Terraform Projects - froyo75/SpREaD GitHub Wiki
Available Terraform Projects
| Name | Description |
|---|---|
| azure | Create new CDN endpoints with Azure |
| aws | Create, Install and Configure EC2 instances using Ansible |
| digitalocean | Create, Install and Configure Digital Ocean droplets using Ansible |
| mailgun | Create a new Mailgun domain |
Terraform Scripts Description
[!IMPORTANT] Terraform will store the infrastructure and configuration state locally in a file named terraform.tfstate to keep track of metadata and changes. Any Terraform operations expect to be invoked from the working directory that contains configuration files. Terraform will generate an execution plan describing what it will do to reach the desired state, and then executes it to build the described infrastructure. As the configuration changes, Terraform is able to determine what changed and create incremental execution plans which can be applied.
AWS
AWS Folders Description
| Name | Description |
|---|---|
| sample | Contains a set of configuration files to quickly help create and build a new AWS infrastructure |
| cs.tfvars | Variable definitions for deploying one or multiple Cobalt Strike team servers |
| brc4.tfvars | Variable definitions for deploying one or multiple BRC4 servers |
| havoc.tfvars | Variable definitions for deploying one or multiple Havoc team servers |
| c2proxy.tfvars | Variable definitions for deploying one or multiple C2Proxies |
| clonesite.tfvars | Variable definitions for deploying one or multiple Clonesites |
| gophish.tfvars | Variable definitions for deploying one or multiple Gophish servers |
| gophish-evilginx.tfvars | Variable definitions for deploying one or multiple Gophish servers with Evilginx support |
| nextcloud.tfvars | Variable definitions for deploying one or multiple NextCloud servers |
| evilginx.tfvars | Variable definitions for deploying one or multiple Evilginx servers |
| evilginx-cdn.tfvars | Variable definitions for deploying one or multiple Evilginx servers with CDN support |
| recon.tfvars | Variable definitions for deploying one or multiple manual Recon or Axiom servers |
| hosts.tpl | Template to automatically fill up the Ansible inventory file for a given "op_name" (aka operation name) |
| host_vars.tpl | Template to automatically fill up Ansible host variables |
| init-infra.sh | Bash script to automatically initialize, evaluate the Terraform configuration and execute the planned changes to each resource using the relevant infrastructure provider's API |
| main.tf | Contain the main set of configuration for deploying and configuring one or multiple droplets using Ansible within local-exec provisioner |
| outputs.tf | Contains declarations to display droplets information and generate the Ansible host variables + inventory files |
| provider.tf | Contains provider declarations to interact with the resources supported by AWS |
| variables.tf | Contains all available variables to use in a specific ".tfvars" file for the given provider |
Available Security Groups
| Name | Description |
|---|---|
| secgrp-axiom.tf | Contain firewall rules for axiom servers |
| secgrp-c2proxy.tf | Contain firewall rules for C2proxy servers |
| secgrp-c2server.tf | Contain firewall rules for C2 servers |
| secgrp-clonesite.tf | Contain firewall rules for Clonesite servers |
| secgrp-gophish.tf | Contain firewall rules for Gophish servers |
| secgrp-gophish-evilginx.tf | Contain firewall rules for Gophish servers with Evilginx support |
| secgrp-mailu.tf | Contain firewall rules for Mailu servers |
| secgrp-nextcloud.tf | Contain firewall rules for NextCloud servers |
| secgrp-evilginx.tf | Contain firewall rules for Evilginx servers |
| secgrp-evilginx-cdn.tf | Contain firewall rules for Evilginx servers with CDN support |
| secgrp-recon.tf | Contain firewall rules for Recon servers |
Multi-region Deployment on AWS
AWS Terraform module requires to create a specific .tfvars file for a given region.
The following regions have been added to the variables.tf file but feel free to add yours.
