Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/sliim/pentest-env
Pentest environment deployer (kali linux + targets) using vagrant and chef.
https://github.com/sliim/pentest-env
chef ctf docker kali-linux metasploitable pentest pentest-environment ruby vagrant virtualbox vulnhub
Last synced: 29 days ago
JSON representation
Pentest environment deployer (kali linux + targets) using vagrant and chef.
- Host: GitHub
- URL: https://github.com/sliim/pentest-env
- Owner: Sliim
- License: gpl-3.0
- Created: 2013-04-01T15:00:49.000Z (over 11 years ago)
- Default Branch: master
- Last Pushed: 2019-06-21T14:53:59.000Z (over 5 years ago)
- Last Synced: 2024-10-13T23:21:33.608Z (29 days ago)
- Topics: chef, ctf, docker, kali-linux, metasploitable, pentest, pentest-environment, ruby, vagrant, virtualbox, vulnhub
- Language: Ruby
- Homepage: http://sliim.github.io/pentest-env/
- Size: 366 KB
- Stars: 630
- Watchers: 59
- Forks: 169
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- Changelog: ChangeLog
- License: COPYING
- Security: docs/Security.md
Awesome Lists containing this project
README
# Pentest Environment Deployer | [![Build Status](https://travis-ci.org/Sliim/pentest-env.svg?branch=master)](https://travis-ci.org/Sliim/pentest-env)
This repo provides an easy way to deploy a clean and customized pentesting environment with Kali linux using vagrant and virtualbox.
## Requirements
I assume you are familiar with virtualbox and vagrant.
- https://www.virtualbox.org/
- http://www.vagrantup.com/Latest `pentest-env` release is tested with:
- Virtualbox (6.0.4)
- Vagrant (2.2.3)## Current box
### Kali 2018.1
| Box | SHA256 |
|------------------ | -----------------------------------------------------------------|
| [Kali 2018.1](https://app.vagrantup.com/Sliim/boxes/kali-2018.1-amd64) | `407b01c550e1f230fc238d12d91da899644bec2cac76a1202d7bab2f9d6cbefd` |
| [Kali 2018.1 Light](https://app.vagrantup.com/Sliim/boxes/kali-2018.1-light-amd64) | `1f58f62417219ce8fe7d5f0b72dc3a8e0c13c019e7f485e10d27a0f1f096e266` |
| [Kali 2018.1 KDE](https://app.vagrantup.com/Sliim/boxes/kali-2018.1-kde-amd64) | `0f44327c2606ead670679254f27945c82eb7cc2966c4a4f1d3137160dad07fe3` |
| [Kali 2018.1 LXDE](https://app.vagrantup.com/Sliim/boxes/kali-2018.1-lxde-amd64) | `f3765b918aec03024c2657fc75090c540d95602cd90c0ab8835b4c0a0f1da23a` |
| [Kali 2018.1 Xfce](https://app.vagrantup.com/Sliim/boxes/kali-2018.1-xfce-amd64) | `eec6b371743467244d3f4f1032c9dc576a1ce482a32ad18b8605bd3013e142a0` |
| [Kali 2018.1 Mate](https://app.vagrantup.com/Sliim/boxes/kali-2018.1-mate-amd64) | `221f1bf6936b560d8980290c2af0702f1e705798eb4ef51acc144e36c89fe51c` |
| [Kali 2018.1 E17](https://app.vagrantup.com/Sliim/boxes/kali-2018.1-e17-amd64) | `0466384e8338e269b441b5f2872c28888528d244a0d31b73c7fb9d15d4f1bd0d` |See the [documentation](docs/About-boxes.md) page about boxes for more details.
See also others [available instances](docs/Instances.md).
## Getting started
To get started with `pentest-env`, clone this repository and run `vagrant up` inside the directory.
This will download and run the Kali instance.You can customize, add targets, create new targets etc.. inside `pentest-env`.
Some examples are available in the `examples/` directory, to use one simply set the `PENTESTRC` environment variable:
```
> PENTESTRC=examples/ctf.pentestrc vagrant status
Current machine states:kali running (virtualbox)
metasploitable2 not created (virtualbox)
primer not created (virtualbox)This environment represents multiple VMs. The VMs are all listed
above with their current state. For more information about a specific
VM, run `vagrant status NAME`.
```For more details, visit the [documentation](docs/) pages:
1. [Installation](docs/Installation.md)
2. [Usage](docs/Usage.md)
3. [Docker](docs/Docker.md)
4. [Openstack](docs/Openstack.md)
5. [Customizations](docs/Customizations.md)
6. [Instances](docs/Instances.md)
7. [Targets](docs/Targets.md)
8. [Write custom instances and targets](docs/Custom-instances.md)
9. [Debugging](docs/Debugging.md)
9. [Security](docs/Security.md)
10. [About boxes](docs/About-boxes.md)
11. [Known issues](docs/Known-issues.md)#### Some configuration examples:
1. [Configure Kali linux with Tor & proxychains](docs/examples/Tor-proxy.md)
2. [Configure Kali linux with Whonix gateway](docs/examples/Whonix.md)
3. [Faraday cscan against metasploitable 2 & 3 targets](docs/examples/Cscan-msfrpc.md)
4. [Configure a Teamserver](docs/examples/Teamserver.md)#### Target examples:
1. [Basic Chef environment](docs/examples/Chef-environment.md)
2. [Simple & insecure Kubernetes cluster](docs/examples/K8s-cluster.md)## About Security
#### verify checksums
It's recommended to check downloaded box files with provided checksums (SHA256).
See https://raw.githubusercontent.com/Sliim/pentest-env/master/checksums.txt for checksums list.
#### sshd is running
Provided boxes run the `sshd` service.
So if you plan to run the Kali linux with a Bridged interface, default setup can be dangerous!- `root` password of kali is `toor`.
- SSH private key is not private! Anyone can use this [key](https://github.com/Sliim/pentest-env/blob/master/ssh-keys/pentest-env) to connect to your instance.See the [secure the environment](docs/Security.md) page to automatically change these defaults values.
#### Shared folders symlinks
I recommend to disable `SharedFoldersEnableSymlinksCreate` which are enabled by default by vagrant.More details and source in the [Security/Disable SharedFoldersEnableSymlinksCreate](docs/Security.md#disable-sharedfoldersenablesymlinkscreate) section.
## Related projects
Here is some projects you can build and integrate easily with pentest-env.
- Metasploitable3 - https://github.com/rapid7/metasploitable3/
- DetectionLab - https://github.com/clong/DetectionLab
- DanderSpritz-Lab - https://github.com/francisck/DanderSpritz_lab## License
See COPYING file