diff --git a/.gitignore b/.gitignore
index bee8a64..20bd586 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-__pycache__
+redbaron/data/plugins/
diff --git a/README.md b/README.md
index 7538e65..d9a81f2 100644
--- a/README.md
+++ b/README.md
@@ -3,284 +3,31 @@
-- [Overlord – Red Teaming Automation](#overlord-%e2%80%93-red-teaming-automation)
-- [Installation](#installation)
-- [Documentation](#documentation)
- - [Projects](#projects)
- - [Supported Providers](#supported-providers)
- - [Variables](#variables)
- - [Modules](#modules)
- - [c2](#c2)
- - [dns_records](#dnsrecords)
- - [Type](#type)
- - [Record](#record)
- - [Name](#name)
- - [gophish](#gophish)
- - [letsencrypt](#letsencrypt)
- - [mail](#mail)
- - [redirector](#redirector)
- - [webserver](#webserver)
- - [godaddy](#godaddy)
-- [Arguments](#arguments)
- - [Help](#help)
- - [Advanced Configuration](#advanced-configuration)
- - [Installation Templates](#installation-templates)
- - [Default Configuration File](#default-configuration-file)
-- [RedBaron](#redbaron)
- - [Notes](#notes)
- - [Firewall rules](#firewall-rules)
+Overlord provides a python-based console CLI which is used to build Red Teaming infrastructure in an automated way. The user has to provide inputs by using the tool’s modules (e.g. C2, Email Server, HTTP web delivery server, Phishing server etc.) and the full infra / modules and scripts will be generated automatically on a cloud provider of choice. Currently supports AWS and Digital Ocean. The tool is still under development and it was inspired and uses the [Red-Baron](https://github.com/byt3bl33d3r/Red-Baron) Terraform implementation found on Github.
+A demo infrastructure was set up in our blog post https://blog.qsecure.com.cy/posts/overlord/.
-This tool provides a python-based console CLI which is used to build Red Teaming infrastructure in an automated way. The user has to provide inputs by using the tool’s modules (e.g. C2, Email Server, HTTP web delivery server, Phishing server etc.) and the full infra / modules and scripts will be generated automatically on a cloud provider of choice. Currently supports AWS and Digital Ocean. The tool is still under development and it was inspired and uses the [Red-Baron](https://github.com/byt3bl33d3r/Red-Baron) Terraform implementation found on Github.
+For the full documentation of the tool visit the Wiki tab at https://github.com/qsecure-labs/overlord/wiki.
-A demo infrastructure was set up in our blog post https://blog.qsecure.com.cy/posts/overlord/ .
-
-It was only tested on Kali Linux but it probably work on all Linux x64 systems.
# Installation
```bash
-git clone overlord /opt/overlord
-cd /opt/overlord/config
-./install.sh
-```
-# Documentation
-## Projects
-Overlord has build in functionality for project management. From the cli you can manage each project by loading the configuration file with the `load` command. When you deploy the project again, the modifications will be pushed to the providers. For more information visit the [Help](#help).
-## Supported Providers
- - Digital Ocean
- - AWS
- - Godaddy
-## Variables
-The `set` command can be used to initialize the API keys to communicate with the providers. The domains variable can be used to add domain names into the overlord project.
-```
-aws_access_key aws_secret_key domains dotoken godaddy_access_key godaddy_secret_key
-```
-The `./projects/variables.json` can be used to auto load the keys used to authenticate with each of the supported providers and the domain names. When you first set the arguments into your campaign you can save them using the `set variables` command which will create the `variables.json` file.
-## Modules
-### c2
-Creates a C2 server of the provider of choice on the cloud. The types available are HTTP/DNS. SSH keys for each instance will be generated in the ```redbaron/data/ssh_keys``` folder.
-
-|Variable |Required |Description |
-|--- |--- |--- |
-|`id` |N/A |Module ID Autogenerated |
-|`type` |Yes |Type of c2 Accepted values are: HTTP/DNS. |
-|`provider` |Yes |Provider to be used |
-|`region` |Yes |Regions to create server instance |
-|`size` |Yes |Instance size to launch |
-|`redirectors`|Yes |Number of redirectors to launch for each c2. It can be 0. |
-|`tools` |No |Tools to be installed on instance creation. |
-
-The tools which are currently available for automatic installation on the C2 servers are the following:
-- metasploit
-- empire
-- dnscat2
-- cobaltstrike (The `CSTRIKE_KEY` variable has to be set in the `./redbaron/data/scripts/tools/cobaltstrike.sh` script)
-- The PenTesters Framework `(PTF)` (A library of penetration testing tools. You can modify what you want to install by changing the `./redbaron/data/scripts/tools/ptf.sh` script. For more information about the project visit: https://github.com/trustedsec/ptf)
-
-### dns_records
-Adds records to a domain.
-
-|Variable |Required |Description |
-|--- |--- |--- |
-|`id` |N/A |Module ID Autogenerated |
-|`provider` |Yes |Provider to be used |
-|`type` |Yes |The record type to add. |
-|`record` |Yes |The record to add. See record section. |
-|`name` |Yes |Name of the subdomain |
-|`priority` |No |Used for mail server. Default 1. |
-|`ttl` |No |Time to live |
-
-#### Type
-Valid values are A, MX and TXT.
-#### Record
-The record to add.
-```
-A: set record -m -d
-TXT: set record -d -t
-TXT: set record -d -v
-MX: set record -m -d
-```
-#### Name
-Use '@' for DigitalOcean or "" for AWS to create the record at the root of the domain or enter a hostname to create it elsewhere.
-
-### gophish
-Creates a gophish server of the provider of choice on the cloud. SSH keys for each instance will be generated in the ```redbaron/data/ssh_keys``` folder.
-
-|Variable |Required |Description |
-|--- |--- |--- |
-|`id` |N/A |Module ID Autogenerated |
-|`provider` |Yes |Provider to be used |
-|`region` |Yes |Regions to create server instance |
-|`size` |Yes |Instance size to launch |
-|`redirectors` |Yes |Number of redirectors to launch for each c2. It can be 0. |
-
-### letsencrypt
-Creates a Let's Encrypt TLS certificate for the specified domain using the DNS challenge. It stores the certificates on the ```redbaron/data/certificates``` or if it is a web server it runs certbort on the server.
-
-|Variable |Required |Description |
-|--- |--- |--- |
-|`id` |N/A |Module ID Autogenerated |
-|`domain_name`|Yes |The domain name for the certificate |
-|`email` |Yes |Email for certificate defaults to kokos@example.com |
-|`mod_id` |No |Autoloaded from domain_name |
-
-### mail
-Creates a mail server of the provider of choice on the cloud. SSH keys for each instance will be generated in the ```redbaron/data/ssh_keys``` folder.
-
-|Variable |Required |Description |
-|--- |--- |--- |
-|`id` |N/A |Module ID Autogenerated |
-|`domain_name` |Yes |Domain Name to use. |
-|`subdomain` |Yes |Subdomain to use. |
-|`allowed_ips` |Yes |IPs which are allowed to connect to relay emails. |
-|`provider` |Yes |Provider to be used |
-|`region` |Yes |Regions to create server instance |
-|`size` |Yes |Instance size to launch |
-
-### redirector
-Creates a redirector server for another module (e.g. redirector for the C2 servers, for gophish etc.) of the provider of choice on the cloud. The types availalbe are HTTP/DNS. SSH keys for each instance will be generated in the ```redbaron/data/ssh_keys``` folder.
-
-|Variable |Required |Description |
-|--- |--- |--- |
-|`id` |N/A |Module ID Autogenerated |
-|`type` |Yes |Type of c2 Accepted values are: HTTP/DNS. |
-|`provider` |Yes |Provider to be used |
-|`region` |Yes |Regions to create server instance |
-|`size` |Yes |Instance size to launch |
-|`redirector_id`|Yes |ID of the redirector to set up. |
-
-### webserver
-Creates a web server of the provider of choice on the cloud. SSH keys for each instance will be generated in the ```redbaron/data/ssh_keys``` folder.
-
-|Variable |Required |Description |
-|--- |--- |--- |
-|`id` |N/A |Module ID Autogenerated |
-|`provider` |Yes |Provider to be used |
-|`region` |Yes |Regions to create server instance |
-|`size` |Yes |Instance size to launch |
-|`redirectors`|Yes |Number of redirectors to launch for each c2. It can be 0. |
-
-### godaddy
-Redirects the nameservers from Godaddy to another provider (AWS, DigitalOcean)
-Godaddy some times needs time to change the NS records of a specific domain. This is causing an issue on Overlord failing to execute the godaddy plugin. After the NS records are updated on Goddady it would automaticaly be fixed.
-# Arguments
-
-| Name | Required | Description
-|---------------------------| -------- | -----------
-|`id` |N/A |Module ID Autogenerated |
-|`provider` |Yes |Provider to be used |
-|`domain` | Yes | The domain to create a hosted zone for.|
-
-## Help
-The help menu can provide additional information about each command.
-```
-Overlord$> help -v
-
-Documented commands (type help ):
-
-General (type help )
-================================================================================
-info Prints variable table or contents of a module which was added to the campaign
-set General variables for the campaign to be set
-
-Module (type help )
-================================================================================
-delmodule Deletes a module
-editmodule Edits a module
-usemodule Usemodule command help
-
-Project (type help )
-================================================================================
-create Creates terraform project from the campaign
-delete Deletes a project
-deploy Deploy current project
-load Load a project to overlord
-new Creates new terraform project.
-rename Rename a project
-save Save a project
-
-Other
-================================================================================
-clear Clear the screen
-exit Exit to main menu
-help List available commands or provide detailed help for a specific command
-history View, run, edit, save, or clear previously entered commands
-shell Execute a command as if at the OS prompt
-version Version
-```
-
-```
-Overlord$> help set
-usage: set [-h] {dotoken,aws_secret_key,aws_access_key,domains,variables} ...
-
-General variables for the campaign to be set
-
-optional arguments:
- -h, --help show this help message and exit
-
-set-commands:
- {dotoken,aws_secret_key,aws_access_key,domains,variables}
- set-command help
- dotoken Sets the Digital Ocean Token
- aws_secret_key Sets the AWS Secret Key
- aws_access_key Sets the AWS Access Key
- domains Domain names to be used in the campaign (Multiple domain names can be added)
- variables Sets the default variables.json to the values that are in memory
-```
-
-```
-Overlord$> help set dotoken
-usage: set dotoken [-h] dotoken
-
-positional arguments:
- dotoken example : [ set dotoken ]
-
-optional arguments:
- -h, --help show this help message and exit
-```
-## Advanced Configuration
-
-### Installation Templates
-In the c2 module the user has the ability to install tools from a list. The tool automatically loads the scripts from the `./redbaron/data/scripts/tools`. By adding a new script in the directory, you can install by the `tools` variable in the c2 module.
-
-### Default Configuration File
-The `./config/config.json` file contains the default configuration on each module and the providers that are used by overlord. By changing each object, you can customize the default values of each module when it loads to Overlord.
-```json
- // Default
- "mod_c2": {
- "module": "c2",
- "type" : "http",
- "redirectors": 1,
- "tools": [],
- "region": "LON1",
- "provider": "digitalocean",
- "size": "s-1vcpu-1gb",
- "id": ""
- }
-
- // Customized
- "mod_c2": {
- "module": "c2",
- "type" : "http",
- "redirectors": 0,
- "tools": ["metasploit","empire"],
- "region": "us-east-2",
- "provider": "aws",
- "size": "t2.nano",
- "id": ""
- }
-```
-
-# RedBaron
-**Red Baron only supports Terraform version 0.11 and will only work on Linux x64 systems. We will try to update it to support newer versions as well on a later phase.**
-
-For more information on how to modify the terraform modules and about the Red Baron project visit the following [Link](https://github.com/byt3bl33d3r/Red-Baron).
-
-## Notes
-### Firewall rules
-Overlord does not support adding new firewall rules from the CLI at the current time. You can add or remove rules from the RedBaron modules directory on the Terraform code or after the installation of each provider (i.e. manually via the cloud provider's web interface).
-- AWS: https://www.terraform.io/docs/providers/aws/r/security_group.html
-- DIGITALOCEAN: https://www.terraform.io/docs/providers/do/r/firewall.html
+git clone https://github.com/qsecure-labs/overlord.git
+cd overlord/config
+chmod +x install.sh
+sudo ./install.sh
+```
+
+## Acknowledgments
+
+This project could not be created without the awsome work for Marcello Salvati [@byt3bl33d3r](https://twitter.com/byt3bl33d3r) with the [RedBaron](https://github.com/byt3bl33d3r/Red-Baron) Project.
+That is the reason why we are referencing the name of RedBaron on our project as well.
+
+As Marcello stated on his acknowledgments, further thanks to:
+
+1. [@_RastaMouse's](https://twitter.com/_RastaMouse) two serie's blogpost on 'Automated Red Team Infrastructure Deployment with Terraform' Part [1](https://rastamouse.me/2017/08/automated-red-team-infrastructure-deployment-with-terraform---part-1/) and [2](https://rastamouse.me/2017/09/automated-red-team-infrastructure-deployment-with-terraform---part-2/)
+2. [@bluscreenofjeff's](https://twitter.com/bluscreenofjeff) with his amazing Wiki on [Read Team Infrastucture](https://github.com/bluscreenofjeff/Red-Team-Infrastructure-Wiki)
+3. [@spotheplanet's](https://ired.team/offensive-security/red-team-infrastructure) blog post on Red team infrastructure
## Disclaimer
Overlord comes without warranty and is meant to be used by penetration testers during approved red teaming assessments and/or social enigneering assessments. Overlord's developers and QSecure decline all responsibility in case the tool is used for malicious purposes or in any illegal context.
diff --git a/config/config.json b/config/config.json
index 7ad165c..8a55643 100644
--- a/config/config.json
+++ b/config/config.json
@@ -1,22 +1,23 @@
{
"mod_redirector": {
"module": "redirector",
- "type" : "http",
+ "type": "http",
"region": "LON1",
- "redirector_id":"",
+ "redirector_id": "",
"provider": "digitalocean",
"size": "s-1vcpu-1gb",
"id": ""
},
"mod_c2": {
"module": "c2",
- "type" : "http",
+ "type": "http",
"redirectors": 1,
"tools": [],
"region": "LON1",
"provider": "digitalocean",
"size": "s-1vcpu-1gb",
- "id": ""
+ "id": "",
+ "distro": "debian"
},
"mod_dns_record": {
"module": "dns_record",
@@ -39,8 +40,8 @@
"mod_letsencrypt": {
"module": "letsencrypt",
"id": "",
- "domain_name" : "",
- "mod_id" : "",
+ "domain_name": "",
+ "mod_id": "",
"email": "kokos@example.com"
},
"mod_mail": {
@@ -67,6 +68,12 @@
"domain": "",
"id": ""
},
+ "mod_ansible": {
+ "module": "ansible",
+ "hosts": [],
+ "playbook": "",
+ "id": ""
+ },
"mod_firewall": {
"module": "firewall",
"provider": "digitalocean",
@@ -74,20 +81,65 @@
"port": "",
"address": "0.0.0.0/0",
"rule": "inbound",
- "mod_id":""
+ "mod_id": ""
},
- "aws" :{
- "regions" : ["us-east-2", "us-east-1", "us-west-1", "us-west-2", "ap-east-1", "ap-south-1", "ap-northeast-3", "ap-northeast-2", "ap-southeast-1", "ap-southeast-2", "ap-northeast-1", "ca-central-1", "cn-north-1", "cn-northwest-1", "eu-central-1", "eu-west-1", "eu-west-2", "eu-west-3", "eu-north-1", "me-south-1", "sa-east-1", "us-gov-east-1", "us-gov-west-1"],
- "size" : ["t2.nano", "t2.micro", "t2.small", "t2.medium", "t2.large", "t2.xlarge", "t2.2xlarge", "a1.medium", "a1.large", "a1.xlarge", "a1.2xlarge", "a1.4xlarge", "t3.nano", "t3.micro", "t3.small", "t3.medium", "t3.large", "t3.xlarge", "t3.2xlarge", "t3a.nano", "t3a.micro", "t3a.small", "t3a.medium", "t3a.large", "t3a.xlarge", "t3a.2xlarge"],
+ "aws": {
+ "regions": ["us-east-2", "us-east-1", "us-west-1", "us-west-2", "ap-east-1", "ap-south-1", "ap-northeast-3", "ap-northeast-2", "ap-southeast-1", "ap-southeast-2", "ap-northeast-1", "ca-central-1", "cn-north-1", "cn-northwest-1", "eu-central-1", "eu-west-1", "eu-west-2", "eu-west-3", "eu-north-1", "me-south-1", "sa-east-1", "us-gov-east-1", "us-gov-west-1"],
+ "size": ["t2.nano", "t2.micro", "t2.small", "t2.medium", "t2.large", "t2.xlarge", "t2.2xlarge", "a1.medium", "a1.large", "a1.xlarge", "a1.2xlarge", "a1.4xlarge", "t3.nano", "t3.micro", "t3.small", "t3.medium", "t3.large", "t3.xlarge", "t3.2xlarge", "t3a.nano", "t3a.micro", "t3a.small", "t3a.medium", "t3a.large", "t3a.xlarge", "t3a.2xlarge"],
"default_region": "eu-west-1",
- "default_size": "t2.micro"
- },
- "digitalocean" :{
- "regions" : ["NYC1","NYC2","NYC2", "SFO1", "SFO2", "AMS2", "AMS1", "LON1","FRA1","TOR1","BLR1"],
- "size" : ["s-1vcpu-1gb"],
- "default_region" : "LON1",
- "default_size" : "s-1vcpu-1gb"
- },
- "providers_list" : ["digitalocean","aws"]
-}
-
+ "default_size": "t2.micro",
+ "supported_distros": ["debian","kali","ubuntu"],
+ "amis": {
+ "ap-northeast-1-debian": "ami-b6b568d0",
+ "ap-northeast-2-debian": "ami-b7479dd9",
+ "ap-south-1-debian": "ami-02aded6d",
+ "ap-southeast-1-debian": "ami-d76019b4",
+ "ap-southeast-2-debian": "ami-8359bae1",
+ "ca-central-1-debian": "ami-3709b053",
+ "eu-central-1-debian": "ami-8bb70be4",
+ "eu-west-1-debian": "ami-ce76a7b7",
+ "eu-west-2-debian": "ami-a6f9ebc2",
+ "sa-east-1-debian": "ami-f5c7b899",
+ "us-east-1-debian": "ami-71b7750b",
+ "us-east-2-debian": "ami-dab895bf",
+ "us-west-1-debian": "ami-58eedd38",
+ "us-west-2-debian": "ami-c032f6b8",
+ "ap-northeast-1-kali": "ami-0d701fcae946c61ed",
+ "ap-northeast-2-kali": "ami-0fbd27bb0a724c459",
+ "ap-south-1-kali": "ami-055e6bebd7c5e24c2",
+ "ap-southeast-1-kali": "ami-01027fa676ff2da3d",
+ "ap-southeast-2-kali": "ami-02811a36e6f758099",
+ "ca-central-1-kali": "ami-0f394074fe16decd6",
+ "eu-central-1-kali": "ami-0b61a044e0ae0d17d",
+ "eu-west-1-kali": "ami-0ac0bf7b0683eb820",
+ "eu-west-2-kali": "ami-071d0c011e7ab12f5",
+ "sa-east-1-kali": "ami-00c9b2d0ec9e3835c",
+ "us-east-1-kali": "ami-0c11557d0e4e9c896",
+ "us-east-2-kali": "ami-00f7390b60c41a3c0",
+ "us-west-1-kali": "ami-09aa8451f267643a9",
+ "us-west-2-kali": "ami-0a967289406d51ad4",
+ "ap-northeast-1-ubuntu": "ami-0f29c17df60493658",
+ "ap-northeast-2-ubuntu": "ami-065a2f32a35b7c52f",
+ "ap-south-1-ubuntu": "ami-05a3a2a452701c0ff",
+ "ap-southeast-1-ubuntu": "ami-05405da5795c2f2e7",
+ "ap-southeast-2-ubuntu": "ami-0243fb2a9c789bb43",
+ "ca-central-1-ubuntu": "ami-07d2c94058f3ca045",
+ "eu-central-1-ubuntu": "ami-07d14b5d47292e022",
+ "eu-west-1-ubuntu": "ami-014aff0119d738e34",
+ "eu-west-2-ubuntu": "ami-0339455b66e82a8ca",
+ "sa-east-1-ubuntu": "ami-0a32099c90454cc7a",
+ "us-east-1-ubuntu": "ami-07d1c0a30a7814597",
+ "us-east-2-ubuntu": "ami-083af2bfea9e15579",
+ "us-west-1-ubuntu": "ami-0b3f68410f4d4fed6",
+ "us-west-2-ubuntu": "ami-0652b0a864db01553"}
+ },
+ "digitalocean": {
+ "regions": ["NYC1", "NYC2", "NYC2", "SFO1", "SFO2", "AMS2", "AMS1", "LON1", "FRA1", "TOR1", "BLR1"],
+ "size": ["s-1vcpu-1gb"],
+ "default_region": "LON1",
+ "default_size": "s-1vcpu-1gb",
+ "supported_distros": ["debian","ubuntu"]
+ },
+ "providers_list": ["digitalocean", "aws"],
+ "distros": ["debian","kali","ubuntu"]
+ }
\ No newline at end of file
diff --git a/config/install.sh b/config/install.sh
old mode 100644
new mode 100755
index f4e9ff3..2e2fe32
--- a/config/install.sh
+++ b/config/install.sh
@@ -1,17 +1,24 @@
#!/bin/bash
-apt install python3
-apt install python3-pip
+# install all the packages required
+sudo apt install python3
+sudo apt install python3-pip
+sudo apt install wget
+sudo apt install unzip
+sudo apt install curl
+sudo apt install autossh
+
+# install the python requirements from the txt
pip3 install -r requirements.txt
-pip install ansible
-wget https://releases.hashicorp.com/terraform/0.11.14/terraform_0.11.14_linux_amd64.zip
-unzip terraform_0.11.14_linux_amd64.zip
-mv terraform /opt/terraform
-rm terraform_0.11.14_linux_amd64.zip
-echo 'export PATH="$PATH:/opt"' >> ~/.profile
+# download terraform binary
+wget https://releases.hashicorp.com/terraform/0.12.26/terraform_0.12.26_linux_amd64.zip
+unzip terraform_0.12.26_linux_amd64.zip
+sudo mv terraform /opt/terraform
+rm terraform_0.12.26_linux_amd64.zip
-wget https://github.com/n3integration/terraform-godaddy/releases/download/v1.6.4/terraform-godaddy_linux_amd64.tgz
+# download godaddy plugin for terraform
+wget https://github.com/n3integration/terraform-godaddy/releases/download/v1.7.3/terraform-godaddy_linux_amd64.tgz
tar -xvzf terraform-godaddy_linux_amd64.tgz
rm terraform-godaddy_linux_amd64.tgz
-mv terraform-godaddy_linux_amd64 ../redbaron/data/plugins/terraform-provider-godaddy_v1.6.4_x4
\ No newline at end of file
+sudo mv terraform-godaddy_linux_amd64 ../redbaron/data/plugins/terraform-provider-godaddy_v1.7.3_x4
\ No newline at end of file
diff --git a/config/requirements.txt b/config/requirements.txt
index 13bda9f..5d3a1c3 100644
--- a/config/requirements.txt
+++ b/config/requirements.txt
@@ -1,3 +1,4 @@
cmd2
prettytable
-PTable
\ No newline at end of file
+PTable
+ansible
\ No newline at end of file
diff --git a/modules/ansible.py b/modules/ansible.py
new file mode 100644
index 0000000..6e2f74c
--- /dev/null
+++ b/modules/ansible.py
@@ -0,0 +1,182 @@
+import cmd2
+import os
+import argparse
+from prettytable import PrettyTable
+from prettytable import MSWORD_FRIENDLY
+import random
+import string
+import json
+
+module = {}
+campaign_list = []
+
+class main(list):
+ """Main function to initialize variables and calls the cmd2 package for the godaddy module """
+ def __init__(self,campaign,mod,project_id):
+ global campaign_list
+ campaign_list = campaign
+
+ if mod is not None:
+ global module
+ module = mod
+
+ # Call cmd_main class
+ i = cmd_main()
+ i.prompt = "(" + cmd2.ansi.style("Overlord", fg='red', bg='',bold=True, underline=False) + " : " + cmd2.ansi.style( project_id, fg='bright_black', bg='',bold=True, underline=False) + cmd2.ansi.style("/ansible", fg='blue', bg='',bold=True, underline=False) +")" +"$> "
+ i.cmdloop()
+
+def hide_cmd2_modules(self):
+ # Remove most of the functionalities of the cmd2 package
+ self.hidden_commands.append('py')
+ self.hidden_commands.append('alias')
+ self.hidden_commands.append('macro')
+ self.hidden_commands.append('script')
+ self.hidden_commands.append('shortcuts')
+ self.hidden_commands.append('pyscript')
+ self.hidden_commands.append('run_pyscript')
+ self.hidden_commands.append('edit')
+ self.hidden_commands.append('run_script')
+ self.hidden_commands.append('quit')
+ self.hidden_commands.append('load')
+
+class cmd_main(cmd2.Cmd):
+ """cmd2 instance for firewall module"""
+ # The mod dictionary for the firewall module
+ mod = {}
+ playbooks_list = []
+ providers_list = []
+
+ def __init__(self):
+ super().__init__()
+ global module
+ global campaign_list
+ # Hide the Quit funcitionality
+ hide_cmd2_modules(self)
+
+ dir_path = "config"
+ if os.path.exists(dir_path+"/config.json"):
+ with open(dir_path+'/config.json', 'r') as filehandle:
+ config = json.load(filehandle)
+ self.mod = config["mod_ansible"]
+ else:
+ print("The config/config.json file does not exists! Exiting...")
+ return True
+
+ # Check if the editmodule functionality was used
+ if module:
+ self.mod = dict(module)
+ else:
+ self.mod["id"] = randomString()
+
+ # Create list with modules id
+ modules_ids=[]
+ for c in campaign_list:
+ if c["module"] != "dns_record" and c["module"] != "letsencrypt" and c["module"] != "godaddy" and c["module"] != "ansible":
+ modules_ids.insert(len(modules_ids),(c["id"]+"/"+c["module"]))
+ if c["module"] != "redirector":
+ for i in range(c["redirectors"]):
+ modules_ids.insert(len(modules_ids),(c["id"]+"-"+str(i+1)+"/"+c["module"]))
+ modules_ids.insert(len(modules_ids),"all")
+ self.module_hosts_parser.choices = modules_ids
+
+ # Load the playbooks
+ dir_path = "redbaron/data/playbooks"
+ for pb in os.listdir(dir_path):
+ self.playbooks_list.append(pb)
+
+ def do_back(self, arg):
+ """Return to main menu"""
+ return True
+
+ def do_clear(self, arg):
+ """Clears screen"""
+ os.system('clear')
+
+ def do_info(self,mod):
+ """Prints variable table"""
+ if mod:
+ x = PrettyTable()
+ x.title = mod["module"] + "/"+ mod["id"]
+ x.field_names = ["VARIABLE", "VALUE", "REQUIRED", "DESCRITPION"]
+ x.add_row(["id", mod["id"], "N/A", "Module ID"])
+ x.add_row(["hosts", mod["hosts"], "yes", "Module to be used"])
+ x.add_row(["playbook", mod["playbook"], "yes", "Playbook to be used"])
+ x.align["DESCRITPION"] = "l"
+ else:
+ x = PrettyTable()
+ x.title = 'Ansible module'
+ x.field_names = ["VARIABLE", "VALUE", "REQUIRED", "DESCRITPION"]
+ x.add_row(["id", self.mod["id"], "N/A", "Module ID"])
+ x.add_row(["hosts", self.mod["hosts"], "yes", "Module to be used"])
+ x.add_row(["playbook", self.mod["playbook"], "yes", "Playbook to be used"])
+ x.align["DESCRITPION"] = "l"
+ print(x)
+
+ # set command
+ # create the top-level parser for the set command
+ set_parser = argparse.ArgumentParser(prog='set')
+ set_subparsers = set_parser.add_subparsers(title='set-commands', help='Sets the variables of the module')
+
+ # create the parser for the "hosts" sub-command
+ parser_hosts = set_subparsers.add_parser('hosts', help='hosts to be used')
+ module_hosts_parser = parser_hosts.add_argument('hosts',nargs="+", type=str, help='example : [set hosts ]')
+
+ parser_playbook = set_subparsers.add_parser('playbook', help='playbook to be used')
+ parser_playbook.add_argument('playbook', type=str,choices=playbooks_list, help='example : [set playbook ]')
+
+ def set_mod(self, arg):
+ """Sets the hosts variable"""
+ if 'all' in arg.hosts:
+ for c in campaign_list:
+ if c["module"] != "dns_record" and c["module"] != "letsencrypt" and c["module"] != "godaddy" and c["module"] != "ansible":
+ self.mod["hosts"].insert(len(self.mod["hosts"]),(c["id"]+"/"+c["module"]))
+ for i in range(c["redirectors"]):
+ self.mod["hosts"].insert(len(self.mod["hosts"]),(c["id"]+"-"+str(i+1)+"/"+c["module"]))
+ else:
+ self.mod["hosts"]= arg.hosts
+
+ def set_playbook(self, arg):
+ """Sets the =playbook variable"""
+ self.mod["playbook"]= arg.playbook
+
+ #Set handler functions for the sub-commands
+ parser_hosts.set_defaults(func=set_mod)
+ parser_playbook.set_defaults(func=set_playbook)
+
+ @cmd2.with_argparser(set_parser)
+ def do_set(self, args):
+ """Set the variables for the module"""
+ func = getattr(args, 'func', None)
+ if func is not None:
+ # Call whatever sub-command function was selected
+ func(self, args)
+ else:
+ # No sub-command was provided, so call help
+ self.do_help('help')
+
+ def do_add(self,args):
+ """Adds c2 module to the project """
+ global module
+ module = self.mod
+ if self.mod["hosts"]:
+ module = self.mod
+ return True
+ else:
+ print("The hosts can not be None!")
+ if self.mod["playbook"]:
+ module = self.mod
+ return True
+ else:
+ print("The playbook can not be None!")
+
+ # Command categories
+ CMD_CAT_GENERAL = 'General (type help )'
+ CMD_CAT_MODULE = 'Module (type help )'
+
+ cmd2.categorize((do_add,do_set), CMD_CAT_MODULE)
+ cmd2.categorize(do_info, CMD_CAT_GENERAL)
+
+def randomString(stringLength=6):
+ """Generate a random string of fixed length """
+ letters = string.ascii_uppercase
+ return ''.join(random.choice(letters) for i in range(stringLength))
diff --git a/modules/c2.py b/modules/c2.py
index 1b84e10..34f09aa 100644
--- a/modules/c2.py
+++ b/modules/c2.py
@@ -12,7 +12,7 @@
class main(list):
"""Main function to initialize variables and calls the cmd2 package for the c2 module """
- def __init__(self,campaign,mod):
+ def __init__(self,campaign,mod,project_id):
global campaign_list
campaign_list = campaign
@@ -22,9 +22,7 @@ def __init__(self,campaign,mod):
# Call cmd_main class
i = cmd_main()
- i.prompt = cmd2.ansi.style("Overlord", fg='red', bg='', bold=True, underline=False) + \
- cmd2.ansi.style("/c2", fg='blue', bg='',
- bold=True, underline=False) + "$> "
+ i.prompt = "(" + cmd2.ansi.style("Overlord", fg='red', bg='',bold=True, underline=False) + " : " + cmd2.ansi.style( project_id, fg='bright_black', bg='',bold=True, underline=False) + cmd2.ansi.style("/c2", fg='blue', bg='',bold=True, underline=False) +")" +"$> "
i.cmdloop()
def hide_cmd2_modules(self):
@@ -51,7 +49,7 @@ class cmd_main(cmd2.Cmd):
type_list = ["http","dns"]
providers_list = []
size_list = []
-
+ distros_list = []
def __init__(self):
super().__init__()
@@ -73,7 +71,12 @@ def __init__(self):
self.module_regions_parser.choices = self.available_regions_list
self.size_list = config[prov]["size"]
self.module_size_parser.choices = self.size_list
-
+ self.distros_list = config["distros"]
+ self.module_distro_parser.choices = config[prov]["supported_distros"]
+ if self.mod["provider"] == "aws":
+ self.mod["ami"] = config["aws"]["amis"][self.mod["region"]+"-"+self.mod["distro"]]
+ else:
+ self.mod["ami"] = ""
else:
print("The config/config.json file does not exists! Exiting...")
return True
@@ -98,7 +101,6 @@ def do_clear(self, arg):
def do_info(self,mod):
"""Prints variable table"""
- #TODO Future update take descriptions from a file
if mod :
x = PrettyTable()
x.title = mod["module"] + "/" +mod["id"]
@@ -106,6 +108,7 @@ def do_info(self,mod):
x.add_row(["id", mod["id"], "N/A", "Module ID"])
x.add_row(["type", mod["type"], "yes", "Type of c2 Accepted values are: HTTP/DNS."])
x.add_row(["provider", mod["provider"], "yes", "Provider to be used "])
+ x.add_row(["distro", mod["distro"], "yes", "Distro to be used"])
x.add_row(["region",mod["region"] , "yes", "Regions to create Droplet in."])
x.add_row(["size",mod["size"] , "yes", "Droplet size to launch. "])
x.add_row(["redirectors",mod["redirectors"] , "yes", "Number of redirectors to launch for each c2."])
