string)| Regions to choose from in the regions variable 16 | 17 | # Outputs 18 | 19 | | Name | Value Type | Description 20 | |---------------------------| ---------- | ----------- 21 | |`ips` | List | IPs of created droplets. -------------------------------------------------------------------------------- /redbaron/modules/digitalocean/http-rdir/firewall.tf: -------------------------------------------------------------------------------- 1 | data "external" "get_public_ip" { 2 | program = ["bash", "../../redbaron/data/scripts/get_public_ip.sh"] 3 | } 4 | 5 | resource "random_id" "firewall" { 6 | byte_length = 4 7 | } 8 | 9 | resource "digitalocean_firewall" "web" { 10 | name = "http-rdir-only-allow-dns-http-ssh-${random_id.firewall.hex}" 11 | 12 | droplet_ids = digitalocean_droplet.http-rdir.*.id 13 | 14 | inbound_rule { 15 | protocol = "tcp" 16 | port_range = "443" 17 | source_addresses = ["0.0.0.0/0", "::/0"] 18 | } 19 | inbound_rule { 20 | protocol = "tcp" 21 | port_range = "80" 22 | source_addresses = ["0.0.0.0/0", "::/0"] 23 | } 24 | inbound_rule { 25 | protocol = "tcp" 26 | port_range = "22" 27 | source_addresses = ["${data.external.get_public_ip.result["ip"]}/32"] 28 | } 29 | inbound_rule { 30 | protocol = "udp" 31 | port_range = "60000-61000" 32 | source_addresses = ["0.0.0.0/0", "::/0"] 33 | } 34 | 35 | outbound_rule { 36 | protocol = "tcp" 37 | port_range = "53" 38 | destination_addresses = ["0.0.0.0/0", "::/0"] 39 | } 40 | outbound_rule { 41 | protocol = "udp" 42 | port_range = "53" 43 | destination_addresses = ["0.0.0.0/0", "::/0"] 44 | } 45 | outbound_rule { 46 | protocol = "tcp" 47 | port_range = "443" 48 | destination_addresses = ["0.0.0.0/0", "::/0"] 49 | } 50 | outbound_rule { 51 | protocol = "tcp" 52 | port_range = "80" 53 | destination_addresses = ["0.0.0.0/0", "::/0"] 54 | } 55 | } 56 | 57 | -------------------------------------------------------------------------------- /redbaron/modules/digitalocean/http-rdir/main.tf: -------------------------------------------------------------------------------- 1 | resource "random_id" "server" { 2 | count = var.counter 3 | byte_length = 4 4 | } 5 | 6 | resource "tls_private_key" "ssh" { 7 | count = var.counter 8 | algorithm = "RSA" 9 | rsa_bits = 4096 10 | } 11 | 12 | resource "digitalocean_ssh_key" "ssh_key" { 13 | count = var.counter 14 | name = "http-rdir-key-${random_id.server[count.index].hex}" 15 | public_key = tls_private_key.ssh[count.index].public_key_openssh 16 | } 17 | 18 | resource "digitalocean_droplet" "http-rdir" { 19 | count = var.counter 20 | image = "debian-9-x64" 21 | name = "http-rdir-${random_id.server[count.index].hex}" 22 | region = var.available_regions[element(var.regions, count.index)] 23 | ssh_keys = [digitalocean_ssh_key.ssh_key[count.index].id] 24 | size = var.size 25 | 26 | provisioner "remote-exec" { 27 | inline = [ 28 | "apt-get update", 29 | "apt-get install -y tmux socat apache2", 30 | "a2enmod rewrite proxy proxy_http ssl", 31 | "systemctl stop apache2", 32 | "tmux new -d \"socat TCP4-LISTEN:80,fork TCP4:${element(var.redirect_to, count.index)}:${var.http-port}\" ';' split \"socat TCP4-LISTEN:443,fork TCP4:${element(var.redirect_to, count.index)}:${var.https-port}\"", 33 | ] 34 | 35 | connection { 36 | host = self.ipv4_address 37 | type = "ssh" 38 | user = "root" 39 | private_key = tls_private_key.ssh[count.index].private_key_pem 40 | } 41 | } 42 | 43 | provisioner "local-exec" { 44 | command = "echo \"${tls_private_key.ssh[count.index].private_key_pem}\" > ssh_keys/${self.ipv4_address} && echo \"${tls_private_key.ssh[count.index].public_key_openssh}\" > ssh_keys/${self.ipv4_address}.pub && chmod 600 ssh_keys/*" 45 | } 46 | 47 | provisioner "local-exec" { 48 | when = destroy 49 | command = "rm ssh_keys/${self.ipv4_address}*" 50 | } 51 | } 52 | 53 | data "template_file" "ssh_config" { 54 | count = var.counter 55 | 56 | template = file("../../redbaron/data/templates/ssh_config.tpl") 57 | 58 | depends_on = [digitalocean_droplet.http-rdir] 59 | 60 | vars = { 61 | name = "http_rdir_${digitalocean_droplet.http-rdir[count.index].ipv4_address}" 62 | hostname = digitalocean_droplet.http-rdir[count.index].ipv4_address 63 | user = "root" 64 | identityfile = "${abspath(path.root)}/ssh_keys/${digitalocean_droplet.http-rdir[count.index].ipv4_address}" 65 | } 66 | } 67 | 68 | resource "null_resource" "gen_ssh_config" { 69 | count = var.counter 70 | 71 | triggers = { 72 | template_rendered = data.template_file.ssh_config[count.index].rendered 73 | } 74 | 75 | provisioner "local-exec" { 76 | command = "echo '${data.template_file.ssh_config[count.index].rendered}' > ssh_configs/config_${random_id.server[count.index].hex}" 77 | } 78 | 79 | provisioner "local-exec" { 80 | when = destroy 81 | command = "rm ssh_configs/config_${random_id.server[count.index].hex}" 82 | } 83 | } 84 | 85 | -------------------------------------------------------------------------------- /redbaron/modules/digitalocean/http-rdir/outputs.tf: -------------------------------------------------------------------------------- 1 | output "ips" { 2 | value = [digitalocean_droplet.http-rdir.*.ipv4_address] 3 | } 4 | -------------------------------------------------------------------------------- /redbaron/modules/digitalocean/http-rdir/variables.tf: -------------------------------------------------------------------------------- 1 | variable "redirect_to" { 2 | type = list(string) 3 | } 4 | 5 | variable "counter" { 6 | default = 1 7 | } 8 | 9 | variable "size" { 10 | default = "s-1vcpu-1gb" 11 | } 12 | 13 | variable "regions" { 14 | type = list(string) 15 | default = ["LON1"] 16 | } 17 | 18 | variable "http-port" { 19 | default = 80 20 | } 21 | 22 | variable "https-port" { 23 | default = 443 24 | } 25 | 26 | variable "available_regions" { 27 | type = map(string) 28 | default = { 29 | "NYC1" = "nyc1" 30 | "NYC2" = "nyc2" 31 | "NYC3" = "nyc3" 32 | "SFO1" = "sfo1" 33 | "SFO2" = "sfo2" 34 | "AMS2" = "ams2" 35 | "AMS3" = "ams3" 36 | "SGP1" = "sgp1" 37 | "LON1" = "lon1" 38 | "FRA1" = "fra1" 39 | "TOR1" = "tor1" 40 | "BLR1" = "blr1" 41 | } 42 | } 43 | 44 | -------------------------------------------------------------------------------- /redbaron/modules/digitalocean/http-rdir/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /redbaron/modules/digitalocean/mail-server/README.md: -------------------------------------------------------------------------------- 1 | # email-server 2 | 3 | Creates a droplet in DigitalOcean to be used as a mail server. SSH keys for each droplet will be outputted to the ssh_keys folder. 4 | 5 | # Arguments 6 | 7 | | Name | Value Type | Description 8 | |---------------------------| ---------- | ----------- 9 | |`counter` | Integer | Number of droplets to launch. Defaults to `1`. 10 | |`size` | String | Droplet size to launch. Defaults to `1gb with 25 GB disk`. 11 | |`name` | String | Mail server name 12 | |`path` | String | Local path to retrieve the iredmail bash script 13 | |`regions` | List(string) | Regions to create Droplet(s) in. Defaults to `LON1`. Accepted values are NYC1/2/3, SFO1/2, AMS2/3, SGP1, LON1, FRA1, TOR1, BLR1. 14 | |`available_regions` | Map(string)| Regions to choose from in the regions variable 15 | 16 | 17 | # Outputs 18 | 19 | | Name | Value Type | Description 20 | |---------------------------| ---------- | ----------- 21 | |`ips` | List | IPs of created droplets. 