Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/sliim/pentest-env

Pentest environment deployer (kali linux + targets) using vagrant and chef.
https://github.com/sliim/pentest-env

chef ctf docker kali-linux metasploitable pentest pentest-environment ruby vagrant virtualbox vulnhub

Last synced: 29 days ago
JSON representation

Pentest environment deployer (kali linux + targets) using vagrant and chef.

Awesome Lists containing this project

README

        

# Pentest Environment Deployer | [![Build Status](https://travis-ci.org/Sliim/pentest-env.svg?branch=master)](https://travis-ci.org/Sliim/pentest-env)

This repo provides an easy way to deploy a clean and customized pentesting environment with Kali linux using vagrant and virtualbox.

## Requirements
I assume you are familiar with virtualbox and vagrant.
- https://www.virtualbox.org/
- http://www.vagrantup.com/

Latest `pentest-env` release is tested with:
- Virtualbox (6.0.4)
- Vagrant (2.2.3)

## Current box
### Kali 2018.1
| Box | SHA256 |
|------------------ | -----------------------------------------------------------------|
| [Kali 2018.1](https://app.vagrantup.com/Sliim/boxes/kali-2018.1-amd64) | `407b01c550e1f230fc238d12d91da899644bec2cac76a1202d7bab2f9d6cbefd` |
| [Kali 2018.1 Light](https://app.vagrantup.com/Sliim/boxes/kali-2018.1-light-amd64) | `1f58f62417219ce8fe7d5f0b72dc3a8e0c13c019e7f485e10d27a0f1f096e266` |
| [Kali 2018.1 KDE](https://app.vagrantup.com/Sliim/boxes/kali-2018.1-kde-amd64) | `0f44327c2606ead670679254f27945c82eb7cc2966c4a4f1d3137160dad07fe3` |
| [Kali 2018.1 LXDE](https://app.vagrantup.com/Sliim/boxes/kali-2018.1-lxde-amd64) | `f3765b918aec03024c2657fc75090c540d95602cd90c0ab8835b4c0a0f1da23a` |
| [Kali 2018.1 Xfce](https://app.vagrantup.com/Sliim/boxes/kali-2018.1-xfce-amd64) | `eec6b371743467244d3f4f1032c9dc576a1ce482a32ad18b8605bd3013e142a0` |
| [Kali 2018.1 Mate](https://app.vagrantup.com/Sliim/boxes/kali-2018.1-mate-amd64) | `221f1bf6936b560d8980290c2af0702f1e705798eb4ef51acc144e36c89fe51c` |
| [Kali 2018.1 E17](https://app.vagrantup.com/Sliim/boxes/kali-2018.1-e17-amd64) | `0466384e8338e269b441b5f2872c28888528d244a0d31b73c7fb9d15d4f1bd0d` |

See the [documentation](docs/About-boxes.md) page about boxes for more details.

See also others [available instances](docs/Instances.md).

## Getting started
To get started with `pentest-env`, clone this repository and run `vagrant up` inside the directory.
This will download and run the Kali instance.

You can customize, add targets, create new targets etc.. inside `pentest-env`.
Some examples are available in the `examples/` directory, to use one simply set the `PENTESTRC` environment variable:
```
> PENTESTRC=examples/ctf.pentestrc vagrant status
Current machine states:

kali running (virtualbox)
metasploitable2 not created (virtualbox)
primer not created (virtualbox)

This environment represents multiple VMs. The VMs are all listed
above with their current state. For more information about a specific
VM, run `vagrant status NAME`.
```

For more details, visit the [documentation](docs/) pages:

1. [Installation](docs/Installation.md)
2. [Usage](docs/Usage.md)
3. [Docker](docs/Docker.md)
4. [Openstack](docs/Openstack.md)
5. [Customizations](docs/Customizations.md)
6. [Instances](docs/Instances.md)
7. [Targets](docs/Targets.md)
8. [Write custom instances and targets](docs/Custom-instances.md)
9. [Debugging](docs/Debugging.md)
9. [Security](docs/Security.md)
10. [About boxes](docs/About-boxes.md)
11. [Known issues](docs/Known-issues.md)

#### Some configuration examples:
1. [Configure Kali linux with Tor & proxychains](docs/examples/Tor-proxy.md)
2. [Configure Kali linux with Whonix gateway](docs/examples/Whonix.md)
3. [Faraday cscan against metasploitable 2 & 3 targets](docs/examples/Cscan-msfrpc.md)
4. [Configure a Teamserver](docs/examples/Teamserver.md)

#### Target examples:
1. [Basic Chef environment](docs/examples/Chef-environment.md)
2. [Simple & insecure Kubernetes cluster](docs/examples/K8s-cluster.md)

## About Security
#### verify checksums
It's recommended to check downloaded box files with provided checksums (SHA256).
See https://raw.githubusercontent.com/Sliim/pentest-env/master/checksums.txt for checksums list.
#### sshd is running
Provided boxes run the `sshd` service.
So if you plan to run the Kali linux with a Bridged interface, default setup can be dangerous!

- `root` password of kali is `toor`.
- SSH private key is not private! Anyone can use this [key](https://github.com/Sliim/pentest-env/blob/master/ssh-keys/pentest-env) to connect to your instance.

See the [secure the environment](docs/Security.md) page to automatically change these defaults values.
#### Shared folders symlinks
I recommend to disable `SharedFoldersEnableSymlinksCreate` which are enabled by default by vagrant.

More details and source in the [Security/Disable SharedFoldersEnableSymlinksCreate](docs/Security.md#disable-sharedfoldersenablesymlinkscreate) section.

## Related projects

Here is some projects you can build and integrate easily with pentest-env.

- Metasploitable3 - https://github.com/rapid7/metasploitable3/
- DetectionLab - https://github.com/clong/DetectionLab
- DanderSpritz-Lab - https://github.com/francisck/DanderSpritz_lab

## License
See COPYING file