@@ -118,6 +121,7 @@ def do_info(self,mod):
x.add_row(["id", self.mod["id"], "N/A", "Module ID"])
x.add_row(["type", self.mod["type"], "yes", "Type of c2 Accepted values are: HTTP/DNS."])
x.add_row(["provider", self.mod["provider"], "yes", "Provider to be used "])
+ x.add_row(["distro", self.mod["distro"], "yes", "Distro to be used"])
x.add_row(["region",self.mod["region"] , "yes", "Regions to create Droplet in."])
x.add_row(["size",self.mod["size"] , "yes", "Droplet size to launch"])
x.add_row(["redirectors",self.mod["redirectors"] , "yes", "Number of redirectors to launch for each c2. "])
@@ -154,6 +158,10 @@ def do_info(self,mod):
parser_size = set_subparsers.add_parser('size', help='Size of the droplet.')
module_size_parser = parser_size.add_argument('size', type=str, help='example: [ set size ] ')
+ # create the parser for the "distro" sub-command
+ parser_distro = set_subparsers.add_parser('distro', help='Distro to be used ')
+ module_distro_parser = parser_distro.add_argument('distro',choices=distros_list, type=str, help='example: [ set distro ]')
+
def set_region(self, arg):
"""Sets the region variable"""
self.mod["region"]= arg.region
@@ -189,10 +197,16 @@ def set_provider(self, arg):
if self.mod["provider"] == prov:
self.available_regions_list = config[prov]["regions"]
self.module_regions_parser.choices = self.available_regions_list
+ self.mod["distro"] = "debian" # It must always defaults to debian (digital-ocean does not support kali)
+ self.module_distro_parser.choices = config[prov]["supported_distros"]
self.size_list = config[prov]["size"]
self.module_size_parser.choices = self.size_list
self.mod["region"] = config[prov]["default_region"]
self.mod["size"] = config[prov]["default_size"]
+ if self.mod["provider"] == "aws":
+ self.mod["ami"] = config["aws"]["amis"][self.mod["region"]+"-"+self.mod["distro"]]
+ else:
+ self.mod["ami"] = ""
def set_tools(self, arg):
"""Sets the tools variable"""
@@ -201,7 +215,20 @@ def set_tools(self, arg):
def set_size(self, arg):
"""Sets the size variable"""
self.mod["size"]= arg.size
-
+
+ def set_distro(self, arg):
+ """Sets the distro variable"""
+ self.mod["distro"] = arg.distro
+ #checks if provider is aws to load correct ami
+ if self.mod["provider"] == "aws":
+ dir_path = "config"
+ if os.path.exists(dir_path+"/config.json"):
+ with open(dir_path+'/config.json', 'r') as filehandle:
+ config = json.load(filehandle)
+ self.mod["ami"] = config["aws"]["amis"][self.mod["region"]+"-"+self.mod["distro"]]
+ else:
+ self.mod["ami"] = ""
+
#Set handler functions for the sub-commands
parser_size.set_defaults(func=set_size)
parser_region.set_defaults(func=set_region)
@@ -209,6 +236,7 @@ def set_size(self, arg):
parser_type.set_defaults(func=set_type)
parser_provider.set_defaults(func=set_provider)
parser_tools.set_defaults(func=set_tools)
+ parser_distro.set_defaults(func=set_distro)
@cmd2.with_argparser(set_parser)
def do_set(self, args):
diff --git a/modules/create.py b/modules/create.py
index 5a93bf2..a515a73 100644
--- a/modules/create.py
+++ b/modules/create.py
@@ -1,3 +1,4 @@
+import cmd2
import sys
import os
sys.path.insert(0, 'modules/providers')
@@ -37,61 +38,65 @@ def creation(self):
f.write(self.create_general())
f.write(self.create_dns_names())
+ aws_exception = False
# Check if AWS is used
for c in self.campaign:
- if c["module"] != "letsencrypt" and c["module"] != "godaddy":
+ if c["module"] != "letsencrypt" and c["module"] != "godaddy" and c["module"] != "ansible":
if c["provider"] == "aws":
- self.variables["aws_region"] = c["region"]
- f.write(self.create_aws_vpc())
- break
-
- for c in self.campaign:
- if c["module"] == "c2":
- f.write(self.create_c2(c))
- if c["module"] == "redirector":
- f.write(self.create_redirector(c))
- if c["module"] == "webserver":
- f.write(self.create_webserver(c))
- if c["module"] == "gophish":
- f.write(self.create_gophish(c))
- if c["module"] == "mail":
- if not os.path.exists(f"""projects/{self.project_id}/{c["id"]}/"""):
- alphabet = string.ascii_letters + string.digits
- password = ''.join(secrets.choice(alphabet) for i in range(20))
- os.system(f"""mkdir -p projects/{self.project_id}/{c["id"]}/""")
- os.system(f"""cp redbaron/data/scripts/iredmail.sh projects/{self.project_id}/{c["id"]}/iredmail.sh""")
- os.system(f"""sed -i 's/domain-to-change.com/{c["domain_name"]}/g' projects/{self.project_id}/{c["id"]}/iredmail.sh""")
- os.system(f"""sed -i 's/changeme!/{password}/g' projects/{self.project_id}/{c["id"]}/iredmail.sh""")
- f.write(self.create_mail(c))
- if c["module"] == "dns_record":
- f.write(self.create_dns_records_type(c))
- if c["module"] == "letsencrypt":
- f.write(self.create_cert(c))
- if c["module"] == "godaddy":
- f.write(self.redirect_ns(c))
- # if c["module"] == "firewall":
- # f.write(self.create_firewall(c))
- f.close
-
- #Create the variables.tf file:
- q.write(self.create_variables())
+ try:
+ self.variables["aws_region"] = c["region"]
+ f.write(self.create_aws_vpc())
+ break
+ except:
+ print ("At least one AWS module should be used in the dependent modules!")
+ aws_exception = True
+ break
+
+ if not aws_exception:
+ for c in self.campaign:
+ if c["module"] == "c2":
+ f.write(self.create_c2(c))
+ if c["module"] == "redirector":
+ f.write(self.create_redirector(c))
+ if c["module"] == "webserver":
+ f.write(self.create_webserver(c))
+ if c["module"] == "gophish":
+ f.write(self.create_gophish(c))
+ if c["module"] == "mail":
+ if not os.path.exists(f"""projects/{self.project_id}/{c["id"]}/"""):
+ alphabet = string.ascii_letters + string.digits
+ password = ''.join(secrets.choice(alphabet) for i in range(20))
+ os.system(f"""mkdir -p projects/{self.project_id}/{c["id"]}/""")
+ os.system(f"""touch projects/{self.project_id}/{c["id"]}/iredmailpass.txt""")
+ os.system(f"""cd projects/{self.project_id}/{c["id"]}/ && echo {password} > iredmailpass.txt""")
+ os.system(f"""cp redbaron/data/scripts/iredmail.sh projects/{self.project_id}/{c["id"]}/iredmail.sh""")
+ os.system(f"""sed -i 's/domain-to-change.com/{c["domain_name"]}/g' projects/{self.project_id}/{c["id"]}/iredmail.sh""")
+ os.system(f"""sed -i 's/changeme!/{password}/g' projects/{self.project_id}/{c["id"]}/iredmail.sh""")
+ f.write(self.create_mail(c))
+ if c["module"] == "dns_record":
+ f.write(self.create_dns_records_type(c))
+ if c["module"] == "letsencrypt":
+ f.write(self.create_cert(c))
+ if c["module"] == "godaddy":
+ f.write(self.redirect_ns(c))
+ if c["module"] == "ansible":
+ f.write(self.create_ansible(c))
+ # if c["module"] == "firewall":
+ # f.write(self.create_firewall(c))
+ f.close
+
+ #Create the variables.tf file:
+ q.write(self.create_variables())
+
+ proj = cmd2.ansi.style(self.project_id, fg='blue', bg='',bold=True, underline=False)
+ notification = cmd2.ansi.style("***", fg='red', bg='',bold=True, underline=False)
+ print(f"""\n{notification} The terrafrom files for the project with ID {proj} have been created {notification}\n""")
def categorize_domains(self):
self.do_domains =[]
self.aws_domains =[]
- #OLD
- # for camp in self.campaign:
- # if camp["module"] == "dns_record":
- # if camp["type"] == "A" and (camp["name"] == "@" or camp["name"] == ""):
- # if camp["provider"] == "digitalocean":
- # for k in camp["records"].keys():
- # self.do_domains.append(k)
- # elif camp["provider"] == "aws":
- # for k in camp["records"].keys():
- # self.aws_domains.append(k)
-
for camp in self.campaign:
if camp["module"] == "dns_record":
if camp["provider"] == "digitalocean":
@@ -119,24 +124,24 @@ def create_variables(self):
domain_string_do = ', '.join('"{0}"'.format(d) for d in self.do_domains)
output=f"""
variable "domain" {{
-type = "list"
+type = list
default = [{domain_string}]
}}\n"""
if len(self.aws_domains ) != 0:
output= output + f"""
variable "aws_domain" {{
-type = "list"
+type = list
default = [{domain_string_aws}]
}}\n"""
if len(self.do_domains ) != 0:
output= output + f"""
variable "do_domain" {{
-type = "list"
+type = list
default = [{domain_string_do}]
}}\n"""
# Check if digitalocean is used.
for c in self.campaign:
- if c["module"] != "letsencrypt":
+ if c["module"] != "letsencrypt" and c["module"] != "ansible":
if c["provider"] == "digitalocean":
output = output +f"""
variable "do_token" {{
@@ -145,7 +150,7 @@ def create_variables(self):
break
# Check if aws is used.
for c in self.campaign:
- if c["module"] != "letsencrypt":
+ if c["module"] != "letsencrypt" and c["module"] != "ansible":
if c["provider"] == "aws":
output = output +f"""
variable "aws_key" {{
@@ -178,33 +183,29 @@ def create_variables(self):
def create_general(self):
output ="""
-terraform {
- required_version = ">= 0.11.0"
-}
-
###################################################################################################################
# Providers #
###################################################################################################################
"""
# Check if digitalocean is used.
for c in self.campaign:
- if c["module"] != "letsencrypt":
+ if c["module"] != "letsencrypt" and c["module"] != "ansible":
if c["provider"] == "digitalocean":
output = output +"""
provider "digitalocean" {
- token = "${var.do_token}"
+ token = var.do_token
}"""
break
# Check if aws is used.
for c in self.campaign:
- if c["module"] != "letsencrypt":
+ if c["module"] != "letsencrypt" and c["module"] != "ansible":
if c["provider"] == "aws":
output = output +"""
provider "aws" {
- region = "${var.aws_region}"
- access_key = "${var.aws_key}"
- secret_key = "${var.aws_secret}"
+ region = var.aws_region
+ access_key = var.aws_key
+ secret_key = var.aws_secret
}
"""
break
@@ -212,8 +213,8 @@ def create_general(self):
if c["module"] == "godaddy":
output = output +"""
provider "godaddy" {
- key = "${var.godaddy_key}"
- secret = "${var.godaddy_secret}"
+ key = var.godaddy_key
+ secret = var.godaddy_secret
}
"""
break
@@ -238,7 +239,7 @@ def redirect_ns(self,c):
module "redirect_ns_{c["id"]}"{{
source = "../../redbaron/modules/godaddy/redirect-nameservers"
domain = "{c["domain"]}"
- nameservers = ["${{module.public_zone.name_servers[{public_zone}]}}"]
+ nameservers = module.public_zone.name_servers[{public_zone}]
}}
"""
return output
@@ -281,16 +282,6 @@ def create_gophish(self,c):
output = aws.main.gophish(c)
return output
- ####################################################################################
- # firewall
- ####################################################################################
- # def create_firewall(self,c):
- # if c["provider"] == "digitalocean":
- # output = digitalocean.main.firewall(c)
- # elif c["provider"] == "aws":
- # output = aws.main.firewall(c)
- # return output
-
####################################################################################
# DNS_NAMES
####################################################################################
@@ -314,11 +305,11 @@ def create_cert(self,c):
output=f"""
module "create_cert_{c["id"]}" {{
source = "../../redbaron/modules/letsencrypt/digitalocean/create-cert-dns-gophish-do"
- provider_name ="digitalocean"
+ provider_name = "digitalocean"
server_url = "production" #"staging" #"production" #(change this for live)
domain = "{c["domain_name"]}"
- do_token ="${{var.do_token}}"
- phishing_server_ip = "${{module.{camp["module"]}_{camp["id"]}.ips[0]}}"
+ do_token = var.do_token
+ phishing_server_ip = module.{camp["module"]}_{camp["id"]}.ips[0][0]
}}
"""
elif camp["module"] == "webserver":
@@ -326,18 +317,27 @@ def create_cert(self,c):
module "create_cert_{c["id"]}" {{
source = "../../redbaron/modules/letsencrypt/digitalocean/create-cert-webserver-do"
domain = "{c["domain_name"]}"
- phishing_server_ip = "${{module.{camp["module"]}_{camp["id"]}.ips[0]}}"
+ phishing_server_ip = module.{camp["module"]}_{camp["id"]}.ips[0][0]
}}
"""
- elif camp["module"] == "c2":
+ elif camp["module"] == "c2" or ():
output=f"""
module "create_cert_{c["id"]}" {{
source = "../../redbaron/modules/letsencrypt/digitalocean/create-cert-dns-do"
- provider_name ="digitalocean"
+ provider_name = "digitalocean"
server_url = "production" #"staging" #"production" #(change this for live)
domain = "{c["domain_name"]}"
- do_token ="${{var.do_token}}"
-# phishing_server_ip = "${{module.{camp["module"]}_rdir_{camp["id"]}.ips[{str(int(c["mod_id"].split('-')[1])-1)}]}}"
+ do_token = var.do_token
+}}
+"""
+ elif camp["module"] == "redirector" and camp["redirector_id"] == "localhost" :
+ output=f"""
+module "create_cert_{c["id"]}" {{
+ source = "../../redbaron/modules/letsencrypt/digitalocean/create-cert-dns-do"
+ provider_name = "digitalocean"
+ server_url = "production" #"staging" #"production" #(change this for live)
+ domain = "{c["domain_name"]}"
+ do_token = var.do_token
}}
"""
@@ -352,14 +352,13 @@ def create_cert(self,c):
output=f"""
module "create_cert_{c["id"]}" {{
source = "../../redbaron/modules/letsencrypt/aws/create-cert-dns-gophish-aws"
- provider_name ="aws"
domain = "{c["domain_name"]}"
- aws_key = "${{var.aws_key}}"
- aws_secret = "${{var.aws_secret}}"
+ aws_key = var.aws_key
+ aws_secret = var.aws_secret
region = "eu-west-1"
zone = "${{module.public_zone.public_zones_ids[{public_zone}]}}"
server_url = "production"
- phishing_server_ip = "${{module.{camp["module"]}_{camp["id"]}.ips[0]}}"
+ phishing_server_ip = module.{camp["module"]}_{camp["id"]}.ips[0][0]
}}
"""
elif camp["module"] == "webserver":
@@ -367,18 +366,29 @@ def create_cert(self,c):
module "create_cert_{c["id"]}" {{
source = "../../redbaron/modules/letsencrypt/aws/create-cert-webserver-aws"
domain = "{c["domain_name"]}"
- phishing_server_ip = "${{module.{camp["module"]}_{camp["id"]}.ips[0]}}"
+ phishing_server_ip = module.{camp["module"]}_{camp["id"]}.ips[0][0]
}}
"""
elif camp["module"] == "c2":
output=f"""
module "create_cert_{c["id"]}" {{
source = "../../redbaron/modules/letsencrypt/aws/create-cert-dns-aws"
- provider_name ="aws"
server_url = "production" #"staging" #"production" #(change this for live)
domain = "{c["domain_name"]}"
- aws_key = "${{var.aws_key}}"
- aws_secret = "${{var.aws_secret}}"
+ aws_key = var.aws_key
+ aws_secret = var.aws_secret
+ region = "eu-west-1"
+ zone = "${{module.public_zone.public_zones_ids[{public_zone}]}}"
+}}
+"""
+ elif camp["module"] == "redirector" and camp["redirector_id"] == "localhost" :
+ output=f"""
+module "create_cert_{c["id"]}" {{
+ source = "../../redbaron/modules/letsencrypt/aws/create-cert-dns-aws"
+ server_url = "production" #"staging" #"production" #(change this for live)
+ domain = "{c["domain_name"]}"
+ aws_key = var.aws_key
+ aws_secret = var.aws_secret
region = "eu-west-1"
zone = "${{module.public_zone.public_zones_ids[{public_zone}]}}"
}}
@@ -399,37 +409,58 @@ def create_dns_records_type(self,c):
if len(value.split('-')) > 1:
for camp in self.campaign:
if camp["id"] == value.split('-')[0]:
- record = f""" "{key}" = "${{module.{camp["module"]}_rdir_{value.split('-')[0]}.ips[{str(int(value.split('-',1)[1])-1)}]}}" """
+ record = f""" "{key}" = module.{camp["module"]}_rdir_{value.split('-')[0]}.ips[0][{str(int(value.split('-',1)[1])-1)}]"""
break
else:
for camp in self.campaign:
if camp["id"] == value:
- record = f""" "{key}" = "${{module.{camp["module"]}_{value}.ips[0]}}" """
+ record = f""" "{key}" = module.{camp["module"]}_{value}.ips[0][0] """
break
if c["type"] == "MX" or c["type"] == "TXT":
record = f""" "{key}" = "{value}" """
-
- output = digitalocean.main.dns_records_type(c,record)
+
+ godaddy_id = ""
+ for camp in self.campaign:
+ if camp["module"] == "godaddy" and camp["provider"] == "digitalocean":
+ if camp["domain"] == key:
+ godaddy_id= camp["id"]
+
+ output = digitalocean.main.dns_records_type(c,record,self.do_domains,godaddy_id)
return output
elif c["provider"] == "aws":
if c["type"] == "A":
if len(value.split('-')) > 1:
for camp in self.campaign:
- if camp["id"] == value.split('-')[0]:
- record = f""" "{key}" = "${{module.{camp["module"]}_rdir_{value.split('-')[0]}.ips[{str(int(value.split('-',1)[1])-1)}]}}" """
+ if camp["id"] == value.split('-')[0]: #TODO - AWS does not work with more than one redirectors
+ record = f""" "{key}" = module.{camp["module"]}_rdir_{value.split('-')[0]}.ips[{str(int(value.split('-',1)[1])-1)}] """
break
else:
for camp in self.campaign:
if camp["id"] == value:
- record = f""" "{key}" = "${{module.{camp["module"]}_{value}.ips[0]}}" """
+ record = f""" "{key}" = module.{camp["module"]}_{value}.ips[0] """
break
value = self.aws_domains.index(key)
- output = aws.main.dns_records_type(c,record,value)
+
+ #Godaddy dependancy
+ godaddy_aws_id = ""
+ for camp in self.campaign:
+ if camp["module"] == "godaddy" and camp["provider"] == "aws":
+ if camp["domain"] == key:
+ godaddy_aws_id = camp["id"]
+
+ output = aws.main.dns_records_type(c,record,value,godaddy_aws_id,self.aws_domains)
return output
if c["type"] == "MX":
- record = f""" "{key}" = "{c["priority"]} {value}" """
+ record = f""" "{key}" = ["{c["priority"]} {value}"] """
value = self.aws_domains.index(key)
- output = aws.main.dns_records_type(c,record,value)
+ #Godaddy dependancy
+ godaddy_aws_id = ""
+ for camp in self.campaign:
+ if camp["module"] == "godaddy" and camp["provider"] == "aws":
+ if camp["domain"] == key:
+ godaddy_aws_id = camp["id"]
+
+ output = aws.main.dns_records_type(c,record,value,godaddy_aws_id,self.aws_domains)
return output
if c["type"] == "TXT":
txt_rec_list = []
@@ -444,11 +475,18 @@ def create_dns_records_type(self,c):
txt_rec_list[self.aws_domains.index(key)] = txt_rec_list[self.aws_domains.index(key)] +" , \""+value +"\""
#Replace 3 fist characters in the list
+ #Godaddy dependancy
+ godaddy_aws_id = ""
+ for camp in self.campaign:
+ if camp["module"] == "godaddy" and camp["provider"] == "aws":
+ if camp["domain"] == key:
+ godaddy_aws_id = camp["id"]
output = ""
+
for idx,t in enumerate(txt_rec_list):
if len(t) != 0:
txt_rec_list[idx] = t[3:]
- output = output + aws.main.dns_records_type_txt(txt_rec_list[idx],idx)
+ output = output + aws.main.dns_records_type_txt(txt_rec_list[idx],idx,godaddy_aws_id,self.aws_domains)
return output
else:
return output
@@ -465,10 +503,10 @@ def create_mail(self,c):
for camp in self.campaign:
if camp["id"] in i:
if "-" in i:
- my_nets.insert(len(my_nets),('${module.'+camp["module"]+"_"+"rdir_"+camp["id"]+".ips["+str(int(i.split('-')[1])-1)+"]}"))
+ my_nets.insert(len(my_nets),('${module.'+camp["module"]+"_"+"rdir_"+camp["id"]+".ips[0]["+str(int(i.split('-')[1])-1)+"]}"))
break
else:
- my_nets.insert(len(my_nets),('${module.'+camp["module"]+"_"+camp["id"]+".ips[0]}"))
+ my_nets.insert(len(my_nets),('${module.'+camp["module"]+"_"+camp["id"]+".ips[0][0]}"))
break
my_nets_1 = ' '.join("{0}".format(s) for s in my_nets)
my_nets_2 = ', '.join("'{0}'".format(s) for s in my_nets)
@@ -479,3 +517,49 @@ def create_mail(self,c):
elif c["provider"] == "aws":
output = aws.main.mail(c,my_nets_1,my_nets_2,my_nets_3,self.project_id)
return output
+ ####################################################################################
+ # Ansible:
+ ####################################################################################
+ def create_ansible(self,c):
+ output = ""
+ user = "root"
+ for host in c["hosts"]:
+ if "-" in host:
+ for mod in self.campaign:
+ if mod["id"] == host.split("/")[0].split("-")[0]:
+ if mod["provider"] == "aws":
+ user = "admin"
+ elif mod["provider"] == "digitalocean":
+ user = "root"
+ output += f"""
+module "ansible_{host.split("/")[0]}_{c["id"]}" {{
+source = "../../redbaron/modules/ansible"
+user = "{user}"
+ip = module.{host.split("/")[1]}_rdir_{host.split("/")[0].split("-")[0]}.ips[0][{int(host.split("/")[0].split("-")[1]) - 1}]
+playbook = "../../redbaron/data/playbooks/{c["playbook"]}"
+}}
+"""
+ else:
+ for mod in self.campaign:
+ if mod["id"] == host.split("/")[0]:
+ if mod["provider"] == "aws":
+ if mod["module"] != "c2": # Support for other providers only on c2 at the moment
+ user = "admin"
+ elif mod["distro"] == "debian":
+ user = "admin"
+ elif mod["distro"] == "kali":
+ user = "ec2-user"
+ elif mod["distro"] == "ubuntu":
+ user = "ubuntu"
+ elif mod["provider"] == "digitalocean":
+ user = "root"
+
+ output += f"""
+module "ansible_{host.split("/")[0]}_{c["id"]}" {{
+source = "../../redbaron/modules/ansible"
+user = "{user}"
+ip = module.{host.split("/")[1]}_{host.split("/")[0]}.ips[0][0]
+playbook = "../../redbaron/data/playbooks/{c["playbook"]}"
+}}
+"""
+ return output
diff --git a/modules/dns_records.py b/modules/dns_records.py
index d5ebd21..f21b604 100644
--- a/modules/dns_records.py
+++ b/modules/dns_records.py
@@ -14,7 +14,7 @@
class main(list):
"""Main function to initialize variables and calls the cmd2 package for the dns_records module """
- def __init__(self,domains,campaign,mod):
+ def __init__(self,domains,campaign,mod,project_id):
global domain_names
global campaign_list
global module
@@ -26,9 +26,7 @@ def __init__(self,domains,campaign,mod):
# Call cmd_main class
i = cmd_main()
- i.prompt = cmd2.ansi.style("Overlord", fg='red', bg='', bold=True, underline=False) + \
- cmd2.ansi.style("/dns_records", fg='blue', bg='',
- bold=True, underline=False) + "$> "
+ i.prompt = "(" + cmd2.ansi.style("Overlord", fg='red', bg='',bold=True, underline=False) + " : " + cmd2.ansi.style( project_id, fg='bright_black', bg='',bold=True, underline=False) + cmd2.ansi.style("/dns_records", fg='blue', bg='',bold=True, underline=False) +")" +"$> "
i.cmdloop()
def hide_cmd2_modules(self):
@@ -49,7 +47,7 @@ class cmd_main(cmd2.Cmd):
"""cmd2 instance for dns_records module"""
providers_list = []
- types_list = ["A","MX","TXT"] #["AAAA", "CAA", "CNAME", "MX", "NAPTR", "NS", "PTR", "SOA", "SPF", "SRV"]
+ types_list = ["A","MX","TXT"]
values_list = ["v=DMARC1; p=none; sp=none;","v=spf1 mx -all"]
# The mod dictionary for the dns_records module
mod ={}
@@ -84,7 +82,7 @@ def __init__(self):
# Create list with modules id
modules_ids = []
for c in campaign_list:
- if c["module"] != "dns_record" and c["module"] != "letsencrypt" and c["module"] != "godaddy":
+ if c["module"] != "dns_record" and c["module"] != "letsencrypt" and c["module"] != "godaddy" and c["module"] != "ansible":
if c["module"] == "mail" or c["module"] == "redirector":
modules_ids.insert(len(modules_ids),(c["id"]+"/"+c["module"]))
else:
@@ -174,7 +172,7 @@ def set_type(self, arg):
self.module_recrod_parser.choices = modules_ids
else:
for c in campaign_list:
- if c["module"] != "dns_record" and c["module"] != "letsencrypt" and c["module"] != "redirector" and c["module"] != "godaddy":
+ if c["module"] != "dns_record" and c["module"] != "letsencrypt" and c["module"] != "redirector" and c["module"] != "godaddy" and c["module"] != "ansible":
if c["module"] == "mail":
modules_ids.insert(len(modules_ids),(c["id"]+"/"+c["module"]))
else:
@@ -205,15 +203,17 @@ def set_provider(self, arg):
if arg.provider == "aws":
for c in campaign_list:
- if c["provider"] == "aws":
- aws_flag = True
+ if c["module"] != "ansible":
+ if c["provider"] == "aws":
+ aws_flag = True
if not aws_flag:
print("No aws module was set! Returing without setting the value")
return
if arg.provider == "digitalocean":
for c in campaign_list:
- if c["provider"] == "digitalocean":
- do_flag = True
+ if c["module"] != "ansible":
+ if c["provider"] == "digitalocean":
+ do_flag = True
if not do_flag:
print("No digitalocean module was set! Returing without setting the value")
return
@@ -294,9 +294,10 @@ def do_add(self,args):
print("The variable records can not be None!")
elif self.mod["provider"] == "digitalocean":
for c in campaign_list:
- if c["provider"] == "digitalocean":
- do_flag = True
- break
+ if c["module"] != "ansible":
+ if c["provider"] == "digitalocean":
+ do_flag = True
+ break
if not do_flag:
print("No digitalocean module was set!")
else:
@@ -304,9 +305,10 @@ def do_add(self,args):
return True
elif self.mod["provider"] == "aws":
for c in campaign_list:
- if c["provider"] == "aws":
- aws_flag = True
- break
+ if c["module"] != "ansible":
+ if c["provider"] == "aws":
+ aws_flag = True
+ break
if not aws_flag:
print("No aws module was set!")
else:
diff --git a/modules/firewall.py b/modules/firewall.py
index e4fd765..7a7d3e5 100644
--- a/modules/firewall.py
+++ b/modules/firewall.py
@@ -12,7 +12,7 @@
class main(list):
"""Main function to initialize variables and calls the cmd2 package for the godaddy module """
- def __init__(self,campaign,mod):
+ def __init__(self,campaign,mod,project_id):
global campaign_list
campaign_list = campaign
@@ -22,9 +22,7 @@ def __init__(self,campaign,mod):
# Call cmd_main class
i = cmd_main()
- i.prompt = cmd2.ansi.style("Overlord", fg='red', bg='', bold=True, underline=False) + \
- cmd2.ansi.style("/firewall", fg='blue', bg='',
- bold=True, underline=False) + "$> "
+ i.prompt = "(" + cmd2.ansi.style("Overlord", fg='red', bg='',bold=True, underline=False) + " : " + cmd2.ansi.style( project_id, fg='bright_black', bg='',bold=True, underline=False) + cmd2.ansi.style("/firewall", fg='blue', bg='',bold=True, underline=False) +")" +"$> "
i.cmdloop()
def hide_cmd2_modules(self):
diff --git a/modules/godaddy.py b/modules/godaddy.py
index b2e5449..19220e8 100644
--- a/modules/godaddy.py
+++ b/modules/godaddy.py
@@ -12,7 +12,7 @@
domain_list =[]
class main(list):
"""Main function to initialize variables and calls the cmd2 package for the godaddy module """
- def __init__(self,campaign,domains,mod):
+ def __init__(self,campaign,domains,mod,project_id):
global campaign_list
campaign_list = campaign
global domain_list
@@ -23,9 +23,7 @@ def __init__(self,campaign,domains,mod):
# Call cmd_main class
i = cmd_main()
- i.prompt = cmd2.ansi.style("Overlord", fg='red', bg='', bold=True, underline=False) + \
- cmd2.ansi.style("/godaddy", fg='blue', bg='',
- bold=True, underline=False) + "$> "
+ i.prompt = "(" + cmd2.ansi.style("Overlord", fg='red', bg='',bold=True, underline=False) + " : " + cmd2.ansi.style( project_id, fg='bright_black', bg='',bold=True, underline=False) + cmd2.ansi.style("/godaddy", fg='blue', bg='',bold=True, underline=False) +")" +"$> "
i.cmdloop()
def hide_cmd2_modules(self):
@@ -62,7 +60,6 @@ def __init__(self):
config = json.load(filehandle)
self.mod = config["mod_godaddy"]
self.providers_list = config["providers_list"]
- self.module_provider_parser.choices = self.providers_list
self.module_domain_parser.choices = domain_list
else:
@@ -92,7 +89,7 @@ def do_info(self,mod):
x.title = mod["module"] + "/"+ mod["id"]
x.field_names = ["VARIABLE", "VALUE", "REQUIRED", "DESCRITPION"]
x.add_row(["id", mod["id"], "N/A", "Module ID"])
- x.add_row(["provider", mod["provider"], "yes", "Provider to be used"])
+ x.add_row(["provider", mod["provider"], "N/A", "Autoloaded from domain"])
x.add_row(["domain", mod["domain"], "yes", "Domain to be used"])
x.align["DESCRITPION"] = "l"
else:
@@ -100,7 +97,7 @@ def do_info(self,mod):
x.title = 'Godaddy module'
x.field_names = ["VARIABLE", "VALUE", "REQUIRED", "DESCRITPION"]
x.add_row(["id", self.mod["id"], "N/A", "Module ID"])
- x.add_row(["provider", self.mod["provider"], "yes", "Provider to be used"])
+ x.add_row(["provider", self.mod["provider"], "N/A", "Autoloaded from domain"])
x.add_row(["domain", self.mod["domain"], "yes", "Domain to be used"])
x.align["DESCRITPION"] = "l"
print(x)
@@ -110,24 +107,27 @@ def do_info(self,mod):
set_parser = argparse.ArgumentParser(prog='set')
set_subparsers = set_parser.add_subparsers(title='set-commands', help='Sets the variables of the module')
- # create the parser for the "provider" sub-command
- parser_provider = set_subparsers.add_parser('provider', help='Provider to be used')
- module_provider_parser = parser_provider.add_argument('provider',choices=providers_list, type=str, help='example : [set provider ]')
-
# create the parser for the "domain" sub-command
parser_domain = set_subparsers.add_parser('domain', help='Domain to be used')
module_domain_parser = parser_domain.add_argument('domain',choices=providers_list, type=str, help='example : [set domain ]')
- def set_provider(self, arg):
- """Sets the provider variable"""
- self.mod["provider"]= arg.provider
-
def set_domain(self, arg):
"""Sets the domain variable"""
- self.mod["domain"]= arg.domain
-
+ exception_flag = False
+ for mod in campaign_list:
+ if mod["module"] == "dns_record":
+ if arg.domain == list(mod["records"].keys())[0]:
+ self.mod["domain"]= arg.domain
+ self.mod["provider"]= mod["provider"]
+ exception_flag = False
+ break
+ else:
+ exception_flag = True
+
+ if exception_flag:
+ print ("A DNS record must be set for the specified domain before redirecting the NS!")
