https://github.com/cisagov/ansible-role-cobalt-strike

An Ansible role for installing Cobalt Strike.
https://github.com/cisagov/ansible-role-cobalt-strike

ansible-role cobalt-strike hacktoberfest

Last synced: 28 days ago
JSON representation

An Ansible role for installing Cobalt Strike.

• Host: GitHub
• URL: https://github.com/cisagov/ansible-role-cobalt-strike
• Owner: cisagov
• License: cc0-1.0
• Created: 2019-06-05T02:27:20.000Z (over 5 years ago)
• Default Branch: develop
• Last Pushed: 2024-08-14T19:52:10.000Z (4 months ago)
• Last Synced: 2024-10-30T23:40:46.508Z (about 1 month ago)
• Topics: ansible-role, cobalt-strike, hacktoberfest
• Language: Shell
• Homepage:
• Size: 1.03 MB
• Stars: 74
• Watchers: 11
• Forks: 13
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE
  • Codeowners: .github/CODEOWNERS

Awesome Lists containing this project

• awesome-hacking-lists - cisagov/ansible-role-cobalt-strike - An Ansible role for installing Cobalt Strike. (Shell)

README

        
# ansible-role-cobalt-strike #

[![GitHub Build Status](https://github.com/cisagov/ansible-role-cobalt-strike/workflows/build/badge.svg)](https://github.com/cisagov/ansible-role-cobalt-strike/actions)

[![CodeQL](https://github.com/cisagov/ansible-role-cobalt-strike/workflows/CodeQL/badge.svg)](https://github.com/cisagov/ansible-role-cobalt-strike/actions/workflows/codeql-analysis.yml)

An Ansible role for installing [Cobalt

Strike](https://www.cobaltstrike.com/).

## Pre-requisites ##

In order to execute the Molecule tests for this Ansible role in GitHub

Actions, a build user must exist in AWS. The accompanying Terraform

code will create the user with the appropriate name and

permissions. This only needs to be run once per project, per AWS

account. This user can also be used to run the Molecule tests on your

local machine.

Before the build user can be created, you will need a profile in your

AWS credentials file that allows you to read and write your remote

Terraform state.  (You almost certainly do not want to use local

Terraform state for this long-lived build user.)  If the build user is

to be created in the CISA COOL environment, for example, then you will

need the `cool-terraform-backend` profile.

The easiest way to set up the Terraform remote state profile is to

make use of our

[`aws-profile-sync`](https://github.com/cisagov/aws-profile-sync)

utility. Follow the usage instructions in that repository before

continuing with the next steps, and note that you will need to know

where your team stores their remote profile data in order to use

[`aws-profile-sync`](https://github.com/cisagov/aws-profile-sync).

To create the build user, follow these instructions:

```console

cd terraform

terraform init --upgrade=true

terraform apply

```

Once the user is created you will need to update the [repository's

secrets](https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets)

with the new encrypted environment variables. This should be done

using the

[`terraform-to-secrets`](https://github.com/cisagov/development-guide/tree/develop/project_setup#terraform-iam-credentials-to-github-secrets-)

tool available in the [development

guide](https://github.com/cisagov/development-guide). Instructions for

how to use this tool can be found in the ["Terraform IAM Credentials

to GitHub Secrets"

section](https://github.com/cisagov/development-guide/tree/develop/project_setup#terraform-iam-credentials-to-github-secrets-).

of the Project Setup README.

If you have appropriate permissions for the repository you can view

existing secrets on the [appropriate

page](https://github.com/cisagov/ansible-role-cobalt-strike/settings/secrets)

in the repository's settings.

## Requirements ##

None.

## Role Variables ##

| Variable | Description | Default | Required |

|----------|-------------|---------|----------|

| cobalt_strike_bucket_name | The name of the AWS S3 bucket where the Cobalt Strike tarball and license files are stored. | `cisa-cool-third-party-production` | No |

| cobalt_strike_license_object_name | The name of the AWS S3 object that is the Cobalt Strike license. | `cobaltstrike.license` | No |

## Dependencies ##

- [cisagov/ansible-role-openjdk](https://github.com/cisagov/ansible-role-openjdk)

## Installation ##

This role can be installed via the command:

```console

ansible-galaxy install --role-file path/to/requirements.yml

```

where `requirements.yml` looks like:

```yaml

---

- name: cobalt_strike

  src: https://github.com/cisagov/ansible-role-cobalt-strike

```

and may contain other roles as well.

For more information about installing Ansible roles via a YAML file,

please see [the `ansible-galaxy`

documentation](https://docs.ansible.com/ansible/latest/galaxy/user_guide.html#installing-multiple-roles-from-a-file).

## Example Playbook ##

Here's how to use it in a playbook:

```yaml

- hosts: all

  become: true

  become_method: sudo

  tasks:

    - name: Install Cobalt Strike

      ansible.builtin.include_role:

        name: cobalt_strike

```

## Contributing ##

We welcome contributions!  Please see [`CONTRIBUTING.md`](CONTRIBUTING.md) for

details.

## License ##

This project is in the worldwide [public domain](LICENSE).

This project is in the public domain within the United States, and

copyright and related rights in the work worldwide are waived through

the [CC0 1.0 Universal public domain

dedication](https://creativecommons.org/publicdomain/zero/1.0/).

All contributions to this project will be released under the CC0

dedication. By submitting a pull request, you are agreeing to comply

with this waiver of copyright interest.

## Author Information ##

Shane Frasier -