{"id":13753808,"url":"https://github.com/leesoh/yams","last_synced_at":"2025-05-09T21:35:50.599Z","repository":{"id":86790359,"uuid":"97395350","full_name":"leesoh/yams","owner":"leesoh","description":"A collection of Ansible roles for automating infosec builds.","archived":true,"fork":false,"pushed_at":"2017-12-15T15:38:11.000Z","size":67,"stargazers_count":93,"open_issues_count":10,"forks_count":12,"subscribers_count":10,"default_branch":"master","last_synced_at":"2025-05-06T18:14:28.849Z","etag":null,"topics":["ansible","penetration-testing","security","security-automation"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/leesoh.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2017-07-16T16:17:23.000Z","updated_at":"2025-04-08T06:59:24.000Z","dependencies_parsed_at":"2023-07-12T08:31:04.162Z","dependency_job_id":null,"html_url":"https://github.com/leesoh/yams","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/leesoh%2Fyams","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/leesoh%2Fyams/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/leesoh%2Fyams/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/leesoh%2Fyams/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/leesoh","download_url":"https://codeload.github.com/leesoh/yams/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253329013,"owners_count":21891562,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","penetration-testing","security","security-automation"],"created_at":"2024-08-03T09:01:30.066Z","updated_at":"2025-05-09T21:35:50.264Z","avatar_url":"https://github.com/leesoh.png","language":"Python","funding_links":[],"categories":["Python","security-automation","\u003ca id=\"8c5a692b5d26527ef346687e047c5c21\"\u003e\u003c/a\u003e收集"],"sub_categories":[],"readme":"# Project Abandoned\nWhile working through YAMS, I discovered Ansible Galaxy. This does essentially what YAMS aimed to do, but with the full force of RedHat behind it. I've moved most of the roles [there](https://galaxy.ansible.com/list#/roles?page=1\u0026page_size=10\u0026users=leesoh) but will be leaving this project up for the time being.\n\n# YAMS Framework\nWelcome to Yet Another Modular Security Framework. YAMS is a collection of Ansible roles, some hacky scripts, and a large amount of standing on the shoulders of giants.\n\n# Thanks\nYAMS is very much inspired by [The Penetration Tester's Framework](https://github.com/trustedsec/ptf) but attempts to build on the great work done there by adding strong support for environment-specific targeting (OS type, architecture, etc.), leveraging Ansible's solid module support for common tasks (git, apt, yum, etc.), and adding the ability to define a build script for easy deploy/rebuild.\n\n## More Thanks\n* https://leucos.github.io/ansible-files-layout for role layouts\n* @pixel8ed for opening my eyes to the glory of automation with Ansible and sanity checking\n\n# Getting Started\nGetting started with YAMS is pretty straightforward. First, you're going to need to [install Ansible](https://docs.ansible.com/ansible/intro_installation.html#installing-the-control-machine) on your control machine. This is the system you'll use to configure your targets.\n\nYAMS doesn't require any special configuration on the target - if you can SSH to it, you can configure it.\n\nOnce you've cloned the YAMS repo, you'll need to make a couple of changes:\n\n1. Copy `templates\\hosts.template` to `hosts`.\n2. Update `hosts` with the appropriate IP/port for your target.\n3. Update any `CHANGEME` values in `\u003cmodule name\u003e\\defaults\\main.yml` for modules you plan on using.\n\nThat's it! You can either tweak the sample `sample.yml` playbook to provision your first machine, or build your own.\n\nOnce you're happy with it, you can deploy your configuration using `ansible-playbook \u003cplaybook_name\u003e.yml [--ask-become-pass]`.\n\n## Keeping Things Current\nAnsible makes it pretty simple to keep a role up to date. Once you've got things the way you want them, just make sure that you're making good use of `update: yes` and `state: latest` and then just re-run the playbook.\n\n```\n---\n- name: Clone Empire\n  become: true\n  git:\n    repo: https://github.com/EmpireProject/Empire.git\n    dest: \"{{ git_location }}/empire-git\"\n    update: yes\n\n---\n- name: Install pip\n  become: true\n  when: ansible_os_family ==  \"Debian\"\n  apt:\n    name: python-pip\n    update_cache: yes\n    state: latest\n```\n\n# The Plumbing\nYAMS uses Ansible [roles](https://docs.ansible.com/ansible/playbooks_roles.html#roles) to define configurations for a host. A playbook is just a grouping of these roles to define the configuration of a system. YAMS provides the roles, you provide the targets.