+
#Set handler functions for the sub-commands
- parser_provider.set_defaults(func=set_provider)
parser_domain.set_defaults(func=set_domain)
@cmd2.with_argparser(set_parser)
diff --git a/modules/gophish.py b/modules/gophish.py
index 0e49ab6..6fbeabd 100644
--- a/modules/gophish.py
+++ b/modules/gophish.py
@@ -12,7 +12,7 @@
class main(list):
"""Main function to initialize variables and calls the cmd2 package for the gophish module """
- def __init__(self,campaign,mod):
+ def __init__(self,campaign,mod,project_id):
global campaign_list
campaign_list = campaign
@@ -22,9 +22,7 @@ def __init__(self,campaign,mod):
# Call cmd_main class
i = cmd_main()
- i.prompt = cmd2.ansi.style("Overlord", fg='red', bg='', bold=True, underline=False) + \
- cmd2.ansi.style("/gophish", fg='blue', bg='',
- bold=True, underline=False) + "$> "
+ i.prompt = "(" + cmd2.ansi.style("Overlord", fg='red', bg='',bold=True, underline=False) + " : " + cmd2.ansi.style( project_id, fg='bright_black', bg='',bold=True, underline=False) + cmd2.ansi.style("/gophish", fg='blue', bg='',bold=True, underline=False) +")" +"$> "
i.cmdloop()
def hide_cmd2_modules(self):
diff --git a/modules/letsencrypt.py b/modules/letsencrypt.py
index dffe0f5..865e803 100644
--- a/modules/letsencrypt.py
+++ b/modules/letsencrypt.py
@@ -14,7 +14,7 @@
class main(list):
"""Main function to initialize variables and calls the cmd2 package for the letsencrypt module """
- def __init__(self,campaign,mod): #domains
+ def __init__(self,campaign,mod,project_id): #domains
global campaign_list
global module
@@ -25,9 +25,7 @@ def __init__(self,campaign,mod): #domains
# Call cmd_main class
i = cmd_main()
- i.prompt = cmd2.ansi.style("Overlord", fg='red', bg='', bold=True, underline=False) + \
- cmd2.ansi.style("/letsencrypt", fg='blue', bg='',
- bold=True, underline=False) + "$> "
+ i.prompt = "(" + cmd2.ansi.style("Overlord", fg='red', bg='',bold=True, underline=False) + " : " + cmd2.ansi.style( project_id, fg='bright_black', bg='',bold=True, underline=False) + cmd2.ansi.style("/letsencrypt", fg='blue', bg='',bold=True, underline=False) +")" +"$> "
i.cmdloop()
def hide_cmd2_modules(self):
@@ -74,9 +72,6 @@ def __init__(self):
else:
self.mod["id"] = randomString()
- # TODO add functionality for wirldcard certificates:
- # https://medium.com/@saurabh6790/generate-wildcard-ssl-certificate-using-lets-encrypt-certbot-273e432794d7
-
self.domain_list = []
self.record_list = []
for c in campaign_list:
diff --git a/modules/mail_server.py b/modules/mail_server.py
index 862848e..00bbc88 100644
--- a/modules/mail_server.py
+++ b/modules/mail_server.py
@@ -15,7 +15,7 @@
class main(list):
"""Main function to initialize variables and calls the cmd2 package for the mail module """
- def __init__(self,domains,campaign,mod):
+ def __init__(self,domains,campaign,mod,project_id):
global module
global domain_names
global campaign_list
@@ -27,9 +27,7 @@ def __init__(self,domains,campaign,mod):
# Call cmd_main class
i = cmd_main()
- i.prompt = cmd2.ansi.style("Overlord", fg='red', bg='', bold=True, underline=False) + \
- cmd2.ansi.style("/mail", fg='blue', bg='',
- bold=True, underline=False) + "$> "
+ i.prompt = "(" + cmd2.ansi.style("Overlord", fg='red', bg='',bold=True, underline=False) + " : " + cmd2.ansi.style( project_id, fg='bright_black', bg='',bold=True, underline=False) + cmd2.ansi.style("/mail", fg='blue', bg='',bold=True, underline=False) +")" +"$> "
i.cmdloop()
def hide_cmd2_modules(self):
@@ -92,7 +90,7 @@ def __init__(self):
# Create list with modules id
for c in campaign_list:
- if c["module"] != "dns_record" and c["module"] != "letsencrypt" and c["module"] != "mail" and c["module"] != "redirector" and c["module"] != "godaddy":
+ if c["module"] != "dns_record" and c["module"] != "letsencrypt" and c["module"] != "mail" and c["module"] != "redirector" and c["module"] != "godaddy" and c["module"] != "ansible":
modules_ids.insert(len(modules_ids),(c["id"]))
for i in range(c["redirectors"]):
modules_ids.insert(len(modules_ids),(c["id"]+"-"+str(i+1)+"/"+c["module"]))
@@ -204,7 +202,6 @@ def set_provider(self, arg):
self.mod["region"] = config[prov]["default_region"]
self.mod["size"] = config[prov]["default_size"]
-
def set_domain_name(self, arg):
"""Sets the domain_name variable"""
self.mod["domain_name"]= arg.domain_name
diff --git a/modules/providers/aws.py b/modules/providers/aws.py
index b038964..cdea593 100644
--- a/modules/providers/aws.py
+++ b/modules/providers/aws.py
@@ -2,11 +2,45 @@ class main():
#Redirector
def redirector(c):
- output = f"""
+ if c["redirector_id"] == "localhost" and c["type"]== "dns":
+ output = f"""
+module "redirector_{c["id"]}" {{
+ source = "../../redbaron/modules/{c["provider"]}/{c["type"]}-local-rdir"
+ redirect_to = ["localhost"]
+ instance_type = "{c["size"]}"
+ vpc_id = "${{module.create_vpc.vpc_id}}"
+ subnet_id = "${{module.create_vpc.subnet_id}}"
+}}
+output "redirector_{c["id"]}-ips" {{
+ value = "${{module.redirector_{c["id"]}.ips}}"
+}}
+output "{c["id"]}_Run_the_following_command_on_your_internal_HTTP_server" {{
+ value = "\\n\\nsocat tcp4-LISTEN:53,fork udp:localhost:53\\nsudo autossh -M 11166 -i ${{module.redirector_{c["id"]}.ips[0][0]}} -N -R 2222:localhost:53 admin@${{module.redirector_{c["id"]}.ips[0][0]}}\\n"
+}}
+"""
+ elif c["redirector_id"] == "localhost" and c["type"]== "http":
+ output = f"""
+module "redirector_{c["id"]}" {{
+ source = "../../redbaron/modules/{c["provider"]}/{c["type"]}-rdir"
+ redirect_to = ["localhost"]
+ instance_type = "{c["size"]}"
+ vpc_id = "${{module.create_vpc.vpc_id}}"
+ subnet_id = "${{module.create_vpc.subnet_id}}"
+ http-port = 8080
+ https-port = 4443
+}}
+output "redirector_{c["id"]}-ips" {{
+ value = "${{module.redirector_{c["id"]}.ips}}"
+}}
+output "{c["id"]}_Run_the_following_command_on_your_internal_HTTP_server" {{
+ value = "\\n\\nautossh -M 11166 -i ${{module.redirector_{c["id"]}.ips[0][0]}} -N -R 8080:localhost:80 admin@${{module.redirector_{c["id"]}.ips[0][0]}}\\nautossh -M 11166 -i ${{module.redirector_{c["id"]}.ips[0][0]}} -N -R 4443:localhost:443 admin@${{module.redirector_{c["id"]}.ips[0][0]}}\\n"
+}}
+"""
+ else:
+ output = f"""
module "redirector_{c["id"]}" {{
- //counter = 1
source = "../../redbaron/modules/{c["provider"]}/{c["type"]}-rdir"
- redirect_to = "${{module.{c["redirector_id"].split("/")[1]}_{c["redirector_id"].split("/")[0]}.ips}}"
+ redirect_to = flatten("${{module.{c["redirector_id"].split("/")[1]}_{c["redirector_id"].split("/")[0]}.ips}}")
instance_type = "{c["size"]}"
vpc_id = "${{module.create_vpc.vpc_id}}"
subnet_id = "${{module.create_vpc.subnet_id}}"
@@ -20,6 +54,14 @@ def redirector(c):
#C2
def c2(c):
scripts = ', '.join('"../../redbaron/data/scripts/tools/{0}.sh"'.format(s) for s in c["tools"])
+ user = ""
+ if c["distro"] == "kali":
+ user = "ec2-user"
+ elif c["distro"] == "ubuntu":
+ user = "ubuntu"
+ else:
+ user = "admin"
+
if c["redirectors"] > 0:
output = f"""
module "c2_{c["id"]}" {{
@@ -28,12 +70,14 @@ def c2(c):
instance_type = "{c["size"]}"
vpc_id = "${{module.create_vpc.vpc_id}}"
subnet_id = "${{module.create_vpc.subnet_id}}"
+ user = "{user}"
+ amis = {{"{c["region"]}"="{c["ami"]}"}}
}}
module "c2_rdir_{c["id"]}" {{
- //counter = {c["redirectors"]}
source = "../../redbaron/modules/{c["provider"]}/{c["type"]}-rdir"
- redirect_to = "${{module.c2_{c["id"]}.ips}}"
+ counter = {c["redirectors"]}
+ redirect_to = flatten("${{module.c2_{c["id"]}.ips}}")
instance_type = "{c["size"]}"
vpc_id = "${{module.create_vpc.vpc_id}}"
subnet_id = "${{module.create_vpc.subnet_id}}"
@@ -56,6 +100,8 @@ def c2(c):
instance_type = "{c["size"]}"
vpc_id = "${{module.create_vpc.vpc_id}}"
subnet_id = "${{module.create_vpc.subnet_id}}"
+ user = "{user}"
+ amis = {{"{c["region"]}"="{c["ami"]}"}}
}}
output "c2-{c["id"]}-ips" {{
@@ -76,10 +122,10 @@ def webserver(c):
}}
module "webserver_rdir_{c["id"]}" {{
- //counter = {c["redirectors"]}
source = "../../redbaron/modules/{c["provider"]}/http-rdir"
- redirect_to = "${{module.webserver_{c["id"]}.ips}}"
+ redirect_to = flatten("${{module.webserver_{c["id"]}.ips}}")
instance_type = "{c["size"]}"
+ counter = {c["redirectors"]}
vpc_id = "${{module.create_vpc.vpc_id}}"
subnet_id = "${{module.create_vpc.subnet_id}}"
}}
@@ -121,10 +167,10 @@ def gophish(c):
}}
module "gophish_rdir_{c["id"]}" {{
- //counter = {c["redirectors"]}
source = "../../redbaron/modules/{c["provider"]}/http-rdir"
- redirect_to = "${{module.gophish_{c["id"]}.ips}}"
+ redirect_to = flatten("${{module.gophish_{c["id"]}.ips}}")
instance_type = "{c["size"]}"
+ counter = {c["redirectors"]}
vpc_id = "${{module.create_vpc.vpc_id}}"
subnet_id = "${{module.create_vpc.subnet_id}}"
}}
@@ -156,6 +202,11 @@ def gophish(c):
#Mail
def mail(c,my_nets_1,my_nets_2,my_nets_3,project_id):
+ data = ""
+ with open (f"projects/{project_id}/{c['id']}/iredmailpass.txt", "r") as myfile:
+ data = myfile.readlines()
+ data = data[0].strip('\n')
+
output=f"""
module "mail_{c["id"]}" {{
source = "../../redbaron/modules/{c["provider"]}/mail-server"
@@ -169,6 +220,10 @@ def mail(c,my_nets_1,my_nets_2,my_nets_3,project_id):
value = "${{module.mail_{c["id"]}.ips}}"
}}
+output "iRedMail_credentials_{c["id"]}" {{
+ value = "postmaster@{c["domain_name"]}:{data}\\n"
+}}
+
resource "null_resource" "update_iredmail_{c["id"]}" {{
provisioner "remote-exec" {{
@@ -190,10 +245,10 @@ def mail(c,my_nets_1,my_nets_2,my_nets_3,project_id):
]
connection {{
- host = "${{module.mail_{c["id"]}.ips[0]}}"
+ host = module.mail_{c["id"]}.ips[0][0]
type = "ssh"
user = "admin"
- private_key = "${{file("../../redbaron/data/ssh_keys/${{module.mail_{c["id"]}.ips[0]}}")}}"
+ private_key = file("ssh_keys/${{module.mail_{c["id"]}.ips[0][0]}}")
}}
}}
}}
@@ -201,17 +256,57 @@ def mail(c,my_nets_1,my_nets_2,my_nets_3,project_id):
"""
return output
- def dns_records_type(c,record,value):
- output=f"""
+ def dns_records_type(c,record,value,godaddy_id,aws_domains):
+ domain = record.split('"')
+ id_domain = 0
+ for idx,d in enumerate(aws_domains):
+ if domain[1] in aws_domains[idx]:
+ id_domain = idx
+ break
+ if not godaddy_id:
+ if not c["name"]:
+ output=f"""
module "create_dns_record_{c["id"]}" {{
source = "../../redbaron/modules/aws/create-dns-record"
- name = "{c["name"]}"
+ name = "{list(c["records"])[0]}"
type = "{c["type"]}"
- //counter = {c["counter"]}
+ counter = 1
records = {{ {record} }}
- zone = "${{module.public_zone.public_zones_ids[{value}]}}"
+ zone = module.public_zone.public_zones_ids[{value}]
}}\n"""
- return output
+ else:
+ output=f"""
+module "create_dns_record_{c["id"]}" {{
+ source = "../../redbaron/modules/aws/create-dns-record"
+ name = "{c["name"]}.{list(c["records"])[0]}"
+ type = "{c["type"]}"
+ counter = 1
+ records = {{ {record} }}
+ zone = module.public_zone.public_zones_ids[{value}]
+}}\n"""
+ else:
+ if not c["name"]:
+ output=f"""
+module "create_dns_record_{c["id"]}" {{
+ source = "../../redbaron/modules/aws/create-dns-record"
+ name = "{list(c["records"])[0]}"
+ type = "{c["type"]}"
+ counter = module.redirect_ns_{godaddy_id}.redirected
+ records = {{ {record} }}
+ zone = module.public_zone.public_zones_ids[{value}]
+}}\n"""
+ else:
+ output=f"""
+module "create_dns_record_{c["id"]}" {{
+ source = "../../redbaron/modules/aws/create-dns-record"
+ name = "{c["name"]}.{list(c["records"])[0]}"
+ type = "{c["type"]}"
+ counter = module.redirect_ns_{godaddy_id}.redirected
+ records = {{ {record} }}
+ zone = module.public_zone.public_zones_ids[{value}]
+}}\n"""
+
+ return output
def dns_records_type_txt(record,value):
@@ -220,9 +315,8 @@ def dns_records_type_txt(record,value):
source = "../../redbaron/modules/aws/create-dns-txt-record"
name = ""
type = "TXT"
- //counter = 1
records = [{record}]
- zone = "${{module.public_zone.public_zones_ids[{value}]}}"
+ zone = module.public_zone.public_zones_ids[{value}]
}}\n"""
return output
@@ -247,8 +341,3 @@ def create_dns_name(domain_string_aws):
"""
return output
- # def firewall(c):
- # print("ime mesa AWS")
- # print(c)
- # output=f""""""
- # return output
diff --git a/modules/providers/digitalocean.py b/modules/providers/digitalocean.py
index 740f1fc..e1a80e9 100644
--- a/modules/providers/digitalocean.py
+++ b/modules/providers/digitalocean.py
@@ -2,11 +2,42 @@ class main():
#Redirector
def redirector(c):
- output = f"""
+ if c["redirector_id"] == "localhost" and c["type"]== "dns":
+ output = f"""
+module "redirector_{c["id"]}" {{
+ counter = 1
+ source = "../../redbaron/modules/{c["provider"]}/{c["type"]}-local-rdir"
+ redirect_to = ["{c["redirector_id"]}"]
+}}
+output "redirector_{c["id"]}-ips" {{
+ value = "${{module.redirector_{c["id"]}.ips}}"
+}}
+output "{c["id"]}_Run_the_following_command_on_your_internal_HTTP_server" {{
+ value = "\\n\\nsocat tcp4-LISTEN:53,fork udp:localhost:53\\nsudo autossh -M 11166 -i ${{module.redirector_{c["id"]}.ips[0][0]}} -N -R 2222:localhost:53 root@${{module.redirector_{c["id"]}.ips[0][0]}}\\n"
+}}
+"""
+ elif c["redirector_id"] == "localhost" and c["type"]== "http":
+ output = f"""
+module "redirector_{c["id"]}" {{
+ counter = 1
+ source = "../../redbaron/modules/{c["provider"]}/{c["type"]}-rdir"
+ redirect_to = ["{c["redirector_id"]}"]
+ http-port = 8080
+ https-port = 4443
+}}
+output "redirector_{c["id"]}-ips" {{
+ value = "${{module.redirector_{c["id"]}.ips}}"
+}}
+output "{c["id"]}_Run_the_following_command_on_your_internal_HTTP_server" {{
+ value = "\\n\\nautossh -M 11166 -i ${{module.redirector_{c["id"]}.ips[0][0]}} -N -R 8080:localhost:80 root@${{module.redirector_{c["id"]}.ips[0][0]}}\\nautossh -M 11166 -i ${{module.redirector_{c["id"]}.ips[0][0]}} -N -R 4443:localhost:443 root@${{module.redirector_{c["id"]}.ips[0][0]}}\\n"
+}}
+"""
+ else:
+ output = f"""
module "redirector_{c["id"]}" {{
counter = 1
source = "../../redbaron/modules/{c["provider"]}/{c["type"]}-rdir"
- redirect_to = "${{module.{c["redirector_id"].split("/")[1]}_{c["redirector_id"].split("/")[0]}.ips}}"
+ redirect_to = flatten("${{module.{c["redirector_id"].split("/")[1]}_{c["redirector_id"].split("/")[0]}.ips}}")
}}
output "redirector_{c["id"]}-ips" {{
value = "${{module.redirector_{c["id"]}.ips}}"
@@ -17,19 +48,24 @@ def redirector(c):
#C2
def c2(c):
scripts = ', '.join('"../../redbaron/data/scripts/tools/{0}.sh"'.format(s) for s in c["tools"])
+ linux_distro = "debian-9-x64"
+ if c["distro"] == "ubuntu":
+ linux_distro = "ubuntu-18-04-x64"
+
if c["redirectors"] > 0:
output = f"""
module "c2_{c["id"]}" {{
source = "../../redbaron/modules/{c["provider"]}/{c["type"]}-c2"
install = [{scripts}]
size = "{c["size"]}"
+ distro = "{linux_distro}"
regions = ["{c["region"]}"]
}}
module "c2_rdir_{c["id"]}" {{
counter = {c["redirectors"]}
source = "../../redbaron/modules/{c["provider"]}/{c["type"]}-rdir"
- redirect_to = "${{module.c2_{c["id"]}.ips}}"
+ redirect_to = flatten("${{module.c2_{c["id"]}.ips}}")
}}
output "c2-{c["id"]}-ips" {{
@@ -68,7 +104,7 @@ def webserver(c):
module "webserver_rdir_{c["id"]}" {{
counter = {c["redirectors"]}
source = "../../redbaron/modules/{c["provider"]}/http-rdir"
- redirect_to = "${{module.webserver_{c["id"]}.ips}}"
+ redirect_to = flatten("${{module.webserver_{c["id"]}.ips}}")
}}
output "webserver-{c["id"]}-ips" {{
@@ -109,7 +145,7 @@ def gophish(c):
module "gophish_rdir_{c["id"]}" {{
counter = {c["redirectors"]}
source = "../../redbaron/modules/{c["provider"]}/http-rdir"
- redirect_to = "${{module.gophish_{c["id"]}.ips}}"
+ redirect_to = flatten("${{module.gophish_{c["id"]}.ips}}")
}}
output "gophish-{c["id"]}-ips" {{
@@ -138,6 +174,11 @@ def gophish(c):
#Mail
def mail(c,my_nets_1,my_nets_2,my_nets_3,project_id):
+ data = ""
+ with open (f"projects/{project_id}/{c['id']}/iredmailpass.txt", "r") as myfile:
+ data = myfile.readlines()
+ data = data[0].strip('\n')
+
output=f"""
module "mail_{c["id"]}" {{
source = "../../redbaron/modules/{c["provider"]}/mail-server"
@@ -151,6 +192,10 @@ def mail(c,my_nets_1,my_nets_2,my_nets_3,project_id):
value = "${{module.mail_{c["id"]}.ips}}"
}}
+output "iRedMail_credentials_{c["id"]}" {{
+ value = "postmaster@{c["domain_name"]}:{data}\\n"
+}}
+
resource "null_resource" "update_iredmail_{c["id"]}" {{
provisioner "remote-exec" {{
@@ -172,10 +217,10 @@ def mail(c,my_nets_1,my_nets_2,my_nets_3,project_id):
]
connection {{
- host = "${{module.mail_{c["id"]}.ips[0]}}"
+ host = module.mail_{c["id"]}.ips[0][0]
type = "ssh"
user = "root"
- private_key = "${{file("../../redbaron/data/ssh_keys/${{module.mail_{c["id"]}.ips[0]}}")}}"
+ private_key = file("ssh_keys/${{module.mail_{c["id"]}.ips[0][0]}}")
}}
}}
}}
@@ -183,7 +228,14 @@ def mail(c,my_nets_1,my_nets_2,my_nets_3,project_id):
"""
return output
- def dns_records_type(c,record):
+ def dns_records_type(c,record,do_domains,godaddy_id):
+ domain = record.split('"')
+ id_domain = 0
+ for idx,d in enumerate(do_domains):
+ if domain[1] in do_domains[idx]:
+ id_domain = idx
+ break
+ if not godaddy_id:
if "v=DMARC1;" in record:
c["name"] ="_dmarc"
output=f"""
@@ -191,11 +243,25 @@ def dns_records_type(c,record):
source = "../../redbaron/modules/digitalocean/create-dns-record"
name = "{c["name"]}"
type = "{c["type"]}"
+ domain = module.create_domain_name_do.domain_name[{id_domain}]
priority= {c["priority"]}
counter = {c["counter"]}
records = {{ {record} }}
}}\n"""
- return output
+ else:
+ if "v=DMARC1;" in record:
+ c["name"] ="_dmarc"
+ output=f"""
+module "create_dns_record_{c["id"]}" {{
+ source = "../../redbaron/modules/digitalocean/create-dns-record"
+ name = "{c["name"]}"
+ type = "{c["type"]}"
+ domain = module.create_domain_name_do.domain_name[{id_domain}]
+ priority= {c["priority"]}
+ counter = module.redirect_ns_{godaddy_id}.redirected
+ records = {{ {record} }}
+}}\n"""
+ return output
def create_dns_name():
@@ -209,24 +275,3 @@ def create_dns_name():
name = "${var.do_domain}"
}\n"""
return output
-
-# def firewall(c):
-# mod, mod_type = c["mod_id"].split('/')
-# output=f"""
-# ###################################################################################################################
-# # FIREWALL #
-# ###################################################################################################################
-# resource "digitalocean_firewall" "{c["id"]}" {{
-# name = "{c["rule"]}_{c["port"]}_{c["id"]}"
-
-# droplet_ids = ["${{module.{mod_type}_{mod}.id}}"]
-
-# {c["rule"]}_rule {{
-# protocol = "{c["protocol"]}"
-# port_range = "{c["port"]}"
-# source_addresses = ["0.0.0.0/0", "::/0"]
-# }}
-# }}
-# """
-# print(output)
-# return output
diff --git a/modules/redirector.py b/modules/redirector.py
index 3927722..028a154 100644
--- a/modules/redirector.py
+++ b/modules/redirector.py
@@ -13,7 +13,7 @@
class main(list):
"""Main function to initialize variables and calls the cmd2 package for the c2 module """
- def __init__(self,mod,campaign):
+ def __init__(self,mod,campaign,project_id):
global campaign_list
global module
@@ -24,9 +24,7 @@ def __init__(self,mod,campaign):
# Call cmd_main class
i = cmd_main()
- i.prompt = cmd2.ansi.style("Overlord", fg='red', bg='', bold=True, underline=False) + \
- cmd2.ansi.style("/redirector", fg='blue', bg='',
- bold=True, underline=False) + "$> "
+ i.prompt = "(" + cmd2.ansi.style("Overlord", fg='red', bg='',bold=True, underline=False) + " : " + cmd2.ansi.style( project_id, fg='bright_black', bg='',bold=True, underline=False) + cmd2.ansi.style("/redirector", fg='blue', bg='',bold=True, underline=False) +")" +"$> "
i.cmdloop()
def hide_cmd2_modules(self):
@@ -85,8 +83,11 @@ def __init__(self):
# Create list with modules id
for c in campaign_list:
- if c["module"] != "dns_record" and c["module"] != "letsencrypt" and c["module"] != "mail":
+ if c["module"] != "dns_record" and c["module"] != "letsencrypt" and c["module"] != "mail" and c["module"] != "godaddy":
modules_ids.insert(len(modules_ids),(c["id"]+"/"+c["module"]))
+
+ #Starting creating localhost redirection
+ modules_ids.insert(len(modules_ids),"localhost")
self.mod_parser_redirectors.choices = modules_ids
def do_back(self, arg):
diff --git a/modules/webserver.py b/modules/webserver.py
index 1f3f162..a259a7b 100644
--- a/modules/webserver.py
+++ b/modules/webserver.py
@@ -12,7 +12,7 @@
class main(list):
"""Main function to initialize variables and calls the cmd2 package for the webserver module """
- def __init__(self,campaign,mod):
+ def __init__(self,campaign,mod,project_id):
global campaign_list
campaign_list = campaign
@@ -22,9 +22,7 @@ def __init__(self,campaign,mod):
# Call cmd_main class
i = cmd_main()
- i.prompt = cmd2.ansi.style("Overlord", fg='red', bg='', bold=True, underline=False) + \
- cmd2.ansi.style("/webserver", fg='blue', bg='',
- bold=True, underline=False) + "$> "
+ i.prompt = "(" + cmd2.ansi.style("Overlord", fg='red', bg='',bold=True, underline=False) + " : " + cmd2.ansi.style( project_id, fg='bright_black', bg='',bold=True, underline=False) + cmd2.ansi.style("/webserver", fg='blue', bg='',bold=True, underline=False) +")" +"$> "
i.cmdloop()
def hide_cmd2_modules(self):
diff --git a/overlord.py b/overlord.py
index 8ab8df6..fcaad32 100644
--- a/overlord.py
+++ b/overlord.py
@@ -20,6 +20,7 @@
import argparse
import create
import godaddy
+import ansible
#import firewall
@@ -31,7 +32,7 @@ def hide_cmd2_modules(self):
self.hidden_commands.append('script')
self.hidden_commands.append('shortcuts')
self.hidden_commands.append('pyscript')
- self.hidden_commands.append('run_pyscript')
+ self.hidden_commands.append('run_pyscript')
self.hidden_commands.append('edit')
self.hidden_commands.append('run_script')
self.hidden_commands.append('quit')
@@ -39,19 +40,17 @@ def hide_cmd2_modules(self):
class Overlord(cmd2.Cmd):
"""Main Menu for Overlord."""
os.system('clear')
- version = cmd2.ansi.style("v.0.2", fg='red', bg='',
+ version = cmd2.ansi.style("v.1.0", fg='red', bg='',
bold=True, underline=False)
- print(f"""
- _ _
- _____ _____ _ __| | ___ _ __ __| |
- / _ \ \ / / _ \ '__| |/ _ \| '__/ _` |
-| (_) \ V / __/ | | | (_) | | | (_| |
- \___/ \_/ \___|_| |_|\___/|_| \__,_|
+ print(f"""
+ _ _
+ _____ _____ _ __| | ___ _ __ __| |
+ / _ \ \ / / _ \ '__| |/ _ \| '__/ _` |
+| (_) \ V / __/ | | | (_) | | | (_| |
+ \___/ \_/ \___|_| |_|\___/|_| \__,_|
{version}
""")
intro = "Welcome to Overlord!\nType help or ? to list commands\n"
- prompt = cmd2.ansi.style("Overlord", fg='red', bg='',
- bold=True, underline=False) + "$> "
variables = {
"dotoken": "",
"domains" :[],
@@ -66,7 +65,6 @@ class Overlord(cmd2.Cmd):
def __init__(self):
super().__init__()
- # self.default_to_shell = True
hide_cmd2_modules(self)
#Initialize project ID
dir_path = "projects"
@@ -81,12 +79,15 @@ def __init__(self):
self.project_id = rand
- self.deleteproject_id.choices = next(os.walk(dir_path))[1]
+ self.prompt = "(" + cmd2.ansi.style("Overlord", fg='red', bg='',bold=True, underline=False) + " : " + cmd2.ansi.style( rand, fg='bright_black', bg='',bold=True, underline=False) + ")" +"$> "
self.loadproject_id.choices = next(os.walk(dir_path))[1]
+ self.cloneproject_id.choices = next(os.walk(dir_path))[1]
+
if os.path.exists(dir_path+"/variables.json"):
with open(dir_path+'/variables.json', 'r') as filehandle:
- self.variables = json.load(filehandle)
-
+ self.variables = json.load(filehandle)
+ self.domain_parser_id.choices = self.variables["domains"]
+
def do_clear(self, arg):
"""Clear the screen"""
os.system('clear')
@@ -99,22 +100,18 @@ def do_exit(self, arg):
def do_version(self, arg):
"""Version"""
- print("version 0.2")
-
+ print("version 1.0")
+
def do_create(self,arg):
"""Creates terraform project from the campaign"""
dir_path = "projects/"+self.project_id
- if not os.path.exists(dir_path):
- self.do_save(None)
- create.main(self.campaign,self.variables,self.project_id)
- proj = cmd2.ansi.style(self.project_id, fg='blue', bg='',bold=True, underline=False)
- notification = cmd2.ansi.style("***", fg='red', bg='',bold=True, underline=False)
- print(f"""\n{notification} The terrafrom files for the project with ID {proj} have been created {notification}\n""")
+ self.do_save(None)
+ create.main(self.campaign,self.variables,self.project_id)
newproject_parser = argparse.ArgumentParser(prog='new')
newproject_id = newproject_parser.add_argument('id', type=str, nargs="?", help='example: new / new ]')
-
- @cmd2.with_argparser(newproject_parser)
+
+ @cmd2.with_argparser(newproject_parser)
def do_new(self,arg):
"""Creates new terraform project."""