22 | -------------------------------------------------------------------------------- /redbaron/modules/digitalocean/mail-server/firewall.tf: -------------------------------------------------------------------------------- 1 | data "external" "get_public_ip" { 2 | program = ["bash", "../../redbaron/data/scripts/get_public_ip.sh"] 3 | } 4 | 5 | resource "random_id" "firewall" { 6 | byte_length = 4 7 | } 8 | 9 | resource "digitalocean_firewall" "web" { 10 | name = "mail-server-only-allow-dns-http-ssh-mail-${random_id.firewall.hex}" 11 | 12 | droplet_ids = digitalocean_droplet.mail-server.*.id 13 | 14 | inbound_rule { 15 | protocol = "tcp" 16 | port_range = "25" 17 | source_addresses = ["0.0.0.0/0", "::/0"] 18 | } 19 | inbound_rule { 20 | protocol = "tcp" 21 | port_range = "143" 22 | source_addresses = ["0.0.0.0/0", "::/0"] 23 | } 24 | inbound_rule { 25 | protocol = "tcp" 26 | port_range = "993" 27 | source_addresses = ["0.0.0.0/0", "::/0"] 28 | } 29 | inbound_rule { 30 | protocol = "tcp" 31 | port_range = "995" 32 | source_addresses = ["0.0.0.0/0", "::/0"] 33 | } 34 | inbound_rule { 35 | protocol = "tcp" 36 | port_range = "110" 37 | source_addresses = ["0.0.0.0/0", "::/0"] 38 | } 39 | inbound_rule { 40 | protocol = "tcp" 41 | port_range = "587" 42 | source_addresses = ["0.0.0.0/0", "::/0"] 43 | } 44 | inbound_rule { 45 | protocol = "tcp" 46 | port_range = "443" 47 | source_addresses = ["${data.external.get_public_ip.result["ip"]}/32"] 48 | } 49 | inbound_rule { 50 | protocol = "tcp" 51 | port_range = "80" 52 | source_addresses = ["${data.external.get_public_ip.result["ip"]}/32"] 53 | } 54 | inbound_rule { 55 | protocol = "tcp" 56 | port_range = "22" 57 | source_addresses = ["${data.external.get_public_ip.result["ip"]}/32"] 58 | } 59 | inbound_rule { 60 | protocol = "udp" 61 | port_range = "60000-61000" 62 | source_addresses = ["0.0.0.0/0", "::/0"] 63 | } 64 | 65 | outbound_rule { 66 | protocol = "tcp" 67 | port_range = "53" 68 | destination_addresses = ["0.0.0.0/0", "::/0"] 69 | } 70 | outbound_rule { 71 | protocol = "udp" 72 | port_range = "53" 73 | destination_addresses = ["0.0.0.0/0", "::/0"] 74 | } 75 | outbound_rule { 76 | protocol = "tcp" 77 | port_range = "443" 78 | destination_addresses = ["0.0.0.0/0", "::/0"] 79 | } 80 | outbound_rule { 81 | protocol = "tcp" 82 | port_range = "80" 83 | destination_addresses = ["0.0.0.0/0", "::/0"] 84 | } 85 | outbound_rule { 86 | protocol = "tcp" 87 | port_range = "25" 88 | destination_addresses = ["0.0.0.0/0", "::/0"] 89 | } 90 | outbound_rule { 91 | protocol = "tcp" 92 | port_range = "143" 93 | destination_addresses = ["0.0.0.0/0", "::/0"] 94 | } 95 | outbound_rule { 96 | protocol = "tcp" 97 | port_range = "587" 98 | destination_addresses = ["0.0.0.0/0", "::/0"] 99 | } 100 | outbound_rule { 101 | protocol = "tcp" 102 | port_range = "993" 103 | destination_addresses = ["0.0.0.0/0", "::/0"] 104 | } 105 | outbound_rule { 106 | protocol = "tcp" 107 | port_range = "995" 108 | destination_addresses = ["0.0.0.0/0", "::/0"] 109 | } 110 | outbound_rule { 111 | protocol = "tcp" 112 | port_range = "110" 113 | destination_addresses = ["0.0.0.0/0", "::/0"] 114 | } 115 | } 116 | 117 | -------------------------------------------------------------------------------- /redbaron/modules/digitalocean/mail-server/main.tf: -------------------------------------------------------------------------------- 1 | resource "random_id" "server" { 2 | count = var.counter 3 | byte_length = 4 4 | } 5 | 6 | resource "tls_private_key" "ssh" { 7 | count = var.counter 8 | algorithm = "RSA" 9 | rsa_bits = 4096 10 | } 11 | 12 | resource "digitalocean_ssh_key" "ssh_key" { 13 | count = var.counter 14 | name = "mail-server-key-${random_id.server[count.index].hex}" 15 | public_key = tls_private_key.ssh[count.index].public_key_openssh 16 | } 17 | 18 | resource "digitalocean_droplet" "mail-server" { 19 | count = var.counter 20 | image = "debian-9-x64" 21 | name = var.name #"mail-server-${random_id.server.*.hex[count.index]}" # 22 | region = var.available_regions[element(var.regions, count.index)] 23 | ssh_keys = [digitalocean_ssh_key.ssh_key[count.index].id] 24 | size = var.size 25 | 26 | provisioner "remote-exec" { 27 | inline = [ 28 | "apt-get update", 29 | "apt-get install -y tmux", 30 | ] 31 | 32 | connection { 33 | host = self.ipv4_address 34 | type = "ssh" 35 | user = "root" 36 | private_key = tls_private_key.ssh[count.index].private_key_pem 37 | } 38 | } 39 | 40 | provisioner "local-exec" { 41 | command = "echo \"${tls_private_key.ssh[count.index].private_key_pem}\" > ssh_keys/${self.ipv4_address} && echo \"${tls_private_key.ssh[count.index].public_key_openssh}\" > ssh_keys/${self.ipv4_address}.pub && chmod 600 ssh_keys/*" 42 | } 43 | 44 | provisioner "local-exec" { 45 | when = destroy 46 | command = "rm ssh_keys/${self.ipv4_address}*" 47 | } 48 | provisioner "file" { 49 | source = var.path 50 | destination = "/tmp/iredmail.sh" 51 | connection { 52 | host = self.ipv4_address 53 | type = "ssh" 54 | user = "root" 55 | private_key = tls_private_key.ssh[count.index].private_key_pem 56 | } 57 | } 58 | 59 | provisioner "remote-exec" { 60 | inline = [ 61 | "chmod +x /tmp/iredmail.sh", 62 | "/tmp/iredmail.sh", 63 | ] 64 | 65 | connection { 66 | host = self.ipv4_address 67 | type = "ssh" 68 | user = "root" 69 | private_key = tls_private_key.ssh[count.index].private_key_pem 70 | } 71 | } 72 | } 73 | 74 | data "template_file" "ssh_config" { 75 | count = var.counter 76 | 77 | template = file("../../redbaron/data/templates/ssh_config.tpl") 78 | 79 | depends_on = [digitalocean_droplet.mail-server] 80 | 81 | vars = { 82 | name = "mail_server_${digitalocean_droplet.mail-server[count.index].ipv4_address}" 83 | hostname = digitalocean_droplet.mail-server[count.index].ipv4_address 84 | user = "root" 85 | identityfile = "${abspath(path.root)}/ssh_keys/${digitalocean_droplet.mail-server[count.index].ipv4_address}" 86 | } 87 | } 88 | 89 | resource "null_resource" "gen_ssh_config" { 90 | count = var.counter 91 | 92 | triggers = { 93 | template_rendered = data.template_file.ssh_config[count.index].rendered 94 | } 95 | 96 | provisioner "local-exec" { 97 | command = "echo '${data.template_file.ssh_config[count.index].rendered}' > ssh_configs/config_${random_id.server[count.index].hex}" 98 | } 99 | 100 | provisioner "local-exec" { 101 | when = destroy 102 | command = "rm ssh_configs/config_${random_id.server[count.index].hex}" 103 | } 104 | } 105 | 106 | -------------------------------------------------------------------------------- /redbaron/modules/digitalocean/mail-server/outputs.tf: -------------------------------------------------------------------------------- 1 | output "ips" { 2 | value = [digitalocean_droplet.mail-server.