Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/Sliim/pentest-env

Pentest environment deployer (kali linux + targets) using vagrant and chef.
https://github.com/Sliim/pentest-env

chef ctf docker kali-linux metasploitable pentest pentest-environment ruby vagrant virtualbox vulnhub

Last synced: 14 days ago
JSON representation

Pentest environment deployer (kali linux + targets) using vagrant and chef.

Awesome Lists containing this project

README 

        
# Pentest Environment Deployer | [![Build Status](https://travis-ci.org/Sliim/pentest-env.svg?branch=master)](https://travis-ci.org/Sliim/pentest-env) 



This repo provides an easy way to deploy a clean and customized pentesting environment with Kali linux using vagrant and virtualbox.



## Requirements

I assume you are familiar with virtualbox and vagrant.

- https://www.virtualbox.org/

- http://www.vagrantup.com/



Latest `pentest-env` release is tested with:

- Virtualbox (6.0.4)

- Vagrant (2.2.3)



## Current box

### Kali 2018.1

| Box               | SHA256                                                           |

|------------------ | -----------------------------------------------------------------|

| [Kali 2018.1](https://app.vagrantup.com/Sliim/boxes/kali-2018.1-amd64) | `407b01c550e1f230fc238d12d91da899644bec2cac76a1202d7bab2f9d6cbefd` |

| [Kali 2018.1 Light](https://app.vagrantup.com/Sliim/boxes/kali-2018.1-light-amd64) | `1f58f62417219ce8fe7d5f0b72dc3a8e0c13c019e7f485e10d27a0f1f096e266` |

| [Kali 2018.1 KDE](https://app.vagrantup.com/Sliim/boxes/kali-2018.1-kde-amd64) | `0f44327c2606ead670679254f27945c82eb7cc2966c4a4f1d3137160dad07fe3` |

| [Kali 2018.1 LXDE](https://app.vagrantup.com/Sliim/boxes/kali-2018.1-lxde-amd64) | `f3765b918aec03024c2657fc75090c540d95602cd90c0ab8835b4c0a0f1da23a` |

| [Kali 2018.1 Xfce](https://app.vagrantup.com/Sliim/boxes/kali-2018.1-xfce-amd64) | `eec6b371743467244d3f4f1032c9dc576a1ce482a32ad18b8605bd3013e142a0` |

| [Kali 2018.1 Mate](https://app.vagrantup.com/Sliim/boxes/kali-2018.1-mate-amd64) | `221f1bf6936b560d8980290c2af0702f1e705798eb4ef51acc144e36c89fe51c` |

| [Kali 2018.1 E17](https://app.vagrantup.com/Sliim/boxes/kali-2018.1-e17-amd64) | `0466384e8338e269b441b5f2872c28888528d244a0d31b73c7fb9d15d4f1bd0d` |



See the [documentation](docs/About-boxes.md) page about boxes for more details.



See also others [available instances](docs/Instances.md).



## Getting started

To get started with `pentest-env`, clone this repository and run `vagrant up` inside the directory.

This will download and run the Kali instance.



You can customize, add targets, create new targets etc.. inside `pentest-env`.

Some examples are available in the `examples/` directory, to use one simply set the `PENTESTRC` environment variable:

```

> PENTESTRC=examples/ctf.pentestrc vagrant status

Current machine states:



kali                      running (virtualbox)

metasploitable2           not created (virtualbox)

primer                    not created (virtualbox)



This environment represents multiple VMs. The VMs are all listed

above with their current state. For more information about a specific

VM, run `vagrant status NAME`.

```



For more details, visit the [documentation](docs/) pages:



1. [Installation](docs/Installation.md)  

2. [Usage](docs/Usage.md)  

3. [Docker](docs/Docker.md)  

4. [Openstack](docs/Openstack.md)  

5. [Customizations](docs/Customizations.md)  

6. [Instances](docs/Instances.md)  

7. [Targets](docs/Targets.md)  

8. [Write custom instances and targets](docs/Custom-instances.md)  

9. [Debugging](docs/Debugging.md)  

9. [Security](docs/Security.md)  

10. [About boxes](docs/About-boxes.md)  

11. [Known issues](docs/Known-issues.md)  



#### Some configuration examples:  

1. [Configure Kali linux with Tor & proxychains](docs/examples/Tor-proxy.md)  

2. [Configure Kali linux with Whonix gateway](docs/examples/Whonix.md)  

3. [Faraday cscan against metasploitable 2 & 3 targets](docs/examples/Cscan-msfrpc.md)  

4. [Configure a Teamserver](docs/examples/Teamserver.md)  



#### Target examples:  

1. [Basic Chef environment](docs/examples/Chef-environment.md)  

2. [Simple & insecure Kubernetes cluster](docs/examples/K8s-cluster.md)  



## About Security

#### verify checksums

It's recommended to check downloaded box files with provided checksums (SHA256).  

See https://raw.githubusercontent.com/Sliim/pentest-env/master/checksums.txt for checksums list.

#### sshd is running

Provided boxes run the `sshd` service.  

So if you plan to run the Kali linux with a Bridged interface, default setup can be dangerous!



- `root` password of kali is `toor`.

- SSH private key is not private! Anyone can use this [key](https://github.com/Sliim/pentest-env/blob/master/ssh-keys/pentest-env) to connect to your instance.



See the [secure the environment](docs/Security.md) page to automatically change these defaults values.

#### Shared folders symlinks

I recommend to disable `SharedFoldersEnableSymlinksCreate` which are enabled by default by vagrant.



More details and source in the [Security/Disable SharedFoldersEnableSymlinksCreate](docs/Security.md#disable-sharedfoldersenablesymlinkscreate) section.



## Related projects



Here is some projects you can build and integrate easily with pentest-env.



- Metasploitable3 - https://github.com/rapid7/metasploitable3/

- DetectionLab - https://github.com/clong/DetectionLab

- DanderSpritz-Lab - https://github.com/francisck/DanderSpritz_lab



## License

   See COPYING file