dir_path = "projects"
@@ -134,17 +131,18 @@ def do_new(self,arg):
proj = cmd2.ansi.style(self.project_id, fg='blue', bg='',bold=True, underline=False)
notification = cmd2.ansi.style("***", fg='red', bg='',bold=True, underline=False)
print(f"""\n{notification} New project with ID {proj} has been created. {notification}\n""")
-
-
+ self.prompt = "(" + cmd2.ansi.style("Overlord", fg='red', bg='',bold=True, underline=False) + " : " + cmd2.ansi.style( self.project_id, fg='bright_black', bg='',bold=True, underline=False) + ")" +"$> "
+
def create_dir(self):
"""Creates the project directory"""
- command = 'mkdir projects/'+self.project_id
- os.system(command)
-
+ os.system('mkdir projects/'+self.project_id)
+ os.system('mkdir projects/'+self.project_id+'/ssh_keys')
+ os.system('mkdir projects/'+self.project_id+'/ssh_configs')
+ os.system('mkdir projects/'+self.project_id+'/certificates')
loadproject_parser = argparse.ArgumentParser(prog='load')
loadproject_id = loadproject_parser.add_argument('id', type=str, help='example: [ load ]')
-
+
@cmd2.with_argparser(loadproject_parser)
def do_load(self,arg):
"""Load a project to overlord"""
@@ -157,28 +155,69 @@ def do_load(self,arg):
self.project_id = arg.id
proj = cmd2.ansi.style(self.project_id, fg='blue', bg='',bold=True, underline=False)
notification = cmd2.ansi.style("***", fg='red', bg='',bold=True, underline=False)
- print(f"""\n{notification} The project with ID {proj} has been loaded {notification}\n""")
+ print(f"""\n{notification} The project with ID {proj} has been loaded {notification}\n""")
self.update_choices(self.campaign)
+ self.prompt = "(" + cmd2.ansi.style("Overlord", fg='red', bg='',bold=True, underline=False) + " : " + cmd2.ansi.style( self.project_id, fg='bright_black', bg='',bold=True, underline=False) + ")" +"$> "
+
+ cloneproject_parser = argparse.ArgumentParser(prog='clone')
+ cloneproject_id = cloneproject_parser.add_argument('id', type=str, help='example: [ clone ]')
+ cloneproject_parser.add_argument('-n','--name', type=str, help='Name of the new project')
- deleteproject_parser = argparse.ArgumentParser(prog='delete')
- deleteproject_id = deleteproject_parser.add_argument('id', type=str, help='example: [ delete ]')
+ @cmd2.with_argparser(cloneproject_parser)
+ def do_clone(self,arg):
+ """Clones a project to a new one"""
+ project_to_clone = arg.id
+ dir_path = "projects/" + project_to_clone
+ notification = cmd2.ansi.style("***", fg='red', bg='',bold=True, underline=False)
+ new_path = ""
+ new_project_name = ""
+ if arg.name is None:
+ uniq = True
+ while True:
+ rand = randomString()
+ for p in next(os.walk(dir_path))[1]:
+ if p == rand:
+ uniq = False
+ if uniq:
+ break
+ new_path = "projects/" + rand
+ new_project_name = rand
+ else:
+ new_path = "projects/" + arg.name
+ new_project_name = arg.name
+
+ if not os.path.exists(new_path):
+ command = 'mkdir ' +new_path
+ os.system(command)
+ shutil.copy(dir_path+'/campaign.json',new_path+'/campaign.json')
+ shutil.copy(dir_path+'/variables.json',new_path+'/variables.json')
- @cmd2.with_argparser(deleteproject_parser)
+ self.loadproject_id.choices = next(os.walk("projects"))[1]
+ self.cloneproject_id.choices = next(os.walk("projects"))[1]
+
+ print(f"""\n{notification} The project with ID {project_to_clone} has been cloned to {new_project_name} {notification}\n""")
+
+ else:
+ print(f"""\n{notification} The project with ID {new_project_name} already exists! {notification}\n""")
+
+ #@cmd2.with_argparser(deleteproject_parser)
def do_delete(self,arg):
"""Deletes a project"""
flag = input(cmd2.ansi.style("Are you sure? [y/N]:", fg='red', bg='',bold=True, underline=False))
if flag == 'y':
dir_path = "projects/"+self.project_id+"/.terraform"
if os.path.exists(dir_path):
- os.system(f"""cd projects/{self.project_id} && terraform state rm module.redirect_ns""")
- os.system(f"""cd projects/{self.project_id} && terraform destroy -auto-approve""")
+ os.system(f"""cd projects/{self.project_id} && /opt/terraform state rm module.redirect_ns""")
+ os.system(f"""cd projects/{self.project_id} && /opt/terraform destroy -auto-approve""")
+ os.system(f"""rm projects/{self.project_id}/terraform.tfstate*""")
+ shutil.rmtree(f"""projects/{self.project_id}/.terraform""")
notification = cmd2.ansi.style("***", fg='red', bg='',bold=True, underline=False)
print(f"""\n{notification} Check if terraform exited without an error before you proceed. {notification}\n""")
flag1 = input(cmd2.ansi.style("Proceding with deleting project directory. Are you sure? [y/N]:", fg='red', bg='',bold=True, underline=False))
if flag1 == "y":
- shutil.rmtree("projects/"+arg.id)
- self.deleteproject_id.choices = next(os.walk("projects"))[1]
+ shutil.rmtree("projects/"+self.project_id)
self.loadproject_id.choices = next(os.walk("projects"))[1]
+ self.cloneproject_id.choices = next(os.walk("projects"))[1]
self.update_choices(self.campaign)
proj = cmd2.ansi.style(self.project_id, fg='blue', bg='',bold=True, underline=False)
notification = cmd2.ansi.style("***", fg='red', bg='',bold=True, underline=False)
@@ -194,38 +233,44 @@ def do_save(self,arg):
json.dump(self.campaign, filehandle,indent=4)
with open(dir_path+'/variables.json', 'w') as filehandle:
json.dump(self.variables, filehandle,indent=4)
- self.deleteproject_id.choices = next(os.walk("projects"))[1]
- self.loadproject_id.choices = next(os.walk("projects"))[1]
+ self.loadproject_id.choices = next(os.walk("projects"))[1]
+ self.cloneproject_id.choices = next(os.walk("projects"))[1]
proj = cmd2.ansi.style(self.project_id, fg='blue', bg='',bold=True, underline=False)
notification = cmd2.ansi.style("***", fg='red', bg='',bold=True, underline=False)
print(f"""\n{notification} The config files for the project with ID {proj} have been created {notification}\n""")
+
def do_rename(self,arg):
"""Rename a project"""
- proj_old = cmd2.ansi.style(self.project_id, fg='blue', bg='',bold=True, underline=False)
- dir_path = "projects/"+self.project_id
- if os.path.exists(dir_path):
- os.rename("projects/"+self.project_id, "projects/"+arg)
- self.project_id = arg
-
- self.deleteproject_id.choices = next(os.walk("projects"))[1]
- self.loadproject_id.choices = next(os.walk("projects"))[1]
-
- proj = cmd2.ansi.style(self.project_id, fg='blue', bg='',bold=True, underline=False)
notification = cmd2.ansi.style("***", fg='red', bg='',bold=True, underline=False)
- print(f"""\n{notification} The project with ID {proj_old} has been renamed to {proj} {notification}\n""")
+ if not arg:
+ print(f"""\n{notification} You have to specify a new name for your project! {notification}\n""")
+ else:
+ proj_old = cmd2.ansi.style(self.project_id, fg='blue', bg='',bold=True, underline=False)
+ dir_path = "projects/"+self.project_id
+ if os.path.exists(dir_path):
+ os.rename("projects/"+self.project_id, "projects/"+arg)
+ self.project_id = arg
+
+ self.loadproject_id.choices = next(os.walk("projects"))[1]
+ self.cloneproject_id.choices = next(os.walk("projects"))[1]
+
+ proj = cmd2.ansi.style(self.project_id, fg='blue', bg='',bold=True, underline=False)
+ print(f"""\n{notification} The project with ID {proj_old} has been renamed to {proj} {notification}\n""")
+ self.prompt = "(" + cmd2.ansi.style("Overlord", fg='red', bg='',bold=True, underline=False) + " : " + cmd2.ansi.style( self.project_id, fg='bright_black', bg='',bold=True, underline=False) + ")" +"$> "
def do_deploy(self,arg):
"""Deploy current project"""
proj = cmd2.ansi.style(self.project_id, fg='blue', bg='',bold=True, underline=False)
notification = cmd2.ansi.style("***", fg='red', bg='',bold=True, underline=False)
- print(f"""\n{notification} Started deployment of project with ID {proj} {notification}\n""")
+ print(f"""\n{notification} Started deployment of project with ID {proj} {notification}\n""")
os.system(f"""mkdir -p projects/{self.project_id}/.terraform/plugins/linux_amd64 """)
- os.system(f"""cp redbaron/data/plugins/terraform-provider-godaddy_v1.6.4_x4 projects/{self.project_id}/.terraform/plugins/linux_amd64""")
- os.system(f"""cd projects/{self.project_id} && terraform init""")
- os.system(f"""cd projects/{self.project_id} && terraform plan""")
- os.system(f"""cd projects/{self.project_id} && terraform apply -auto-approve""")
- print(f"""\n{notification} Terraform has finished with the installation {notification}\n""")
+ os.system(f"""cp redbaron/data/plugins/terraform-provider-godaddy_v1.7.3_x4 projects/{self.project_id}/.terraform/plugins/linux_amd64/terraform-provider-godaddy_v1.7.3_x4""")
+ os.system(f"""chmod -R a+x projects/{self.project_id}/.terraform/plugins/linux_amd64/*""")
+ os.system(f"""cd projects/{self.project_id} && /opt/terraform init""")
+ os.system(f"""cd projects/{self.project_id} && /opt/terraform plan""")
+ os.system(f"""cd projects/{self.project_id} && /opt/terraform apply -auto-approve""")
+ print(f"""\n{notification} Terraform has finished with the installation {notification}\n""")
# USEMODULE COMMAND
# create the top-level parser for the usemodule command
@@ -241,6 +286,7 @@ def do_deploy(self,arg):
parser_letsencrypt = usemodule_subparsers.add_parser('letsencrypt', help='Settings to create letsencrypt instance')
parser_redirector = usemodule_subparsers.add_parser('redirector', help='Settings to create redirector instance')
parser_godaddy = usemodule_subparsers.add_parser('godaddy', help='Settings to create godaddy NS redirection in a provider of choice')
+ parser_ansible = usemodule_subparsers.add_parser('ansible', help='Settings to install asnible playbooks')
#parser_firewall = usemodule_subparsers.add_parser('firewall', help='firewall help')
def update_choices(self,camp):
@@ -254,30 +300,34 @@ def usemodule_dns_record(self, arg):
if not self.variables["domains"]:
print("No domains are set! [help set domains]")
elif len(self.campaign) == 0:
- print("No modules are set! [help usemodule]")
+ print("No modules are set! [help usemodule]")
else:
- dns_records.main(self.variables["domains"],self.campaign,None)
+ dns_records.main(self.variables["domains"],self.campaign,None,self.project_id)
addModule(dns_records.module,self.campaign)
self.update_choices(self.campaign)
dns_records.module={}
def usemodule_redirector(self, arg):
"""Opens the Redirector module for configuration"""
- if len(self.campaign) != 0:
- redirector.main(None,self.campaign)
- addModule(redirector.module,self.campaign)
- self.update_choices(self.campaign)
- redirector.module={}
- else:
- print("No modules are set! [help usemodule]")
+ redirector.main(None,self.campaign,self.project_id)
+ addModule(redirector.module,self.campaign)
+ self.update_choices(self.campaign)
+ redirector.module={}
def usemodule_c2(self, arg):
"""Opens the C2 module for configuration"""
- c2.main(self.campaign,None)
+ c2.main(self.campaign,None,self.project_id)
addModule(c2.module,self.campaign)
self.update_choices(self.campaign)
c2.module={}
+ def usemodule_ansible(self, arg):
+ """Opens the C2 module for configuration"""
+ ansible.main(self.campaign,None,self.project_id)
+ addModule(ansible.module,self.campaign)
+ self.update_choices(self.campaign)
+ ansible.module={}
+
# TODO: Maybe in a future update
# def usemodule_firewall(self, arg):
# """Opens the Firewall module for configuration"""
@@ -297,7 +347,7 @@ def usemodule_godaddy(self, arg):
elif not self.variables["domains"]:
print("No domains are set! [help set domains]")
else:
- godaddy.main(self.campaign,self.variables["domains"],None)
+ godaddy.main(self.campaign,self.variables["domains"],None,self.project_id)
addModule(godaddy.module,self.campaign)
self.update_choices(self.campaign)
godaddy.module={}
@@ -307,14 +357,14 @@ def usemodule_mail(self, arg):
if not self.variables["domains"]:
print("No domains are set! [help set domains]")
else:
- mail_server.main(self.variables["domains"],self.campaign,None)
+ mail_server.main(self.variables["domains"],self.campaign,None,self.project_id)
addModule(mail_server.module,self.campaign)
self.update_choices(self.campaign)
mail_server.module={}
def usemodule_webserver(self, arg):
"""Opens the webserver module for configuration"""
- webserver.main(self.campaign,None)
+ webserver.main(self.campaign,None,self.project_id)
addModule(webserver.module,self.campaign)
self.update_choices(self.campaign)
webserver.module={}
@@ -322,7 +372,7 @@ def usemodule_webserver(self, arg):
def usemodule_gophish(self, arg):
"""Opens the gophish module for configuration"""
- gophish.main(self.campaign,None)
+ gophish.main(self.campaign,None,self.project_id)
addModule(gophish.module,self.campaign)
self.update_choices(self.campaign)
gophish.module={}
@@ -337,7 +387,7 @@ def usemodule_letsencrypt(self, arg):
if a_records == False:
print("No A records were set! [help usemodule dns_records]")
else:
- letsencrypt.main(self.campaign,None) #self.variables["domains"]
+ letsencrypt.main(self.campaign,None,self.project_id) #self.variables["domains"]
addModule(letsencrypt.module,self.campaign)
self.update_choices(self.campaign)
letsencrypt.module={}
@@ -351,6 +401,7 @@ def usemodule_letsencrypt(self, arg):
parser_letsencrypt.set_defaults(func=usemodule_letsencrypt)
parser_redirector.set_defaults(func=usemodule_redirector)
parser_godaddy.set_defaults(func=usemodule_godaddy)
+ parser_ansible.set_defaults(func=usemodule_ansible)
# parser_firewall.set_defaults(func=usemodule_firewall)
@cmd2.with_argparser(usemodule_parser)
@@ -375,7 +426,7 @@ def do_delmodule(self, arg):
if arg.id == "all":
self.campaign = []
notification = cmd2.ansi.style("***", fg='red', bg='',bold=True, underline=False)
- print(f"""\n{notification} All modules have been deleted to the campaign {notification}\n""")
+ print(f"""\n{notification} All modules have been deleted from the campaign {notification}\n""")
else:
for idx,c in enumerate(self.campaign):
if arg.id == c["id"]:
@@ -396,63 +447,70 @@ def do_editmodule(self, arg):
#Checks the module type and pass it to the correct module for processing
for idx,c in enumerate(self.campaign):
if arg.id == c["id"]:
- mod = self.campaign.pop(idx)
-
+ mod = self.campaign.pop(idx)
+
if c["module"] == "c2":
- c2.main(self.campaign,mod)
+ c2.main(self.campaign,mod,self.project_id)
addModule(c2.module,self.campaign)
self.update_choices(self.campaign)
c2.module={}
break
if c["module"] == "dns_record":
- dns_records.main(self.variables["domains"],self.campaign,mod)
+ dns_records.main(self.variables["domains"],self.campaign,mod,self.project_id)
addModule(dns_records.module,self.campaign)
self.update_choices(self.campaign)
dns_records.module={}
break
-
+
if c["module"] == "redirector":
- redirector.main(mod,self.campaign)
+ redirector.main(mod,self.campaign,self.project_id)
addModule(redirector.module,self.campaign)
self.update_choices(self.campaign)
redirector.module={}
break
if c["module"] == "gophish":
- gophish.main(self.campaign,mod)
+ gophish.main(self.campaign,mod,self.project_id)
addModule(gophish.module,self.campaign)
self.update_choices(self.campaign)
gophish.module={}
break
if c["module"] == "letsencrypt":
- letsencrypt.main(self.campaign,mod) #self.variables["domains"]
+ letsencrypt.main(self.campaign,mod,self.project_id) #self.variables["domains"]
addModule(letsencrypt.module,self.campaign)
self.update_choices(self.campaign)
letsencrypt.module={}
break
-
+
if c["module"] == "mail":
- mail_server.main(self.variables["domains"],self.campaign,mod)
+ mail_server.main(self.variables["domains"],self.campaign,mod,self.project_id)
addModule(mail_server.module,self.campaign)
self.update_choices(self.campaign)
mail_server.module={}
break
if c["module"] == "webserver":
- webserver.main(self.campaign,mod)
+ webserver.main(self.campaign,mod,self.project_id)
addModule(webserver.module,self.campaign)
self.update_choices(self.campaign)
webserver.module={}
break
if c["module"] == "godaddy":
- godaddy.main(self.campaign,self.variables["domains"],mod)
+ godaddy.main(self.campaign,self.variables["domains"],mod,self.project_id)
addModule(godaddy.module,self.campaign)
self.update_choices(self.campaign)
godaddy.module={}
- break
+ break
+
+ if c["module"] == "ansible":
+ ansible.main(self.campaign,mod,self.project_id)
+ addModule(ansible.module,self.campaign)
+ self.update_choices(self.campaign)
+ ansible.module={}
+ break
# if c["module"] == "firewall":
# firewall.main(self.campaign,mod)
@@ -460,6 +518,7 @@ def do_editmodule(self, arg):
# self.update_choices(self.campaign)
# firewall.module={}
# break
+
# SET COMMAND
# create the top-level parser for the set command
set_parser = argparse.ArgumentParser(prog='set')
@@ -482,11 +541,12 @@ def do_editmodule(self, arg):
parser_godaddy_secret_key.add_argument('godaddy_secret_key' ,type=str, help='example : [ set godaddy_secret_key ]')
parser_domains = set_subparsers.add_parser('domains', help='Domain names to be used in the campaign (Multilpe domain names can be added)')
- parser_domains.add_argument('domains',nargs="+", type=str, help='example : [ set domains ]')
+ parser_domains.add_argument('-a','--add',type=str, help='Domain to be added')
+ domain_parser_id = parser_domains.add_argument('-d','--delete',type=str,choices = ("kokos.com","a.com"), help='Domain to be deleted')
parser_variables = set_subparsers.add_parser('variables', help='Sets the default variables.json to the values that are in memory')
parser_variables.add_argument('variables',nargs="?", type=str, help='example : [ set variables]')
-
+
def set_dotoken(self, arg):
"""Sets the dotoken"""
self.variables["dotoken"]= arg.dotoken
@@ -497,8 +557,8 @@ def set_aws_access_key(self, arg):
def set_aws_secret_key(self, arg):
"""Sets the aws_secret_key"""
- self.variables["aws_secret_key"]= arg.aws_secret_key
-
+ self.variables["aws_secret_key"]= arg.aws_secret_key
+
def set_godaddy_access_key(self, arg):
"""Sets the aws_access_key"""
self.variables["godaddy_access_key"]= arg.godaddy_access_key
@@ -509,15 +569,21 @@ def set_godaddy_secret_key(self, arg):
def set_domains(self, arg):
"""Sets the domains"""
- self.variables["domains"] = arg.domains
+ if arg.add:
+ self.variables["domains"].insert((len(self.variables["domains"])),arg.add)
+ elif arg.delete:
+ for idx,c in enumerate(self.variables["domains"]):
+ if arg.delete == c:
+ self.variables["domains"].pop(idx)
+ self.domain_parser_id.choices = self.variables["domains"]
def set_variables(self, arg):
with open('projects/variables.json', 'w') as filehandle:
- json.dump(self.variables, filehandle,indent=4)
+ json.dump(self.variables, filehandle,indent=4)
notification = cmd2.ansi.style("***", fg='red', bg='',bold=True, underline=False)
print(f"""\n{notification} Variables have been saved to ./projects/variables.json {notification}\n""")
-
+
#Set handler functions for the sub-commands
parser_variables.set_defaults(func=set_variables)
parser_dotoken.set_defaults(func=set_dotoken)
@@ -540,7 +606,7 @@ def do_set(self, args):
self.do_help('help')
# INFO COMMAND
- # create the top-level parser for the info command
+ # create the top-level parser for the info command
info_parser = argparse.ArgumentParser(prog='info')
info_mods_id = info_parser.add_argument('id',nargs="?", type=str,choices=modules_ids, help='example: [ info ]')
@@ -555,16 +621,18 @@ def info_table(self,c):
if c["module"] == "gophish":
gophish.cmd_main.do_info(None,c)
if c["module"] == "letsencrypt":
- letsencrypt.cmd_main.do_info(None,c)
+ letsencrypt.cmd_main.do_info(None,c)
if c["module"] == "mail":
- mail_server.cmd_main.do_info(None,c)
+ mail_server.cmd_main.do_info(None,c)
if c["module"] == "webserver":
- webserver.cmd_main.do_info(None,c)
+ webserver.cmd_main.do_info(None,c)
if c["module"] == "godaddy":
- godaddy.cmd_main.do_info(None,c)
+ godaddy.cmd_main.do_info(None,c)
+ if c["module"] == "ansible":
+ ansible.cmd_main.do_info(None,c)
# if c["module"] == "firewall":
- # firewall.cmd_main.do_info(None,c)
-
+ # firewall.cmd_main.do_info(None,c)
+
@cmd2.with_argparser(info_parser)
def do_info(self, arg):
"""Prints variable table or contents of a module which was added to the campaign"""
@@ -573,7 +641,7 @@ def do_info(self, arg):
if arg.id == "all":
for c in self.campaign:
self.info_table(c)
- else:
+ else:
for c in self.campaign:
if arg.id == c["id"]:
self.info_table(c)
@@ -603,13 +671,13 @@ def do_info(self, arg):
x.align["DESCRITPION"] = "l"
print(x)
-
+
# Command categories
CMD_CAT_GENERAL = 'General (type help )'
CMD_CAT_MODULE = 'Module (type help )'
CMD_CAT_PROJECT = 'Project (type help )'
#Help Menu
- cmd2.categorize((do_create,do_new,do_save,do_deploy,do_delete,do_load,do_rename), CMD_CAT_PROJECT)
+ cmd2.categorize((do_create,do_new,do_save,do_deploy,do_delete,do_load,do_rename, do_clone), CMD_CAT_PROJECT)
cmd2.categorize((do_usemodule,do_editmodule,do_delmodule), CMD_CAT_MODULE)
cmd2.categorize((do_set,do_info), CMD_CAT_GENERAL)
@@ -629,7 +697,7 @@ def updateModulesIdList(campaign,m):
modules_ids.insert(len(modules_ids),c["id"])
if len(modules_ids) > 0 and m != "edit":
modules_ids.insert(len(modules_ids),"all")
-
+
return modules_ids
def randomString(stringLength=6):
diff --git a/projects/.gitignore b/projects/.gitignore
index 355164c..72e8ffc 100644
--- a/projects/.gitignore
+++ b/projects/.gitignore
@@ -1 +1 @@
-*/
+*
diff --git a/redbaron/autocompletions/zsh/_ssh b/redbaron/autocompletions/zsh/_ssh
deleted file mode 100644
index 28d2c38..0000000
--- a/redbaron/autocompletions/zsh/_ssh
+++ /dev/null
@@ -1,707 +0,0 @@
-#compdef ssh slogin=ssh scp ssh-add ssh-agent ssh-keygen sftp ssh-copy-id
-
-# TODO: sshd, ssh-keyscan, ssh-keysign
-
-_ssh () {
- local curcontext="$curcontext" state line expl suf ret=1
- local args common tmp p1 file cmn cmds sdesc
- typeset -A opt_args
-
- common=(
- '(-2)-1[forces ssh to try protocol version 1 only]'
- '(-1)-2[forces ssh to try protocol version 2 only]'
- '(-6)-4[forces ssh to use IPv4 addresses only]'
- '(-4)-6[forces ssh to use IPv6 addresses only]'
- '-C[compress data]'
- # for protocol version 2, this can be a comma-separated list
- '-c+[select encryption cipher]:encryption cipher:(idea des 3des blowfish arcfour tss none)'
- '-F+[specify alternate config file]:config file:_files'
- '*-i+[select identity file]:SSH identity file:_files -g "*(-.^AR)"'
- '*-o+[specify extra options]:option string:->option'
- )
- common_transfer=(
- '-l[limit used bandwidth]:bandwidth in KiB/s:'
- '-P+[specify port on remote host]:port number on remote host'
- '-p[preserve modification times, access times and modes]'
- '-q[disable progress meter and warnings]'
- '-r[recursively copy directories (follows symbolic links)]'
- '-S+[specify ssh program]:path to ssh:_command_names -e' \
- '-v[verbose mode]'
- )
-
- case "$service" in
- ssh)
- _arguments -C -s \
- '(-a)-A[enables forwarding of the authentication agent connection]' \
- '(-A)-a[disable forwarding of authentication agent connection]' \
- '(-P)-b+[specify interface to transmit on]:bind address:_bind_addresses' \
- '-D+[specify a dynamic port forwarding]:dynamic port forwarding:->dynforward' \
- '-e+[set escape character]:escape character (or `none'\''):' \
- '-E[append log output to file instead of stderr]:_files' \
- '(-n)-f[go to background]' \
- '-g[allow remote hosts to connect to local forwarded ports]' \
- '-G[output configuration and exit]' \
- '-I+[specify smartcard device]:device:_files' \
- '-J+[connect via a jump host]: :->userhost' \
- '-K[enable GSSAPI-based authentication and forwarding]' \
- '-k[disable forwarding of GSSAPI credentials]' \
- '*-L[specify local port forwarding]:local port forwarding:->forward' \
- '-l+[specify login name]:login name:_ssh_users' \
- '-M[master mode for connection sharing]' \
- '(-1)-m+[specify mac algorithms]:mac spec:->macs' \
- '(-1)-N[do not execute a remote command (protocol version 2 only)]' \
- '-n[redirect stdin from /dev/null]' \
- '-O:multiplex control command:((check\:"check master process is running" exit\:"request the master to exit" forward\:"request forward without command execution" stop\:"request the master to stop accepting further multiplexing requests" cancel\:"cancel existing forwardings with -L and/or -R"))' \
- '-P[use non privileged port]' \
- '-p+[specify port on remote host]:port number on remote host' \
- '(-v)*-q[quiet operation]' \
- '*-R[specify remote port forwarding]:remote port forwarding:->forward' \
- '-S+[specify location of control socket for connection sharing]:path to control socket:_files' \
- '-Q[query parameters]:parameter type:((cipher\:"supported symmetric ciphers" cipher-auth\:"supported symmetric ciphers that support authenticated encryption" mac\:"supported message integrity codes" kex\:"key exchange algorithms" key\:"key types" protocol-version\:"supported SSH protocol versions"))' \
- '(-1)-s[invoke subsystem]' \
- '(-1 -t)-T[disable pseudo-tty allocation (protocol version 2 only)]' \
- '(-T)-t[force pseudo-tty allocation]' \
- '-V[show version number]' \
- '(-q)*-v[verbose mode (multiple increase verbosity, up to 3)]' \
- '-W[forward standard input and output to host]:stdinout forward:->hostport' \
- '-w[request tunnel device forwarding]:local_tun[\:remote_tun] (integer or "any"):' \
- '(-x -Y)-X[enable (untrusted) X11 forwarding]' \
- '(-X -Y)-x[disable X11 forwarding]' \
- '(-x -X)-Y[enable trusted X11 forwarding]' \
- '-y[send log info via syslog instead of stderr]' \
- ':remote host name:->userhost' \
- '*::args:->command' "$common[@]" && ret=0
- ;;
- scp)
- _arguments -C -s \
- '-3[copy through local host, not directly between the remote hosts]' \
- '-B[batch mode (don'\''t ask for passphrases)]' \
- '*:file:->file' "$common[@]" "$common_transfer[@]" && ret=0
- ;;
- ssh-add)
- _arguments -s \
- '-c[identity is subject to confirmation via SSH_ASKPASS]' \
- '-D[delete all identities]' \
- '-d[remove identity]' \
- '-E[specify hash algorithm for fingerprints]:algorithm:(md5 sha256)' \
- '-e[remove keys provided by the PKCS#11 shared library]:library:_files -g "*.(so|dylib)(|.<->)(-.)"' \
- '-k[load plain private keys only and skip certificates]' \
- '-L[lists public key parameters of all identities in the agent]'\
- '-l[list all identities]' \
- '-s[add keys provided by the PKCS#11 shared library]:library:_files -g "*.(so|dylib)(|.<->)(-.)"' \
- '-t[set maximum lifetime for identity]:maximum lifetime (in seconds or time format):' \
- '-X[unlock the agent]' \
- '-x[lock the agent with a password]' \
- '*:SSH identity file:_files'
- return
- ;;
- ssh-agent)
- _arguments -s \
- '(-k)-a[UNIX-domain socket to bind agent to]:UNIX-domain socket:_files' \
- '(-k -s)-c[force csh-style shell]' \
- '(-k)-d[debug mode]' \
- '-k[kill current agent]' \
- '(-k -c)-s[force sh-style shell]' \
- '-t[set default maximum lifetime for identities]:maximum lifetime (in seconds or time format):' \
- '*::command: _normal'
- return
- ;;
- ssh-keygen)
- # options can be in any order but use ! to limit those shown for the first argument
- (( CURRENT == 2 )) && p1='!'