| City | Region |
|---|---|
| paris | eu-west-3 |
| london | eu-west-2 |
| ireland | eu-west-1 |
| stockholm | eu-north-1 |
c2proxy.tfvars file
op_name = "rtX"
aws_region = "stockholm"
hosts = {
"rtX-c2proxy-toto-com" = {
aws_name = "toto.com"
aws_image = "ami-02c68996dd3d909c1"
aws_type = "t3.small"
aws_environment = "PROD"
ansible_user = "admin"
ansible_port = 22
vps_ssh_authorized_keys_folder = "./ssh/rtops"
vps_authorized_key_options = "no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-user-rc,from=\"0.0.0.0/0\""
vps_domain = "toto.com"
vps_sshd_port = 2222
vps_admin_email_address = "[email protected]"
vps_timezone = "Europe/Stockholm"
vps_service_type = "c2proxy"
vps_dns_provider = "gandi"
vps_glue_record = false
vps_dns_template = "default-a"
vps_smtp_dkim_domain_key = ""
vps_smtp_dkim_selector = ""
vps_cdn_endpoints = ""
vps_c2_mode = ""
vps_c2_framework = ""
vps_volume_size = 25
},
"rtX-c2proxy-tata-com" = {
aws_name = "tata.com"
aws_image = "ami-02c68996dd3d909c1"
aws_type = "t3.small"
aws_environment = "PROD"
ansible_user = "admin"
ansible_port = 22
vps_ssh_authorized_keys_folder = "./ssh/rtops"
vps_authorized_key_options = "no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-user-rc,from=\"0.0.0.0/0\""
vps_domain = "tata.com"
vps_sshd_port = 2222
vps_admin_email_address = "[email protected]"
vps_timezone = "Europe/Stockholm"
vps_service_type = "c2proxy"
vps_dns_provider = "gandi"
vps_glue_record = false
vps_dns_template = "default-a"
vps_smtp_dkim_domain_key = ""
vps_smtp_dkim_selector = ""
vps_cdn_endpoints = ""
vps_c2_mode = ""
vps_c2_framework = ""
vps_volume_size = 25
}
}
[!NOTE] The vps_volume_size variable sets the root block device size of the instance in gibibytes (GiB). Use -1 for the default size (8GiB).
[!TIP] Each variables definitions file (e.g. havoc.tfvars, brc4.tfvars, cs.tfvars, c2proxy.tfvars, clonesite.tfvars, evilginx.tfvars, evilginx-cdn.tfvars, gophish.tfvars, mailu.tfvars, nextcloud.tfvars, axiom.tfvars, recon.tfvars) contains a set of variables as an example for deploying a specific service type (e.g. brc4, c2proxy, clonesite etc.). These variables can be combined together into a single variables definitions file to build a custom infrastructure including multiple services such as C2Proxies, Clonesites, C2Servers etc.
Digital Ocean
Digital Ocean Folders Description
| Name | Description |
|---|---|
| sample | Contains a set of configuration files to quickly help create and build a new Digital Ocean infrastructure |
| cs.tfvars | Variable definitions for deploying one or multiple Cobalt Strike team servers |
| brc4.tfvars | Variable definitions for deploying one or multiple BRC4 servers |
| havoc.tfvars | Variable definitions for deploying one or multiple Havoc team servers |
| c2proxy.tfvars | Variable definitions for deploying one or multiple C2Proxies |
| clonesite.tfvars | Variable definitions for deploying one or multiple Clonesites |
| gophish.tfvars | Variable definitions for deploying one or multiple Gophish servers |
| gophish-evilginx.tfvars | Variable definitions for deploying one or multiple Gophish servers with Evilginx support |
| nextcloud.tfvars | Variable definitions for deploying one or multiple NextCloud servers |
| evilginx.tfvars | Variable definitions for deploying one or multiple Evilginx servers |
| evilginx-cdn.tfvars | Variable definitions for deploying one or multiple Evilginx servers with CDN support |
| recon.tfvars | Variable definitions for deploying one or multiple manual Recon or Axiom servers |
| hosts.tpl | Template to automatically fill up the Ansible inventory file for a given "op_name" (aka operation name) |
| host_vars.tpl | Template to automatically fill up Ansible host variables |
| init-infra.sh | Bash script to automatically initialize, evaluate the Terraform configuration and execute the planned changes to each resource using the relevant infrastructure provider's API |
| main.tf | Contain the main set of configuration for deploying and configuring one or multiple droplets using Ansible within local-exec provisioner |
| outputs.tf | Contains declarations to display droplets information and generate the Ansible host variables + inventory files |
| provider.tf | Contains provider declarations to interact with the resources supported by Digital Ocean |
| variables.tf | Contains all available variables to use in a specific ".tfvars" file for the given provider |
c2proxy.tfvars file
op_name = "rtX"
hosts = {
"rtX-c2proxy-toto-com" = {
do_name = "toto.com"
do_image = "debian-10-x64"
do_size = "s-2vcpu-2gb-intel"
do_region = "ams3"
ansible_user = "root"
ansible_port = 22
vps_ssh_authorized_keys_folder = "./ssh/rtops"
vps_authorized_key_options = "no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-user-rc,from=\"0.0.0.0/0\""
vps_domain = "toto.com"
vps_sshd_port = 2222