*.ipv4_address] 3 | } -------------------------------------------------------------------------------- /redbaron/modules/digitalocean/mail-server/variables.tf: -------------------------------------------------------------------------------- 1 | variable "counter" { 2 | default = 1 3 | } 4 | 5 | variable "size" { 6 | default = "s-1vcpu-1gb" 7 | } 8 | 9 | variable "name" { 10 | } 11 | 12 | variable "path" { 13 | } 14 | 15 | variable "regions" { 16 | type = list(string) 17 | default = ["LON1"] 18 | } 19 | 20 | variable "available_regions" { 21 | type = map(string) 22 | default = { 23 | "NYC1" = "nyc1" 24 | "NYC2" = "nyc2" 25 | "NYC3" = "nyc3" 26 | "SFO1" = "sfo1" 27 | "SFO2" = "sfo2" 28 | "AMS2" = "ams2" 29 | "AMS3" = "ams3" 30 | "SGP1" = "sgp1" 31 | "LON1" = "lon1" 32 | "FRA1" = "fra1" 33 | "TOR1" = "tor1" 34 | "BLR1" = "blr1" 35 | } 36 | } 37 | 38 | -------------------------------------------------------------------------------- /redbaron/modules/digitalocean/mail-server/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /redbaron/modules/digitalocean/phishing-server-gophish/README.md: -------------------------------------------------------------------------------- 1 | # phishing-server-gophish 2 | 3 | Creates a droplet in Digital Ocean to be used as a phishing server. SSH keys for each droplet will be outputted to the ssh_keys folder. 4 | 5 | # Arguments 6 | 7 | | Name | Value Type | Description 8 | |---------------------------| ------------ | ----------- 9 | |`install` | List(string) | Scripts to run on droplet creation. Defaults to "./scripts/core_deps.sh". 10 | |`counter` | Integer | Number of droplets to launch. Defaults to 1. 11 | |`size` | String | Droplet size to launch. Defaults to `1gb with 25 GB disk`. 12 | |`regions` | List(string) | Regions to create Droplet(s) in. Defaults to `NYC1`. Accepted values are NYC1/2/3, SFO1/2, AMS2/3, SGP1, LON1, FRA1, TOR1, BLR1. 13 | |`available_regions` | Map(string) | Regions to choose from in the regions variable 14 | 15 | 16 | # Outputs 17 | 18 | | Name | Value Type | Description 19 | |---------------------------| ---------- | ----------- 20 | |`ips` | List | IPs of created droplets. 21 | -------------------------------------------------------------------------------- /redbaron/modules/digitalocean/phishing-server-gophish/firewall.tf: -------------------------------------------------------------------------------- 1 | data "external" "get_public_ip" { 2 | program = ["bash", "../../redbaron/data/scripts/get_public_ip.sh"] 3 | } 4 | 5 | resource "random_id" "firewall" { 6 | byte_length = 4 7 | } 8 | 9 | resource "digitalocean_firewall" "web" { 10 | name = "phishing-server-only-allow-dns-http-ssh-${random_id.firewall.hex}" 11 | 12 | droplet_ids = digitalocean_droplet.phishing-server.*.id 13 | 14 | inbound_rule { 15 | protocol = "tcp" 16 | port_range = "443" 17 | source_addresses = ["0.0.0.0/0", "::/0"] 18 | } 19 | inbound_rule { 20 | protocol = "tcp" 21 | port_range = "80" 22 | source_addresses = ["0.0.0.0/0", "::/0"] 23 | } 24 | inbound_rule { 25 | protocol = "tcp" 26 | port_range = "22" 27 | source_addresses = ["${data.external.get_public_ip.result["ip"]}/32"] 28 | } 29 | inbound_rule { 30 | protocol = "tcp" 31 | port_range = "3333" 32 | source_addresses = ["${data.external.get_public_ip.result["ip"]}/32"] 33 | } 34 | inbound_rule { 35 | protocol = "udp" 36 | port_range = "60000-61000" 37 | source_addresses = ["0.0.0.0/0", "::/0"] 38 | } 39 | 40 | outbound_rule { 41 | protocol = "tcp" 42 | port_range = "53" 43 | destination_addresses = ["0.0.0.0/0", "::/0"] 44 | } 45 | outbound_rule { 46 | protocol = "udp" 47 | port_range = "53" 48 | destination_addresses = ["0.0.0.0/0", "::/0"] 49 | } 50 | outbound_rule { 51 | protocol = "tcp" 52 | port_range = "443" 53 | destination_addresses = ["0.0.0.0/0", "::/0"] 54 | } 55 | outbound_rule { 56 | protocol = "tcp" 57 | port_range = "80" 58 | destination_addresses = ["0.0.0.0/0", "::/0"] 59 | } 60 | outbound_rule { 61 | protocol = "tcp" 62 | port_range = "587" #mailserver port for auth 63 | destination_addresses = ["0.0.0.0/0", "::/0"] 64 | } 65 | outbound_rule { 66 | protocol = "tcp" 67 | port_range = "25" #mailserver port for auth 68 | destination_addresses = ["0.0.0.0/0", "::/0"] 69 | } 70 | } 71 | 72 | -------------------------------------------------------------------------------- /redbaron/modules/digitalocean/phishing-server-gophish/main.tf: -------------------------------------------------------------------------------- 1 | resource "random_id" "server" { 2 | count = var.counter 3 | byte_length = 4 4 | } 5 | 6 | resource "tls_private_key" "ssh" { 7 | count = var.counter 8 | algorithm = "RSA" 9 | rsa_bits = 4096 10 | } 11 | 12 | resource "digitalocean_ssh_key" "ssh_key" { 13 | count = var.counter 14 | name = "phishing-server-key-${random_id.server[count.index].hex}" 15 | public_key = tls_private_key.ssh[count.index].public_key_openssh 16 | } 17 | 18 | resource "digitalocean_droplet" "phishing-server" { 19 | count = var.counter 20 | image = "debian-9-x64" 21 | name = "phishing-server-${random_id.server[count.index].hex}" 22 | region = var.available_regions[element(var.regions, count.index)] 23 | ssh_keys = [digitalocean_ssh_key.ssh_key[count.index].id] 24 | size = var.size 25 | 26 | provisioner "remote-exec" { 27 | inline = [ 28 | "apt-get update", 29 | "apt-get install -y tmux", 30 | ] 31 | 32 | connection { 33 | host = self.ipv4_address 34 | type = "ssh" 35 | user = "root" 36 | private_key = tls_private_key.ssh[count.index].private_key_pem 37 | } 38 | } 39 | 40 | provisioner "remote-exec" { 41 | scripts = concat(["../../redbaron/data/scripts/core_deps.sh"], var.install) 42 | 43 | connection { 44 | host = self.ipv4_address 45 | type = "ssh" 46 | user = "root" 47 | private_key = tls_private_key.ssh[count.index].private_key_pem 48 | } 49 | } 50 | 51 | provisioner "file" { 52 | source = "../../redbaron/data/scripts/gophish/gophish.service" 53 | destination = "/lib/systemd/system/gophish.service" 54 | connection { 55 | host = self.ipv4_address 56 | type = "ssh" 57 | user = "root" 58 | private_key = tls_private_key.ssh[count.index].private_key_pem 59 | } 60 | } 61 | 62 | provisioner "file" { 63 | source = "../../redbaron/data/scripts/gophish/gophish_service.sh" 64 | destination = "/tmp/gophish.sh" 65 | connection { 66 | host = self.ipv4_address 67 | type = "ssh" 68 | user = "root" 69 | private_key = tls_private_key.ssh[count.index].private_key_pem 70 | } 71 | } 72 | 73 | provisioner "remote-exec" { 74 | scripts = concat(["../../redbaron/data/scripts/gophish.sh"], var.install) 75 | 76 | connection { 77 | host = self.ipv4_address 78 | type = "ssh" 79 | user = "root" 80 | private_key = tls_private_key.ssh[count.index].private_key_pem 81 | } 82 | } 83 | 84 | provisioner "local-exec" { 85 | command = "echo \"${tls_private_key.ssh[count.index].private_key_pem}\" > ssh_keys/${self.ipv4_address} && echo \"${tls_private_key.ssh[count.index].public_key_openssh}\" > ssh_keys/${self.ipv4_address}.pub && chmod 600 ssh_keys/*" 86 | } 87 | 88 | provisioner "local-exec" { 89 | when = destroy 90 | command = "rm ssh_keys/${self.ipv4_address}*" 91 | } 92 | } 93 | 94 | data "template_file" "ssh_config" { 95 | count = var.counter 96 | 97 | template = file("../../redbaron/data/templates/ssh_config.tpl") 98 | 99 | depends_on = [digitalocean_droplet.phishing-server] 100 | 101 | vars = { 102 | name = "phishing_server_${digitalocean_droplet.phishing-server[count.index].ipv4_address}" 103 | hostname = digitalocean_droplet.phishing-server[count.index].ipv4_address 104 | user = "root" 105 | identityfile = "${abspath(path.root)}/ssh_keys/${digitalocean_droplet.phishing-server[count.index].ipv4_address}" 106 | } 107 | } 108 | 109 | resource "null_resource" "gen_ssh_config" { 110 | count = var.counter 111 | 112 | triggers = { 113 | template_rendered = data.template_file.ssh_config[count.index].rendered 114 | } 115 | 116 | provisioner "local-exec" { 117 | command = "echo '${data.template_file.ssh_config[count.index].rendered}' > ssh_configs/config_${random_id.server[count.index].hex}" 118 | } 119 | 120 | provisioner "local-exec" { 121 | when = destroy 122 | command = "rm ssh_configs/config_${random_id.server[count.index].hex}" 123 | } 124 | } 125 | 126 | -------------------------------------------------------------------------------- /redbaron/modules/digitalocean/phishing-server-gophish/outputs.tf: -------------------------------------------------------------------------------- 1 | output "ips" { 2 | value = [digitalocean_droplet.phishing-server.