- args=( '!-z:number' )
- sdesc='certify keys with CA key'
- (( $+words[(r)-s] )) && args=( '-z[specify serial number]:serial number' )
- (( $+words[(r)-[ku]] )) && args=( '-z[specify version number]:version number' ) &&
- sdesc='specify CA public key file'
- file=key
- (( $+words[(r)-[HR]] )) && file=known_hosts
- (( $+words[(r)-T] )) && file=input
- if (( $+words[(r)-[kQ]] )); then
- file=krl
- args+=( '*:file:_files' )
- fi
- cmds=( -p -i -e -y -c -l -B -D -H -R -r -G -T -s -L -A -k -Q ) # basic commands
- cmn=( -b -P -N -C -m -v ) # options common to many basic commands (except -f which is common to most)
- cms=( -E -q -t -g -M -S -a -J -j -K -W -I -h -n -O -V -u ) # options specific to one basic command
- _arguments -s $args \
- "(${${(@)cmds:#-G}} -P -m ${${(@)cms:#-[MS]}})-b[specify number of bits in key]:bits in key" \
- "$p1(${${(@)cmds:#-[pc]}} -b -C $cms)-P[provide old passphrase]:old passphrase" \
- "(${${(@)cmds:#-p}} -m -v ${${(@)cms:#-[qt]}})-N[provide new passphrase]:new passphrase" \
- "(${${(@)cmds:#-c}} -m -v $cms)-C[provide new comment]:new comment" \
- "(-D -G -M -S -I -h -n -O -V -A)-f[$file file]:$file file:_files" \
- "$p1(${${(@)cmds:#-[ie]}})-m[specify conversion format]:format:(PEM PKCS7 RFC4716)" \
- "(${${(@)cmds:#-[lGT]}} ${${(@)cmn:#-[bv]}} -f)*-v[verbose mode]" \
- - '(commands)' \
- "(-b -P -C -v)-p[change passphrase of private key file]" \
- '(-b -P -N -C -v)-i[import key to OpenSSH format]' \
- '(-b -P -N -C -v)-e[export key to SECSH file format]' \
- "($cmn)-y[get public key from private key]" \
- '(-b -N -m -v)-c[change comment in private and public key files]' \
- "($cmn)-B[show the bubblebabble digest of key]" \
- "(-)-D[download key stored in smartcard reader]:reader" \
- "($cmn)-H[hash names in known_hosts file]" \
- "($cmn)-R[remove host from known_hosts file]:host:_ssh_hosts" \
- "($cmn)-L[print the contents of a certificate]" \
- "(-)-A[generate host keys for all key types]" \
- "($cmn)-Q[test whether keys have been revoked in a KRL]" \
- - finger \
- "($cmn)-l[show fingerprint of key file]" \
- "$p1($cmn)-E[specify hash algorithm for displayed fingerprints]:hash algorithim:(md5 sha256)" \
- - create \
- '(-P -m)-q[silence ssh-keygen]' \
- "(-P -m)-t[specify the type of the key to create]:key type:(rsa1 rsa dsa ecdsa ed25519)" \
- - dns \
- "($cmn)-r[print DNS resource record]:hostname:_hosts" \
- "$p1($cmn)-g[use generic DNS format]" \
- - primes \
- "(-P -N -C -m -f)-G[generate candidates for DH-GEX moduli]" \
- "$p1(-P -N -C -m -f)-M[specify amount of memory to use for generating DH-GEX moduli]:memory (MB)" \
- "$p1(-P -N -C -m -f)-S[specify start point]:start point (hex)" \
- - screen \
- "(${${(@)cmn:#-v}})-T[screen candidates for DH-GEX moduli]:output file:_files" \
- "${p1}(${${(@)cmn:#-v}})-a[specify number of rounds]:rounds" \
- "${p1}(${${(@)cmn:#-v}})-J[exit after screening specified number of lines]" \
- "${p1}(${${(@)cmn:#-v}})-j[start screening at the specified line number]:line number" \
- "${p1}(${${(@)cmn:#-v}})-K[write the last line processed to file]:file:_files" \
- "${p1}(${${(@)cmn:#-v}})-W[specify desired generator]:generator" \
- - certify \
- "($cmn)-s[$sdesc]:CA key:_files" \
- "$p1($cmn -f -u)-I[specify key identifier to include in certificate]:key id" \
- "$p1($cmn -f -u)-h[generate host certificate instead of a user certificate]" \
- "$p1($cmn -f -u)-n[specify user/host principal names to include in certificate]:principals" \
- "$p1($cmn -f -u)-O[specify a certificate option]:option" \
- "$p1($cmn -f -u)-V[specify certificate validity interval]:interval" \
- "($cmn -I -h -n -O -V)-k[generate a KRL file]" \
- "$p1($cmn -I -h -n -O -V)-u[update a KRL]"
- return
- ;;
- sftp)
- _arguments -C -s \
- '-a[attempt to continue interrupted transfers]' \
- '-B+[specify buffer size]:buffer size (bytes) [32768]' \
- '-b+[specify batch file to read]:batch file:_files' \
- '-D[connect directly to a local sftp server]:sftp server path' \
- '-f[request that files be flushed immediately after transfer]' \
- '-R[specify number of outstanding requests]:number of requests [64]' \
- '-s[SSH2 subsystem or path to sftp server on the remote host]' \
- '1:file:->rfile' '*:file:->file' "$common[@]" "$common_transfer[@]" && ret=0
- ;;
- (ssh-copy-id)
- _arguments \
- '-i:SSH identity file:_files' \
- ':remote host name:->userhost' \
- ;;
- esac
-
- while [[ -n "$state" ]]; do
- lstate="$state"
- state=''
-
- case "$lstate" in
- option)
- if compset -P 1 '*='; then
- case "${IPREFIX#-o}" in
- (#i)(ciphers|macs|kexalgorithms|hostkeyalgorithms|pubkeyacceptedkeytypes|hostbasedkeytypes)=)
- if ! compset -P +; then
- _wanted append expl 'append to default' compadd + && ret=0
- fi
- ;;
- esac
- case "${IPREFIX#-o}" in
- (#i)(afstokenpassing|batchmode|canonicalizefallbacklocal|challengeresponseauthentication|checkhostip|clearallforwardings|compression|enablesshkeysign|exitonforwardfailure|fallbacktorsh|forward(agent|x11)|forwardx11trusted|gatewayports|gssapiauthentication|gssapidelegatecredentials|gssapitrustdns|hashknownhosts|hostbasedauthentication|identitiesonly|kbdinteractiveauthentication|(tcp|)keepalive|nohostauthenticationforlocalhost|passwordauthentication|permitlocalcommand|proxyusefdpass|pubkeyauthentication|rhosts(|rsa)authentication|rsaauthentication|streamlocalbindunlink|usersh|kerberos(authentication|tgtpassing)|useprivilegedport|visualhostkey)=*)
- _wanted values expl 'truth value' compadd yes no && ret=0
- ;;
- (#i)addressfamily=*)
- _wanted values expl 'address family' compadd any inet inet6 && ret=0
- ;;
- (#i)bindaddress=*)
- _wanted bind-addresses expl 'bind address' _bind_addresses && ret=0
- ;;
- (#i)canonicaldomains=*)
- _message -e 'canonical domains (space separated)' && ret=0
- ;;
- (#i)canonicalizehostname=*)
- _wanted values expl 'truthish value' compadd yes no always && ret=0
- ;;
- (#i)canonicalizemaxdots=*)
- _message -e 'number of dots' && ret=0
- ;;
- (#i)canonicalizepermittedcnames=*)
- _message -e 'CNAME rule list (source_domain_list:target_domain_list, each pattern list comma separated)' && ret=0
- ;;
- (#i)ciphers=*)
- _values -s , 'encryption cipher' \
- '3des-cbc' \
- 'aes128-cbc' \
- 'aes192-cbc' \
- 'aes256-cbc' \
- 'aes128-ctr' \
- 'aes192-ctr' \
- 'aes256-ctr' \
- 'arcfour128' \
- 'arcfour256' \
- 'arcfour' \
- 'blowfish-cbc' \
- 'cast128-cbc' \
- \
- 'rijndael128-cbc' \
- 'rijndael192-cbc' \
- 'rijndael256-cbc' \
- 'rijndael-cbc@lysator.liu.se' \
- && ret=0
- ;;
- (#i)cipher=*)
- _wanted values expl 'encryption cipher (protocol version 1)' \
- compadd blowfish 3des des idea arcfour tss none && ret=0
- ;;
- (#i)compressionlevel=*)
- _values 'compression level' {1..9} && ret=0
- ;;
- (#i)connectionattempts=*)
- _message -e 'connection attempts' && ret=0
- ;;
- (#i)connecttimeout=*)
- _message -e 'connection timeout' && ret=0
- ;;
- (#i)controlmaster=*)
- _wanted values expl 'truthish value' compadd yes no auto autoask && ret=0
- ;;
- (#i)controlpath=*)
- _description files expl 'path to control socket'
- _files "$expl[@]" && ret=0
- ;;
- (#i)controlpersist=*)
- _message -e 'timeout'
- ret=0
- _wanted values expl 'truth value' compadd yes no && ret=0
- ;;
- (#i)escapechar=*)
- _message -e 'escape character (or `none'\'')'
- ret=0
- ;;
- (#i)fingerprinthash=*)
- _values 'fingerprint hash algorithm' \
- md5 ripemd160 sha1 sha256 sha384 sha512 && ret=0
- ;;
- (#i)forwardx11timeout=*)
- _message -e 'timeout'
- ret=0
- ;;
- (#i)globalknownhostsfile=*)
- _description files expl 'global file with known hosts'
- _files "$expl[@]" && ret=0
- ;;
- (#i)hostname=*)
- _wanted hosts expl 'real host name to log into' _ssh_hosts && ret=0
- ;;
- (#i)(hostbasedkeytypes|hostkeyalgorithms|pubkeyacceptedkeytypes)=*)
- _values -s , 'key types' \
- 'ecdsa-sha2-nistp256-cert-v01@openssh.com' \
- 'ecdsa-sha2-nistp384-cert-v01@openssh.com' \
- 'ecdsa-sha2-nistp521-cert-v01@openssh.com' \
- 'ssh-ed25519-cert-v01@openssh.com' \
- 'ssh-rsa-cert-v01@openssh.com' \
- 'ssh-dss-cert-v01@openssh.com' \
- 'ssh-rsa-cert-v00@openssh.com' \
- 'ssh-dss-cert-v00@openssh.com' \
- 'ecdsa-sha2-nistp256' \
- 'ecdsa-sha2-nistp384' \
- 'ecdsa-sha2-nistp521' \
- 'ssh-ed25519' \
- 'ssh-rsa' \
- 'ssh-dss' && ret=0
- ;;
- (#i)identityfile=*)
- _description files expl 'SSH identity file'
- _files "$expl[@]" && ret=0
- ;;
- (#i)ignoreunknown=*)
- _message -e 'pattern list' && ret=0
- ;;
- (#i)ipqos=*)
- local descr
- if [[ $PREFIX = *\ *\ * ]]; then return 1; fi
- if compset -P '* '; then
- descr='QoS for non-interactive sessions'
- else
- descr='QoS [for interactive sessions if second value given, separated by white space]'
- fi
- _values $descr 'af11' 'af12' 'af13' 'af14' 'af22' \
- 'af23' 'af31' 'af32' 'af33' 'af41' 'af42' 'af43' \
- 'cs0' 'cs1' 'cs2' 'cs3' 'cs4' 'cs5' 'cs6' 'cs7' 'ef' \
- 'lowdelay' 'throughput' 'reliability' && ret=0
- ;;
- (#i)(local|remote)forward=*)
- state=forward
- ;;
- (#i)dynamicforward=*)
- state=dynforward
- ;;
- (#i)kbdinteractivedevices=*)
- _values -s , 'keyboard-interactive authentication methods' \
- 'bsdauth' 'pam' 'skey' && ret=0
- ;;
- (#i)kexalgorithms=*)
- _values -s , 'KEX algorithms' \
- ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 \
- diffie-hellman-group-exchange-sha256 \
- diffie-hellman-group-exchange-sha1 \
- diffie-hellman-group14-sha1 diffie-hellman-group1-sha1 && ret=0
- ;;
- (#i)localcommand=*)
- _description commands expl 'run command locally after connecting'
- _command_names && ret=0
- ;;
- (#i)loglevel=*)
- _values 'log level' QUIET FATAL ERROR INFO VERBOSE\
- DEBUG DEBUG1 DEBUG2 DEBUG3 && ret=0
- ;;
- (#i)macs=*)
- state=macs
- ;;
- (#i)numberofpasswordprompts=*)
- _message -e 'number of password prompts'
- ret=0
- ;;
- (#i)pkcs11provider=*)
- _description files expl 'PKCS#11 shared library'
- _files -g '*.(so|dylib)(|.<->)(-.)' "$expl[@]" && ret=0
- ;;
- (#i)port=*)
- _message -e 'port number on remote host'
- ret=0
- ;;
- (#i)preferredauthentications=*)
- _values -s , 'authentication method' gssapi-with-mic \
- hostbased publickey keyboard-interactive password && ret=0
- ;;
- (#i)protocol=*)
- _values -s , 'protocol version' \
- '1' \
- '2' && ret=0
- ;;
- (#i)proxycommand=*)
- _cmdstring && ret=0
- ;;
- (#i)rekeylimit=*)
- _message -e 'maximum number of bytes transmitted before renegotiating session key'
- ret=0
- ;;
- (#i)requesttty=*)
- _values 'request a pseudo-tty' \
- 'no[never request a TTY]' \
- 'yes[always request a TTY when stdin is a TTY]' \
- 'force[always request a TTY]' \
- 'auto[request a TTY when opening a login session]' && ret=0
- ;;
- (#i)revokedhostkeys=*)
- _description files expl 'revoked host keys file'
- _files "$expl[@]" && ret=0
- ;;
- (#i)sendenv=*)
- _wanted envs expl 'environment variable' _parameters -g 'scalar*export*' && ret=0
- ;;
- (#i)serveralivecountmax=*)
- _message -e 'number of alive messages without replies before disconnecting'
- ret=0
- ;;
- (#i)serveraliveinterval=*)
- _message -e 'timeout in seconds since last data was received to send alive message'
- ret=0
- ;;
- (#i)streamlocalbindmask=*)
- _message -e 'octal mask' && ret=0
- ;;
- (#i)(stricthostkeychecking|verifyhostkeydns|updatehostkeys)=*)
- _wanted values expl 'truthish value' compadd yes no ask && ret=0
- ;;
- (#i)transport=*)
- _values 'transport protocol' TCP SCTP && ret=0
- ;;
- (#i)tunnel=*)
- _values 'request device forwarding' \
- 'yes' \
- 'point-to-point' \
- 'ethernet' \
- 'no' && ret=0
- ;;
- (#i)tunneldevice=*)
- _message -e 'local_tun[:remote_tun] (integer or "any")'
- ret=0
- ;;
- (#i)userknownhostsfile=*)
- _description files expl 'user file with known hosts'
- _files "$expl[@]" && ret=0
- ;;
- (#i)user=*)
- _wanted users expl 'user to log in as' _ssh_users && ret=0
- ;;
- (#i)xauthlocation=*)
- _description files expl 'xauth program'
- _files "$expl[@]" -g '*(-*)' && ret=0
- ;;
- esac
- else
- # old options are after the empty "\"-line
- _wanted values expl 'configure file option' \
- compadd -M 'm:{a-z}={A-Z}' -q -S '=' - \
- AddKeysToAgent \
- AddressFamily \
- BatchMode \
- BindAddress \
- CanonicalDomains \
- CanonicalizeFallbackLocal \
- CanonicalizeHostname \
- CanonicalizeMaxDots \
- CanonicalizePermittedCNAMEs \
- CertificateFile \
- ChallengeResponseAuthentication \
- CheckHostIP \
- Cipher \
- Ciphers \
- ClearAllForwardings \
- Compression \
- CompressionLevel \
- ConnectionAttempts \
- ConnectTimeout \
- ControlMaster \
- ControlPath \
- ControlPersist \
- DynamicForward \
- EnableSSHKeysign \
- EscapeChar \
- ExitOnForwardFailure \
- FingerprintHash \
- ForwardAgent \
- ForwardX11 \
- ForwardX11Timeout \
- ForwardX11Trusted \
- GatewayPorts \
- GlobalKnownHostsFile \
- GSSAPIAuthentication \
- GSSAPIDelegateCredentials \
- GSSAPITrustDns \
- HashKnownHosts \
- Host \
- HostbasedAuthentication \
- HostbasedKeyTypes \
- HostKeyAlgorithms \
- HostKeyAlias \
- HostName \
- IdentitiesOnly \
- IdentityAgent \
- IdentityFile \
- IgnoreUnknown \
- IPQoS \
- KbdInteractiveAuthentication \
- KbdInteractiveDevices \
- KexAlgorithms \
- LocalCommand \
- LocalForward \
- LogLevel \
- MACs \
- NoHostAuthenticationForLocalhost \
- NumberOfPasswordPrompts \
- PasswordAuthentication \
- PermitLocalCommand \
- PKCS11Provider \
- Port \
- PreferredAuthentications \
- Protocol \
- ProxyCommand \
- ProxyJump \
- ProxyUseFdpass \
- PubkeyAcceptedKeyTypes \
- PubkeyAuthentication \
- RekeyLimit \
- RemoteForward \
- RequestTTY \
- RevokedHostKeys \
- RhostsRSAAuthentication \
- RSAAuthentication \
- SendEnv \
- ServerAliveCountMax \
- ServerAliveInterval \
- StreamLocalBindMask \
- StreamLocalBindUnlink \
- StrictHostKeyChecking \
- TCPKeepAlive \
- Transport \
- Tunnel \
- TunnelDevice \
- UpdateHostKeys \
- UsePrivilegedPort \
- User \
- UserKnownHostsFile \
- VerifyHostKeyDNS \
- VisualHostKey \
- XAuthLocation \
- \
- AFSTokenPassing \
- FallBackToRsh \
- KeepAlive \
- KerberosAuthentication \
- KerberosTgtPassing \
- PreferredAuthentications \
- ProtocolKeepAlives \
- RhostsAuthentication \
- SetupTimeOut \
- SmartcardDevice \
- UseRsh \
- && ret=0
- fi
- ;;
- forward)
- local port=false host=false listen=false bind=false
- if compset -P 1 '*:'; then
- if [[ $IPREFIX != (*=|)<-65535>: ]]; then
- if compset -P 1 '*:'; then
- if compset -P '*:'; then
- port=true
- else
- host=true
- fi
- else
- listen=true
- ret=0
- fi
- else
- if compset -P '*:'; then
- port=true
- else
- host=true
- fi
- fi
- else
- listen=true
- bind=true
- fi
- $port && { _message -e port-numbers 'port number'; ret=0 }
- $listen && { _message -e port-numbers 'listen-port number'; ret=0 }
- $host && { _wanted hosts expl host _ssh_hosts -S: && ret=0 }
- $bind && { _wanted bind-addresses expl bind-address _bind_addresses -S: && ret=0 }
- return ret
- ;;
- dynforward)
- _message -e port-numbers 'listen-port number'
- if ! compset -P '*:'; then
- _wanted bind-addresses expl bind-address _bind_addresses -qS:
- fi
- return 0
- ;;
- hostport)
- if compset -P '*:'; then
- _message -e port-numbers 'port number'
- ret=0
- else
- _wanted hosts expl host _ssh_hosts -S: && ret=0
- fi
- return ret
- ;;
- macs)
- _values -s , 'MAC algorithms' hmac-md5 hmac-sha1 umac-64@openssh.com \
- hmac-ripemd160 hmac-sha1-96 hmac-md5-96 hmac-sha2-256 \
- hmac-sha2-256-96 hmac-sha2-512 hmac-sha2-512-96 && ret=0
- ;;
- command)
- local -a _comp_priv_prefix
- shift 1 words
- (( CURRENT-- ))
- _normal
- return
- ;;
- userhost)
- if compset -P '*@'; then
- _wanted hosts expl 'remote host name' _ssh_hosts && ret=0
- elif compset -S '@*'; then
- _wanted users expl 'login name' _ssh_users -S '' && ret=0
- else
- if (( $+opt_args[-l] )); then
- tmp=()
- else
- tmp=( 'users:login name:_ssh_users -qS@' )
- fi
- _alternative \
- 'hosts:remote host name:_ssh_hosts' \
- "$tmp[@]" && ret=0
- fi
- ;;
- file)
- if compset -P 1 '[^./][^/]#:'; then
- _remote_files -- ssh ${(kv)~opt_args[(I)-[FP1246]]/-P/-p} && ret=0
- elif compset -P 1 '*@'; then
- suf=( -S '' )
- compset -S ':*' || suf=( -r: -S: )
- _wanted hosts expl 'remote host name' _ssh_hosts $suf && ret=0
- else
- _alternative \
- 'files:: _files' \
- 'hosts:remote host name:_ssh_hosts -r: -S:' \
- 'users:user:_ssh_users -qS@' && ret=0
- fi
- ;;
- rfile)
- if compset -P 1 '*:'; then
- _remote_files -- ssh && ret=0
- elif compset -P 1 '*@'; then
- _wanted hosts expl host _ssh_hosts -r: -S: && ret=0
- else
- _alternative \
- 'hosts:remote host name:_ssh_hosts -r: -S:' \
- 'users:user:_ssh_users -qS@' && ret=0
- fi
- ;;
- esac
- done
-
- return ret
-}
-
-_ssh_users () {
- _combination -s '[:@]' my-accounts users-hosts users "$@"
-}
-
-_ssh_hosts () {
- local -a config_hosts
- local config
- integer ind
-
- # If users-hosts matches, we shouldn't complete anything else.
- if [[ "$IPREFIX" == *@ ]]; then
- _combination -s '[:@]' my-accounts users-hosts "users=${IPREFIX/@}" hosts "$@" && return
- else
- _combination -s '[:@]' my-accounts users-hosts \
- ${opt_args[-l]:+"users=${opt_args[-l]:q}"} hosts "$@" && return
- fi
- if (( ind = ${words[(I)-F]} )); then
- config=${~words[ind+1]} 2>/dev/null
- else
- config="$HOME/.ssh/config"
- fi
- if [[ -r $config ]]; then
- local key line host
- local -a lines=("${(@f)$(<"$config")}") 2>/dev/null
- while (($#lines)); do
- IFS=$'=\t ' read -r key line <<<"${lines[1]}"
- case "$key" in
- ((#i)include)
- lines[1]=("${(@f)$(cd $HOME/.ssh; cat ${(z)~line})}") 2>/dev/null;;
- ((#i)host(|name))
- for host in ${(z)line}; do
- case $host in
- (*[*?]*) ;;
- (*) config_hosts+=("$host") ;;
- esac
- done ;&
- (*) shift lines;;
- esac
- done
- if (( ${#config_hosts} )); then
- _wanted hosts expl 'remote host name' \
- compadd -M 'm:{a-zA-Z}={A-Za-z} r:|.=* r:|=*' "$@" $config_hosts
- fi
- fi
-}
-
-_ssh "$@"
diff --git a/redbaron/data/certificates/.gitignore b/redbaron/data/certificates/.gitignore
deleted file mode 100644
index c96a04f..0000000
--- a/redbaron/data/certificates/.gitignore
+++ /dev/null
@@ -1,2 +0,0 @@
-*
-!.gitignore
\ No newline at end of file
diff --git a/redbaron/data/playbooks/git-clone2.yml b/redbaron/data/playbooks/git-clone2.yml
new file mode 100644
index 0000000..bc72aae
--- /dev/null
+++ b/redbaron/data/playbooks/git-clone2.yml
@@ -0,0 +1,19 @@
+#Works on localhost ok
+- hosts: localhost
+ gather_facts: True
+ check_mode: no
+ tasks:
+ - name: Add a public IP address to the in-memory inventory
+ add_host:
+ name: "{{ host }}"
+ groups: all
+
+ - local_action: wait_for port=22 host="{{ host }}" search_regex=OpenSSH delay=10
+ - name: git clone Impacket
+ git:
+ repo: https://github.com/CoreSecurity/impacket.git
+ dest: /tmp/impacket
+ - name: git clone CME
+ git:
+ repo: https://github.com/byt3bl33d3r/CrackMapExec
+ dest: /tmp/cme
\ No newline at end of file
diff --git a/redbaron/data/playbooks/playbook1.yml b/redbaron/data/playbooks/playbook1.yml
new file mode 100644
index 0000000..a59d31d
--- /dev/null
+++ b/redbaron/data/playbooks/playbook1.yml
@@ -0,0 +1,15 @@
+- name: Network Getting Started First Playbook
+ gather_facts: false
+ hosts: all
+ tasks:
+ - name: Install git
+ apt:
+ name: git
+ state: present
+ update_cache: yes
+ become: true
+ - name: git clone Impacket
+ git:
+ repo: https://github.com/CoreSecurity/impacket.git
+ dest: /tmp/impacket
+ become: true
\ No newline at end of file
diff --git a/redbaron/data/plugins/plugins-folder.md b/redbaron/data/plugins/plugins-folder.md
deleted file mode 100644
index 1581e25..0000000
--- a/redbaron/data/plugins/plugins-folder.md
+++ /dev/null
@@ -1 +0,0 @@
-The Folder that contains the Plugins for the extra functionality that terraform does not have.
\ No newline at end of file
diff --git a/redbaron/data/plugins/terraform-provider-godaddy_v1.7.3_x4 b/redbaron/data/plugins/terraform-provider-godaddy_v1.7.3_x4
new file mode 100644
index 0000000..ffb8760
Binary files /dev/null and b/redbaron/data/plugins/terraform-provider-godaddy_v1.7.3_x4 differ
diff --git a/redbaron/data/scripts/gophish.sh b/redbaron/data/scripts/gophish.sh
index 37501b5..a7eba28 100644
--- a/redbaron/data/scripts/gophish.sh
+++ b/redbaron/data/scripts/gophish.sh
@@ -1,4 +1,5 @@
#!/bin/bash
+
#install Go
wget https://dl.google.com/go/go1.12.5.linux-amd64.tar.gz
tar -xvf go1.12.5.linux-amd64.tar.gz
@@ -10,25 +11,23 @@ export GOPATH=/opt/goapps
export PATH=$GOPATH/bin:$GOROOT/bin:$PATH
go version
go env
+
#Install Gophish
go get github.com/gophish/gophish
cd /opt/goapps/src/github.com/gophish/gophish
go build
sed -i 's/127.0.0.1/0.0.0.0/g' config.json # replace localhost to open
+
#gophish service
chmod +x /tmp/gophish.sh
systemctl start gophish.service
+
#Update .profile file
echo "export GOROOT=/usr/local/go" >> /root/.profile
echo "export GOPATH=/opt/goapps" >> /root/.profile
echo "export PATH=$GOPATH/bin:$GOROOT/bin:$PATH" >> /root/.profile
source /root/.profile
+
#create readme file
echo "systemctl start gophish.service (start the service)" >> /root/README.txt
-echo "systemctl stop gophish.service (stop the service)" >> /root/README.txt
-#file: /lib/systemd/system/gophish.service
-#file: /root/gophish.sh
-#systemctl start gophish.service (start the service)
-#systemctl stop gophish.service (stop the service)
-#/opt/goapps/src/github.com/gophish/gophish/config.json
-#listen_url": "0.0.0.0:3333", must change to this!
\ No newline at end of file
+echo "systemctl stop gophish.service (stop the service)" >> /root/README.txt
\ No newline at end of file
diff --git a/redbaron/data/scripts/iredmail.sh b/redbaron/data/scripts/iredmail.sh
index 7ef17e4..8806224 100644
--- a/redbaron/data/scripts/iredmail.sh
+++ b/redbaron/data/scripts/iredmail.sh
@@ -1,10 +1,10 @@
#bin/bash
-wget https://github.com/iredmail/iRedMail/archive/1.1.tar.gz
+wget https://github.com/iredmail/iRedMail/archive/1.2.1.tar.gz
-tar -xf 1.1.tar.gz
+tar -xf 1.2.1.tar.gz
-cd iRedMail-1.1
+cd iRedMail-1.2.1
echo -e "AUTO_USE_EXISTING_CONFIG_FILE=y \
\nAUTO_INSTALL_WITHOUT_CONFIRM=y \
diff --git a/redbaron/data/scripts/tools/empire.sh b/redbaron/data/scripts/tools/empire.sh
index 443bad7..406f5cf 100644
--- a/redbaron/data/scripts/tools/empire.sh
+++ b/redbaron/data/scripts/tools/empire.sh
@@ -1,50 +1,4 @@
#!/bin/bash
-
-# I just want to point out it took longer to get Empire to install correctly than actually coding this whole freaking thing
-
-git clone https://github.com/EmpireProject/Empire
-cd Empire/setup
-sudo apt-get install -y make g++ python-dev python-m2crypto swig python-pip libxml2-dev default-jdk libffi-dev libssl1.0-dev zlib1g-dev
-sudo pip install --upgrade urllib3
-sudo pip install setuptools
-sudo pip install pycrypto
-sudo pip install iptools
-sudo pip install pydispatcher
-sudo pip install flask
-sudo pip install macholib
-sudo pip install dropbox
-sudo pip install cryptography
-sudo pip install pyOpenSSL
-sudo pip install 'pyopenssl==17.2.0'
-sudo pip install zlib_wrapper
-sudo pip install netifaces
-sudo pip install M2Crypto
-
-# Install PowerShell
-wget http://archive.ubuntu.com/ubuntu/pool/main/i/icu/libicu52_52.1-3_amd64.deb
-wget http://ftp.debian.org/debian/pool/main/o/openssl/libssl1.0.0_1.0.1t-1+deb8u6_amd64.deb
-sudo dpkg -i libicu52_52.1-3_amd64.deb
-sudo dpkg -i libssl1.0.0_1.0.1t-1+deb8u6_amd64.deb
-curl https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add -
-curl https://packages.microsoft.com/config/ubuntu/14.04/prod.list | sudo tee /etc/apt/sources.list.d/microsoft.list
-sudo apt-get update
-sudo apt-get install -y powershell
-sudo rm /opt/microsoft/powershell/*/DELETE_ME_TO_DISABLE_CONSOLEHOST_TELEMETRY
-sudo mkdir -p /usr/local/share/powershell/Modules
-sudo cp -r ../lib/powershell/Invoke-Obfuscation /usr/local/share/powershell/Modules
-
-# Install bomutils and xar
-tar -xvf ../data/misc/xar-1.5.2.tar.gz
-(cd xar-1.5.2 && ./configure)
-(cd xar-1.5.2 && make)
-(cd xar-1.5.2 && sudo make install)
-git clone https://github.com/hogliux/bomutils.git
-(cd bomutils && make)
-(cd bomutils && sudo make install)
-chmod 755 bomutils/build/bin/mkbom
-sudo cp bomutils/build/bin/mkbom /usr/local/bin/mkbom
-
-# Setup database and cert
-export STAGING_KEY="RANDOM"
-./setup_database.py
-./cert.sh
\ No newline at end of file
+git clone https://github.com/BC-SECURITY/Empire.git
+cd Empire
+ sudo ./setup/install.sh <<< "RandomSTRING"
\ No newline at end of file
diff --git a/redbaron/data/scripts/tools/godoh.sh b/redbaron/data/scripts/tools/godoh.sh
new file mode 100644
index 0000000..5681bbf
--- /dev/null
+++ b/redbaron/data/scripts/tools/godoh.sh
@@ -0,0 +1,37 @@
+#!/bin/bash
+
+#install Go
+
+wget https://dl.google.com/go/go1.12.5.linux-amd64.tar.gz
+tar -xvf go1.12.5.linux-amd64.tar.gz
+mv go /usr/local
+rm go1.12.5.linux-amd64.tar.gz
+cd /opt && mkdir goapps && cd goapps
+export GOROOT=/usr/local/go #its better to change the .profile file of root
+export GOPATH=/opt/goapps
+export PATH=$GOPATH/bin:$GOROOT/bin:$PATH
+go version
+go env
+
+#Update .profile file
+
+echo "export GOROOT=/usr/local/go" >> /root/.profile
+echo "export GOPATH=/opt/goapps" >> /root/.profile
+echo "export PATH=$GOPATH/bin:$GOROOT/bin:$PATH" >> /root/.profile
+
+#Installation of go-dep
+
+wget http://tw.archive.ubuntu.com/ubuntu/pool/universe/g/go-dep/go-dep_0.5.4-2_amd64.deb
+dpkg -i go-dep_0.5.4-2_amd64.deb
+
+#Installation of goDoH/
+
+git clone https://github.com/sensepost/goDoH.git /opt/goapps/src/github.com/goDoH
+cd /opt/goapps/src/github.com/goDoH && dep init
+cd /opt/goapps/src/github.com/goDoH && dep ensure
+cd /opt/goapps/src/github.com/goDoH && make key
+cd /opt/goapps/src/github.com/goDoH && mkdir upx_temp
+cd /opt/goapps/src/github.com/goDoH/upx_temp && wget https://github.com/upx/upx/releases/download/v3.95/upx-3.95-amd64_linux.tar.xz
+cd /opt/goapps/src/github.com/goDoH/upx_temp && tar xf upx-3.95-amd64_linux.tar.xz
+mv /opt/goapps/src/github.com/goDoH/upx_temp/upx-3.95-amd64_linux/upx /usr/local/bin
+cd /opt/goapps/src/github.com/goDoH/ && make
diff --git a/redbaron/data/ssh_configs/.gitignore b/redbaron/data/ssh_configs/.gitignore
deleted file mode 100644
index c96a04f..0000000
--- a/redbaron/data/ssh_configs/.gitignore
+++ /dev/null
@@ -1,2 +0,0 @@
-*
-!.gitignore
\ No newline at end of file
diff --git a/redbaron/data/ssh_keys/.gitignore b/redbaron/data/ssh_keys/.gitignore
deleted file mode 100644
index c96a04f..0000000
--- a/redbaron/data/ssh_keys/.gitignore
+++ /dev/null
@@ -1,2 +0,0 @@
-*
-!.gitignore
\ No newline at end of file
diff --git a/redbaron/modules/ansible/README.md b/redbaron/modules/ansible/README.md
index e9da297..34f648c 100644
--- a/redbaron/modules/ansible/README.md
+++ b/redbaron/modules/ansible/README.md
@@ -2,37 +2,20 @@
Runs an ansible playbook on a specific resource
-# Example
-
-```hcl
-module "ansible" {
- source = "./modules/ansible"
-
- user = "${http_c2.ssh_user}"
- ip = "${http_c2.ips[0]}"
- playbook = "/path/to/playbook.yml"
-}
-```
-
# Arguments
-| Name | Required | Value Type | Description
-|---------------------------| -------- | ---------- | -----------
-|`user` | Yes | String | User to authenticate as over SSH
-|`ip` | Yes | String | Host to run playbook on
-|`playbook` | Yes | String | Playbook to run
-|`arguments` | No | List | Additional Ansible arguments
-|`envs` | No | List | Environment variable to pass to Ansible
+| Name | Value Type | Description
+|---------------------------| ------------ | -----------
+|`playbook` | String | Playbook to run
+|`ip` | String | Host to run playbook on
+|`user` | String | User to authenticate as over SSH
+|`arguments` | List(string) | Additional Ansible arguments
+|`envs` | List(string) | Environment variable to pass to Ansible
# Outputs
-| Name | Value Type | Description
-|---------------------------| ---------- | -----------
-|`arguments` | List | Additional Ansible arguments
-|`envs` | List | Environment variable to pass to Ansible
-
-
-# Credits
-
-Most of the code for this module was stolen from https://github.com/cloudposse/terraform-null-ansible
+| Name | Value Type | Description
+|---------------------------| ------------ | -----------
+|`arguments` | List(string) | Additional Ansible arguments
+|`envs` | List(string) | Environment variable to pass to Ansible
diff --git a/redbaron/modules/ansible/main.tf b/redbaron/modules/ansible/main.tf
index 663e360..5131c3f 100644
--- a/redbaron/modules/ansible/main.tf
+++ b/redbaron/modules/ansible/main.tf
@@ -1,17 +1,12 @@
-terraform {
- required_version = ">= 0.11.0"
-}
-
resource "null_resource" "ansible_provisioner" {
-
- triggers {
- policy_sha1 = "${sha1(file(var.playbook))}"
+ triggers = {
+ policy_sha1 = filesha1(var.playbook)
}
provisioner "local-exec" {
- command = "ansible-playbook ${join(" ", compact(var.arguments))} --user=${var.user} --private-key=./data/ssh_keys/${var.ip} -e host=${var.ip}${join(" -e ", compact(var.envs))} ${var.playbook}"
+ command = "ansible-playbook --private-key=ssh_keys/${var.ip} --user ${var.user} -i ${var.ip}, ${var.playbook} -e ansible_python_interpreter=/usr/bin/python3"
- environment {
+ environment = {
ANSIBLE_HOST_KEY_CHECKING = "False"
}
}
@@ -19,4 +14,5 @@ resource "null_resource" "ansible_provisioner" {
lifecycle {
create_before_destroy = true
}
-}
\ No newline at end of file
+}
+
diff --git a/redbaron/modules/ansible/outputs.tf b/redbaron/modules/ansible/outputs.tf
index 9bf3a48..97f0148 100644
--- a/redbaron/modules/ansible/outputs.tf
+++ b/redbaron/modules/ansible/outputs.tf
@@ -1,9 +1,10 @@
output "arguments" {
- value = "${var.arguments}"
+ value = var.arguments
description = "Arguments"
}
output "envs" {
- value = "${var.envs}"
+ value = var.envs
description = "Environment variables"
-}
\ No newline at end of file
+}
+
diff --git a/redbaron/modules/ansible/variables.tf b/redbaron/modules/ansible/variables.tf
index ca124b8..f57e4fa 100644
--- a/redbaron/modules/ansible/variables.tf
+++ b/redbaron/modules/ansible/variables.tf
@@ -7,25 +7,18 @@ variable "ip" {
}
variable "user" {
- default = "root"
description = "User to authenticate as"
}
variable "arguments" {
- default = []
- type = "list"
+ default = []
+ type = list(string)
description = "Arguments"
}
variable "envs" {
- default = []
- type = "list"
+ default = []
+ type = list(string)
description = "Environment variables"
}
-/*
-variable "dry_run" {
- default = true
- description = "Do dry run"
-}
-*/
\ No newline at end of file
diff --git a/redbaron/modules/ansible/versions.tf b/redbaron/modules/ansible/versions.tf
new file mode 100644
index 0000000..ac97c6a
--- /dev/null
+++ b/redbaron/modules/ansible/versions.tf
@@ -0,0 +1,4 @@
+
+terraform {
+ required_version = ">= 0.12"
+}
diff --git a/redbaron/modules/aws/create-dns-record/README.md b/redbaron/modules/aws/create-dns-record/README.md
index 59c5323..d13d2ab 100644
--- a/redbaron/modules/aws/create-dns-record/README.md
+++ b/redbaron/modules/aws/create-dns-record/README.md
@@ -2,36 +2,20 @@
Adds records to a domain using AWS Route53
-# Example
-
-```hcl
-module "create_a_record" {
- source = "./modules/aws/create-dns-record"
-
- type = "A"
- name = "@"
- records = {
- "domain.com" = "192.168.0.1"
- "test.domain.com" = "192.168.0.2"
- }
- zone = "zoneID"
-}
-```
-
# Arguments
-| Name | Required | Value Type | Description
-|---------------------------| -------- | ---------- | -----------
-|`type` | Yes | String | The record type to add. Valid values are A, AAAA, CAA, CNAME, MX, NAPTR, NS, PTR, SOA, SPF, SRV and TXT.
-|`records` | Yes | Map | A map of records to add. Domains as keys and IPs as values.
-|`zone` | Yes | String | AWS ZoneID of the Route53 for that domain
-|`name` | Yes | String | Use @ to create the record at the root of the domain or enter a hostname to create it elsewhere. A records are for IPv4 addresses only and tell a request where your domain should direct to.
-|`count` | No | Integer | Number of records to add. Default value is 1
-|`ttl` | No | Integer | The TTL of the record(s). Default value is 300
+| Name | Value Type | Description
+|---------------------------| ---------- | -----------
+|`type` | String | The record type to add. Valid values are A, AAAA, CAA, CNAME, MX, NAPTR, NS, PTR, SOA, SPF, SRV and TXT.
+|`name` | String | Use @ to create the record at the root of the domain or enter a hostname to create it elsewhere. A records are for IPv4 addresses only and tell a request where your domain should direct to.
+|`counter` | Integer | Number of records to add. Default value is 1
+|`ttl` | Integer | The TTL of the record(s). Default value is 300
+|`records` | Map(any) | A map of records to add. Domains as keys and IPs as values.
+|`zone` | String | AWS ZoneID of the Route53 for that domain
# Outputs
| Name | Value Type | Description
|---------------------------| ---------- | -----------
-|`records` | Map | Map containing the records added to the domain. Domains as keys and IPs as values.
+|`records` | Map(any) | Map containing the records added to the domain. Domains as keys and IPs as values.
diff --git a/redbaron/modules/aws/create-dns-record/main.tf b/redbaron/modules/aws/create-dns-record/main.tf
index 4cebe27..45b85f1 100644
--- a/redbaron/modules/aws/create-dns-record/main.tf
+++ b/redbaron/modules/aws/create-dns-record/main.tf
@@ -1,13 +1,20 @@
-terraform {
- required_version = ">= 0.11.0"
+# Time delay
+resource "null_resource" "previous" {}
+
+resource "time_sleep" "wait_60_seconds" {
+ depends_on = [null_resource.previous]
+
+ create_duration = "60s"
}
# Add a record to the domain
resource "aws_route53_record" "record" {
- count = "${var.counter}"
- zone_id = "${var.zone}"
- name = "${element(keys(var.records), count.index)}"
- type = "${var.type}"
- ttl = "${var.ttl}"
- records = ["${lookup(var.records, element(keys(var.records), count.index))}"]
+ count = var.counter
+ zone_id = var.zone
+ name = var.name
+ type = var.type
+ ttl = var.ttl
+ records = var.records[element(keys(var.records), count.index)]
+ depends_on = [time_sleep.wait_60_seconds]
}
+
diff --git a/redbaron/modules/aws/create-dns-record/outputs.tf b/redbaron/modules/aws/create-dns-record/outputs.tf
index 4e0b481..9a675bd 100644
--- a/redbaron/modules/aws/create-dns-record/outputs.tf
+++ b/redbaron/modules/aws/create-dns-record/outputs.tf
@@ -1,3 +1,4 @@
output "records" {
- value = "${var.records}"
-}
\ No newline at end of file
+ value = var.records
+}
+
diff --git a/redbaron/modules/aws/create-dns-record/variables.tf b/redbaron/modules/aws/create-dns-record/variables.tf
index 9691e19..bfa9ac5 100644
--- a/redbaron/modules/aws/create-dns-record/variables.tf
+++ b/redbaron/modules/aws/create-dns-record/variables.tf
@@ -1,6 +1,8 @@
-variable "type" {}
+variable "type" {
+}
-variable "name" {}
+variable "name" {
+}
variable "counter" {
default = 1
@@ -11,17 +13,10 @@ variable "ttl" {
}
variable "records" {
- type = "map"
+ type = map(any)
default = {}
}
-variable "txt_records" {
- type = "list"
- default = []
-}
-
-variable "priority" {
- default = "10"
+variable "zone" {
}
-variable "zone" {}
diff --git a/redbaron/modules/aws/create-dns-record/versions.tf b/redbaron/modules/aws/create-dns-record/versions.tf
new file mode 100644
index 0000000..ac97c6a
--- /dev/null
+++ b/redbaron/modules/aws/create-dns-record/versions.tf
@@ -0,0 +1,4 @@
+
+terraform {
+ required_version = ">= 0.12"
+}
diff --git a/redbaron/modules/aws/create-dns-txt-record/README.md b/redbaron/modules/aws/create-dns-txt-record/README.md
index 979102f..e739dfb 100644
--- a/redbaron/modules/aws/create-dns-txt-record/README.md
+++ b/redbaron/modules/aws/create-dns-txt-record/README.md
@@ -2,31 +2,15 @@
Adds records to a domain using AWS Route53
-# Example
-
-```hcl
-module "create_a_record" {
- source = "./modules/aws/create-dns-record"
-
- type = "TXT"
- name = ""
- records = {
- "domain.com" = "192.168.0.1"
- "test.domain.com" = "192.168.0.2"
- }
- zone = "zoneID"
-}
-```
-
# Arguments
-| Name | Required | Value Type | Description
-|---------------------------| -------- | ---------- | -----------
-|`type` | Yes | String | The record type to add. Valid values are A, AAAA, CAA, CNAME, MX, NAPTR, NS, PTR, SOA, SPF, SRV and TXT.
