{"id":21913794,"url":"https://github.com/dzervas/tsipis","last_synced_at":"2026-04-20T19:31:40.278Z","repository":{"id":148596974,"uuid":"242347443","full_name":"dzervas/tsipis","owner":"dzervas","description":"Penetration testing cloud infrastructure for free","archived":false,"fork":false,"pushed_at":"2020-08-25T17:04:15.000Z","size":68,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2026-01-14T00:57:56.952Z","etag":null,"topics":["ansible","ansible-galaxy","penetration-testing","pentesting","terraform"],"latest_commit_sha":null,"homepage":"","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dzervas.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2020-02-22T13:36:17.000Z","updated_at":"2024-01-31T11:41:32.000Z","dependencies_parsed_at":"2023-06-14T01:48:45.958Z","dependency_job_id":null,"html_url":"https://github.com/dzervas/tsipis","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/dzervas/tsipis","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dzervas%2Ftsipis","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dzervas%2Ftsipis/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dzervas%2Ftsipis/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dzervas%2Ftsipis/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dzervas","download_url":"https://codeload.github.com/dzervas/tsipis/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dzervas%2Ftsipis/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32062277,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-20T11:35:06.609Z","status":"ssl_error","status_checked_at":"2026-04-20T11:34:48.899Z","response_time":94,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","ansible-galaxy","penetration-testing","pentesting","terraform"],"created_at":"2024-11-28T18:18:54.081Z","updated_at":"2026-04-20T19:31:40.271Z","avatar_url":"https://github.com/dzervas.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Tsipis\n\nLoosely translated to \"cheap fuck\" from Greek, Tsipis is there to provide you\na pentest cloud infrastructure for free. It uses the free resources that\ncloud providers give you. The cost is the amount of time you need to spend\nto sign up on each one of them and create a terraform account with proper\nrights. Everything is thoroughly documented.\n\nYou WILL need:\n - Valid Credit Card (won't be charged though)\n - Phone number (I'd say don't spend your time with \"online free\" numbers)\n - E-Mail\n\nUsing a VPN to register on various provider might cause problems (additional\nverification steps/bans/global warming).\n\nI try to use the \"free forever\" resources first, not the \"12-month free\" or\n\"trial\", but that's not always feasible (you cheap fuck...).\n\nIdea came from https://free-for.dev\n\n## Gathering Credentials\n\nPick a project name. Stick with it across all providers.\n\nCreate a gopass secret to store all cloud-admin secrets. It's gonna be a YAML\nfile, so write it in the form \"\u003cname\u003e: \u003cvalue\u003e\". For multiline use\n\"\u003cname\u003e: \u003e\u003cnewline\u003e\u003cmy 2 space indented lines\u003e\"\n\n- Heroku\n  - If you don't want to give full access to your heroku account,\n  create a Team (needs Credit Card)\n  - Go to [Manage Account/Applications/Create authorization](https://dashboard.heroku.com/account/applications/authorizations/new), give it a friendly name and some expiry\n  - Write in cloud-admin `heroku_email` and `api_key` with the correct values\n  - (Optional) Add a credit card to receive 450 more dynos from the basic 550\n- Google Cloud\n  - Create a project\n  - Create a [Service Account](https://console.cloud.google.com/apis/credentials/serviceaccountkey) \"Project/Owner\" and save it as a multiline string named `google_credentials`\n  - Go to [API Library](https://console.developers.google.com/apis/dashboard) and enable:\n    - [Compute Engine API](https://console.developers.google.com/apis/api/compute.googleapis.com)\n  - (Optional) Create a budget in Billing/Budgets \u0026 alerts (0 is ok)\n- Okteto\n  - Login with a GitHub account\n  - Download Credentials (sidebar)\n  - Store it as a multiline string with name `okteto_config` (and add a newline between each root element!)