*.ipv4_address] 3 | } -------------------------------------------------------------------------------- /redbaron/modules/digitalocean/phishing-server-gophish/variables.tf: -------------------------------------------------------------------------------- 1 | variable "install" { 2 | type = list(string) 3 | default = [] 4 | } 5 | 6 | variable "counter" { 7 | default = 1 8 | } 9 | 10 | variable "size" { 11 | default = "s-1vcpu-1gb" 12 | } 13 | 14 | variable "regions" { 15 | type = list(string) 16 | default = ["LON1"] 17 | } 18 | 19 | variable "available_regions" { 20 | type = map(string) 21 | default = { 22 | "NYC1" = "nyc1" 23 | "NYC2" = "nyc2" 24 | "NYC3" = "nyc3" 25 | "SFO1" = "sfo1" 26 | "SFO2" = "sfo2" 27 | "AMS2" = "ams2" 28 | "AMS3" = "ams3" 29 | "SGP1" = "sgp1" 30 | "LON1" = "lon1" 31 | "FRA1" = "fra1" 32 | "TOR1" = "tor1" 33 | "BLR1" = "blr1" 34 | } 35 | } 36 | 37 | -------------------------------------------------------------------------------- /redbaron/modules/digitalocean/phishing-server-gophish/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /redbaron/modules/digitalocean/phishing-server/README.md: -------------------------------------------------------------------------------- 1 | # phishing-server 2 | 3 | Creates a droplet in DigitalOcean to be used as a phishing server. SSH keys for each droplet will be outputted to the ssh_keys folder. 4 | 5 | # Arguments 6 | 7 | | Name | Value Type | Description 8 | |---------------------------| ---------- | ----------- 9 | |`counter` | Integer | Number of droplets to launch. Defaults to `1`. 10 | |`size` | String | Droplet size to launch. Defaults to `1gb with 25 GB disk`. 11 | |`regions` | List | Regions to create Droplet(s) in. Defaults to `NYC1`. Accepted values are NYC1/2/3, SFO1/2, AMS2/3, SGP1, LON1, FRA1, TOR1, BLR1. 12 | |`available_regions` | Map(string)| Regions to choose from in the regions variable 13 | 14 | # Outputs 15 | 16 | | Name | Value Type | Description 17 | |---------------------------| ---------- | ----------- 18 | |`ips` | List | IPs of created droplets. 19 | -------------------------------------------------------------------------------- /redbaron/modules/digitalocean/phishing-server/firewall.tf: -------------------------------------------------------------------------------- 1 | data "external" "get_public_ip" { 2 | program = ["bash", "../../redbaron/data/scripts/get_public_ip.sh"] 3 | } 4 | 5 | resource "random_id" "firewall" { 6 | byte_length = 4 7 | } 8 | 9 | resource "digitalocean_firewall" "web" { 10 | name = "phishing-server-only-allow-dns-http-ssh-${random_id.firewall.hex}" 11 | 12 | droplet_ids = digitalocean_droplet.phishing-server.*.id 13 | 14 | inbound_rule { 15 | protocol = "tcp" 16 | port_range = "443" 17 | source_addresses = ["0.0.0.0/0", "::/0"] 18 | } 19 | inbound_rule { 20 | protocol = "tcp" 21 | port_range = "80" 22 | source_addresses = ["0.0.0.0/0", "::/0"] 23 | } 24 | inbound_rule { 25 | protocol = "tcp" 26 | port_range = "22" 27 | source_addresses = ["${data.external.get_public_ip.result["ip"]}/32"] 28 | } 29 | inbound_rule { 30 | protocol = "udp" 31 | port_range = "60000-61000" 32 | source_addresses = ["0.0.0.0/0", "::/0"] 33 | } 34 | 35 | outbound_rule { 36 | protocol = "tcp" 37 | port_range = "53" 38 | destination_addresses = ["0.0.0.0/0", "::/0"] 39 | } 40 | outbound_rule { 41 | protocol = "udp" 42 | port_range = "53" 43 | destination_addresses = ["0.0.0.0/0", "::/0"] 44 | } 45 | outbound_rule { 46 | protocol = "tcp" 47 | port_range = "443" 48 | destination_addresses = ["0.0.0.0/0", "::/0"] 49 | } 50 | outbound_rule { 51 | protocol = "tcp" 52 | port_range = "80" 53 | destination_addresses = ["0.0.0.0/0", "::/0"] 54 | } 55 | } 56 | 57 | -------------------------------------------------------------------------------- /redbaron/modules/digitalocean/phishing-server/main.tf: -------------------------------------------------------------------------------- 1 | resource "random_id" "server" { 2 | count = var.counter 3 | byte_length = 4 4 | } 5 | 6 | resource "tls_private_key" "ssh" { 7 | count = var.counter 8 | algorithm = "RSA" 9 | rsa_bits = 4096 10 | } 11 | 12 | resource "digitalocean_ssh_key" "ssh_key" { 13 | count = var.counter 14 | name = "phishing-server-key-${random_id.server[count.index].hex}" 15 | public_key = tls_private_key.ssh[count.index].public_key_openssh 16 | } 17 | 18 | resource "digitalocean_droplet" "phishing-server" { 19 | count = var.counter 20 | image = "debian-9-x64" 21 | name = "phishing-server-${random_id.server[count.index].hex}" 22 | region = var.available_regions[element(var.regions, count.index)] 23 | ssh_keys = [digitalocean_ssh_key.ssh_key[count.index].id] 24 | size = var.size 25 | 26 | provisioner "remote-exec" { 27 | inline = [ 28 | "apt-get update", 29 | "apt-get install -y tmux apache2 certbot python-certbot-apache", 30 | "a2enmod ssl", 31 | "systemctl stop apache2", 32 | ] 33 | 34 | connection { 35 | host = self.ipv4_address 36 | type = "ssh" 37 | user = "root" 38 | private_key = tls_private_key.ssh[count.index].private_key_pem 39 | } 40 | } 41 | 42 | provisioner "local-exec" { 43 | command = "echo \"${tls_private_key.ssh[count.index].private_key_pem}\" > ssh_keys/${self.ipv4_address} && echo \"${tls_private_key.ssh[count.index].public_key_openssh}\" > ssh_keys/${self.ipv4_address}.pub && chmod 600 ssh_keys/*" 44 | } 45 | 46 | provisioner "local-exec" { 47 | when = destroy 48 | command = "rm ssh_keys/${self.ipv4_address}*" 49 | } 50 | } 51 | 52 | data "template_file" "ssh_config" { 53 | count = var.counter 54 | 55 | template = file("../../redbaron/data/templates/ssh_config.tpl") 56 | 57 | depends_on = [digitalocean_droplet.phishing-server] 58 | 59 | vars = { 60 | name = "phishing_server_${digitalocean_droplet.phishing-server[count.index].ipv4_address}" 61 | hostname = digitalocean_droplet.phishing-server[count.index].ipv4_address 62 | user = "root" 63 | identityfile = "${abspath(path.root)}/ssh_keys/${digitalocean_droplet.phishing-server[count.index].ipv4_address}" 64 | } 65 | } 66 | 67 | resource "null_resource" "gen_ssh_config" { 68 | count = var.counter 69 | 70 | triggers = { 71 | template_rendered = data.template_file.ssh_config[count.index].rendered 72 | } 73 | 74 | provisioner "local-exec" { 75 | command = "echo '${data.template_file.ssh_config[count.index].rendered}' > ssh_configs/config_${random_id.server[count.index].hex}" 76 | } 77 | 78 | provisioner "local-exec" { 79 | when = destroy 80 | command = "rm ssh_configs/config_${random_id.server[count.index].hex}" 81 | } 82 | } 83 | 84 | -------------------------------------------------------------------------------- /redbaron/modules/digitalocean/phishing-server/outputs.tf: -------------------------------------------------------------------------------- 1 | output "ips" { 2 | value = [digitalocean_droplet.phishing-server.