-|`records` | Yes | Map | A map of records to add. Domains as keys and IPs as values.
-|`zone` | Yes | String | AWS ZoneID of the Route53 for that domain
-|`name` | Yes | String | Use @ to create the record at the root of the domain or enter a hostname to create it elsewhere. A records are for IPv4 addresses only and tell a request where your domain should direct to.
-|`ttl` | No | Integer | The TTL of the record(s). Default value is 300
+| Name | Value Type | Description
+|---------------------------| ------------ | -----------
+|`type` | String | The record type to add. Valid values are A, AAAA, CAA, CNAME, MX, NAPTR, NS, PTR, SOA, SPF, SRV and TXT.
+|`name` | String | Use @ to create the record at the root of the domain or enter a hostname to create it elsewhere. A records are for IPv4 addresses only and tell a request where your domain should direct to.
+|`ttl` | Integer | The TTL of the record(s). Default value is 300
+|`records` | List(string) | A map of records to add. Domains as keys and IPs as values.
+|`zone` | String | AWS ZoneID of the Route53 for that domain
# Outputs
diff --git a/redbaron/modules/aws/create-dns-txt-record/main.tf b/redbaron/modules/aws/create-dns-txt-record/main.tf
index 1cbaabd..4ff1a9f 100644
--- a/redbaron/modules/aws/create-dns-txt-record/main.tf
+++ b/redbaron/modules/aws/create-dns-txt-record/main.tf
@@ -1,12 +1,19 @@
-terraform {
- required_version = ">= 0.11.0"
+# Time delay
+resource "null_resource" "previous" {}
+
+resource "time_sleep" "wait_60_seconds" {
+ depends_on = [null_resource.previous]
+
+ create_duration = "60s"
}
+# Add a TXT record to the domain
resource "aws_route53_record" "dev-ns" {
- zone_id = "${var.zone}"
- name = "${var.name}"
- type = "${var.type}"
- ttl = "${var.ttl}"
-
- records = "${var.records}"
+ zone_id = var.zone
+ name = var.name
+ type = var.type
+ ttl = var.ttl
+ records = var.records
+ depends_on = [time_sleep.wait_60_seconds]
}
+
diff --git a/redbaron/modules/aws/create-dns-txt-record/outputs.tf b/redbaron/modules/aws/create-dns-txt-record/outputs.tf
index 4e0b481..9a675bd 100644
--- a/redbaron/modules/aws/create-dns-txt-record/outputs.tf
+++ b/redbaron/modules/aws/create-dns-txt-record/outputs.tf
@@ -1,3 +1,4 @@
output "records" {
- value = "${var.records}"
-}
\ No newline at end of file
+ value = var.records
+}
+
diff --git a/redbaron/modules/aws/create-dns-txt-record/variables.tf b/redbaron/modules/aws/create-dns-txt-record/variables.tf
index 57d09a7..ac89c5e 100644
--- a/redbaron/modules/aws/create-dns-txt-record/variables.tf
+++ b/redbaron/modules/aws/create-dns-txt-record/variables.tf
@@ -1,9 +1,7 @@
-variable "type" {}
-
-variable "name" {}
+variable "type" {
+}
-variable "counter" {
- default = 1
+variable "name" {
}
variable "ttl" {
@@ -11,8 +9,10 @@ variable "ttl" {
}
variable "records" {
- type = "list"
+ type = list(string)
default = []
}
-variable "zone" {}
+variable "zone" {
+}
+
diff --git a/redbaron/modules/aws/create-dns-txt-record/versions.tf b/redbaron/modules/aws/create-dns-txt-record/versions.tf
new file mode 100644
index 0000000..ac97c6a
--- /dev/null
+++ b/redbaron/modules/aws/create-dns-txt-record/versions.tf
@@ -0,0 +1,4 @@
+
+terraform {
+ required_version = ">= 0.12"
+}
diff --git a/redbaron/modules/aws/create-hosted-zone/README.md b/redbaron/modules/aws/create-hosted-zone/README.md
index aabbf9a..fc3ffc0 100644
--- a/redbaron/modules/aws/create-hosted-zone/README.md
+++ b/redbaron/modules/aws/create-hosted-zone/README.md
@@ -2,32 +2,17 @@
Creates a hosted zone for a domain in AWS Route53.
-# Example
-
-```hcl
-module "create_hosted_zone" {
- source = "./modules/aws/create-hosted-zone"
-
- public_hosted_zones = ["domain.com"]
-
- tags = {
- Environment = "prod"
- Infrastructure = "core"
- Owner = "terraform"
- Project = "zones-public"
- }
-
- comment = "Managed by Terraform"
-}
-```
-
# Arguments
-| Name | Required | Value Type | Description
-|---------------------------| -------- | ---------- | -----------
-|`public_hosted_zones` | Yes | Map | The domain to create a hosted zone for.
-|`tags` | Yes | List | Choose who ise the owner of the hosted Zones, environment etc.
-|`commnet` | Yes | String | Comments to be added in the Route53
+| Name | Value Type | Description
+|---------------------------| ---------- | -----------
+|`public_hosted_zones` | List(string) | The domain to create a hosted zone for.
+|`delegation_set_name` | String | Create a shared delegation set among specefied hosted zones domains if not empty. (nmutually exclusive to 'delegation_set_id').
+|`delegation_set_id` | String | Assign specified hosted zones to a delegation set specified by ID if not empty. (mutually exclusive to 'delegation_set_reference_name').
+|`custom_subdomain_ns` | List(string) | Hosted zones for subdomains require nameserver to be specified explicitly. You can use this variable to add a list of custom nameserver IP addresses. If left empty it will be populated by four AWS default nameserver.
+|`default_subdomain_ns_ttl` | String | Hosted zones for subdomains require nameserver to be specified explicitly. This sets their default TTL.
+|`tags` | Map(string) | The resource tags that should be added to all hosted zone resources.
+|`comment` | String | Comments to be added in the Route53
# Outputs
diff --git a/redbaron/modules/aws/create-hosted-zone/locals.tf b/redbaron/modules/aws/create-hosted-zone/locals.tf
index 5d5e3a4..45f93e6 100644
--- a/redbaron/modules/aws/create-hosted-zone/locals.tf
+++ b/redbaron/modules/aws/create-hosted-zone/locals.tf
@@ -3,10 +3,10 @@
# -------------------------------------------------------------------------------------------------
locals {
- is_name_delegated = "${var.delegation_set_name != "" && var.delegation_set_id == "" ? true : false}"
- is_id_delegated = "${var.delegation_set_name == "" && var.delegation_set_id != "" ? true : false}"
- is_undelegated = "${var.delegation_set_name == "" && var.delegation_set_id == "" ? true : false}"
- is_custom_ns = "${length(var.custom_subdomain_ns) != 0 ? true : false}"
+ is_name_delegated = var.delegation_set_name != "" && var.delegation_set_id == "" ? true : false
+ is_id_delegated = var.delegation_set_name == "" && var.delegation_set_id != "" ? true : false
+ is_undelegated = var.delegation_set_name == "" && var.delegation_set_id == "" ? true : false
+ is_custom_ns = length(var.custom_subdomain_ns) != 0 ? true : false
}
# -------------------------------------------------------------------------------------------------
@@ -19,40 +19,38 @@ locals {
#
# Compact will remove any empty elements (previously included either domains or subdomains)
# flatten will convert [map('key' => val),..] into flat list without 'key'
- public_domains = "${compact(flatten(null_resource.public_domains.*.triggers.key))}"
+ public_domains = compact(flatten(null_resource.public_domains.*.triggers.key))
- public_subdomains = "${compact(flatten(null_resource.public_subdomains.*.triggers.key))}"
+ public_subdomains = compact(flatten(null_resource.public_subdomains.*.triggers.key))
}
resource "null_resource" "public_domains" {
- count = "${length(var.public_hosted_zones)}"
+ count = length(var.public_hosted_zones)
- triggers = "${map("key",
- replace(
+ triggers = {
+ "key" = replace(
var.public_hosted_zones[count.index],
"/^[-_A-Za-z0-9]+\\.[A-Za-z0-9]+$/",
- ""
+ "",
) == "" ? var.public_hosted_zones[count.index] : ""
- )}"
+ }
}
resource "null_resource" "public_subdomains" {
- count = "${length(var.public_hosted_zones)}"
+ count = length(var.public_hosted_zones)
- triggers = "${map("key",
- replace(
+ triggers = {
+ "key" = replace(
var.public_hosted_zones[count.index],
"/^[-_A-Za-z0-9]+\\.[A-Za-z0-9]+$/",
- ""
+ "",
) == "" ? "" : var.public_hosted_zones[count.index]
- )}"
+ }
}
# -------------------------------------------------------------------------------------------------
# Resource local mappings for outputs
# -------------------------------------------------------------------------------------------------
-
-
#locals {
# name_delegated_public_domains_ns = ["${null_resource.name_delegated_public_domains_ns.*.triggers.key}"]
# id_delegated_public_domains_ns = ["${null_resource.id_delegated_public_domains_ns.*.triggers.key}"]
diff --git a/redbaron/modules/aws/create-hosted-zone/main.tf b/redbaron/modules/aws/create-hosted-zone/main.tf
index be1787b..80c4293 100644
--- a/redbaron/modules/aws/create-hosted-zone/main.tf
+++ b/redbaron/modules/aws/create-hosted-zone/main.tf
@@ -2,202 +2,247 @@
# Create delegation set or gather existing one
# -------------------------------------------------------------------------------------------------
resource "aws_route53_delegation_set" "new" {
- count = "${local.is_name_delegated ? 1 : 0}"
+ count = local.is_name_delegated ? 1 : 0
- reference_name = "${var.delegation_set_name}"
+ reference_name = var.delegation_set_name
}
data "aws_route53_delegation_set" "existing" {
- count = "${local.is_id_delegated ? 1 : 0}"
+ count = local.is_id_delegated ? 1 : 0
- id = "${var.delegation_set_id}"
+ id = var.delegation_set_id
}
# -------------------------------------------------------------------------------------------------
# [Domains 1/3] Public Hosted Zones for Domains with delegation-set name
# -------------------------------------------------------------------------------------------------
resource "aws_route53_zone" "name_delegated_public_domains" {
- count = "${local.is_name_delegated ? length(local.public_domains) : 0}"
-
- name = "${local.public_domains[count.index]}"
- comment = "${var.comment}"
-
- delegation_set_id = "${aws_route53_delegation_set.new.id}"
-
- tags = "${merge(
- map("Name", local.public_domains[count.index]),
- map("Route53Delegated", "yes"),
- map("Route53DelegationName", var.delegation_set_name),
- map("Route53Type", "domain"),
- var.tags
- )}"
+ count = local.is_name_delegated ? length(local.public_domains) : 0
+
+ name = local.public_domains[count.index]
+ comment = var.comment
+
+ delegation_set_id = aws_route53_delegation_set.new[0].id
+
+ tags = merge(
+ {
+ "Name" = local.public_domains[count.index]
+ },
+ {
+ "Route53Delegated" = "yes"
+ },
+ {
+ "Route53DelegationName" = var.delegation_set_name
+ },
+ {
+ "Route53Type" = "domain"
+ },
+ var.tags,
+ )
}
# -------------------------------------------------------------------------------------------------
# [Domains 2/3] Public Hosted Zones for Domains with delegation-set ID
# -------------------------------------------------------------------------------------------------
resource "aws_route53_zone" "id_delegated_public_domains" {
- count = "${local.is_id_delegated ? length(local.public_domains) : 0}"
-
- name = "${local.public_domains[count.index]}"
- comment = "${var.comment}"
-
- delegation_set_id = "${var.delegation_set_id}"
-
- tags = "${merge(
- map("Name", local.public_domains[count.index]),
- map("Route53Delegated", "yes"),
- map("Route53DelegationId", var.delegation_set_id),
- map("Route53Type", "domain"),
- var.tags
- )}"
+ count = local.is_id_delegated ? length(local.public_domains) : 0
+
+ name = local.public_domains[count.index]
+ comment = var.comment
+
+ delegation_set_id = var.delegation_set_id
+
+ tags = merge(
+ {
+ "Name" = local.public_domains[count.index]
+ },
+ {
+ "Route53Delegated" = "yes"
+ },
+ {
+ "Route53DelegationId" = var.delegation_set_id
+ },
+ {
+ "Route53Type" = "domain"
+ },
+ var.tags,
+ )
}
# -------------------------------------------------------------------------------------------------
# [Domains 3/3] Public Hosted Zones for Domains without any delegation
# -------------------------------------------------------------------------------------------------
resource "aws_route53_zone" "undelegated_public_domains" {
- count = "${local.is_undelegated ? length(local.public_domains) : 0}"
-
- name = "${local.public_domains[count.index]}"
- comment = "${var.comment}"
-
- tags = "${merge(
- map("Name", local.public_domains[count.index]),
- map("Route53Delegated", "no"),
- map("Route53Type", "domain"),
- var.tags
- )}"
+ count = local.is_undelegated ? length(local.public_domains) : 0
+
+ name = local.public_domains[count.index]
+ comment = var.comment
+
+ tags = merge(
+ {
+ "Name" = local.public_domains[count.index]
+ },
+ {
+ "Route53Delegated" = "no"
+ },
+ {
+ "Route53Type" = "domain"
+ },
+ var.tags,
+ )
}
# -------------------------------------------------------------------------------------------------
# [Subdomains 1/3] Public Hosted Zones for Subomains with delegation-set name
# -------------------------------------------------------------------------------------------------
resource "aws_route53_zone" "name_delegated_public_subdomains" {
- count = "${local.is_name_delegated ? length(local.public_subdomains) : 0}"
-
- name = "${local.public_subdomains[count.index]}"
- comment = "${var.comment}"
-
- delegation_set_id = "${aws_route53_delegation_set.new.id}"
-
- tags = "${merge(
- map("Name", local.public_subdomains[count.index]),
- map("Route53Delegated", "yes"),
- map("Route53DelegationName", var.delegation_set_name),
- map("Route53Type", "subdomain"),
- var.tags
- )}"
+ count = local.is_name_delegated ? length(local.public_subdomains) : 0
+
+ name = local.public_subdomains[count.index]
+ comment = var.comment
+
+ delegation_set_id = aws_route53_delegation_set.new[0].id
+
+ tags = merge(
+ {
+ "Name" = local.public_subdomains[count.index]
+ },
+ {
+ "Route53Delegated" = "yes"
+ },
+ {
+ "Route53DelegationName" = var.delegation_set_name
+ },
+ {
+ "Route53Type" = "subdomain"
+ },
+ var.tags,
+ )
}
# -------------------------------------------------------------------------------------------------
# [Subdomains 2/3] Public Hosted Zones for Subomains with delegation-set ID
# -------------------------------------------------------------------------------------------------
resource "aws_route53_zone" "id_delegated_public_subdomains" {
- count = "${local.is_id_delegated ? length(local.public_subdomains) : 0}"
-
- name = "${local.public_subdomains[count.index]}"
- comment = "${var.comment}"
-
- delegation_set_id = "${var.delegation_set_id}"
-
- tags = "${merge(
- map("Name", local.public_subdomains[count.index]),
- map("Route53Delegated", "yes"),
- map("Route53DelegationId", var.delegation_set_id),
- map("Route53Type", "subdomain"),
- var.tags
- )}"
+ count = local.is_id_delegated ? length(local.public_subdomains) : 0
+
+ name = local.public_subdomains[count.index]
+ comment = var.comment
+
+ delegation_set_id = var.delegation_set_id
+
+ tags = merge(
+ {
+ "Name" = local.public_subdomains[count.index]
+ },
+ {
+ "Route53Delegated" = "yes"
+ },
+ {
+ "Route53DelegationId" = var.delegation_set_id
+ },
+ {
+ "Route53Type" = "subdomain"
+ },
+ var.tags,
+ )
}
# -------------------------------------------------------------------------------------------------
# [Subdomains 3/3] Public Hosted Zones for Subomains without any delegation
# -------------------------------------------------------------------------------------------------
resource "aws_route53_zone" "undelegated_public_subdomains" {
- count = "${local.is_undelegated ? length(local.public_subdomains) : 0}"
-
- name = "${local.public_subdomains[count.index]}"
- comment = "${var.comment}"
-
- tags = "${merge(
- map("Name", local.public_subdomains[count.index]),
- map("Route53Delegated", "no"),
- map("Route53Type", "subdomain"),
- var.tags
- )}"
+ count = local.is_undelegated ? length(local.public_subdomains) : 0
+
+ name = local.public_subdomains[count.index]
+ comment = var.comment
+
+ tags = merge(
+ {
+ "Name" = local.public_subdomains[count.index]
+ },
+ {
+ "Route53Delegated" = "no"
+ },
+ {
+ "Route53Type" = "subdomain"
+ },
+ var.tags,
+ )
}
# -------------------------------------------------------------------------------------------------
# [NS Records 1/3] Public Hosted Zone Subdomain NS Records with delegation-set name
# -------------------------------------------------------------------------------------------------
resource "aws_route53_record" "name_delegated_subdomains_ns_default" {
- count = "${local.is_name_delegated && !local.is_custom_ns ? length(local.public_subdomains) : 0}"
+ count = local.is_name_delegated && false == local.is_custom_ns ? length(local.public_subdomains) : 0
- zone_id = "${aws_route53_zone.name_delegated_public_subdomains.*.zone_id[count.index]}"
- name = "${local.public_subdomains[count.index]}"
+ zone_id = aws_route53_zone.name_delegated_public_subdomains[count.index].zone_id
+ name = local.public_subdomains[count.index]
type = "NS"
- ttl = "${var.default_subdomain_ns_ttl}"
+ ttl = var.default_subdomain_ns_ttl
- records = ["${aws_route53_zone.name_delegated_public_subdomains.*.name_servers[count.index]}"]
+ records = aws_route53_zone.name_delegated_public_subdomains[count.index].name_servers
}
resource "aws_route53_record" "name_delegated_subdomains_ns_custom" {
- count = "${local.is_name_delegated && local.is_custom_ns ? length(local.public_subdomains) : 0}"
+ count = local.is_name_delegated && local.is_custom_ns ? length(local.public_subdomains) : 0
- zone_id = "${aws_route53_zone.name_delegated_public_subdomains.*.zone_id[count.index]}"
- name = "${local.public_subdomains[count.index]}"
+ zone_id = aws_route53_zone.name_delegated_public_subdomains[count.index].zone_id
+ name = local.public_subdomains[count.index]
type = "NS"
- ttl = "${var.default_subdomain_ns_ttl}"
+ ttl = var.default_subdomain_ns_ttl
- records = "${var.custom_subdomain_ns}"
+ records = var.custom_subdomain_ns
}
# -------------------------------------------------------------------------------------------------
# [NS Records 2/3] Public Hosted Zone Subdomain NS Records with existing delegation-set ID
# -------------------------------------------------------------------------------------------------
resource "aws_route53_record" "id_delegated_subdomains_ns_default" {
- count = "${local.is_id_delegated && !local.is_custom_ns ? length(local.public_subdomains) : 0}"
+ count = local.is_id_delegated && false == local.is_custom_ns ? length(local.public_subdomains) : 0
- zone_id = "${aws_route53_zone.id_delegated_public_subdomains.*.zone_id[count.index]}"
- name = "${local.public_subdomains[count.index]}"
+ zone_id = aws_route53_zone.id_delegated_public_subdomains[count.index].zone_id
+ name = local.public_subdomains[count.index]
type = "NS"
- ttl = "${var.default_subdomain_ns_ttl}"
+ ttl = var.default_subdomain_ns_ttl
- records = ["${aws_route53_zone.id_delegated_public_subdomains.*.name_servers[count.index]}"]
+ records = aws_route53_zone.id_delegated_public_subdomains[count.index].name_servers
}
resource "aws_route53_record" "id_delegated_subdomains_ns_custom" {
- count = "${local.is_id_delegated && local.is_custom_ns ? length(local.public_subdomains) : 0}"
+ count = local.is_id_delegated && local.is_custom_ns ? length(local.public_subdomains) : 0
- zone_id = "${aws_route53_zone.id_delegated_public_subdomains.*.zone_id[count.index]}"
- name = "${local.public_subdomains[count.index]}"
+ zone_id = aws_route53_zone.id_delegated_public_subdomains[count.index].zone_id
+ name = local.public_subdomains[count.index]
type = "NS"
- ttl = "${var.default_subdomain_ns_ttl}"
+ ttl = var.default_subdomain_ns_ttl
- records = "${var.custom_subdomain_ns}"
+ records = var.custom_subdomain_ns
}
# -------------------------------------------------------------------------------------------------
# [NS Records 3/3] Public Hosted Zone Subdomain NS Records without any delegation
# -------------------------------------------------------------------------------------------------
resource "aws_route53_record" "undelegated_subdomains_ns_default" {
- count = "${local.is_undelegated && !local.is_custom_ns ? length(local.public_subdomains) : 0}"
+ count = local.is_undelegated && false == local.is_custom_ns ? length(local.public_subdomains) : 0
- zone_id = "${aws_route53_zone.undelegated_public_subdomains.*.zone_id[count.index]}"
- name = "${local.public_subdomains[count.index]}"
+ zone_id = aws_route53_zone.undelegated_public_subdomains[count.index].zone_id
+ name = local.public_subdomains[count.index]
type = "NS"
- ttl = "${var.default_subdomain_ns_ttl}"
+ ttl = var.default_subdomain_ns_ttl
- records = ["${aws_route53_zone.undelegated_public_subdomains.*.name_servers[count.index]}"]
+ records = aws_route53_zone.undelegated_public_subdomains[count.index].name_servers
}
resource "aws_route53_record" "undelegated_subdomains_ns_custom" {
- count = "${local.is_undelegated && local.is_custom_ns ? length(local.public_subdomains) : 0}"
+ count = local.is_undelegated && local.is_custom_ns ? length(local.public_subdomains) : 0
- zone_id = "${aws_route53_zone.undelegated_public_subdomains.*.zone_id[count.index]}"
- name = "${local.public_subdomains[count.index]}"
+ zone_id = aws_route53_zone.undelegated_public_subdomains[count.index].zone_id
+ name = local.public_subdomains[count.index]
type = "NS"
- ttl = "${var.default_subdomain_ns_ttl}"
+ ttl = var.default_subdomain_ns_ttl
- records = "${var.custom_subdomain_ns}"
+ records = var.custom_subdomain_ns
}
+
diff --git a/redbaron/modules/aws/create-hosted-zone/outputs.tf b/redbaron/modules/aws/create-hosted-zone/outputs.tf
index ce816ac..8cbef3e 100644
--- a/redbaron/modules/aws/create-hosted-zone/outputs.tf
+++ b/redbaron/modules/aws/create-hosted-zone/outputs.tf
@@ -4,32 +4,44 @@
output "created_delegation_set_id" {
description = "The ID of the shared delegation set applied to all zones that has been created by this module if it was specified by name."
- value = "${element(concat(aws_route53_delegation_set.new.*.id, list("")), 0)}"
+ value = element(concat(aws_route53_delegation_set.new.*.id, [""]), 0)
}
output "created_delegation_set_name" {
description = "The name of the shared delegation set applied to all zones that has been created by this module if it was specified by name."
- value = "${element(concat(aws_route53_delegation_set.new.*.reference_name, list("")), 0)}"
+ value = element(
+ concat(aws_route53_delegation_set.new.*.reference_name, [""]),
+ 0,
+ )
}
output "created_delegation_set_name_servers" {
description = "A list of name servers of the shared delegation set applied to all zones that has been created by this module if it was specified by name."
- value = ["${flatten(aws_route53_delegation_set.new.*.name_servers)}"]
+ value = [flatten(aws_route53_delegation_set.new.*.name_servers)]
}
output "existing_delegation_set_id" {
description = "The ID of the shared delegation set applied to all zones that alreday existed and was specified by its ID."
- value = "${element(concat(data.aws_route53_delegation_set.existing.*.id, list("")), 0)}"
+ value = element(
+ concat(data.aws_route53_delegation_set.existing.*.id, [""]),
+ 0,
+ )
}
output "existing_delegation_set_name" {
description = "The name of the shared delegation set applied to all zones that alreday existed and was specified by its ID."
- value = "${element(concat(data.aws_route53_delegation_set.existing.*.reference_name, list("")), 0)}"
+ value = element(
+ concat(
+ data.aws_route53_delegation_set.existing.*.reference_name,
+ [""],
+ ),
+ 0,
+ )
}
output "existing_delegation_set_name_servers" {
description = "A list of name servers of the shared delegation set applied to all zones that alreday existed and was specified by its ID."
- value = ["${flatten(data.aws_route53_delegation_set.existing.*.name_servers)}"]
+ value = [flatten(data.aws_route53_delegation_set.existing.*.name_servers)]
}
# -------------------------------------------------------------------------------------------------
@@ -38,64 +50,54 @@ output "existing_delegation_set_name_servers" {
output "public_zones_delegation_set_id" {
description = "The ID of the shared delegation set applied to all zones that is actually used by the zones."
- value = "${element(concat(aws_route53_delegation_set.new.*.id, data.aws_route53_delegation_set.existing.*.id, list("")), 0)}"
+ value = element(
+ concat(
+ aws_route53_delegation_set.new.*.id,
+ data.aws_route53_delegation_set.existing.*.id,
+ [""],
+ ),
+ 0,
+ )
}
output "public_zones" {
description = "List of created public zones."
value = [
- "${concat(
+ concat(
aws_route53_zone.name_delegated_public_domains.*.name,
aws_route53_zone.id_delegated_public_domains.*.name,
aws_route53_zone.undelegated_public_domains.*.name,
aws_route53_zone.name_delegated_public_subdomains.*.name,
aws_route53_zone.id_delegated_public_subdomains.*.name,
aws_route53_zone.undelegated_public_subdomains.*.name,
- )}",
+ ),
]
}
output "public_zones_ids" {
description = "List of zone-id mappings for created public zones."
- value = "${concat(
- formatlist(
- "%v",
- aws_route53_zone.name_delegated_public_domains.*.id,
- ),
- formatlist(
- "%v",
- aws_route53_zone.id_delegated_public_domains.*.id,
- ),
- formatlist(
- "%v",
- aws_route53_zone.undelegated_public_domains.*.id,
- ),
- formatlist(
- "%v",
- aws_route53_zone.name_delegated_public_subdomains.*.id,
- ),
- formatlist(
- "%v",
- aws_route53_zone.id_delegated_public_subdomains.*.id,
- ),
- formatlist(
- "%v",
- aws_route53_zone.undelegated_public_subdomains.*.id,
- ),
- )}"
+ value = concat(
+ formatlist("%v", aws_route53_zone.name_delegated_public_domains.*.id),
+ formatlist("%v", aws_route53_zone.id_delegated_public_domains.*.id),
+ formatlist("%v", aws_route53_zone.undelegated_public_domains.*.id),
+ formatlist("%v", aws_route53_zone.name_delegated_public_subdomains.*.id),
+ formatlist("%v", aws_route53_zone.id_delegated_public_subdomains.*.id),
+ formatlist("%v", aws_route53_zone.undelegated_public_subdomains.*.id),
+ )
}
output "name_servers" {
description = "List of NS mappings for created public zones."
- value = "${concat(
- aws_route53_zone.name_delegated_public_domains.*.name_servers,
- aws_route53_zone.id_delegated_public_domains.*.name_servers,
- aws_route53_zone.undelegated_public_domains.*.name_servers,
- aws_route53_zone.name_delegated_public_subdomains.*.name_servers,
- aws_route53_zone.id_delegated_public_subdomains.*.name_servers,
- aws_route53_zone.undelegated_public_subdomains.*.name_servers,
- )}"
+ value = concat(
+ aws_route53_zone.name_delegated_public_domains.*.name_servers,
+ aws_route53_zone.id_delegated_public_domains.*.name_servers,
+ aws_route53_zone.undelegated_public_domains.*.name_servers,
+ aws_route53_zone.name_delegated_public_subdomains.*.name_servers,
+ aws_route53_zone.id_delegated_public_subdomains.*.name_servers,
+ aws_route53_zone.undelegated_public_subdomains.*.name_servers,
+ )
}
+
diff --git a/redbaron/modules/aws/create-hosted-zone/variables.tf b/redbaron/modules/aws/create-hosted-zone/variables.tf
index 6a86d36..6e89953 100644
--- a/redbaron/modules/aws/create-hosted-zone/variables.tf
+++ b/redbaron/modules/aws/create-hosted-zone/variables.tf
@@ -3,7 +3,7 @@
# -------------------------------------------------------------------------------------------------
variable "public_hosted_zones" {
description = "List of domains or subdomains for which to create public hosted zones."
- type = "list"
+ type = list(string)
default = []
}
@@ -19,7 +19,7 @@ variable "delegation_set_id" {
variable "custom_subdomain_ns" {
description = "Hosted zones for subdomains require nameserver to be specified explicitly. You can use this variable to add a list of custom nameserver IP addresses. If left empty it will be populated by four AWS default nameserver."
- type = "list"
+ type = list(string)
default = []
}
@@ -33,7 +33,7 @@ variable "default_subdomain_ns_ttl" {
# -------------------------------------------------------------------------------------------------
variable "tags" {
description = "The resource tags that should be added to all hosted zone resources."
- type = "map"
+ type = map(string)
default = {}
}
@@ -41,3 +41,4 @@ variable "comment" {
description = "The hosted zone comment that should be added to all hosted zone resources."
default = "Managed by Terraform"
}
+
diff --git a/redbaron/modules/aws/create-hosted-zone/versions.tf b/redbaron/modules/aws/create-hosted-zone/versions.tf
new file mode 100644
index 0000000..ac97c6a
--- /dev/null
+++ b/redbaron/modules/aws/create-hosted-zone/versions.tf
@@ -0,0 +1,4 @@
+
+terraform {
+ required_version = ">= 0.12"
+}
diff --git a/redbaron/modules/aws/create-vpc/README.md b/redbaron/modules/aws/create-vpc/README.md
index 0057ffa..0f06711 100644
--- a/redbaron/modules/aws/create-vpc/README.md
+++ b/redbaron/modules/aws/create-vpc/README.md
@@ -2,19 +2,6 @@
Creates a VPC, Subnet, Internet Gateway, Route Table and a Route Table association.
-# Example
-
-```hcl
-module "create_a_record" {
- source = "./modules/aws/create-vpc"
-}
-```
-
-# Arguments
-
-| Name | Required | Value Type | Description
-|---------------------------| -------- | ---------- | -----------
-
# Outputs
| Name | Value Type | Description
diff --git a/redbaron/modules/aws/create-vpc/main.tf b/redbaron/modules/aws/create-vpc/main.tf
index 9e2d16f..5cae20a 100644
--- a/redbaron/modules/aws/create-vpc/main.tf
+++ b/redbaron/modules/aws/create-vpc/main.tf
@@ -1,50 +1,28 @@
-terraform {
- required_version = ">= 0.11.0"
-}
-
-// Currently, variables in provider fields are not supported :(
-// This severely limits our ability to spin up instances in diffrent regions
-// https://github.com/hashicorp/terraform/issues/11578
-
resource "aws_vpc" "default" {
- //count = "${var.count}"
- //provider = "aws.${element(var.regions, count.index)}"
-
- cidr_block = "10.0.0.0/16"
+ cidr_block = "10.0.0.0/16"
enable_dns_hostnames = true
}
resource "aws_subnet" "default" {
- //count = "${var.count}"
- //provider = "aws.${element(var.regions, count.index)}"
-
- vpc_id = "${aws_vpc.default.id}"
+ vpc_id = aws_vpc.default.id
cidr_block = "10.0.0.0/24"
}
resource "aws_internet_gateway" "default" {
- //count = "${var.count}"
- //provider = "aws.${element(var.regions, count.index)}"
-
- vpc_id = "${aws_vpc.default.id}"
+ vpc_id = aws_vpc.default.id
}
resource "aws_route_table" "default" {
- //count = "${var.count}"
- //provider = "aws.${element(var.regions, count.index)}"
-
- vpc_id = "${aws_vpc.default.id}"
+ vpc_id = aws_vpc.default.id
route {
cidr_block = "0.0.0.0/0"
- gateway_id = "${aws_internet_gateway.default.id}"
+ gateway_id = aws_internet_gateway.default.id
}
}
resource "aws_route_table_association" "default" {
- //count = "${var.count}"
- //provider = "aws.${element(var.regions, count.index)}"
-
- subnet_id = "${aws_subnet.default.id}"
- route_table_id = "${aws_route_table.default.id}"
+ subnet_id = aws_subnet.default.id
+ route_table_id = aws_route_table.default.id
}
+
diff --git a/redbaron/modules/aws/create-vpc/outputs.tf b/redbaron/modules/aws/create-vpc/outputs.tf
index f1708ee..cbc0d6f 100644
--- a/redbaron/modules/aws/create-vpc/outputs.tf
+++ b/redbaron/modules/aws/create-vpc/outputs.tf
@@ -1,7 +1,8 @@
output "subnet_id" {
- value = "${aws_subnet.default.id}"
+ value = aws_subnet.default.id
}
output "vpc_id" {
- value = "${aws_vpc.default.id}"
-}
\ No newline at end of file
+ value = aws_vpc.default.id
+}
+
diff --git a/redbaron/modules/aws/create-vpc/variables.tf b/redbaron/modules/aws/create-vpc/variables.tf
deleted file mode 100644
index 30ab063..0000000
--- a/redbaron/modules/aws/create-vpc/variables.tf
+++ /dev/null
@@ -1,5 +0,0 @@
-/*
-variable "count" {
- default = 1
-}
-*/
\ No newline at end of file
diff --git a/redbaron/modules/aws/create-vpc/versions.tf b/redbaron/modules/aws/create-vpc/versions.tf
new file mode 100644
index 0000000..ac97c6a
--- /dev/null
+++ b/redbaron/modules/aws/create-vpc/versions.tf
@@ -0,0 +1,4 @@
+
+terraform {
+ required_version = ">= 0.12"
+}
diff --git a/redbaron/modules/aws/dns-c2/README.md b/redbaron/modules/aws/dns-c2/README.md
index 65ddd2e..a5d0445 100644
--- a/redbaron/modules/aws/dns-c2/README.md
+++ b/redbaron/modules/aws/dns-c2/README.md
@@ -2,27 +2,18 @@
Creates a DNS C2 server in AWS. SSH keys for each instance will be outputted to the ssh_keys folder.
