Simple & boring virtual machines for security testing. These are offered as an optional, run-it-at-home environment for students in course IY5610 of the Information Security MSc at Royal Holloway, University of London.
Check out this repository to a disk with a lot of space:
git clone https://github.com/malb/virtual-security-testing-lab.git
cd virtual-security-testing-lab
Download Metasploitable 2 from Sourceforge. Unpack the file Metasploiable2.vmdk
into the directory packer/metasploitable/
.
Build using packer:
$(cd packer/kali; packer build kali-2-amd64.json)
$(cd packer/metasploitable; packer build metasploitable2.json)
$(cd packer/debian-lenny; packer build debian-lenny-5.0.10-amd64-netinst.json)
$(cd packer/damn-vulnerable-node-application; packer build dvna-ubuntu-15.10-amd64.json)
This will produce four files
kali-2-amd64_virtualbox.box
our testermetasploitable2-virtualbox.box
a really weak targetdebian-lenny-5.0.10-amd64.box
a host targetdvna-ubuntu-15.10-amd64.box
a web target
We then have to import those into Vagrant. Note that we’re using those names in our Vagrantfile
:
$(cd packer/kali; vagrant box add --name kali kali-2-amd64-virtualbox.box)
$(cd packer/metasploitable; vagrant box add --name metasploitable2 metasploitable2-virtualbox.box)
$(cd packer/debian-lenny; vagrant box add --name debian-lenny debian-lenny-5.0.10-amd64-virtualbox.box)
$(cd packer/damn-vulnerable-node-application; vagrant box add --name dvna ubuntu-15.10-amd64.box)
To start the lab, issue:
cd vagrant
vagrant up
You can now login to the tester instance:
vagrant ssh tester-kali
This is Kali 2.0 (kali-linux-full
) with all X11, GUI and LaTeX stuff stripped to save space. Kali would not accept my preseed.cfg
so we start from Debian 8 on which Kali is built and upgrade to Kali from there. Debian 8 installer based on pjkundert/cpppo.
This is Metasploitable 2 based on waratek/vagrant-boxes.
Debian 5.0.10 based on lxhunter/packer-templates.
DVNA based on kaorimatz/packer-templates.
Yes, please! I’m lazy and loads of stuff isn’t as polished as it should be. Also, feel free to open issues.