*.ipv4_address] 3 | } 4 | -------------------------------------------------------------------------------- /redbaron/modules/digitalocean/phishing-server/variables.tf: -------------------------------------------------------------------------------- 1 | variable "counter" { 2 | default = 1 3 | } 4 | 5 | variable "size" { 6 | default = "s-1vcpu-1gb" 7 | } 8 | 9 | variable "regions" { 10 | type = list(string) 11 | default = ["LON1"] 12 | } 13 | 14 | variable "available_regions" { 15 | type = map(string) 16 | default = { 17 | "NYC1" = "nyc1" 18 | "NYC2" = "nyc2" 19 | "NYC3" = "nyc3" 20 | "SFO1" = "sfo1" 21 | "SFO2" = "sfo2" 22 | "AMS2" = "ams2" 23 | "AMS3" = "ams3" 24 | "SGP1" = "sgp1" 25 | "LON1" = "lon1" 26 | "FRA1" = "fra1" 27 | "TOR1" = "tor1" 28 | "BLR1" = "blr1" 29 | } 30 | } 31 | 32 | -------------------------------------------------------------------------------- /redbaron/modules/digitalocean/phishing-server/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /redbaron/modules/godaddy/redirect-nameservers/README.md: -------------------------------------------------------------------------------- 1 | # create-hosted-zone 2 | 3 | Redirects the nameservers from Godaddy to another provider (AWS, DigitalOcean) 4 | 5 | # Arguments 6 | 7 | | Name | Required | Value Type | Description 8 | |---------------------------| -------- | ------------ | ----------- 9 | |`domain` | Yes | String | The domain to create a hosted zone for. 10 | |`nameservers` | Yes | List(string) | The nameservers to be used for the specified domain. 11 | -------------------------------------------------------------------------------- /redbaron/modules/godaddy/redirect-nameservers/main.tf: -------------------------------------------------------------------------------- 1 | resource "godaddy_domain_record" "gd-fancy-domain" { 2 | domain = var.domain 3 | nameservers = var.nameservers 4 | } 5 | 6 | -------------------------------------------------------------------------------- /redbaron/modules/godaddy/redirect-nameservers/outputs.tf: -------------------------------------------------------------------------------- 1 | output "redirected" { 2 | value = 1 3 | } 4 | -------------------------------------------------------------------------------- /redbaron/modules/godaddy/redirect-nameservers/variables.tf: -------------------------------------------------------------------------------- 1 | variable "domain" { 2 | } 3 | 4 | variable "nameservers" { 5 | type = list(string) 6 | } 7 | 8 | -------------------------------------------------------------------------------- /redbaron/modules/godaddy/redirect-nameservers/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /redbaron/modules/letsencrypt/aws/create-cert-dns-aws/README.md: -------------------------------------------------------------------------------- 1 | # create-cert-dns 2 | 3 | Creates a Let's Encrypt TLS certificate for the specified domain using the DNS challenge. It stores the certificates on the ~/data/certificates 4 | 5 | # Arguments 6 | | Name | Value Type | Description 7 | |---------------------------| ---------- | ----------- 8 | |`domain` | String | The certificate's primary domain that the certificate will be recognized for. 9 | |`server_url` | String | Registration server URL to use. Valid values are "staging" and "production". Defaults to "production". 10 | |`aws_key ` | String | AWS key to authenticate 11 | |`aws_secret ` | String | AWS key to authenticate 12 | |`zone` | String | Route53 hosted zone 13 | |`region` | String | AWS region - e.g. eu-west-1 14 | |`reg_email` | String | Email address to register the certificate 15 | 16 | # Outputs 17 | 18 | | Name | Value Type | Description 19 | |----------------------------- | ---------- | ----------- 20 | |`certificate_domain` | String | 21 | |`certificate_url` | String | 22 | |`certificate_pem` | String | 23 | |`certificate_private_key_pem` | String | 24 | |`certificate_issuer_pem` | String | 25 | |`certificate_file_path` | String | 26 | -------------------------------------------------------------------------------- /redbaron/modules/letsencrypt/aws/create-cert-dns-aws/main.tf: -------------------------------------------------------------------------------- 1 | provider "acme" { 2 | server_url = "https://acme-staging-v02.api.letsencrypt.org/directory" 3 | } 4 | 5 | resource "tls_private_key" "private_key" { 6 | algorithm = "RSA" 7 | } 8 | 9 | resource "acme_registration" "reg" { 10 | account_key_pem = tls_private_key.private_key.private_key_pem 11 | email_address = var.reg_email 12 | } 13 | 14 | resource "acme_certificate" "certificate" { 15 | account_key_pem = acme_registration.reg.account_key_pem 16 | common_name = var.domain 17 | 18 | dns_challenge { 19 | provider = "route53" 20 | 21 | config = { 22 | AWS_ACCESS_KEY_ID = var.aws_key 23 | AWS_SECRET_ACCESS_KEY = var.aws_secret 24 | AWS_REGION = var.region 25 | AWS_HOSTED_ZONE_ID = var.zone 26 | } 27 | } 28 | 29 | provisioner "local-exec" { 30 | command = "echo \"${self.private_key_pem}\" > certificates/${self.common_name}_privkey.pem && echo \"${self.certificate_pem}\" > certificates/${self.common_name}_cert.pem" 31 | } 32 | 33 | provisioner "local-exec" { 34 | when = destroy 35 | command = "rm certificates/${self.common_name}*" 36 | } 37 | } 38 | 39 | -------------------------------------------------------------------------------- /redbaron/modules/letsencrypt/aws/create-cert-dns-aws/outputs.tf: -------------------------------------------------------------------------------- 1 | output "certificate_domain" { 2 | value = [acme_certificate.certificate.*.certificate_domain] 3 | } 4 | 5 | output "certificate_url" { 6 | value = [acme_certificate.certificate.*.certificate_url] 7 | } 8 | 9 | output "certificate_pem" { 10 | value = [acme_certificate.certificate.*.certificate_pem] 11 | } 12 | 13 | output "certificate_private_key_pem" { 14 | sensitive = true 15 | value = [acme_certificate.certificate.*.private_key_pem] 16 | } 17 | 18 | output "certificate_issuer_pem" { 19 | value = [acme_certificate.certificate.*.issuer_pem] 20 | } 21 | 22 | output "certificate_file_path" { 23 | value = "certificates/${acme_certificate.certificate.common_name}_cert.pem" 24 | } 25 | 26 | output "certificate_private_key_file_path" { 27 | value = "certificates/${acme_certificate.certificate.common_name}_privkey.pem" 28 | } 29 | 30 | -------------------------------------------------------------------------------- /redbaron/modules/letsencrypt/aws/create-cert-dns-aws/variables.tf: -------------------------------------------------------------------------------- 1 | variable "domain" { 2 | } 3 | 4 | variable "server_url" { 5 | default = "staging" #"production" 6 | } 7 | 8 | variable "aws_key" { 9 | } 10 | 11 | variable "aws_secret" { 12 | } 13 | 14 | variable "zone" { 15 | } 16 | 17 | variable "region" { 18 | } 19 | 20 | variable "reg_email" { 21 | default = "nobody@kokos.com" 22 | } 23 | 24 | -------------------------------------------------------------------------------- /redbaron/modules/letsencrypt/aws/create-cert-dns-aws/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /redbaron/modules/letsencrypt/aws/create-cert-dns-gophish-aws/README.md: -------------------------------------------------------------------------------- 1 | # create-cert-dns 2 | 3 | Creates a Let's Encrypt TLS certificate for the specified domain using the DNS challenge. It stores the certificates on the ~/data/certificates 4 | 5 | # Arguments 6 | | Name | Value Type | Description 7 | |---------------------------| -------- | ---------- 8 | |`domain` | String | The certificate's primary domain that the certificate will be recognized for. 9 | |`server_url` | String | Registration server URL to use. Valid values are "staging" and "production". Defaults to "production". 