-# Example
-
-```hcl
-module "dns_c2" {
- source = "./modules/aws/dns-c2"
-
- vpc_id = ""
- subnet_id = ""
- instance_type = "t2.micro"
-}
-```
-
# Arguments
-| Name | Required | Value Type | Description
-|---------------------------| -------- | ---------- | -----------
-|`vpc_id` | Yes | String | ID of VPC to create instance in.
-|`subnet_id` | Yes | String | Subnet ID to create instance in.
-|`count` | No | Integer | Number of instances to launch. Defaults to 1.
-|`instance_type` | No | String | Instance type to launch. Defaults to "t2.medium"
-|`install` | No | List | Scripts to run on instance creation. Defaults to "./scripts/core_deps.sh".
+| Name | Value Type | Description
+|---------------------------| ------------ | -----------
+|`subnet_id` | String | Subnet ID to create instance in.
+|`vpc_id` | String | ID of VPC to create instance in.
+|`counter` | Integer | Number of instances to launch. Defaults to 1.
+|`instance_type` | String | Instance type to launch. Defaults to "t2.medium"
+|`install` | List(string) | Scripts to run on instance creation. Defaults to "./scripts/core_deps.sh".
+|`amis` | Map(string) | The ami which is to be installed (according to the distro specified)
+|`user` | String | User to be used to login with SSH (different for each distro on AWS)
+
# Outputs
diff --git a/redbaron/modules/aws/dns-c2/main.tf b/redbaron/modules/aws/dns-c2/main.tf
index be3ce01..9a5e41b 100644
--- a/redbaron/modules/aws/dns-c2/main.tf
+++ b/redbaron/modules/aws/dns-c2/main.tf
@@ -1,122 +1,87 @@
-terraform {
- required_version = ">= 0.11.0"
+data "aws_region" "current" {
}
-data "aws_region" "current" {}
-
resource "random_id" "server" {
- count = "${var.count}"
+ count = var.counter
byte_length = 4
}
resource "tls_private_key" "ssh" {
- count = "${var.count}"
+ count = var.counter
algorithm = "RSA"
- rsa_bits = 4096
+ rsa_bits = 4096
}
resource "aws_key_pair" "dns-c2" {
- count = "${var.count}"
- key_name = "dns-c2-key-${random_id.server.*.hex[count.index]}"
- public_key = "${tls_private_key.ssh.*.public_key_openssh[count.index]}"
+ count = var.counter
+ key_name = "dns-c2-key-${random_id.server[count.index].hex}"
+ public_key = tls_private_key.ssh[count.index].public_key_openssh
}
resource "aws_instance" "dns-c2" {
- // Currently, variables in provider fields are not supported :(
- // This severely limits our ability to spin up instances in diffrent regions
- // https://github.com/hashicorp/terraform/issues/11578
-
- //provider = "aws.${element(var.regions, count.index)}"
-
- count = "${var.count}"
+ count = var.counter
tags = {
- Name = "dns-c2-${random_id.server.*.hex[count.index]}"
+ Name = "dns-c2-${random_id.server[count.index].hex}"
}
- ami = "${var.amis[data.aws_region.current.name]}"
- instance_type = "${var.instance_type}"
- key_name = "${aws_key_pair.dns-c2.*.key_name[count.index]}"
- vpc_security_group_ids = ["${aws_security_group.dns-c2.id}"]
- subnet_id = "${var.subnet_id}"
+ ami = var.amis[data.aws_region.current.name]
+ instance_type = var.instance_type
+ key_name = aws_key_pair.dns-c2[count.index].key_name
+ vpc_security_group_ids = [aws_security_group.dns-c2[count.index].id]
+ subnet_id = var.subnet_id
associate_public_ip_address = true
provisioner "remote-exec" {
- scripts = "${concat(list("../../redbaron/data/scripts/core_deps.sh"), var.install)}"
+ scripts = concat(["../../redbaron/data/scripts/core_deps.sh"], var.install)
connection {
- type = "ssh"
- user = "admin"
- private_key = "${tls_private_key.ssh.*.private_key_pem[count.index]}"
+ host = coalesce(self.public_ip, self.private_ip)
+ type = "ssh"
+ user = var.user
+ private_key = tls_private_key.ssh[count.index].private_key_pem
}
}
provisioner "local-exec" {
- command = "echo \"${tls_private_key.ssh.*.private_key_pem[count.index]}\" > ../../redbaron/data/ssh_keys/${self.public_ip} && echo \"${tls_private_key.ssh.*.public_key_openssh[count.index]}\" > ../../redbaron/data/ssh_keys/${self.public_ip}.pub && chmod 600 ../../redbaron/data/ssh_keys/*"
+ command = "echo \"${tls_private_key.ssh[count.index].private_key_pem}\" > ssh_keys/${self.public_ip} && echo \"${tls_private_key.ssh[count.index].public_key_openssh}\" > ssh_keys/${self.public_ip}.pub && chmod 600 ssh_keys/*"
}
provisioner "local-exec" {
- when = "destroy"
- command = "rm ../../redbaron/data/ssh_keys/${self.public_ip}*"
- }
-
-}
-
-resource "null_resource" "ansible_provisioner" {
- count = "${signum(length(var.ansible_playbook)) == 1 ? var.count : 0}"
-
- depends_on = ["aws_instance.dns-c2"]
-
- triggers {
- droplet_creation = "${join("," , aws_instance.dns-c2.*.id)}"
- policy_sha1 = "${sha1(file(var.ansible_playbook))}"
- }
-
- provisioner "local-exec" {
- command = "ansible-playbook ${join(" ", compact(var.ansible_arguments))} --user=admin --private-key=../../redbaron/data/ssh_keys/${aws_instance.dns-c2.*.public_ip[count.index]} -e host=${aws_instance.dns-c2.*.public_ip[count.index]} ${var.ansible_playbook}"
-
- environment {
- ANSIBLE_HOST_KEY_CHECKING = "False"
- }
- }
-
- lifecycle {
- create_before_destroy = true
+ when = destroy
+ command = "rm ssh_keys/${self.public_ip}*"
}
}
data "template_file" "ssh_config" {
+ count = var.counter
- count = "${var.count}"
+ template = file("../../redbaron/data/templates/ssh_config.tpl")
- template = "${file("../../redbaron/data/templates/ssh_config.tpl")}"
+ depends_on = [aws_instance.dns-c2]
- depends_on = ["aws_instance.dns-c2"]
-
- vars {
- name = "dns_c2_${aws_instance.dns-c2.*.public_ip[count.index]}"
- hostname = "${aws_instance.dns-c2.*.public_ip[count.index]}"
- user = "admin"
- identityfile = "${path.root}/data/ssh_keys/${aws_instance.dns-c2.*.public_ip[count.index]}"
+ vars = {
+ name = "dns_c2_${aws_instance.dns-c2[count.index].public_ip}"
+ hostname = aws_instance.dns-c2[count.index].public_ip
+ user = var.user
+ identityfile = "${abspath(path.root)}/ssh_keys/${aws_instance.dns-c2[count.index].public_ip}"
}
-
}
resource "null_resource" "gen_ssh_config" {
+ count = var.counter
- count = "${var.count}"
-
- triggers {
- template_rendered = "${data.template_file.ssh_config.*.rendered[count.index]}"
+ triggers = {
+ template_rendered = data.template_file.ssh_config[count.index].rendered
}
provisioner "local-exec" {
- command = "echo '${data.template_file.ssh_config.*.rendered[count.index]}' > ../../redbaron/data/ssh_configs/config_${random_id.server.*.hex[count.index]}"
+ command = "echo '${data.template_file.ssh_config[count.index].rendered}' > ssh_configs/config_${random_id.server[count.index].hex}"
}
provisioner "local-exec" {
- when = "destroy"
- command = "rm ../../redbaron/data/ssh_configs/config_${random_id.server.*.hex[count.index]}"
+ when = destroy
+ command = "rm ssh_configs/config_${random_id.server[count.index].hex}"
}
-
}
+
diff --git a/redbaron/modules/aws/dns-c2/outputs.tf b/redbaron/modules/aws/dns-c2/outputs.tf
index c52ee3e..8bd6727 100644
--- a/redbaron/modules/aws/dns-c2/outputs.tf
+++ b/redbaron/modules/aws/dns-c2/outputs.tf
@@ -1,7 +1,4 @@
output "ips" {
- value = ["${aws_instance.dns-c2.*.public_ip}"]
+ value = [aws_instance.dns-c2.*.public_ip]
}
-output "ssh_user" {
- value = "admin"
-}
\ No newline at end of file
diff --git a/redbaron/modules/aws/dns-c2/security_group.tf b/redbaron/modules/aws/dns-c2/security_group.tf
index aed7480..d40c65a 100644
--- a/redbaron/modules/aws/dns-c2/security_group.tf
+++ b/redbaron/modules/aws/dns-c2/security_group.tf
@@ -1,50 +1,49 @@
-terraform {
- required_version = ">= 0.11.0"
-}
-
data "external" "get_public_ip" {
- program = ["bash", "../../redbaron/data/scripts/get_public_ip.sh" ]
+ program = ["bash", "../../redbaron/data/scripts/get_public_ip.sh"]
}
resource "aws_security_group" "dns-c2" {
- name = "dns-c2-${random_id.server.*.hex[count.index]}"
+ count = var.counter
+
+ name = "dns-c2-${random_id.server[count.index].hex}"
description = "Security group created by Red Baron"
- vpc_id = "${var.vpc_id}"
+ vpc_id = var.vpc_id
ingress {
- from_port = 22
- to_port = 22
- protocol = "tcp"
+ from_port = 22
+ to_port = 22
+ protocol = "tcp"
cidr_blocks = ["${data.external.get_public_ip.result["ip"]}/32"]
}
ingress {
- from_port = 53
- to_port = 53
- protocol = "udp"
+ from_port = 53
+ to_port = 53
+ protocol = "udp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
- from_port = 60000
- to_port = 61000
- protocol = "udp"
+ from_port = 60000
+ to_port = 61000
+ protocol = "udp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
- from_port = 53
- to_port = 53
- protocol = "udp"
+ from_port = 53
+ to_port = 53
+ protocol = "udp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
- from_port = 80
- to_port = 80
- protocol = "tcp"
+ from_port = 80
+ to_port = 80
+ protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
- from_port = 443
- to_port = 443
- protocol = "tcp"
+ from_port = 443
+ to_port = 443
+ protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
}
+
diff --git a/redbaron/modules/aws/dns-c2/variables.tf b/redbaron/modules/aws/dns-c2/variables.tf
index 0e58c81..d7bfa12 100644
--- a/redbaron/modules/aws/dns-c2/variables.tf
+++ b/redbaron/modules/aws/dns-c2/variables.tf
@@ -1,26 +1,11 @@
-variable "subnet_id" {}
-
-variable "vpc_id" {}
-
-variable "count" {
- default = 1
-}
-
-variable "ansible_playbook" {
- default = ""
- description = "Ansible Playbook to run"
+variable "subnet_id" {
}
-variable "ansible_arguments" {
- default = []
- type = "list"
- description = "Additional Ansible Arguments"
+variable "vpc_id" {
}
-variable "ansible_vars" {
- default = []
- type = "list"
- description = "Environment variables"
+variable "counter" {
+ default = 1
}
variable "instance_type" {
@@ -28,40 +13,32 @@ variable "instance_type" {
}
variable "install" {
- type = "list"
+ type = list(string)
default = []
}
-/*
-variable "install" {
- type = "map"
- default = {
- "empire" = "./scripts/install_empire.sh"
- "metasploit" = "./scripts/install_metasploit.sh"
- "cobaltstrike" = "./scripts/install_cobalt_strike.sh"
- }
-}
-*/
-
variable "amis" {
- type = "map"
+ type = map(string)
default = {
-
// Taken from https://wiki.debian.org/Cloud/AmazonEC2Image/Stretch
"ap-northeast-1" = "ami-b6b568d0"
"ap-northeast-2" = "ami-b7479dd9"
- "ap-south-1" = "ami-02aded6d"
+ "ap-south-1" = "ami-02aded6d"
"ap-southeast-1" = "ami-d76019b4"
"ap-southeast-2" = "ami-8359bae1"
- "ca-central-1" = "ami-3709b053"
- "eu-central-1" = "ami-8bb70be4"
- "eu-west-1" = "ami-ce76a7b7"
- "eu-west-2" = "ami-a6f9ebc2"
- "sa-east-1" = "ami-f5c7b899"
- "us-east-1" = "ami-71b7750b"
- "us-east-2" = "ami-dab895bf"
- "us-west-1" = "ami-58eedd38"
- "us-west-2" = "ami-c032f6b8"
-
+ "ca-central-1" = "ami-3709b053"
+ "eu-central-1" = "ami-8bb70be4"
+ "eu-west-1" = "ami-ce76a7b7"
+ "eu-west-2" = "ami-a6f9ebc2"
+ "sa-east-1" = "ami-f5c7b899"
+ "us-east-1" = "ami-71b7750b"
+ "us-east-2" = "ami-dab895bf"
+ "us-west-1" = "ami-58eedd38"
+ "us-west-2" = "ami-c032f6b8"
}
-}
\ No newline at end of file
+}
+
+variable "user" {
+ default = "admin"
+}
+
diff --git a/redbaron/modules/aws/dns-c2/versions.tf b/redbaron/modules/aws/dns-c2/versions.tf
new file mode 100644
index 0000000..ac97c6a
--- /dev/null
+++ b/redbaron/modules/aws/dns-c2/versions.tf
@@ -0,0 +1,4 @@
+
+terraform {
+ required_version = ">= 0.12"
+}
diff --git a/redbaron/modules/aws/dns-local-rdir/README.md b/redbaron/modules/aws/dns-local-rdir/README.md
new file mode 100644
index 0000000..359857f
--- /dev/null
+++ b/redbaron/modules/aws/dns-local-rdir/README.md
@@ -0,0 +1,20 @@
+# dns-rdir
+
+Creates a DNS Redirector server in AWS. SSH keys for each instance will be outputted to the ssh_keys folder. The redirector points to an internal server of choice using the autossh tool.
+
+# Arguments
+
+| Name | Value Type | Description
+|---------------------------| ---------- | -----------
+|`subnet_id` | String | Subnet ID to create instance in.
+|`vpc_id` | String | ID of VPC to create instance in.
+|`redirect_to` | List(string) | List of IPs to redirect DNS traffic to.
+|`counter` | Integer | Number of instances to launch. Defaults to 1.
+|`instance_type` | String | Instance type to launch. Defaults to "t2.medium"
+|`amis` | Map(string) | The ami which is to be installed (according to the distro specified)
+
+# Outputs
+
+| Name | Value Type | Description
+|---------------------------| ---------- | -----------
+|`ips` | List | IPs of created instances.
diff --git a/redbaron/modules/aws/dns-local-rdir/main.tf b/redbaron/modules/aws/dns-local-rdir/main.tf
new file mode 100644
index 0000000..241ec9d
--- /dev/null
+++ b/redbaron/modules/aws/dns-local-rdir/main.tf
@@ -0,0 +1,91 @@
+data "aws_region" "current" {
+}
+
+resource "random_id" "server" {
+ count = var.counter
+ byte_length = 4
+}
+
+resource "tls_private_key" "ssh" {
+ count = var.counter
+ algorithm = "RSA"
+ rsa_bits = 4096
+}
+
+resource "aws_key_pair" "dns-rdir" {
+ count = var.counter
+ key_name = "dns-rdir-key-${random_id.server[count.index].hex}"
+ public_key = tls_private_key.ssh[count.index].public_key_openssh
+}
+
+resource "aws_instance" "dns-rdir" {
+ count = var.counter
+
+ tags = {
+ Name = "dns-rdir-${random_id.server[count.index].hex}"
+ }
+
+ ami = var.amis[data.aws_region.current.name]
+ instance_type = var.instance_type
+ key_name = aws_key_pair.dns-rdir[count.index].key_name
+ vpc_security_group_ids = [aws_security_group.dns-rdir[count.index].id]
+ subnet_id = var.subnet_id
+ associate_public_ip_address = true
+
+ provisioner "remote-exec" {
+ inline = [
+ "sudo apt-get update",
+ "sudo apt-get install -y tmux socat",
+ "tmux new -d \"sudo socat udp4-LISTEN:53,fork tcp4:localhost:2222\"",
+ ]
+
+ connection {
+ host = coalesce(self.public_ip, self.private_ip)
+ type = "ssh"
+ user = "admin"
+ private_key = tls_private_key.ssh[count.index].private_key_pem
+ }
+ }
+
+ provisioner "local-exec" {
+ command = "echo \"${tls_private_key.ssh[count.index].private_key_pem}\" > ssh_keys/${self.public_ip} && echo \"${tls_private_key.ssh[count.index].public_key_openssh}\" > ssh_keys/${self.public_ip}.pub && chmod 600 ssh_keys/*"
+ }
+
+ provisioner "local-exec" {
+ when = destroy
+ command = "rm ssh_keys/${self.public_ip}*"
+ }
+}
+
+data "template_file" "ssh_config" {
+ count = var.counter
+
+ template = file("../../redbaron/data/templates/ssh_config.tpl")
+
+ depends_on = [aws_instance.dns-rdir]
+
+ vars = {
+ name = "dns_rdir_${aws_instance.dns-rdir[count.index].public_ip}"
+ hostname = aws_instance.dns-rdir[count.index].public_ip
+ user = "admin"
+ identityfile = "${abspath(path.root)}/ssh_keys/${aws_instance.dns-rdir[count.index].public_ip}"
+ }
+}
+
+resource "null_resource" "gen_ssh_config" {
+ count = var.counter
+
+ triggers = {
+ template_rendered = data.template_file.ssh_config[count.index].rendered
+ }
+
+ provisioner "local-exec" {
+ command = "echo '${data.template_file.ssh_config[count.index].rendered}' > ssh_configs/config_${random_id.server[count.index].hex}"
+ }
+
+ provisioner "local-exec" {
+ when = destroy
+ command = "rm ssh_configs/config_${random_id.server[count.index].hex}"
+ }
+}
+
diff --git a/redbaron/modules/aws/dns-local-rdir/outputs.tf b/redbaron/modules/aws/dns-local-rdir/outputs.tf
new file mode 100644
index 0000000..c737d1b
--- /dev/null
+++ b/redbaron/modules/aws/dns-local-rdir/outputs.tf
@@ -0,0 +1,4 @@
+output "ips" {
+ value = [aws_instance.dns-rdir.*.public_ip]
+}
+
diff --git a/redbaron/modules/aws/dns-local-rdir/security_group.tf b/redbaron/modules/aws/dns-local-rdir/security_group.tf
new file mode 100644
index 0000000..c5f2879
--- /dev/null
+++ b/redbaron/modules/aws/dns-local-rdir/security_group.tf
@@ -0,0 +1,49 @@
+data "external" "get_public_ip" {
+ program = ["bash", "../../redbaron/data/scripts/get_public_ip.sh"]
+}
+
+resource "aws_security_group" "dns-rdir" {
+ count = var.counter
+
+ name = "dns-rdir-${random_id.server[count.index].hex}"
+ description = "Security group created by Red Baron"
+ vpc_id = var.vpc_id
+
+ ingress {
+ from_port = 22
+ to_port = 22
+ protocol = "tcp"
+ cidr_blocks = ["${data.external.get_public_ip.result["ip"]}/32"]
+ }
+ ingress {
+ from_port = 53
+ to_port = 53
+ protocol = "udp"
+ cidr_blocks = ["0.0.0.0/0"]
+ }
+ ingress {
+ from_port = 60000
+ to_port = 61000
+ protocol = "udp"
+ cidr_blocks = ["0.0.0.0/0"]
+ }
+ egress {
+ from_port = 53
+ to_port = 53
+ protocol = "udp"
+ cidr_blocks = ["0.0.0.0/0"]
+ }
+ egress {
+ from_port = 80
+ to_port = 80
+ protocol = "tcp"
+ cidr_blocks = ["0.0.0.0/0"]
+ }
+ egress {
+ from_port = 443
+ to_port = 443
+ protocol = "tcp"
+ cidr_blocks = ["0.0.0.0/0"]
+ }
+}
+
diff --git a/redbaron/modules/aws/dns-local-rdir/variables.tf b/redbaron/modules/aws/dns-local-rdir/variables.tf
new file mode 100644
index 0000000..f7c05cb
--- /dev/null
+++ b/redbaron/modules/aws/dns-local-rdir/variables.tf
@@ -0,0 +1,39 @@
+variable "subnet_id" {
+}
+
+variable "vpc_id" {
+}
+
+variable "redirect_to" {
+ type = list(string)
+}
+
+variable "counter" {
+ default = 1
+}
+
+variable "instance_type" {
+ default = "t2.medium"
+}
+
+variable "amis" {
+ type = map(string)
+ default = {
+ // Taken from https://wiki.debian.org/Cloud/AmazonEC2Image/Stretch
+ "ap-northeast-1" = "ami-b6b568d0"
+ "ap-northeast-2" = "ami-b7479dd9"
+ "ap-south-1" = "ami-02aded6d"
+ "ap-southeast-1" = "ami-d76019b4"
+ "ap-southeast-2" = "ami-8359bae1"
+ "ca-central-1" = "ami-3709b053"
+ "eu-central-1" = "ami-8bb70be4"
+ "eu-west-1" = "ami-ce76a7b7"
+ "eu-west-2" = "ami-a6f9ebc2"
+ "sa-east-1" = "ami-f5c7b899"
+ "us-east-1" = "ami-71b7750b"
+ "us-east-2" = "ami-dab895bf"
+ "us-west-1" = "ami-58eedd38"
+ "us-west-2" = "ami-c032f6b8"
+ }
+}
+
diff --git a/redbaron/modules/aws/dns-local-rdir/versions.tf b/redbaron/modules/aws/dns-local-rdir/versions.tf
new file mode 100644
index 0000000..ac97c6a
--- /dev/null
+++ b/redbaron/modules/aws/dns-local-rdir/versions.tf
@@ -0,0 +1,4 @@
+
+terraform {
+ required_version = ">= 0.12"
+}
diff --git a/redbaron/modules/aws/dns-rdir/README.md b/redbaron/modules/aws/dns-rdir/README.md
index 6f6c347..405b6fe 100644
--- a/redbaron/modules/aws/dns-rdir/README.md
+++ b/redbaron/modules/aws/dns-rdir/README.md
@@ -2,27 +2,16 @@
Creates a DNS Redirector server in AWS. SSH keys for each instance will be outputted to the ssh_keys folder.
-# Example
-
-```hcl
-module "dns_rdir" {
- source = "./modules/aws/dns-rdir"
-
- vpc_id = ""
- subnet_id = ""
- redirect_to = ["192.168.0.1"]
-}
-```
-
# Arguments
-| Name | Required | Value Type | Description
-|---------------------------| -------- | ---------- | -----------
-|`vpc_id` | Yes | String | ID of VPC to create instance in.
-|`subnet_id` | Yes | String | Subnet ID to create instance in.
-|`redirect_to` | Yes | List | List of IPs to redirect DNS traffic to.
-|`count` | No | Integer | Number of instances to launch. Defaults to 1.
-|`instance_type` | No | String | Instance type to launch. Defaults to "t2.medium"
+| Name | Value Type | Description
+|---------------------------| ---------- | -----------
+|`subnet_id` | String | Subnet ID to create instance in.
+|`vpc_id` | String | ID of VPC to create instance in.
+|`redirect_to` | List(string) | List of IPs to redirect DNS traffic to.
+|`counter` | Integer | Number of instances to launch. Defaults to 1.
+|`instance_type` | String | Instance type to launch. Defaults to "t2.medium"
+|`amis` | Map(string) | The ami which is to be installed (according to the distro specified)
# Outputs
diff --git a/redbaron/modules/aws/dns-rdir/main.tf b/redbaron/modules/aws/dns-rdir/main.tf
index 39c3dc9..38d61d2 100644
--- a/redbaron/modules/aws/dns-rdir/main.tf
+++ b/redbaron/modules/aws/dns-rdir/main.tf
@@ -1,126 +1,91 @@
-terraform {
- required_version = ">= 0.11.0"
+data "aws_region" "current" {
}
-data "aws_region" "current" {}
-
resource "random_id" "server" {
- count = "${var.count}"
+ count = var.counter
byte_length = 4
}
resource "tls_private_key" "ssh" {
- count = "${var.count}"
+ count = var.counter
algorithm = "RSA"
- rsa_bits = 4096
+ rsa_bits = 4096
}
resource "aws_key_pair" "dns-rdir" {
- count = "${var.count}"
- key_name = "dns-rdir-key-${random_id.server.*.hex[count.index]}"
- public_key = "${tls_private_key.ssh.*.public_key_openssh[count.index]}"
+ count = var.counter
+ key_name = "dns-rdir-key-${random_id.server[count.index].hex}"
+ public_key = tls_private_key.ssh[count.index].public_key_openssh
}
resource "aws_instance" "dns-rdir" {
- // Currently, variables in provider fields are not supported :(
- // This severely limits our ability to spin up instances in diffrent regions
- // https://github.com/hashicorp/terraform/issues/11578
-
- //provider = "aws.${element(var.regions, count.index)}"
-
- count = "${var.count}"
+ count = var.counter
tags = {
- Name = "dns-rdir-${random_id.server.*.hex[count.index]}"
+ Name = "dns-rdir-${random_id.server[count.index].hex}"
}
- ami = "${var.amis[data.aws_region.current.name]}"
- instance_type = "${var.instance_type}"
- key_name = "${aws_key_pair.dns-rdir.*.key_name[count.index]}"
- vpc_security_group_ids = ["${aws_security_group.dns-rdir.id}"]
- subnet_id = "${var.subnet_id}"
+ ami = var.amis[data.aws_region.current.name]
+ instance_type = var.instance_type
+ key_name = aws_key_pair.dns-rdir[count.index].key_name
+ vpc_security_group_ids = [aws_security_group.dns-rdir[count.index].id]
+ subnet_id = var.subnet_id
associate_public_ip_address = true
provisioner "remote-exec" {
inline = [
- "sudo apt-get update",
- "sudo apt-get install -y tmux socat mosh",
- "tmux new -d \"sudo socat udp4-recvfrom:53,reuseaddr,fork udp4-sendto:${element(var.redirect_to, count.index)}:53\""
+ "sudo apt-get update",
+ "sudo apt-get install -y tmux socat",
+ "tmux new -d \"sudo socat udp4-recvfrom:53,reuseaddr,fork udp4-sendto:${element(var.redirect_to, count.index)}:53\"",
]
connection {
- type = "ssh"
- user = "admin"
- private_key = "${tls_private_key.ssh.*.private_key_pem[count.index]}"
+ host = coalesce(self.public_ip, self.private_ip)
+ type = "ssh"
+ user = "admin"
+ private_key = tls_private_key.ssh[count.index].private_key_pem
}
}
provisioner "local-exec" {
- command = "echo \"${tls_private_key.ssh.*.private_key_pem[count.index]}\" > ../../redbaron/data/ssh_keys/${self.public_ip} && echo \"${tls_private_key.ssh.*.public_key_openssh[count.index]}\" > ../../redbaron/data/ssh_keys/${self.public_ip}.pub && chmod 600 ../../redbaron/data/ssh_keys/*"
+ command = "echo \"${tls_private_key.ssh[count.index].private_key_pem}\" > ssh_keys/${self.public_ip} && echo \"${tls_private_key.ssh[count.index].public_key_openssh}\" > ssh_keys/${self.public_ip}.pub && chmod 600 ssh_keys/*"
}
provisioner "local-exec" {
- when = "destroy"
- command = "rm ../../redbaron/data/ssh_keys/${self.public_ip}*"
- }
-
-}
-
-resource "null_resource" "ansible_provisioner" {
- count = "${signum(length(var.ansible_playbook)) == 1 ? var.count : 0}"
-
- depends_on = ["aws_instance.dns-rdir"]
-
- triggers {
- droplet_creation = "${join("," , aws_instance.dns-rdir.*.id)}"
- policy_sha1 = "${sha1(file(var.ansible_playbook))}"
- }
-
- provisioner "local-exec" {
- command = "ansible-playbook ${join(" ", compact(var.ansible_arguments))} --user=admin --private-key=../../redbaron/data/ssh_keys/${aws_instance.dns-rdir.*.public_ip[count.index]} -e host=${aws_instance.dns-rdir.*.public_ip[count.index]} ${var.ansible_playbook}"
-
- environment {
- ANSIBLE_HOST_KEY_CHECKING = "False"
- }
- }
-
- lifecycle {
- create_before_destroy = true
+ when = destroy
+ command = "rm ssh_keys/${self.public_ip}*"
}
}
data "template_file" "ssh_config" {
+ count = var.counter
- count = "${var.count}"
+ template = file("../../redbaron/data/templates/ssh_config.tpl")
- template = "${file("../../redbaron/data/templates/ssh_config.tpl")}"
+ depends_on = [aws_instance.dns-rdir]
- depends_on = ["aws_instance.dns-rdir"]
-
- vars {
- name = "dns_rdir_${aws_instance.dns-rdir.*.public_ip[count.index]}"
- hostname = "${aws_instance.dns-rdir.*.public_ip[count.index]}"
- user = "admin"
- identityfile = "${path.root}/data/ssh_keys/${aws_instance.dns-rdir.*.public_ip[count.index]}"
+ vars = {
+ name = "dns_rdir_${aws_instance.dns-rdir[count.index].public_ip}"
+ hostname = aws_instance.dns-rdir[count.index].public_ip
+ user = "admin"
+ identityfile = "${abspath(path.root)}/ssh_keys/${aws_instance.dns-rdir[count.index].public_ip}"
}
-
}
resource "null_resource" "gen_ssh_config" {
+ count = var.counter
- count = "${var.count}"
-
- triggers {
- template_rendered = "${data.template_file.ssh_config.*.rendered[count.index]}"
+ triggers = {
+ template_rendered = data.template_file.ssh_config[count.index].rendered
}
provisioner "local-exec" {
- command = "echo '${data.template_file.ssh_config.*.rendered[count.index]}' > ../../redbaron/data/ssh_configs/config_${random_id.server.*.hex[count.index]}"
+ command = "echo '${data.template_file.ssh_config[count.index].rendered}' > ssh_configs/config_${random_id.server[count.index].hex}"
}
provisioner "local-exec" {
- when = "destroy"
- command = "rm ../../redbaron/data/ssh_configs/config_${random_id.server.*.hex[count.index]}"
+ when = destroy
+ command = "rm ssh_configs/config_${random_id.server[count.index].hex}"
}
-
}
+
diff --git a/redbaron/modules/aws/dns-rdir/outputs.tf b/redbaron/modules/aws/dns-rdir/outputs.tf
index 6af2c5f..98e5036 100644
--- a/redbaron/modules/aws/dns-rdir/outputs.tf
+++ b/redbaron/modules/aws/dns-rdir/outputs.tf
@@ -1,7 +1,3 @@
output "ips" {
- value = ["${aws_instance.dns-rdir.*.public_ip}"]
+ value = [aws_instance.dns-rdir.*.public_ip]
}
-
-output "ssh_user" {
- value = "admin"
-}
\ No newline at end of file
diff --git a/redbaron/modules/aws/dns-rdir/security_group.tf b/redbaron/modules/aws/dns-rdir/security_group.tf
index faed93b..c5f2879 100644
--- a/redbaron/modules/aws/dns-rdir/security_group.tf
+++ b/redbaron/modules/aws/dns-rdir/security_group.tf
@@ -1,50 +1,49 @@
-terraform {
- required_version = ">= 0.11.0"
-}
-
data "external" "get_public_ip" {
- program = ["bash", "../../redbaron/data/scripts/get_public_ip.sh" ]
+ program = ["bash", "../../redbaron/data/scripts/get_public_ip.sh"]
}
resource "aws_security_group" "dns-rdir" {
- name = "dns-rdir-${random_id.server.*.hex[count.index]}"
+ count = var.counter
+
+ name = "dns-rdir-${random_id.server[count.index].hex}"
description = "Security group created by Red Baron"
- vpc_id = "${var.vpc_id}"
+ vpc_id = var.vpc_id
ingress {
- from_port = 22
- to_port = 22
- protocol = "tcp"
+ from_port = 22
+ to_port = 22
+ protocol = "tcp"
cidr_blocks = ["${data.external.get_public_ip.result["ip"]}/32"]
}
ingress {
- from_port = 53
- to_port = 53
- protocol = "udp"
+ from_port = 53
+ to_port = 53
+ protocol = "udp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
- from_port = 60000
- to_port = 61000
- protocol = "udp"
+ from_port = 60000
+ to_port = 61000
+ protocol = "udp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
- from_port = 53
- to_port = 53
- protocol = "udp"
+ from_port = 53
+ to_port = 53
+ protocol = "udp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
- from_port = 80
- to_port = 80
- protocol = "tcp"
+ from_port = 80
+ to_port = 80
+ protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
- from_port = 443
- to_port = 443
- protocol = "tcp"
+ from_port = 443
+ to_port = 443
+ protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
}
+
diff --git a/redbaron/modules/aws/dns-rdir/variables.tf b/redbaron/modules/aws/dns-rdir/variables.tf
index 7345d0d..f7c05cb 100644
--- a/redbaron/modules/aws/dns-rdir/variables.tf
+++ b/redbaron/modules/aws/dns-rdir/variables.tf
@@ -1,66 +1,39 @@
-variable "subnet_id" {}
-
-variable "vpc_id" {}
-
-variable "redirect_to" {
- type = "list"
-}
-
-variable "count" {
- default = 1
+variable "subnet_id" {
}
-variable "ansible_playbook" {
- default = ""
- description = "Ansible Playbook to run"
+variable "vpc_id" {
}
-variable "ansible_arguments" {
- default = []
- type = "list"
- description = "Additional Ansible Arguments"
+variable "redirect_to" {
+ type = list(string)
}
-variable "ansible_vars" {
- default = []
- type = "list"
- description = "Environment variables"
+variable "counter" {
+ default = 1
}
variable "instance_type" {
default = "t2.medium"
}
-/*
-variable "install" {
- type = "map"
- default = {
- "empire" = "./scripts/install_empire.sh"
- "metasploit" = "./scripts/install_metasploit.sh"
- "cobaltstrike" = "./scripts/install_cobalt_strike.sh"
- }
-}
-*/
-
variable "amis" {
- type = "map"
+ type = map(string)
default = {
-
// Taken from https://wiki.debian.org/Cloud/AmazonEC2Image/Stretch
"ap-northeast-1" = "ami-b6b568d0"
"ap-northeast-2" = "ami-b7479dd9"
- "ap-south-1" = "ami-02aded6d"
+ "ap-south-1" = "ami-02aded6d"
"ap-southeast-1" = "ami-d76019b4"
"ap-southeast-2" = "ami-8359bae1"
- "ca-central-1" = "ami-3709b053"
- "eu-central-1" = "ami-8bb70be4"
- "eu-west-1" = "ami-ce76a7b7"
- "eu-west-2" = "ami-a6f9ebc2"
- "sa-east-1" = "ami-f5c7b899"
- "us-east-1" = "ami-71b7750b"
- "us-east-2" = "ami-dab895bf"
- "us-west-1" = "ami-58eedd38"
- "us-west-2" = "ami-c032f6b8"
-
+ "ca-central-1" = "ami-3709b053"
+ "eu-central-1" = "ami-8bb70be4"
+ "eu-west-1" = "ami-ce76a7b7"
+ "eu-west-2" = "ami-a6f9ebc2"
+ "sa-east-1" = "ami-f5c7b899"
+ "us-east-1" = "ami-71b7750b"
+ "us-east-2" = "ami-dab895bf"
+ "us-west-1" = "ami-58eedd38"
+ "us-west-2" = "ami-c032f6b8"
}
-}
\ No newline at end of file
+}
+
diff --git a/redbaron/modules/aws/dns-rdir/versions.tf b/redbaron/modules/aws/dns-rdir/versions.tf
new file mode 100644
index 0000000..ac97c6a
--- /dev/null
+++ b/redbaron/modules/aws/dns-rdir/versions.tf
@@ -0,0 +1,4 @@
+
+terraform {
+ required_version = ">= 0.12"
+}
diff --git a/redbaron/modules/aws/domain-front/README.md b/redbaron/modules/aws/domain-front/README.md
deleted file mode 100644
index 052cfcc..0000000
--- a/redbaron/modules/aws/domain-front/README.md
+++ /dev/null
@@ -1,12 +0,0 @@
-# Domain Fronting
-
-```
-#~ curl -A 'notcurl' http://d2x0m979j4p9ih.cloudfront.net/test
-this is my http/s c2 server
-```
-
-
-```
-#~ curl -A 'notcurl' http://a0.awsstatic.com/test -H 'Host: d2x0m979j4p9ih.cloudfront.net'
-this is my http/s c2 server
-```
diff --git a/redbaron/modules/aws/domain-front/main.tf b/redbaron/modules/aws/domain-front/main.tf
deleted file mode 100644
index 0285119..0000000
--- a/redbaron/modules/aws/domain-front/main.tf
+++ /dev/null
@@ -1,51 +0,0 @@
-terraform {
- required_version = ">= 0.11.0"
-}
-
-resource "aws_cloudfront_distribution" "http-c2" {
- enabled = true
- is_ipv6_enabled = false
-
- origin {
- domain_name = "${var.domain}"
- origin_id = "domain-front"
-
- custom_origin_config {
- http_port = 80
- https_port = 443
- origin_protocol_policy = "match-viewer"
- origin_ssl_protocols = ["TLSv1", "TLSv1.1", "TLSv1.2"]
- }
- }
-
- default_cache_behavior {
- target_origin_id = "domain-front"
- allowed_methods = ["GET", "HEAD", "OPTIONS", "PUT", "POST", "PATCH", "DELETE"]
- cached_methods = ["GET", "HEAD"]
- viewer_protocol_policy = "allow-all"
- min_ttl = 0
- default_ttl = 86400
- max_ttl = 31536000
-
- forwarded_values {
- query_string = true
- headers = ["*"]
-
- cookies {
- forward = "all"
- }
- }
-
- }
-
- restrictions {
- geo_restriction {
- restriction_type = "whitelist"
- locations = ["US"]
- }
- }
-
- viewer_certificate {
- cloudfront_default_certificate = true
- }
-}
diff --git a/redbaron/modules/aws/domain-front/outputs.tf b/redbaron/modules/aws/domain-front/outputs.tf
deleted file mode 100644
index c9bdf6d..0000000
--- a/redbaron/modules/aws/domain-front/outputs.tf
+++ /dev/null
@@ -1,3 +0,0 @@
-output "cf-domain" {
- value = "${aws_cloudfront_distribution.http-c2.domain_name}"
-}
\ No newline at end of file
diff --git a/redbaron/modules/aws/domain-front/variables.tf b/redbaron/modules/aws/domain-front/variables.tf
deleted file mode 100644
index 87de220..0000000
--- a/redbaron/modules/aws/domain-front/variables.tf
+++ /dev/null
@@ -1 +0,0 @@
-variable "domain" {}
\ No newline at end of file
diff --git a/redbaron/modules/aws/http-c2/README.md b/redbaron/modules/aws/http-c2/README.md
index 195a675..e0a7842 100644
--- a/redbaron/modules/aws/http-c2/README.md
+++ b/redbaron/modules/aws/http-c2/README.md
@@ -2,26 +2,17 @@
Creates a HTTP C2 server in AWS. SSH keys for each instance will be outputted to the ssh_keys folder.
