Skip to content
Redcloud is a powerful and user-friendly toolbox for deploying a fully-featured Red Team Infrastructure using Docker. Use and manage it with its polished web-interface.
Branch: master
Clone or download
ktx
Latest commit 7ab3bd0 Mar 19, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
nginx-templates Adding "red_" prefix to docker image names Mar 15, 2019
nginx first github commit Mar 10, 2019
utils first github commit Mar 10, 2019
.gitignore first github commit Mar 10, 2019
LICENSE
README.md cleaned readme (thank you <3) Mar 19, 2019
docker-compose.yml first github commit Mar 10, 2019
redcloud.py first github commit Mar 10, 2019
requirements.txt

README.md

Redcloud

Weather report. Cloudy with a chance of shells!

Early release. Follow me on Twitter to stay updated on Redcloud's development
💁☁️🐚🌱


Introduction

Redcloud is a powerful and user-friendly toolbox for deploying a fully featured Red Team Infrastructure using Docker. Use and manage it with its polished web interface.

Ideal for your penetration tests, shooting ranges, red teaming and bug bounties!

Self-host your attack infrastructure painlessly, deploy your very own live, scalable and resilient offensive infrastructure in a matter of minutes.


Features

  • Deploy Redcloud locally and remotely using the built-in SSH functions, and even docker-machine.
  • Deploy Metasploit, Empire, GoPhish, a fully stacked Kali, and many other security tools using Portainer's sleek and a responsive web interface.
  • Use an NGINX reverse proxy, preconfigured for Metasploit and Empire reverse callbacks. (under development)
  • Use the cloud's full potential with Docker's underlying power. Easily manage a single server or a full swarm just the same. Distribute the load seamlessly.
  • Monitor and manage your infrastructure with just a few clicks.
  • Deploy redirections, socks or Tor proxy for all your tools. Spawn your maze, Docker's internal network capabilities take care of the complicated stuff.
  • Painless network management and volume sharing.
  • Use training environments. Build your own shooting range.
  • User and password management.
  • Overall very comfy 🐣

Quick Start

# If deploying using ssh
> cat ~/.ssh/id_rsa.pub | ssh root@your-deploy-target-ip 'cat >> .ssh/authorized_keys'

# If deploying using docker-machine, and using a machine named "default"
> eval (docker-machine env default)
# Use python3 if default python version is 2.x
> git clone https://github.com/khast3x/redcloud.git
> cd redcloud
> python --version

> python redcloud.py

Redcloud uses PyYAML to print the list of available templates. It's installed by default on most systems.
If not, simply run:

# Use pip3 if default python version is 2.x
> pip install -r requirements.txt

The Redcloud menu offers 3 different deployment methods:

  1. Locally
  2. Remotely, using ssh. Requires having your public key in your target's authorized_keys file.
  3. Remotely, using docker-machine. Run the eval (docker-machine env deploy_target) line to preload your env with your docker-machine, and run redcloud.py. Redcloud should automatically detect your docker-machine, and highlight menu items relevant to a docker-machine deployment.

Redcloud deployment workflow is as follows:

  1. Clone/Download Redcloud repository.
  2. Launch redcloud.py.
  3. Choose deployment candidate from the menu (local, ssh, docker-machine).
  4. redcloud.py automatically:
    • checks for docker & docker-compose on target machine.
    • installs docker & docker-compose if absent.
    • deploys the web stack on target using docker-compose.
  5. Once deployment is complete, redcloud.py will output the URL. Head over to https://your-deploy-machine-ip/portainer.
  6. Set username/password from the web interface.
  7. Select the endpoint (the only one on the list).
  8. Access the templates using the "App Templates" menu item on the left 🚀

App Template deployment is as follows:

  1. Choose template.
  2. If you wish to add additional options, select "+ Show advanced options".
  3. Add port mapping, networking options, and volume mapping as you see fit.
  4. Select "Deploy the container".
  5. Portainer will launch the container. It may take a few minutes if it needs to fetch the image. If your server is in a data center, this step will be very fast.
  6. Container should be running 🚀
  7. Portainer will redirect you to the "Containers" page. From there, you can: a. View live container logs. b. Inspect container details (docker inspect). c. View live container stats (memory/cpu/network/processes). d. Use a web shell to interact with your container. e. Depending on the App Template, use either bash or sh. Choose accordingly from the drop-down menu.

Briefly,

redcloud.py deploys a Portainer stack, preloaded with many tool templates for your offensive engagements, powered by Docker. Once deployed, use the web interface to manage it. Easy remote deploy to your target server using the system ssh or even docker-machine if that's your thing.