10 | |`aws_key ` | String | AWS key to authenticate 11 | |`aws_secret ` | String | AWS key to authenticate 12 | |`zone` | String | Route53 hosted zone 13 | |`region` | Integer | AWS region - e.g. eu-west-1 14 | |`server_urls` | map(string) | Registration server URL to use. Valid values are "staging" and "production". Defaults to "production". 15 | |`reg_email` | Integer | Email address to register the certificate 16 | |`phishing_server_ip` | Integer | IP address of the host to add the certificate 17 | 18 | # Outputs 19 | 20 | | Name | Value Type | Description 21 | |----------------------------- | ---------- | ----------- 22 | |`certificate_domain` | String | 23 | |`certificate_url` | String | 24 | |`certificate_pem` | String | 25 | |`certificate_private_key_pem` | String | 26 | |`certificate_issuer_pem` | String | 27 | |`certificate_file_path` | String | 28 | |`certificate_private_key_file_path` | String | 29 | -------------------------------------------------------------------------------- /redbaron/modules/letsencrypt/aws/create-cert-dns-gophish-aws/main.tf: -------------------------------------------------------------------------------- 1 | provider "acme" { 2 | server_url = var.server_urls[var.server_url] 3 | } 4 | 5 | resource "tls_private_key" "private_key" { 6 | algorithm = "RSA" 7 | } 8 | 9 | resource "acme_registration" "reg" { 10 | account_key_pem = tls_private_key.private_key.private_key_pem 11 | email_address = var.reg_email 12 | } 13 | 14 | resource "acme_certificate" "certificate" { 15 | account_key_pem = acme_registration.reg.account_key_pem 16 | common_name = var.domain 17 | 18 | dns_challenge { 19 | provider = "route53" 20 | 21 | config = { 22 | AWS_ACCESS_KEY_ID = var.aws_key 23 | AWS_SECRET_ACCESS_KEY = var.aws_secret 24 | AWS_REGION = var.region 25 | AWS_HOSTED_ZONE_ID = var.zone 26 | } 27 | } 28 | 29 | provisioner "local-exec" { 30 | command = "echo \"${self.private_key_pem}\" > certificates/${self.common_name}_privkey.pem && echo \"${self.certificate_pem}\" > certificates/${self.common_name}_cert.pem" 31 | } 32 | 33 | provisioner "file" { 34 | source = "certificates/${var.domain}_privkey.pem" 35 | destination = "/tmp/${var.domain}_privkey.pem" 36 | connection { 37 | host = var.phishing_server_ip 38 | type = "ssh" 39 | user = "admin" 40 | private_key = file("ssh_keys/${var.phishing_server_ip}") 41 | } 42 | } 43 | 44 | provisioner "file" { 45 | source = "certificates/${var.domain}_cert.pem" 46 | destination = "/tmp/${var.domain}_cert.pem" 47 | connection { 48 | host = var.phishing_server_ip 49 | type = "ssh" 50 | user = "admin" 51 | private_key = file("ssh_keys/${var.phishing_server_ip}") 52 | } 53 | } 54 | 55 | provisioner "remote-exec" { 56 | inline = [ 57 | "sudo cp /tmp/${var.domain}_privkey.pem /opt/goapps/src/github.com/gophish/gophish/${var.domain}_privkey.pem", 58 | "sudo cp /tmp/${var.domain}_cert.pem /opt/goapps/src/github.com/gophish/gophish/${var.domain}_cert.pem", 59 | "sudo sed -i 's/false/true/g' /opt/goapps/src/github.com/gophish/gophish/config.json", 60 | "sudo sed -i 's/0.0.0.0:80/0.0.0.0:443/g' /opt/goapps/src/github.com/gophish/gophish/config.json", 61 | "sudo sed -i 's/example.crt/${var.domain}_cert.pem/g' /opt/goapps/src/github.com/gophish/gophish/config.json", 62 | "sudo sed -i 's/example.key/${var.domain}_privkey.pem/g' /opt/goapps/src/github.com/gophish/gophish/config.json", 63 | "sudo systemctl stop gophish.service", 64 | "sudo systemctl start gophish.service", 65 | ] 66 | 67 | connection { 68 | host = var.phishing_server_ip 69 | type = "ssh" 70 | user = "admin" 71 | private_key = file("ssh_keys/${var.phishing_server_ip}") 72 | } 73 | } 74 | 75 | provisioner "local-exec" { 76 | when = destroy 77 | command = "rm certificates/${self.common_name}*" 78 | } 79 | } 80 | 81 | -------------------------------------------------------------------------------- /redbaron/modules/letsencrypt/aws/create-cert-dns-gophish-aws/outputs.tf: -------------------------------------------------------------------------------- 1 | output "certificate_domain" { 2 | value = [acme_certificate.certificate.*.certificate_domain] 3 | } 4 | 5 | output "certificate_url" { 6 | value = [acme_certificate.certificate.*.certificate_url] 7 | } 8 | 9 | output "certificate_pem" { 10 | value = [acme_certificate.certificate.*.certificate_pem] 11 | } 12 | 13 | output "certificate_private_key_pem" { 14 | sensitive = true 15 | value = [acme_certificate.certificate.*.private_key_pem] 16 | } 17 | 18 | output "certificate_issuer_pem" { 19 | value = [acme_certificate.certificate.*.issuer_pem] 20 | } 21 | 22 | output "certificate_file_path" { 23 | value = "certificates/${acme_certificate.certificate.common_name}_cert.pem" 24 | } 25 | 26 | output "certificate_private_key_file_path" { 27 | value = "certificates/${acme_certificate.certificate.common_name}_privkey.pem" 28 | } 29 | 30 | -------------------------------------------------------------------------------- /redbaron/modules/letsencrypt/aws/create-cert-dns-gophish-aws/variables.tf: -------------------------------------------------------------------------------- 1 | variable "domain" { 2 | } 3 | 4 | variable "server_url" { 5 | default = "staging" #"production" 6 | } 7 | 8 | variable "aws_key" { 9 | } 10 | 11 | variable "aws_secret" { 12 | } 13 | 14 | variable "zone" { 15 | } 16 | 17 | variable "region" { 18 | } 19 | 20 | variable "server_urls" { 21 | type = map(string) 22 | default = { 23 | "staging" = "https://acme-staging-v02.api.letsencrypt.org/directory" 24 | "production" = "https://acme-v02.api.letsencrypt.org/directory" 25 | } 26 | } 27 | 28 | variable "reg_email" { 29 | default = "nobody@kokos.com" 30 | } 31 | 32 | variable "phishing_server_ip" { 33 | } 34 | 35 | -------------------------------------------------------------------------------- /redbaron/modules/letsencrypt/aws/create-cert-dns-gophish-aws/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /redbaron/modules/letsencrypt/aws/create-cert-webserver-aws/README.md: -------------------------------------------------------------------------------- 1 | # create-cert-phishing 2 | 3 | Creates a Let's Encrypt TLS certificate for the specified domain using the DNS challenge on the Phishing Server and restarts the service on HTTPS. 