\n\nPlaybooks contain roles, roles contain plays, plays perform actions, and all of a sudden a box gets provisioned.\n\nYou can include a role in a playbook by adding it to the `roles` section:\n\n```\n---\n- hosts: that_host\n  remote_user: that_guy\n  roles:\n    - metasploit\n    - sslscan\n    - ...\n    - kismet\n```\n\nRoles contain all the modular goodness we use to build playbooks. A role should define everything that needs to happen for the role to be succesfully provisioned on a target, including:\n\n* Dependency on other roles\n* Environment variables\n* Service configurations\n* Packages to install\n* Files created (and contents edited!)\n\nRoles can be simple:\n\n```\n# Installs Medusa\n---\n- name: Install Medusa\n  become: true\n  when: ansible_os_family ==  \"Debian\"\n  apt:\n    name: medusa\n    update_cache: yes\n```\n\nOr a bit more involved:\n\n```\n---\n# Installs and configures Metasploit\n- name: Download Metasploit installer\n  become: true\n  get_url:\n    url: https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb\n    dest: /tmp/msfinstall\n    mode: 0755\n\n- name: Install Metasploit\n  become: true\n  command: /tmp/msfinstall\n\n- name: Initialize Metasploit database\n  command: msfdb init\n```\n\nPackaging tools as roles allows us to reuse them in different playbooks. That's the magic of YAMS. Build once, use all over the damn place.\n\n## Role Structure\nHere's how a basic role is structed in YAMS:\n\n```\nyour-role/\n├── docs.json          # Contains documentation for the role\n├── defaults\n│   └── main.yml       # Stores role-specific variables\n├── files              # Stores any required files for your role\n├── handlers\n│   └── main.yml\n├── meta\n│    └── main.yml      # Declare dependencies here\n└── tasks\n    └── main.yml       # Imports and tags your role\n    └── your-role.yml  # Contains all required plays for the role\n```\n\nThe `main.yml` file under `tasks` is what is run when a role is added to a playbook. Rather than store all functionality in that, however, we just use it to import and tag actual role file — `your-role.yml`.\n\nThis may seem a bit silly but doing it this way allows us to selectively run roles from the playbook using `ansible-playbook your-playbook.yml --tags \"your-role,another-role\"`.\n\n## Common Plays\nHere's how to do some common operations using Ansible. You can get a full list of supported modules [here](https://docs.ansible.com/ansible/list_of_all_modules.html).\n\n### Install a Package Using apt\n```\n- name: Install my-package\n  become: true\n  when: ansible_os_family ==  \"Debian\"\n  apt:\n    name: my-package\n    update_cache: yes\n    state: latest\n```\n\nThe above command is the same as running `sudo apt update \u0026\u0026 sudo apt install my-package`. Re-running the task will update it (state: latest).\n\n### Clone a Git Repository\n```\n- name: Clone my-repo\n  become: true\n  git:\n    repo: https://github.com/foo/bar.git\n    dest: /opt/bar-git\n    update: yes\n```\n\nThis is the same as running `sudo git clone https://github.com/foo/bar.git /opt/bar-git`. Re-running the task will perform a `git pull` operation (update: yes).\n\n### Download Files\n```\n- name: Download my-file\n  get_url:\n    url: https://my.site/my-file.sh\n    dest: /tmp/my-file.sh\n    mode: 0755\n```\n\nThe above command is the same as `wget https://my.site/my-file.txt -P /tmp \u0026\u0026 chmod 755 /tmp/my-file.txt`\n\n### Run Commands\n```\n- name: Initialize Metasploit database\n  command: msfdb init\n```\nThis one is pretty straightforward.\n\n## Targeting Using Conditionals\nWhen adding distro-specific commands (e.g. `apt`, `yum`) to a play, make use of Ansible's [conditionals](https://docs.ansible.com/ansible/playbooks_conditionals.html) to target the commands appropriately.\n\nFor example:\n\n```\n- name: Install foo\n  when: ansible_os_family ==  \"Debian\"\n  apt:\n    name: foo\n    update_cache: yes\n    state: latest\n```\n\n## Dependencies\nYou can easily implement a role dependency by defining that in `your-role/meta/main.yml` like so:\n\n```\n---\ndependencies:\n  - { role: autossh }\n```\n\n# Module Documentation\nAll module documentation can be found in [module_docs.md](module_docs.md) until a better place is found.\n\n# Contributing\nSee [CONTRIBUTING.md](CONTRIBUTING.md)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fleesoh%2Fyams","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fleesoh%2Fyams","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fleesoh%2Fyams/lists"}