vps_admin_email_address = "[email protected]"
vps_timezone = "Europe/Amsterdam"
vps_service_type = "c2proxy"
vps_dns_provider = "gandi"
vps_glue_record = false
vps_dns_template = "default-a"
vps_smtp_dkim_domain_key = ""
vps_smtp_dkim_selector = ""
vps_cdn_endpoints = ""
vps_c2_mode = ""
vps_c2_framework = ""
},
"rtX-c2proxy-tata-com" = {
do_name = "tata.com"
do_image = "debian-10-x64"
do_size = "s-2vcpu-2gb-intel"
do_region = "fra1"
ansible_user = "root"
ansible_port = 22
vps_ssh_authorized_keys_folder = "./ssh/rtops"
vps_authorized_key_options = "no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-user-rc,from=\"0.0.0.0/0\""
vps_domain = "tata.com"
vps_sshd_port = 2222
vps_admin_email_address = "[email protected]"
vps_timezone = "Europe/Berlin"
vps_service_type = "c2proxy"
vps_dns_provider = "gandi"
vps_glue_record = false
vps_dns_template = "default-a"
vps_smtp_dkim_domain_key = ""
vps_smtp_dkim_selector = ""
vps_cdn_endpoints = ""
vps_c2_mode = ""
vps_c2_framework = ""
}
}
[!TIP] Each variables definitions file (e.g. havoc.tfvars, brc4.tfvars, cs.tfvars, c2proxy.tfvars, clonesite.tfvars, evilginx.tfvars, evilginx-cdn.tfvars, gophish.tfvars, mailu.tfvars, nextcloud.tfvars, axiom.tfvars, recon.tfvars) contains a set of variables as an example for deploying a specific service type (e.g. brc4, c2proxy, clonesite etc.). These variables can be combined together into a single variables definitions file to build a custom infrastructure including multiple services such as C2Proxies, Clonesites, C2Servers etc.
Azure
Azure Folders Description
| Name | Description |
|---|---|
| sample | Contains a set of configuration files to quickly help create and build a new Azure CDN infrastructure |
| init-infra.sh | Bash script to automatically initialize, evaluate the Terraform configuration and execute the planned changes to each resource using the relevant infrastructure provider's API |
| main.tf | Contain the main set of configuration for creating one or multiple CDN Endpoints |
| outputs.tf | Contains declarations to display details about CDN Endpoints created |
| provider.tf | Contains provider declarations to configure infrastructure in Microsoft Azure using the Azure Resource Manager API's |
| variables.tf | Contains all available variables to use in a specific ".tfvars" file for the given provider |
| simple-cdn.tfvars | Variable definitions for deploying one or multiple CDN Endpoints |
| evilginx-cdn.tfvars | Variable definitions for deploying one or multiple CDN endpoints for Evilginx |
| evilginx-cdn-adfs.tfvars | Variable definitions for deploying one or multiple CDN Endpoints for Evilginx with ADFS support |
"sample/sample.tfvars" file
op_name = "rtX"
cdn_profile_name= "rtXCDN"
endpoints = {
"azure-cdn-loginapp-com" = {
cdn_endpoint_name = "loginapp"
cdn_origin_hostname = "loginapp.com"
cdn_origin_hostname_header = "loginapp.com"
},
"azure-cdn-logonapp-com" = {
cdn_endpoint_name = "logonapp"
cdn_origin_hostname = "logonapp.com"
cdn_origin_hostname_header = "logonapp.com"
}
}
Mailgun
Mailgun Folders Description
| Name | Description |
|---|---|
| sample | Contains a set of configuration files to quickly help create and build a new Mailgun infrastructure |
| init-infra.sh | Bash script to automatically initialize, evaluate the Terraform configuration and execute the planned changes to each resource using the relevant infrastructure provider's API |
| main.tf | Contain the main set of configuration for set up one or multiple Mailgun domains |
| outputs.tf | Contains declarations to display details about a Mailgun domains added |
| provider.tf | Contains provider declarations to interact with the resources supported by Mailgun |
| variables.tf | Contains all available variables to use in a specific ".tfvars" file for the given provider |
"sample/sample.tfvars" file
domains = {
"toto-com" = {
smtp_domain = "toto.com"
smtp_region = "eu"
spam_action = "disabled"
smtp_password = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
dkim_key_size = 2048
dkim_selector = "mx"
},
"tata-com" = {
smtp_domain = "tata.com"
smtp_region = "eu"
spam_action = "disabled"
smtp_password = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
dkim_key_size = 2048
dkim_selector = "mx"
}
}
Additional Scripts
| Name | Description |
|---|---|
| createNewTerraInfra.sh | Script to automatically create a new C2 infrastructure project folder. |
| cleanTerraform.sh | Remove all terraform backup and state files and cached provider plugins and modules. |
| genSSHConfig.sh | Create A SSH Config File ~/.ssh/config automatically by specifying a Ansible inventory. |
| revokeSSHAccess.sh | Script to invoke the revoke-ssh-access.yml Ansible playbook. |
| updateBRC4Role.sh | Script to automatically update the Ansible install_brc4 role for provisioning a new version of BRC4. |