4 | 5 | # Arguments 6 | | Name | Value Type | Description 7 | |---------------------------| -------- | ---------- 8 | |`domain` | String | The certificate's primary domain that the certificate will be recognized for. 9 | |`phishing_server_ip` | List(string) | IP address of the host to add the certificate 10 | |`email` | String | Email address to register the certificate -------------------------------------------------------------------------------- /redbaron/modules/letsencrypt/aws/create-cert-webserver-aws/main.tf: -------------------------------------------------------------------------------- 1 | resource "null_resource" "lets-encrypt" { 2 | provisioner "remote-exec" { 3 | inline = [ 4 | "sudo service apache2 start", 5 | "sudo wget https://dl.eff.org/certbot-auto", 6 | "sudo mv certbot-auto /usr/local/bin/certbot-auto", 7 | "sudo chown root /usr/local/bin/certbot-auto", 8 | "sudo chmod 0755 /usr/local/bin/certbot-auto", 9 | "sudo /usr/local/bin/certbot-auto --apache --non-interactive --agree-tos --email ${var.email} --domain ${var.domain}", 10 | "sudo service apache2 restart" 11 | ] 12 | 13 | connection { 14 | host = var.phishing_server_ip 15 | type = "ssh" 16 | user = "admin" 17 | private_key = file("ssh_keys/${var.phishing_server_ip}") 18 | } 19 | } 20 | } -------------------------------------------------------------------------------- /redbaron/modules/letsencrypt/aws/create-cert-webserver-aws/variables.tf: -------------------------------------------------------------------------------- 1 | variable "domain" { 2 | } 3 | 4 | variable "phishing_server_ip" { 5 | } 6 | 7 | variable "email" { 8 | default = "fakeemail@a.com " 9 | } 10 | 11 | -------------------------------------------------------------------------------- /redbaron/modules/letsencrypt/aws/create-cert-webserver-aws/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /redbaron/modules/letsencrypt/digitalocean/create-cert-dns-do/README.md: -------------------------------------------------------------------------------- 1 | # create-cert-dns 2 | 3 | Creates a Let's Encrypt TLS certificate for the specified domain using the DNS challenge. It stores the certificates on the ~/data/certificates 4 | 5 | # Arguments 6 | | Name | Value Type | Description 7 | |---------------------------| -------- | ---------- | ----------- 8 | |`provider_name` | String | Provider to use for the DNS challenge. Defaults to "route53". 9 | |`do_token` | String | Digital Ocean Token 10 | |`domain` | String | The certificate's primary domain that the certificate will be recognized for. 11 | |`server_url` | String | Registration server URL to use. Valid values are "staging" and "production". Defaults to "production". 12 | |`server_urls` | Map(string) | Registration server URL to use. Valid values are "staging" and "production". Defaults to "production". 13 | |`reg_email` | String | Email to use for certificate registration. Defaults to "nobody@example.com" 14 | 15 | 16 | # Outputs 17 | 18 | | Name | Value Type | Description 19 | |----------------------------- | ---------- | ----------- 20 | |`certificate_domain` | String | 21 | |`certificate_url` | String | 22 | |`certificate_pem` | String | 23 | |`certificate_private_key_pem` | String | 24 | |`certificate_issuer_pem` | String | 25 | |`certificate_file_path` | String | 26 | |`certificate_private_key_file_path` | String | 27 | -------------------------------------------------------------------------------- /redbaron/modules/letsencrypt/digitalocean/create-cert-dns-do/main.tf: -------------------------------------------------------------------------------- 1 | provider "acme" { 2 | server_url = var.server_urls[var.server_url] 3 | } 4 | 5 | resource "tls_private_key" "private_key" { 6 | algorithm = "RSA" 7 | } 8 | 9 | resource "acme_registration" "reg" { 10 | account_key_pem = tls_private_key.private_key.private_key_pem 11 | email_address = var.reg_email 12 | } 13 | 14 | resource "acme_certificate" "certificate" { 15 | account_key_pem = acme_registration.reg.account_key_pem 16 | common_name = var.domain 17 | 18 | dns_challenge { 19 | provider = var.provider_name 20 | 21 | config = { 22 | DO_AUTH_TOKEN = var.do_token 23 | } 24 | } 25 | 26 | provisioner "local-exec" { 27 | command = "echo \"${self.private_key_pem}\" > certificates/${self.common_name}_privkey.pem && echo \"${self.certificate_pem}\" > certificates/${self.common_name}_cert.pem" 28 | } 29 | 30 | provisioner "local-exec" { 31 | when = destroy 32 | command = "rm certificates/${self.common_name}*" 33 | } 34 | } 35 | 36 | -------------------------------------------------------------------------------- /redbaron/modules/letsencrypt/digitalocean/create-cert-dns-do/outputs.tf: -------------------------------------------------------------------------------- 1 | output "certificate_domain" { 2 | value = [acme_certificate.certificate.*.certificate_domain] 3 | } 4 | 5 | output "certificate_url" { 6 | value = [acme_certificate.certificate.*.certificate_url] 7 | } 8 | 9 | output "certificate_pem" { 10 | value = [acme_certificate.certificate.*.certificate_pem] 11 | } 12 | 13 | output "certificate_private_key_pem" { 14 | sensitive = true 15 | value = [acme_certificate.certificate.*.private_key_pem] 16 | } 17 | 18 | output "certificate_issuer_pem" { 19 | value = [acme_certificate.certificate.*.issuer_pem] 20 | } 21 | 22 | output "certificate_file_path" { 23 | value = "certificates/${acme_certificate.certificate.common_name}_cert.pem" 24 | } 25 | 26 | output "certificate_private_key_file_path" { 27 | value = "certificates/${acme_certificate.certificate.common_name}_privkey.pem" 28 | } 29 | 30 | -------------------------------------------------------------------------------- /redbaron/modules/letsencrypt/digitalocean/create-cert-dns-do/variables.tf: -------------------------------------------------------------------------------- 1 | variable "provider_name" { 2 | } 3 | 4 | variable "do_token" { 5 | } 6 | 7 | variable "domain" { 8 | } 9 | 10 | variable "server_url" { 11 | default = "staging" #"production" 12 | } 13 | 14 | variable "server_urls" { 15 | type = map(any) 16 | default = { 17 | "staging" = "https://acme-staging-v02.api.letsencrypt.org/directory" 18 | "production" = "https://acme-v02.api.letsencrypt.org/directory" 19 | } 20 | } 21 | 22 | variable "reg_email" { 23 | default = "nobody@kokos.com" 24 | } 25 | 26 | -------------------------------------------------------------------------------- /redbaron/modules/letsencrypt/digitalocean/create-cert-dns-do/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /redbaron/modules/letsencrypt/digitalocean/create-cert-dns-gophish-do/README.md: -------------------------------------------------------------------------------- 1 | # create-cert-dns 2 | 3 | Creates a Let's Encrypt TLS certificate for the specified domain using the DNS challenge. It stores the certificates on the ~/data/certificates 4 | 5 | # Arguments 6 | | Name | Value Type | Description 7 | |---------------------------| -------- | ---------- | ----------- 8 | |`provider_name` | String | Provider to use for the DNS challenge. Defaults to "route53". 9 | |`do_token` | String | Digital Ocean Token 10 | |`domain` | String | The certificate's primary domain that the certificate will be recognized for. 11 | |`server_url` | String | Registration server URL to use. Valid values are "staging" and "production". Defaults to "production". 12 | |`server_urls` | Map(string) | Registration server URL to use. Valid values are "staging" and "production". Defaults to "production". 