  • 🚀 Ever wanted to spin up a Kali in a cloud with just a few clicks?
  • 📦 Have clean silos between your tools, technics and stages?
  • 🚑 Monitor the health of your scans and C2?
  • 🔥 Skip those sysadmin tasks for setting up a phishing campaign and get pwning faster?
  • 😈 Curious how you would build the ideal attack infrastructure?

Use the web UI to monitor, manage, and interact with each container. Use the snappy web terminal just as you would with yours. Create volumes, networks and port forwards using Portainer's simple UI.

Use all your favorite tools and technics with the power of data-center-grade internet.



Details

Redcloud Architecture

  • redcloud.py: Starts/Stops the Web interface and App Templates, using Docker and Portainer.
  • portainer-app: The main container with the Portainer web interface.
  • portainer-proxy: NGINX reverse-proxy container to the web interface. Can proxy Metasploit and Empire reverse shells. Auto-generates an https certificate.
  • nginx-templates: NGINX server container that feeds the App Templates. Lives in an "inside" network.
  • redcloud_cert_gen_1: The omgwtfssl container that generates the SSL certificates using best practices.
  • https://your-server-ip/portainer: Redcloud Web interface once deployed.

Networks

Redcloud makes it easy to play around with networks and containers.
You can create additional networks with different drivers, and attach your containers as you see fit. Redcloud comes with 2 networks, redcloud_default and redcloud_inside.

Volumes

You can share data between containers by sharing volumes. Redcloud comes with 2 volumes:

  • certs: Container with the certificates generated by omgwtfssl.
  • files: Standard file sharing volume. For now, the files are available when browsing https://your-server-ip/, and are served by the NGINX reverse-proxy container directly from the files volume. A typical use-case is to attach the volume to a Metasploit container, generate your payload directly into the files volume. You can now serve your fresh payload directly through the NGINX file server.

Accessing containers from the terminal

If you wish to stay in your terminal to work with the deployed containers, its very easy using Docker. Keep these things in mind:

  • Most containers have bash, but some use sh instead
  • All Redcloud App Templates container names start with red_, such as red_msf-postgresql
  • With Docker, you can either use docker exec or attach to interact with a container
    • exec is preferred as it creates a new process
    • attach lands you straight on the running process, potentially killing your running container
  • If running Redcloud:
    • Locally or using docker-machine, simply type these in your local shell
    • Using ssh, first ssh into your deployment target to run the following commands

To start interacting with the desired deployed container:

> docker exec -it red_container-name /bin/bash
root@70a819ef0e87:/#

If you see the following message, it means bash is not installed. In that case simply replace /bin/bash with /bin/sh:

> docker exec -it red_container-name /bin/bash
OCI runtime exec failed: exec failed: container_linux.go:344: starting container process caused "exec: \"/bin/bash\": stat /bin/bash: no such file or directory": unknown

> docker exec -it red_container-name /bin/sh
#

To use docker attach, simply run:

> docker attach red_container-name

If using attach, the container needs to be started in interactive mode, so as to land in a interactive shell.

Accessing files

Point your browser to https://your-redcloud-ip.
Please refer to the files volume for more information.

SSL Certificates

Redcloud generates a new unsigned SSL certificate when deploying.
The certificate is generated by omgwtfssl, implementing most best practices. Once generated:

It will dump the certificates it generated into /certs by default and will also output them to stdout in a standard YAML form, making them easy to consume in Ansible or other tools that use YAML.

Certificates are stored in a shared docker volume called certs. Your containers can access this volume if you indicate it in "+ Advanced Settings" when deploying it. The NGINX reverse-proxy container fetches the certificates directly from its configuration file. If you wish to replace these certificates with your own, simply replace them on this volume.

It also means you can share the generated certificates into other containers, such Empire or Metasploit for your reverse callbacks, or for a phishing campaign. Most SSL related configurations can be found in nginx/config/portainer.conf or the docker-compose.yml file.

Stopping Redcloud

You can stop Redcloud directly from the menu.
Deployed App templates need to be stopped manually before stopping Redcloud. You can stop them using the Portainer web interface, or docker rm -f container-name.
If you wish to force the Portainer containers running Redcloud to stop, simply run docker-compose kill inside the redcloud/ folder. The local and docker-machine stop option is the same, thus they are combined in the same option.

Portainer App Templates

Redcloud uses Portainer to orchestrate and interface with the Docker engine. Portainer in itself is a fantastic project to manage Docker deployments remotely. Portainer also includes a very convenient template system, which is the major component for our Redcloud deployment.
Templates can be found in ./nginx-templates/templates.yml. Portainer fetches the template file from a dedicated NGINX container (nginx-templates).