\n\n## Deploying\n\nI guess you have gathered all the credentials, as instructed above.\nYou will need to install:\n- `terraform` (\u003e 0.12)\n- `jq`\n- `gopass`\n- `ansible` (\u003e 2.0)\n\nThe terraform plugin for [gopass integration](https://github.com/camptocamp/terraform-provider-pass) is also required.\n\nProvided services:\n- Metasploit REST API - for msf on multiplayer\n- [Pupy](https://github.com/n1nj4sec/pupy)\n- [Koadic](https://github.com/zerosum0x0/koadic)\n- [Faraday IDE](https://github.com/infobyte/faraday)\n- [GoPhish](https://github.com/gophish/gophish)\n\nMeta services:\n- Logging \u0026 monitoring on logz.io\n- Scheduler to automate recurring jobs (DNS enumeration etc.)\n- Reverse proxy to hide each listener behind weird URLs/cookies/headers/etc.\n- Usage of gopass for easy credential distribution across the team\n\n## Setup\n\nThis section describes how to set up the various services.\n\nAccount API tokens and account-specific secrets are stored\nin `ansible/vault.yml`. This is a very sensitive file and can be used\nto overcharge the cloud accounts. DON'T lose it and probably DON'T share it.\nYou can store the vault password in gopass, as described below.\n\nAdmin credentials for each service are held in gopass - set it up.\n\nIf you want to give very limited access, I guess good luck, this isn't a\nproduction environment of a big corp! I'll try though to create a process\nfor such cases at some point...\n\n### Metasploit\n\nThis guy (as you may now) is a bit tricky.\n\nFirst of all you need a working LOCAL database. That means a local postgres DB.\nIf you're on Kali you're probably good. If you're not on Kali, install\nthe postgresql server (find the package in your distro), start it, connect\nto it (maybe this will work as root: `su - postgres psql`) and execute\nthe following:\n\n```pgsql\ncreate database msf;\ncreate user msf with password 'mypassword';\ngrant all privileges on database msf to msf;\n```\n\nNow in your users home folder edit `~/.msf4/database.yml` to reflect the correct\ncredentials (also the port that postgres is listening is probably 5432).\n\nAfter that, run `msfconsole`.\n\n`db_status` should return something like\n`[*] Connected to msf. Connection type: postgresql.`\n\nPerfect! :)\n\nTODO: How to find Metasploit instance ip/domain? Give url\nTODO: How to find admin credentials\nTODO: How to add more users?\n\nNow visit the Metasploit instance over http on port 5443 and path\n`/api/v1/auth/login`, log in with your credentials and generate/view your\nAPI token.\n\nBack to the `msfconsole`:\n\n`db_connect -t \u003capi_token\u003e --name tsipis http://\u003cmetasploit-host\u003e:5443`\n\nFrom now on every time you fire up msfconsole you can just\n`db_connect tsipis` (or add it to your `~/.msf4/msfconsole.rc`)\n\n## Building the images with packer\n\nYou will need `jq`, `packer` \u0026 `virtualbox`.\n\nVirtualBox also needs 'Oracle VM VirtualBox Extension Pack'.\nTo install it, execute `scripts/virtualbox-ext.sh` (take a look, it's not scary)\n\nInitialize image storage to build images with packer:\n\n```bash\ncd terraform\nterraform init\n# You will get errors with the next command, it's fine\n# Terraform tries to create machines with non-existent images\nterraform plan -out /tmp/tfplan\n# If you're happy\nterraform apply /tmp/tfplan\n```\n\n## Using gopass with ansible-vault\n\nCreate the following files in the root directory (they are git ignored):\n\n`ansible.cfg`\n```ini\n[defaults]\nvault_identity_list = ansible@vault.sh\n```\n\n`vault.sh`\n```shell script\n#!/bin/sh\n# Of course any other command that spits the password will work\ngopass show \"my/vault/password/path\"\n```\n\nNow to copy the default `vault.example.yml`:\n\n```shell script\nansible-vault encrypt --output vault.yml vault.example.yml\n```\n\nEdit it with `ansible-vault edit vault.yml`\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdzervas%2Ftsipis","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdzervas%2Ftsipis","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdzervas%2Ftsipis/lists"}