13 | |`reg_email` | String | Email to use for certificate registration. Defaults to "nobody@example.com" 14 | |`phishing_server_ip` | List(string) | IP address of the host to add the certificate 15 | 16 | # Outputs 17 | 18 | | Name | Value Type | Description 19 | |----------------------------- | ---------- | ----------- 20 | |`certificate_domain` | String | 21 | |`certificate_url` | String | 22 | |`certificate_pem` | String | 23 | |`certificate_private_key_pem` | String | 24 | |`certificate_issuer_pem` | String | 25 | |`certificate_file_path` | String | 26 | |`certificate_private_key_file_path` | String | 27 | -------------------------------------------------------------------------------- /redbaron/modules/letsencrypt/digitalocean/create-cert-dns-gophish-do/main.tf: -------------------------------------------------------------------------------- 1 | provider "acme" { 2 | server_url = var.server_urls[var.server_url] 3 | } 4 | 5 | resource "tls_private_key" "private_key" { 6 | algorithm = "RSA" 7 | } 8 | 9 | resource "acme_registration" "reg" { 10 | account_key_pem = tls_private_key.private_key.private_key_pem 11 | email_address = var.reg_email 12 | } 13 | 14 | resource "acme_certificate" "certificate" { 15 | account_key_pem = acme_registration.reg.account_key_pem 16 | common_name = var.domain 17 | 18 | dns_challenge { 19 | provider = var.provider_name 20 | 21 | config = { 22 | DO_AUTH_TOKEN = var.do_token 23 | } 24 | } 25 | 26 | provisioner "local-exec" { 27 | command = "echo \"${self.private_key_pem}\" > certificates/${self.common_name}_privkey.pem && echo \"${self.certificate_pem}\" > certificates/${self.common_name}_cert.pem" 28 | } 29 | 30 | provisioner "file" { 31 | source = "certificates/${var.domain}_privkey.pem" 32 | destination = "/opt/goapps/src/github.com/gophish/gophish/${var.domain}_privkey.pem" 33 | connection { 34 | host = var.phishing_server_ip 35 | type = "ssh" 36 | user = "root" 37 | private_key = file("ssh_keys/${var.phishing_server_ip}") 38 | } 39 | } 40 | 41 | provisioner "file" { 42 | source = "certificates/${var.domain}_cert.pem" 43 | destination = "/opt/goapps/src/github.com/gophish/gophish/${var.domain}_cert.pem" 44 | connection { 45 | host = var.phishing_server_ip 46 | type = "ssh" 47 | user = "root" 48 | private_key = file("ssh_keys/${var.phishing_server_ip}") 49 | } 50 | } 51 | 52 | provisioner "remote-exec" { 53 | inline = [ 54 | "sed -i 's/false/true/g' /opt/goapps/src/github.com/gophish/gophish/config.json", 55 | "sed -i 's/0.0.0.0:80/0.0.0.0:443/g' /opt/goapps/src/github.com/gophish/gophish/config.json", 56 | "sed -i 's/example.crt/${var.domain}_cert.pem/g' /opt/goapps/src/github.com/gophish/gophish/config.json", 57 | "sed -i 's/example.key/${var.domain}_privkey.pem/g' /opt/goapps/src/github.com/gophish/gophish/config.json", 58 | "systemctl stop gophish.service", 59 | "systemctl start gophish.service", 60 | ] 61 | 62 | connection { 63 | host = var.phishing_server_ip 64 | type = "ssh" 65 | user = "root" 66 | private_key = file("ssh_keys/${var.phishing_server_ip}") 67 | } 68 | } 69 | 70 | provisioner "local-exec" { 71 | when = destroy 72 | command = "rm certificates/${self.common_name}*" 73 | } 74 | } 75 | 76 | -------------------------------------------------------------------------------- /redbaron/modules/letsencrypt/digitalocean/create-cert-dns-gophish-do/outputs.tf: -------------------------------------------------------------------------------- 1 | output "certificate_domain" { 2 | value = [acme_certificate.certificate.*.certificate_domain] 3 | } 4 | 5 | output "certificate_url" { 6 | value = [acme_certificate.certificate.*.certificate_url] 7 | } 8 | 9 | output "certificate_pem" { 10 | value = [acme_certificate.certificate.*.certificate_pem] 11 | } 12 | 13 | output "certificate_private_key_pem" { 14 | sensitive = true 15 | value = [acme_certificate.certificate.*.private_key_pem] 16 | } 17 | 18 | output "certificate_issuer_pem" { 19 | value = [acme_certificate.certificate.*.issuer_pem] 20 | } 21 | 22 | output "certificate_file_path" { 23 | value = "certificates/${acme_certificate.certificate.common_name}_cert.pem" 24 | } 25 | 26 | output "certificate_private_key_file_path" { 27 | value = "certificates/${acme_certificate.certificate.common_name}_privkey.pem" 28 | } 29 | 30 | -------------------------------------------------------------------------------- /redbaron/modules/letsencrypt/digitalocean/create-cert-dns-gophish-do/variables.tf: -------------------------------------------------------------------------------- 1 | variable "provider_name" { 2 | } 3 | 4 | variable "do_token" { 5 | } 6 | 7 | variable "domain" { 8 | } 9 | 10 | variable "server_url" { 11 | default = "staging" #"production" 12 | } 13 | 14 | variable "server_urls" { 15 | type = map(string) 16 | default = { 17 | "staging" = "https://acme-staging-v02.api.letsencrypt.org/directory" 18 | "production" = "https://acme-v02.api.letsencrypt.org/directory" 19 | } 20 | } 21 | 22 | variable "reg_email" { 23 | default = "nobody@kokos.com" 24 | } 25 | 26 | variable "phishing_server_ip" { 27 | } 28 | 29 | -------------------------------------------------------------------------------- /redbaron/modules/letsencrypt/digitalocean/create-cert-dns-gophish-do/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /redbaron/modules/letsencrypt/digitalocean/create-cert-webserver-do/README.md: -------------------------------------------------------------------------------- 1 | # create-cert-phishing 2 | 3 | # Dependencies ERRORS ( on development does not work as intended) 4 | Creates a Let's Encrypt TLS certificate for the specified domain using the DNS challenge on the Phishing Server and restarts the service on HTTPS. 5 | 6 | # Arguments 7 | | Name | Value Type | Description 8 | |---------------------------| -------- | ---------- | ----------- 9 | |`domain` | String | The certificate's primary domain that the certificate will be recognized for. 10 | |`counter` | Integer | Number of certificates to create. Defaults to 1. 11 | |`phishing_server_ip` | List(string) | IP address of the host to add the certificate 12 | |`email` | String | Email address to register the certificate|`do_token` | Yes | String | Digital Ocean Token 13 | -------------------------------------------------------------------------------- /redbaron/modules/letsencrypt/digitalocean/create-cert-webserver-do/main.tf: -------------------------------------------------------------------------------- 1 | resource "null_resource" "lets-encrypt" { 2 | count = var.counter 3 | provisioner "remote-exec" { 4 | inline = [ 5 | "certbot --apache --non-interactive --agree-tos --email ${var.email} --domain ${var.domain} --pre-hook 'sudo service apache2 stop' --post-hook 'sudo service apache2 start'", #--dry-run is for staging not production chage this 6 | "certbot renew", 7 | ] 8 | 9 | connection { 10 | host = var.phishing_server_ip 11 | type = "ssh" 12 | user = "root" 13 | private_key = file("ssh_keys/${var.phishing_server_ip}") 14 | } 15 | } 16 | } 17 | 18 | -------------------------------------------------------------------------------- /redbaron/modules/letsencrypt/digitalocean/create-cert-webserver-do/variables.tf: -------------------------------------------------------------------------------- 1 | variable "domain" { 2 | # type = "list" 3 | } 4 | 5 | variable "counter" { 6 | default = 1 7 | } 8 | 9 | variable "phishing_server_ip" { 10 | # type = "list" 11 | } 12 | 13 | variable "email" { 14 | default = "fakeemail@a.com" 15 | } 16 | 17 | -------------------------------------------------------------------------------- /redbaron/modules/letsencrypt/digitalocean/create-cert-webserver-do/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | --------------------------------------------------------------------------------