Redcloud security considerations

Redcloud deploys with a self-signed https certificate, and proxies all interactions with the web console through it.
However, the default network exposes your containers' ports to the outside world.

You can:

  • Add custom Location blocks in the NGINX configuration.
  • Start an Ubuntu+noVNC (VNC through http) from template, add it to both an "inside" and "outside" network, and access exposed interfaces from inside.
  • Add .htaccess configurations. Some are planned in further Redcloud development.

Additionally:

  • docker & docker-machine installations require root privileges. You can downgrade privilege requirements following the official documentation.
  • The install script is pulled directly from the official docker repositories.
  • redcloud.py fetches Redcloud's public IP address using icanhazip.com.

Tested deployment candidates

Deploy Target Status
Ubuntu Bionic ✔️
Ubuntu Xenial ✔️
Debian Strech ✔️

Troubleshooting

  • Check your default python version with python --version. Redcloud needs python 3+.
  • Use python3 instead of python if on an older system.
  • redcloud.py requires that deployment candidate have the public key in their .ssh/authorized_keys, and handles password-less authentication using the user's public key. This is the default configuration for most VPS workflows.
  • docker-machine deployment requires the user to already have a running docker-machine on a cloud infrastructure (such as AWS, GCP, Linode and many others). Once deployed, simply run the eval command as illustrated above.
  • docker & docker-machine installations require root privileges. You can downgrade privilege requirements following the official documentation
  • If you don't see the "App Templates" menu item right after deploying, refresh the web page and make sure you're not at the endpoint selection menu.
  • If you wish to create a new username/password combo, remove Portainer persistent data on deployment candidate: rm -rf /opt/portainer/data
  • If you're running into python errors, you may need to install the python3-distutils package using apt-get install python3-distutils on debian/ubuntu base.
  • If you get an error when deploying an App Template saying the "container name already exists", it's probably because you're trying to deploy the same App Template without having removed a previously deployed one. Simply remove the old container with the same name, or change the name of your new container.
  • If something seems wrong with your container, the standard procedure is to check the container's logs from the web interface.
  • If running a local deployment on OSX, portainer will be unable to use its default volume location /opt/. To solve this, open the docker-compose.yml file, replace /opt/portainer/data:/data with a folder with write-access, for example: /tmp/portainer/:/data and create the /tmp/portainer directory before running Redcloud.

Use-cases

  • Create your personal pentest-lab, and practice your hacking skills with friends and colleagues.
  • Throw off the blue team by deploying honeypots. Can be one or one thousand honeypots thanks to containers!
  • Deploy Metasploit or Empire, generate payload, served with nginx files.
  • Launch Sniper, fetch logs using nginx files.
  • Use the reverse proxy to cover Metasploit or Empire.
  • Use an xss scanner on Juice shop.
  • Launch scans behind your own Tor socks proxy.
  • View .onion site using Tor socks + Ubuntu VNC.
  • Advanced OSINT with Spiderfoot and a Tor container as proxy.

Screenshots

  • Template List + redcloud.py deploy

  • Deploying a container

  • Using Metasploit's msfconsole through the web interface


Contribution guideline

Any help is appreciated. This is a side project, so it's probably missing a few bolts and screws. Above all:

  • Reporting or fixing Redcloud bugs & quirks.
  • Adding templates. Please keep it clean, and from the creator's docker hub repository if possible.
  • Adding documentation.
  • Detailing use cases in blog articles. I'll add links to blog posts here, so please be sure to contact me if you make one! ✌️
  • Typos as issues. (no pull requests please)

Hosting Redcloud

You can host a Redcloud on any Unix server that runs Docker.
Redcloud is intended to be used in a cloud environment, such as a simple VPS with ssh, or even an AWS EC2, GCP, etc...

A large range of cloud providers offer free credits to get familiar with their services. Many lists and tutorials cover getting free hosting credits from major vendors. This list is a good place to start.

Regarding deployment method, I personally prefer working with docker-machine as it becomes ridiculously easy to spawn new machines and manage them once you've got your cloud provider's driver setup. If you prefer using ssh, be sure to take a look at evilsocket's shellz project to manage your keys and profiles.


Inspirations & Shout-outs


Finally, I'd love to integrate Cobalt Strike. Unfortunately, I don't see myself having the funds to invest in a license, so if you know someone who knows someone, I'm all ears 😇


If you wish to stay updated on this project:

twitter

You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.