Usage Examples - ezra-buckingham/terry-the-terraformer GitHub Wiki

In order to familiarize yourself with some of the syntax, I have included some example commands as well as explanations of what Terry will build.

Create Examples

Below are some examples of using the create command.

Example 1

  • Skip setting up Nebula
  • Skip setting up Logstash / Filebeats
  • Use verbose output to show all the things Terry is doing in the background
  • Build a categorization server hosted on AWS with a domain registrar of AWS

Short-hand Command:

./terry.py -o test1 -N -Ne -v create server -p aws -t categorize -dI techelevator.com -d focusfireandsecuity.net:aws

Fully Qualified Command:

./terry.py --config config.yml --operation test1 --no_nebula --no_elastic --verbose create server --provider aws --type categorize --domain_to_impersonate techelevator.com --fqdn focusfireandsecuity.net:aws

Note the -N / --no_nebula and -Ne / --no_elastic flags instructing Terry to not to deploy Nebula and to not configure Elastic logging. This is not needed since there is only one server in this deployment.

Example 2

  • Skip setting up Nebula
  • Use verbose output
  • Send logs to an Elastic server at elastic.example.com
  • Build a teamserver hosted on DigitalOcean with a Cobalt Strike container
./terry.py -o test2 -N -v -eS elastic.example.com -eK <your_elastic_api_key> create server -p digitalocean -t teamserver -cT cobaltstrike

Again, note that Nebula is not needed since there is only one server in this deployment.

Example 3

  • Use verbose output
  • Build a teamserver hosted on AWS with a Cobalt Strike container
  • Build a HTTPS redirector hosted on DigitalOcean with a domain registrar of AWS
  • Build a DNS redirector hosted on DigitalOcean with a domain registrar of AWS
./terry.py -o test3 -v create server -p aws -t teamserver -cT cobaltstrike server -p digitalocean -t redirector -rT https -d httpsc2.example.com:aws server -p digitalocean -t redirector -rT dns -d dnsc2.example.com:aws

Example 4

Build the same as above, but have a second domain pointed to the HTTPS redirector. To do this, you first need to give a name of the HTTPs redirector using the -sN / --server_name flag and create an additional domain object.

./terry.py -o test4 -v create server -p aws -t teamserver -cT cobaltstrike server -p digitalocean -t redirector -rT https -sN httpsredir -d httpsc2.example.com:aws server -p digitalocean -t redirector -rT dns -d dnsc2.example.com:aws domain -sN httpsredir -p namecheap -d second.domain.com -t A

Destroy Examples

Below are some example of using the destroy command.

Example 1

Destroy an operation you previously built with the name test1 and keep all the files and folders that were associated with the operation.

./terry.py -o test1 destroy

Example 2

Destroy an operation you previously built with the name test1 and delete all the files and folders that were associated with the operation.

./terry.py -o test1 destroy -r

The -r / --recursive flag will recursively delete all files and folders associated with test1.

Pro Tip

When you set a username/password/API key for a variable, build a single command that you can copy and paste to set all your environment variables. Doing this makes it so you do not need to store credentials in the config or pass them in as CLI args each time you run Terry.

export HISTCONTROL=ignorespace \r\n
 export AWS_ACCESS_KEY_ID="" && export AWS_SECRET_ACCESS_KEY="" && export AWS_DEFAULT_REGION="us-east-2" && export DIGITALOCEAN_ACCESS_TOKEN="" && export PM_USER="" && export PM_PASS="" && export GODADDY_API_KEY="" && export GODADDY_API_SECRET="" && export NAMECHEAP_USER_NAME="" && export NAMECHEAP_API_USER="" && export NAMECHEAP_API_KEY=""