Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/felbinger/netbox_cybex

Features for cyber exercises in NetBox
https://github.com/felbinger/netbox_cybex

netbox netbox-plugin

Last synced: 3 months ago
JSON representation

Features for cyber exercises in NetBox

Awesome Lists containing this project

README 

        
# Netbox Plugin: CybEx



This plugin adds features for cyber exercises to your 

[NetBox](https://github.com/netbox-community/netbox) instance. It should be 

used exclusively for IT security trainings and cyber exercises where 

applications such as Netbox are out of scope. Do **not** use parts of this 

plugin (e.g., the credentials section) in a non-training environment!



## Preview

![](./img/credential_list.png)



![](./img/credential_add.png)



![](./img/credential_inline_device.png)



## Deployment

### Docker

- see: https://github.com/netbox-community/netbox-docker/wiki/Using-Netbox-Plugins:

```Dockerfile

# Dockerfile-Plugins

FROM netboxcommunity/netbox:latest



COPY ./plugin_requirements.txt /opt/netbox/

RUN /opt/netbox/venv/bin/pip install  --no-warn-script-location -r /opt/netbox/plugin_requirements.txt



# These lines are only required if your plugin has its own static files.

COPY configuration/configuration.py /etc/netbox/config/configuration.py

COPY configuration/plugins.py /etc/netbox/config/plugins.py

RUN SECRET_KEY="dummydummydummydummydummydummydummydummydummydummy" /opt/netbox/venv/bin/python /opt/netbox/netbox/manage.py collectstatic --no-input

```

- override mountpoint for templates:

```yaml

# docker-compose.override.yml

version: '3.4'



services:

  netbox:

    image: netbox:latest-plugins

    ports:

      - 8000:8080

    build:

      context: .

      dockerfile: Dockerfile-Plugins

    volumes:

      - "./netbox_cybex/netbox_cybex/templates/dcim/device.html:/opt/netbox/netbox/templates/dcim/device.html"

      - "./netbox_cybex/netbox_cybex/templates/virtualization/virtualmachine.html:/opt/netbox/netbox/templates/virtualization/virtualmachine.html"

      - "./netbox_cybex/netbox_cybex/templates/netbox_cyber:/opt/netbox/netbox/templates/netbox_cyber/"



  netbox-worker:

    image: netbox:latest-plugins

    build:

      context: .

      dockerfile: Dockerfile-Plugins



  netbox-housekeeping:

    image: netbox:latest-plugins

    build:

      context: .

      dockerfile: Dockerfile-Plugins

```



### NixOS

A default netbox deployment for NixOS can be found on 

[github:secshellnet/nixos](https://github.com/secshellnet/nixos/blob/main/modules/netbox.nix), 

you can add plugins like this:

```

{ lib

, ...

}: let

  netbox_cybex = ps: ps.buildPythonPackage rec {

    pname = "netbox_cybex";

    version = "0.1";

    format = "pyproject";



    src = ps.fetchPypi {

      inherit pname version;

      hash = "sha256-YfC5aOHQQqjTCv2mac+p/1zX/8M+TemYyoim9YSXJPs=";

    };



    nativeBuildInputs = with ps; [

      setuptools

    ];



    meta = with lib; {

      description = "Features for cyber exercises in NetBox";

      homepage = "https://github.com/felbinger/netbox_cybex";

      license = licenses.mpl20;

      platforms = platforms.linux;

    };

  };

in {



  # Your NetBox configuration

  # ...



  services.netbox.plugins = (ps: [ (netbox_cybex ps) ]);

  services.netbox.settings.PLUGINS = [ "netbox_cybex" ];

}

```



## Development Environment

```sh

git clone --branch v3.7.2 --single-branch https://github.com/netbox-community/netbox ~/netbox

python3 -m venv ~/netbox/venv

source ~/netbox/venv/bin/activate

pip3 install -r ~/netbox/requirements.txt



# create configuration from example

cat ~/netbox/netbox/netbox/configuration_example.py | \

  sed -e "s/^DEBUG.*/DEBUG = True/" | \

  sed -e "s/^SECRET_KEY.*/SECRET_KEY = '$(~/netbox/netbox/generate_secret_key.py)'/" | \

  sed -e "s/^ALLOWED_HOSTS.*/ALLOWED_HOSTS = \[\'127.0.0.1\'\]/" | \

  sed -e "s/'USER': ''/'USER': 'postgres'/" > ~/netbox/netbox/netbox/configuration.py



# start database and redis

docker compose up -d



~/netbox/netbox/manage.py migrate

~/netbox/netbox/manage.py createsuperuser \

  --username admin \

  --email [email protected]

~/netbox/netbox/manage.py runserver



# netbox should now reachable on: http://127.0.0.1:8000/



# build plugin

python3 setup.py develop



# add plugin to configuration

sed -i -e "s/^PLUGINS.*/PLUGINS = \['netbox_cybex'\]/" ~/netbox/netbox/netbox/configuration.py



# enable developer mode to enable usage of makemigrations

echo "DEVELOPER=True" >> ~/netbox/netbox/netbox/configuration.py



# Building the app

~/netbox/netbox/manage.py makemigrations

~/netbox/netbox/manage.py migrate



# Publish

python3 -m pip install --upgrade build twine

python3 -m build

python3 -m twine upload --repository pypi dist/*

```



## TODO

- Think about other useful extensions

  - Firewall

    - generate rules for iptables/vyatta/firewalld (maybe even commands to add them to pfsense if somehow possible)

    - need to be easily manageable using importable data, otherwise gui needs to be used, which sucks... (same with pfSense)

- Test API (Make sure it's working as expected)

- Create ansible module `cybex.netbox.netbox_credential` to add creds to existing virtual machine

- Package for nix