HXSecurity · teamssix · Jun 14, 2022 · Jun 14, 2022 · Jun 14, 2022
diff --git a/README.md b/README.md
diff --git a/README_CN.md b/README_CN.md
diff --git a/aws/ec2/EBS_volume_encryption_is_disabled/README.md b/aws/ec2/EBS_volume_encryption_is_disabled/README.md
@@ -37,6 +37,7 @@ Get EBS encryption by default.
 
 ```bash
 > aws --region us-east-1 ec2 get-ebs-encryption-by-default
+
 {
     "EbsEncryptionByDefault": false
 }

diff --git a/aws/ec2/EBS_volume_encryption_is_disabled/README_CN.md b/aws/ec2/EBS_volume_encryption_is_disabled/README_CN.md
@@ -4,7 +4,7 @@
 
 ## 描述信息
 
-这是一个用于构建 AWS EBS 卷加密默认未开启。
+这是一个用于构建 AWS EBS 卷加密默认未开启的场景。
 
 ## 环境搭建
 
@@ -37,6 +37,7 @@ terraform apply
 
 ```bash
 > aws --region us-east-1 ec2 get-ebs-encryption-by-default
+
 {
     "EbsEncryptionByDefault": false
 }

diff --git a/aws/networking/vpc_security_group_open_all_port/README.md b/aws/networking/vpc_security_group_open_all_port/README.md
@@ -0,0 +1,76 @@
+# AWS VPC security group open all port
+
+English | [中文](./README_CN.md)
+
+## Description
+
+This is a scenario used to build the AWS VPC security group open all port.
+
+## Deployment Environment
+
+Execute the following command in the container
+
+```shell
+cd /TerraformGoat/aws/networking/vpc_security_group_open_all_port
+```
+
+Configure AWS Access Credentials
+
+```shell
+aws configure
+```
+
+> You can see the access key in the AWS [Console --> Security Credentials]
+
+Deploy Vulnerable Environment
+
+```shell
+terraform init
+terraform apply
+```
+
+> When the terminal prompts `Enter a value:`, enter `yes`
+
+After the environment is set up, you can see the ID of the security group at Outputs.
+
+## Steps
+
+View security group rules.
+
+```bash
+> aws ec2 describe-security-groups --group-ids sg-015ab313fbb70s95b
+
+{
+    "SecurityGroups": [
+        {
+            "Description": "Managed by Terraform",
+            "GroupName": "huocorp_terraform_goat_security_group",
+            "IpPermissions": [
+                {
+                    "FromPort": 1,
+                    "IpProtocol": "tcp",
+                    "IpRanges": [
+                        {
+                            "CidrIp": "0.0.0.0/0"
+                        }
+                    ],
+                    "Ipv6Ranges": [],
+                    "PrefixListIds": [],
+                    "ToPort": 65535,
+                    "UserIdGroupPairs": []
+                }
+            ],
+            "OwnerId": "0123456789012",
+            "GroupId": "sg-015ab313fbb70s95b",
+            "IpPermissionsEgress": [],
+            "VpcId": "vpc-13194b56d96ac1f8h"
+        }
+    ]
+}
+```
+
+## Destroy the environment
+
+```shell
+terraform destroy
+```
diff --git a/aws/networking/vpc_security_group_open_all_port/README_CN.md b/aws/networking/vpc_security_group_open_all_port/README_CN.md
@@ -0,0 +1,76 @@
+# AWS 安全组允许所有端口访问
+
+[English](./README.md) | 中文
+
+## 描述信息
+
+这是一个用于构建 AWS 安全组允许所有端口访问的场景。
+
+## 环境搭建
+
+在容器中执行以下命令
+
+```shell
+cd /TerraformGoat/aws/networking/vpc_security_group_open_all_port
+```
+
+配置 AWS 访问凭证
+
+```shell
+aws configure
+```
+
+> 在 AWS 「控制台——》安全凭证」处可以设置并查看你的 `aws_access_key_id` 和 `aws_secret_access_key`
+
+部署靶场
+
+```shell
+terraform init
+terraform apply
+```
+
+> 在终端提示 `Enter a value:` 时，输入 `yes` 即可
+
+环境搭建完后，在 Outputs 处可以看到安全组的 ID
+
+## 步骤
+
+查看创建的安全组规则
+
+```bash
+> aws ec2 describe-security-groups --group-ids sg-015ab313fbb70s95b
+
+{
+    "SecurityGroups": [
+        {
+            "Description": "Managed by Terraform",
+            "GroupName": "huocorp_terraform_goat_security_group",
+            "IpPermissions": [
+                {
+                    "FromPort": 1,
+                    "IpProtocol": "tcp",
+                    "IpRanges": [
+                        {
+                            "CidrIp": "0.0.0.0/0"
+                        }
+                    ],
+                    "Ipv6Ranges": [],
+                    "PrefixListIds": [],
+                    "ToPort": 65535,
+                    "UserIdGroupPairs": []
+                }
+            ],
+            "OwnerId": "0123456789012",
+            "GroupId": "sg-015ab313fbb70s95b",
+            "IpPermissionsEgress": [],
+            "VpcId": "vpc-13194b56d96ac1f8h"
+        }
+    ]
+}
+```
+
+## 销毁环境
+
+```shell
+terraform destroy
+```
diff --git a/aws/networking/vpc_security_group_open_all_port/main.tf b/aws/networking/vpc_security_group_open_all_port/main.tf
@@ -0,0 +1,19 @@
+resource "aws_instance" "huocorp_terraform_goat_instance" {
+  ami                    = "ami-0e472ba40eb589f49"
+  instance_type          = "t2.micro"
+  vpc_security_group_ids = [aws_security_group.huocorp_terraform_goat_security_group.id]
+  depends_on = [
+    aws_security_group.huocorp_terraform_goat_security_group
+  ]
+}
+
+resource "aws_security_group" "huocorp_terraform_goat_security_group" {
+  name = "huocorp_terraform_goat_security_group"
+  ingress {
+    from_port        = 1
+    to_port          = 65535
+    protocol         = "tcp"
+    cidr_blocks      = ["0.0.0.0/0"]
+    ipv6_cidr_blocks = []
+  }
+}
diff --git a/aws/networking/vpc_security_group_open_all_port/outputs.tf b/aws/networking/vpc_security_group_open_all_port/outputs.tf
@@ -0,0 +1,3 @@
+output "security_group_id" {
+  value = aws_security_group.huocorp_terraform_goat_security_group.id
+}
diff --git a/aws/networking/vpc_security_group_open_all_port/versions.tf b/aws/networking/vpc_security_group_open_all_port/versions.tf
@@ -0,0 +1,12 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "4.10.0"
+    }
+  }
+}
+
+provider "aws" {
+  region = "us-east-1"
+}