-# Example
-
-```hcl
-module "http_c2" {
- source = "./modules/aws/http-c2"
-
- vpc_id = ""
- subnet_id = ""
-}
-```
-
# Arguments
-| Name | Required | Value Type | Description
-|---------------------------| -------- | ---------- | -----------
-|`vpc_id` | Yes | String | ID of VPC to create instance in.
-|`subnet_id` | Yes | String | Subnet ID to create instance in.
-|`count` | No | Integer | Number of instances to launch. Defaults to 1.
-|`instance_type` | No | String | Instance type to launch. Defaults to "t2.medium"
-|`install` | No | List | Scripts to run on instance creation. Defaults to "./scripts/core_deps.sh".
+| Name | Value Type | Description
+|---------------------------| ------------ | -----------
+|`subnet_id` | String | Subnet ID to create instance in.
+|`vpc_id` | String | ID of VPC to create instance in.
+|`counter` | Integer | Number of instances to launch. Defaults to 1.
+|`instance_type` | String | Instance type to launch. Defaults to "t2.medium"
+|`install` | List(string) | Scripts to run on instance creation. Defaults to "./scripts/core_deps.sh".
+|`amis` | Map(string) | The ami which is to be installed (according to the distro specified)
+|`user` | String | User to be used to login with SSH (different for each distro on AWS)
# Outputs
diff --git a/redbaron/modules/aws/http-c2/main.tf b/redbaron/modules/aws/http-c2/main.tf
index 7dc60f6..019a604 100644
--- a/redbaron/modules/aws/http-c2/main.tf
+++ b/redbaron/modules/aws/http-c2/main.tf
@@ -1,24 +1,21 @@
-terraform {
- required_version = ">= 0.11.0"
+data "aws_region" "current" {
}
-data "aws_region" "current" {}
-
resource "random_id" "server" {
- count = "${var.count}"
+ count = var.counter
byte_length = 4
}
resource "tls_private_key" "ssh" {
- count = "${var.count}"
+ count = var.counter
algorithm = "RSA"
- rsa_bits = 4096
+ rsa_bits = 4096
}
resource "aws_key_pair" "http-c2" {
- count = "${var.count}"
- key_name = "http-c2-key-${random_id.server.*.hex[count.index]}"
- public_key = "${tls_private_key.ssh.*.public_key_openssh[count.index]}"
+ count = var.counter
+ key_name = "http-c2-key-${random_id.server[count.index].hex}"
+ public_key = tls_private_key.ssh[count.index].public_key_openssh
}
resource "aws_instance" "http-c2" {
@@ -28,95 +25,69 @@ resource "aws_instance" "http-c2" {
//provider = "aws.${element(var.regions, count.index)}"
- count = "${var.count}"
+ count = var.counter
tags = {
- Name = "http-c2-${random_id.server.*.hex[count.index]}"
+ Name = "http-c2-${random_id.server[count.index].hex}"
}
- ami = "${var.amis[data.aws_region.current.name]}"
- instance_type = "${var.instance_type}"
- key_name = "${aws_key_pair.http-c2.*.key_name[count.index]}"
- vpc_security_group_ids = ["${aws_security_group.http-c2.id}"]
- subnet_id = "${var.subnet_id}"
+ ami = var.amis[data.aws_region.current.name]
+ instance_type = var.instance_type
+ key_name = aws_key_pair.http-c2[count.index].key_name
+ vpc_security_group_ids = [aws_security_group.http-c2[count.index].id]
+ subnet_id = var.subnet_id
associate_public_ip_address = true
provisioner "remote-exec" {
- scripts = "${concat(list("../../redbaron/data/scripts/core_deps.sh"), var.install)}"
+ scripts = concat(["../../redbaron/data/scripts/core_deps.sh"], var.install)
connection {
- type = "ssh"
- user = "admin"
- private_key = "${tls_private_key.ssh.*.private_key_pem[count.index]}"
+ host = coalesce(self.public_ip, self.private_ip)
+ type = "ssh"
+ user = var.user
+ private_key = tls_private_key.ssh[count.index].private_key_pem
}
}
provisioner "local-exec" {
- command = "echo \"${tls_private_key.ssh.*.private_key_pem[count.index]}\" > ../../redbaron/data/ssh_keys/${self.public_ip} && echo \"${tls_private_key.ssh.*.public_key_openssh[count.index]}\" > ../../redbaron/data/ssh_keys/${self.public_ip}.pub && chmod 600 ../../redbaron/data/ssh_keys/*"
+ command = "echo \"${tls_private_key.ssh[count.index].private_key_pem}\" > ssh_keys/${self.public_ip} && echo \"${tls_private_key.ssh[count.index].public_key_openssh}\" > ssh_keys/${self.public_ip}.pub && chmod 600 ssh_keys/*"
}
provisioner "local-exec" {
- when = "destroy"
- command = "rm ../../redbaron/data/ssh_keys/${self.public_ip}*"
- }
-
-}
-
-resource "null_resource" "ansible_provisioner" {
- count = "${signum(length(var.ansible_playbook)) == 1 ? var.count : 0}"
-
- depends_on = ["aws_instance.http-c2"]
-
- triggers {
- droplet_creation = "${join("," , aws_instance.http-c2.*.id)}"
- policy_sha1 = "${sha1(file(var.ansible_playbook))}"
- }
-
- provisioner "local-exec" {
- command = "ansible-playbook ${join(" ", compact(var.ansible_arguments))} --user=admin --private-key=../../redbaron/data/ssh_keys/${aws_instance.http-c2.*.public_ip[count.index]} -e host=${aws_instance.http-c2.*.public_ip[count.index]} ${var.ansible_playbook}"
-
- environment {
- ANSIBLE_HOST_KEY_CHECKING = "False"
- }
- }
-
- lifecycle {
- create_before_destroy = true
+ when = destroy
+ command = "rm ssh_keys/${self.public_ip}*"
}
}
data "template_file" "ssh_config" {
+ count = var.counter
- count = "${var.count}"
-
- template = "${file("../../redbaron/data/templates/ssh_config.tpl")}"
+ template = file("../../redbaron/data/templates/ssh_config.tpl")
- depends_on = ["aws_instance.http-c2"]
+ depends_on = [aws_instance.http-c2]
- vars {
- name = "dns_rdir_${aws_instance.http-c2.*.public_ip[count.index]}"
- hostname = "${aws_instance.http-c2.*.public_ip[count.index]}"
- user = "admin"
- identityfile = "${path.root}/data/ssh_keys/${aws_instance.http-c2.*.public_ip[count.index]}"
+ vars = {
+ name = "http_c2_${aws_instance.http-c2[count.index].public_ip}"
+ hostname = aws_instance.http-c2[count.index].public_ip
+ user = var.user
+ identityfile = "${abspath(path.root)}/ssh_keys/${aws_instance.http-c2[count.index].public_ip}"
}
-
}
resource "null_resource" "gen_ssh_config" {
+ count = var.counter
- count = "${var.count}"
-
- triggers {
- template_rendered = "${data.template_file.ssh_config.*.rendered[count.index]}"
+ triggers = {
+ template_rendered = data.template_file.ssh_config[count.index].rendered
}
provisioner "local-exec" {
- command = "echo '${data.template_file.ssh_config.*.rendered[count.index]}' > ../../redbaron/data/ssh_configs/config_${random_id.server.*.hex[count.index]}"
+ command = "echo '${data.template_file.ssh_config[count.index].rendered}' > ssh_configs/config_${random_id.server[count.index].hex}"
}
provisioner "local-exec" {
- when = "destroy"
- command = "rm ../../redbaron/data/ssh_configs/config_${random_id.server.*.hex[count.index]}"
+ when = destroy
+ command = "rm ssh_configs/config_${random_id.server[count.index].hex}"
}
-
}
+
diff --git a/redbaron/modules/aws/http-c2/outputs.tf b/redbaron/modules/aws/http-c2/outputs.tf
index d58b196..6d9b7fa 100644
--- a/redbaron/modules/aws/http-c2/outputs.tf
+++ b/redbaron/modules/aws/http-c2/outputs.tf
@@ -1,7 +1,4 @@
output "ips" {
- value = ["${aws_instance.http-c2.*.public_ip}"]
+ value = [aws_instance.http-c2.*.public_ip]
}
-output "ssh_user" {
- value = "admin"
-}
\ No newline at end of file
diff --git a/redbaron/modules/aws/http-c2/security_group.tf b/redbaron/modules/aws/http-c2/security_group.tf
index 6f99653..bb4e796 100644
--- a/redbaron/modules/aws/http-c2/security_group.tf
+++ b/redbaron/modules/aws/http-c2/security_group.tf
@@ -1,69 +1,55 @@
-terraform {
- required_version = ">= 0.11.0"
-}
-
data "external" "get_public_ip" {
- program = ["bash", "../../redbaron/data/scripts/get_public_ip.sh" ]
+ program = ["bash", "../../redbaron/data/scripts/get_public_ip.sh"]
}
resource "aws_security_group" "http-c2" {
- name = "http-c2-${random_id.server.*.hex[count.index]}"
+ count = var.counter
+
+ name = "http-c2-${random_id.server[count.index].hex}"
description = "Security group created by Red Baron"
- vpc_id = "${var.vpc_id}"
+ vpc_id = var.vpc_id
ingress {
- from_port = 22
- to_port = 22
- protocol = "tcp"
+ from_port = 22
+ to_port = 22
+ protocol = "tcp"
cidr_blocks = ["${data.external.get_public_ip.result["ip"]}/32"]
}
ingress {
from_port = 80
- to_port = 80
- protocol = "tcp"
- /*
- cidr_blocks = ["${linode_linode.http-rdir-1.ip_address}/32",
- "${linode_linode.http-rdir-2.ip_address}/32",
- "${linode_linode.http-rdir-3.ip_address}/32",
- "${var.my_ip}/32"]
- */
+ to_port = 80
+ protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 443
- to_port = 443
- protocol = "tcp"
- /*
- cidr_blocks = ["${linode_linode.http-rdir-1.ip_address}/32",
- "${linode_linode.http-rdir-2.ip_address}/32",
- "${linode_linode.http-rdir-3.ip_address}/32",
- "${var.my_ip}/32"]
- */
-
+ to_port = 443
+ protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
- from_port = 60000
- to_port = 61000
- protocol = "udp"
+ from_port = 60000
+ to_port = 61000
+ protocol = "udp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
- from_port = 53
- to_port = 53
- protocol = "udp"
+ from_port = 53
+ to_port = 53
+ protocol = "udp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
- from_port = 80
- to_port = 80
- protocol = "tcp"
+ from_port = 80
+ to_port = 80
+ protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
- from_port = 443
- to_port = 443
- protocol = "tcp"
+ from_port = 443
+ to_port = 443
+ protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
}
+
diff --git a/redbaron/modules/aws/http-c2/variables.tf b/redbaron/modules/aws/http-c2/variables.tf
index 0e58c81..d7bfa12 100644
--- a/redbaron/modules/aws/http-c2/variables.tf
+++ b/redbaron/modules/aws/http-c2/variables.tf
@@ -1,26 +1,11 @@
-variable "subnet_id" {}
-
-variable "vpc_id" {}
-
-variable "count" {
- default = 1
-}
-
-variable "ansible_playbook" {
- default = ""
- description = "Ansible Playbook to run"
+variable "subnet_id" {
}
-variable "ansible_arguments" {
- default = []
- type = "list"
- description = "Additional Ansible Arguments"
+variable "vpc_id" {
}
-variable "ansible_vars" {
- default = []
- type = "list"
- description = "Environment variables"
+variable "counter" {
+ default = 1
}
variable "instance_type" {
@@ -28,40 +13,32 @@ variable "instance_type" {
}
variable "install" {
- type = "list"
+ type = list(string)
default = []
}
-/*
-variable "install" {
- type = "map"
- default = {
- "empire" = "./scripts/install_empire.sh"
- "metasploit" = "./scripts/install_metasploit.sh"
- "cobaltstrike" = "./scripts/install_cobalt_strike.sh"
- }
-}
-*/
-
variable "amis" {
- type = "map"
+ type = map(string)
default = {
-
// Taken from https://wiki.debian.org/Cloud/AmazonEC2Image/Stretch
"ap-northeast-1" = "ami-b6b568d0"
"ap-northeast-2" = "ami-b7479dd9"
- "ap-south-1" = "ami-02aded6d"
+ "ap-south-1" = "ami-02aded6d"
"ap-southeast-1" = "ami-d76019b4"
"ap-southeast-2" = "ami-8359bae1"
- "ca-central-1" = "ami-3709b053"
- "eu-central-1" = "ami-8bb70be4"
- "eu-west-1" = "ami-ce76a7b7"
- "eu-west-2" = "ami-a6f9ebc2"
- "sa-east-1" = "ami-f5c7b899"
- "us-east-1" = "ami-71b7750b"
- "us-east-2" = "ami-dab895bf"
- "us-west-1" = "ami-58eedd38"
- "us-west-2" = "ami-c032f6b8"
-
+ "ca-central-1" = "ami-3709b053"
+ "eu-central-1" = "ami-8bb70be4"
+ "eu-west-1" = "ami-ce76a7b7"
+ "eu-west-2" = "ami-a6f9ebc2"
+ "sa-east-1" = "ami-f5c7b899"
+ "us-east-1" = "ami-71b7750b"
+ "us-east-2" = "ami-dab895bf"
+ "us-west-1" = "ami-58eedd38"
+ "us-west-2" = "ami-c032f6b8"
}
-}
\ No newline at end of file
+}
+
+variable "user" {
+ default = "admin"
+}
+
diff --git a/redbaron/modules/aws/http-c2/versions.tf b/redbaron/modules/aws/http-c2/versions.tf
new file mode 100644
index 0000000..ac97c6a
--- /dev/null
+++ b/redbaron/modules/aws/http-c2/versions.tf
@@ -0,0 +1,4 @@
+
+terraform {
+ required_version = ">= 0.12"
+}
diff --git a/redbaron/modules/aws/http-rdir/README.md b/redbaron/modules/aws/http-rdir/README.md
index 7200e3a..19cf94c 100644
--- a/redbaron/modules/aws/http-rdir/README.md
+++ b/redbaron/modules/aws/http-rdir/README.md
@@ -2,27 +2,16 @@
Creates a HTTP Redirector server in AWS. SSH keys for each instance will be outputted to the ssh_keys folder.
-# Example
-
-```hcl
-module "http_rdir" {
- source = "./modules/aws/http-rdir"
-
- vpc_id = ""
- subnet_id = ""
- redirect_to = ["192.168.0.1"]
-}
-```
-
# Arguments
-| Name | Required | Value Type | Description
-|---------------------------| -------- | ---------- | -----------
-|`vpc_id` | Yes | String | ID of VPC to create instance in.
-|`subnet_id` | Yes | String | Subnet ID to create instance in.
-|`redirect_to` | Yes | List | List of IPs to redirect HTTP traffic to.
-|`count` | No | Integer | Number of instances to launch. Defaults to 1.
-|`instance_type` | No | String | Instance type to launch. Defaults to "t2.medium".
+| Name | Value Type | Description
+|---------------------------| ---------- | -----------
+|`subnet_id` | String | Subnet ID to create instance in.
+|`vpc_id` | String | ID of VPC to create instance in.
+|`redirect_to` | List(string) | List of IPs to redirect DNS traffic to.
+|`counter` | Integer | Number of instances to launch. Defaults to 1.
+|`instance_type` | String | Instance type to launch. Defaults to "t2.medium"
+|`amis` | Map(string) | The ami which is to be installed (according to the distro specified)
# Outputs
diff --git a/redbaron/modules/aws/http-rdir/main.tf b/redbaron/modules/aws/http-rdir/main.tf
index 924acf9..b0d9da6 100644
--- a/redbaron/modules/aws/http-rdir/main.tf
+++ b/redbaron/modules/aws/http-rdir/main.tf
@@ -1,128 +1,93 @@
-terraform {
- required_version = ">= 0.11.0"
+data "aws_region" "current" {
}
-data "aws_region" "current" {}
-
resource "random_id" "server" {
- count = "${var.count}"
+ count = var.counter
byte_length = 4
}
resource "tls_private_key" "ssh" {
- count = "${var.count}"
+ count = var.counter
algorithm = "RSA"
- rsa_bits = 4096
+ rsa_bits = 4096
}
resource "aws_key_pair" "http-rdir" {
- count = "${var.count}"
- key_name = "http-rdir-key-${random_id.server.*.hex[count.index]}"
- public_key = "${tls_private_key.ssh.*.public_key_openssh[count.index]}"
+ count = var.counter
+ key_name = "http-rdir-key-${random_id.server[count.index].hex}"
+ public_key = tls_private_key.ssh[count.index].public_key_openssh
}
resource "aws_instance" "http-rdir" {
- // Currently, variables in provider fields are not supported :(
- // This severely limits our ability to spin up instances in diffrent regions
- // https://github.com/hashicorp/terraform/issues/11578
-
- //provider = "aws.${element(var.regions, count.index)}"
-
- count = "${var.count}"
+ count = var.counter
tags = {
- Name = "http-rdir-${random_id.server.*.hex[count.index]}"
+ Name = "http-rdir-${random_id.server[count.index].hex}"
}
- ami = "${var.amis[data.aws_region.current.name]}"
- instance_type = "${var.instance_type}"
- key_name = "${aws_key_pair.http-rdir.*.key_name[count.index]}"
- vpc_security_group_ids = ["${aws_security_group.http-rdir.id}"]
- subnet_id = "${var.subnet_id}"
+ ami = var.amis[data.aws_region.current.name]
+ instance_type = var.instance_type
+ key_name = aws_key_pair.http-rdir[count.index].key_name
+ vpc_security_group_ids = [aws_security_group.http-rdir[count.index].id]
+ subnet_id = var.subnet_id
associate_public_ip_address = true
provisioner "remote-exec" {
inline = [
"sudo apt-get update",
- "sudo apt-get install -y tmux socat apache2 mosh certbot",
+ "sudo apt-get install -y tmux socat apache2 certbot python3-certbot-apache",
"sudo a2enmod rewrite proxy proxy_http ssl",
"sudo systemctl stop apache2",
- "tmux new -d \"sudo socat TCP4-LISTEN:80,fork TCP4:${element(var.redirect_to, count.index)}:80\" ';' split \"sudo socat TCP4-LISTEN:443,fork TCP4:${element(var.redirect_to, count.index)}:443\""
+ "tmux new -d \"sudo socat TCP4-LISTEN:80,fork TCP4:${element(var.redirect_to, count.index)}:${var.http-port}\" ';' split \"sudo socat TCP4-LISTEN:443,fork TCP4:${element(var.redirect_to, count.index)}:${var.https-port}\"",
]
connection {
- type = "ssh"
- user = "admin"
- private_key = "${tls_private_key.ssh.*.private_key_pem[count.index]}"
+ host = coalesce(self.public_ip, self.private_ip)
+ type = "ssh"
+ user = "admin"
+ private_key = tls_private_key.ssh[count.index].private_key_pem
}
}
provisioner "local-exec" {
- command = "echo \"${tls_private_key.ssh.*.private_key_pem[count.index]}\" > ../../redbaron/data/ssh_keys/${self.public_ip} && echo \"${tls_private_key.ssh.*.public_key_openssh[count.index]}\" > ../../redbaron/data/ssh_keys/${self.public_ip}.pub && chmod 600 ../../redbaron/data/ssh_keys/*"
+ command = "echo \"${tls_private_key.ssh[count.index].private_key_pem}\" > ssh_keys/${self.public_ip} && echo \"${tls_private_key.ssh[count.index].public_key_openssh}\" > ssh_keys/${self.public_ip}.pub && chmod 600 ssh_keys/*"
}
provisioner "local-exec" {
- when = "destroy"
- command = "rm ../../redbaron/data/ssh_keys/${self.public_ip}*"
- }
-
-}
-
-resource "null_resource" "ansible_provisioner" {
- count = "${signum(length(var.ansible_playbook)) == 1 ? var.count : 0}"
-
- depends_on = ["aws_instance.http-rdir"]
-
- triggers {
- droplet_creation = "${join("," , aws_instance.http-rdir.*.id)}"
- policy_sha1 = "${sha1(file(var.ansible_playbook))}"
- }
-
- provisioner "local-exec" {
- command = "ansible-playbook ${join(" ", compact(var.ansible_arguments))} --user=admin --private-key=../../redbaron/data/ssh_keys/${aws_instance.http-rdir.*.public_ip[count.index]} -e host=${aws_instance.http-rdir.*.public_ip[count.index]} ${var.ansible_playbook}"
-
- environment {
- ANSIBLE_HOST_KEY_CHECKING = "False"
- }
- }
-
- lifecycle {
- create_before_destroy = true
+ when = destroy
+ command = "rm ssh_keys/${self.public_ip}*"
}
}
data "template_file" "ssh_config" {
+ count = var.counter
- count = "${var.count}"
+ template = file("../../redbaron/data/templates/ssh_config.tpl")
- template = "${file("../../redbaron/data/templates/ssh_config.tpl")}"
+ depends_on = [aws_instance.http-rdir]
- depends_on = ["aws_instance.http-rdir"]
-
- vars {
- name = "dns_rdir_${aws_instance.http-rdir.*.public_ip[count.index]}"
- hostname = "${aws_instance.http-rdir.*.public_ip[count.index]}"
- user = "admin"
- identityfile = "${path.root}/data/ssh_keys/${aws_instance.http-rdir.*.public_ip[count.index]}"
+ vars = {
+ name = "dns_rdir_${aws_instance.http-rdir[count.index].public_ip}"
+ hostname = aws_instance.http-rdir[count.index].public_ip
+ user = "admin"
+ identityfile = "${abspath(path.root)}/ssh_keys/${aws_instance.http-rdir[count.index].public_ip}"
}
-
}
resource "null_resource" "gen_ssh_config" {
+ count = var.counter
- count = "${var.count}"
-
- triggers {
- template_rendered = "${data.template_file.ssh_config.*.rendered[count.index]}"
+ triggers = {
+ template_rendered = data.template_file.ssh_config[count.index].rendered
}
provisioner "local-exec" {
- command = "echo '${data.template_file.ssh_config.*.rendered[count.index]}' > ../../redbaron/data/ssh_configs/config_${random_id.server.*.hex[count.index]}"
+ command = "echo '${data.template_file.ssh_config[count.index].rendered}' > ssh_configs/config_${random_id.server[count.index].hex}"
}
provisioner "local-exec" {
- when = "destroy"
- command = "rm ../../redbaron/data/ssh_configs/config_${random_id.server.*.hex[count.index]}"
+ when = destroy
+ command = "rm ssh_configs/config_${random_id.server[count.index].hex}"
}
-
}
+
diff --git a/redbaron/modules/aws/http-rdir/outputs.tf b/redbaron/modules/aws/http-rdir/outputs.tf
index 288b143..0c6a7f1 100644
--- a/redbaron/modules/aws/http-rdir/outputs.tf
+++ b/redbaron/modules/aws/http-rdir/outputs.tf
@@ -1,7 +1,4 @@
output "ips" {
- value = ["${aws_instance.http-rdir.*.public_ip}"]
+ value = [aws_instance.http-rdir.*.public_ip]
}
-output "ssh_user" {
- value = "admin"
-}
\ No newline at end of file
diff --git a/redbaron/modules/aws/http-rdir/security_group.tf b/redbaron/modules/aws/http-rdir/security_group.tf
index 4b8d0a7..8537d7b 100644
--- a/redbaron/modules/aws/http-rdir/security_group.tf
+++ b/redbaron/modules/aws/http-rdir/security_group.tf
@@ -1,70 +1,55 @@
-terraform {
- required_version = ">= 0.11.0"
-}
-
data "external" "get_public_ip" {
- program = ["bash", "../../redbaron/data/scripts/get_public_ip.sh" ]
+ program = ["bash", "../../redbaron/data/scripts/get_public_ip.sh"]
}
resource "aws_security_group" "http-rdir" {
+ count = var.counter
# name = "${random_string.name_sg.result}"
- name = "http-c2-rdir-${random_id.server.*.hex[count.index]}"
+ name = "http-c2-rdir-${random_id.server[count.index].hex}"
description = "Security group created by Red Baron"
- vpc_id = "${var.vpc_id}"
+ vpc_id = var.vpc_id
ingress {
- from_port = 22
- to_port = 22
- protocol = "tcp"
+ from_port = 22
+ to_port = 22
+ protocol = "tcp"
cidr_blocks = ["${data.external.get_public_ip.result["ip"]}/32"]
}
ingress {
from_port = 80
- to_port = 80
- protocol = "tcp"
- /*
- cidr_blocks = ["${linode_linode.http-rdir-1.ip_address}/32",
- "${linode_linode.http-rdir-2.ip_address}/32",
- "${linode_linode.http-rdir-3.ip_address}/32",
- "${var.my_ip}/32"]
- */
+ to_port = 80
+ protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 443
- to_port = 443
- protocol = "tcp"
- /*
- cidr_blocks = ["${linode_linode.http-rdir-1.ip_address}/32",
- "${linode_linode.http-rdir-2.ip_address}/32",
- "${linode_linode.http-rdir-3.ip_address}/32",
- "${var.my_ip}/32"]
- */
-
+ to_port = 443
+ protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
- from_port = 60000
- to_port = 61000
- protocol = "udp"
+ from_port = 60000
+ to_port = 61000
+ protocol = "udp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
- from_port = 53
- to_port = 53
- protocol = "udp"
+ from_port = 53
+ to_port = 53
+ protocol = "udp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
- from_port = 80
- to_port = 80
- protocol = "tcp"
+ from_port = 80
+ to_port = 80
+ protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
- from_port = 443
- to_port = 443
- protocol = "tcp"
+ from_port = 443
+ to_port = 443
+ protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
}
+
diff --git a/redbaron/modules/aws/http-rdir/variables.tf b/redbaron/modules/aws/http-rdir/variables.tf
index 48bbaa8..29c4255 100644
--- a/redbaron/modules/aws/http-rdir/variables.tf
+++ b/redbaron/modules/aws/http-rdir/variables.tf
@@ -1,29 +1,14 @@
-variable "subnet_id" {}
-
-variable "vpc_id" {}
-
-variable "redirect_to" {
- type = "list"
+variable "subnet_id" {
}
-variable "ansible_playbook" {
- default = ""
- description = "Ansible Playbook to run"
+variable "vpc_id" {
}
-variable "ansible_arguments" {
- default = []
- type = "list"
- description = "Additional Ansible Arguments"
-}
-
-variable "ansible_vars" {
- default = []
- type = "list"
- description = "Environment variables"
+variable "redirect_to" {
+ type = list(string)
}
-variable "count" {
+variable "counter" {
default = 1
}
@@ -31,36 +16,32 @@ variable "instance_type" {
default = "t2.medium"
}
-/*
-variable "install" {
- type = "map"
- default = {
- "empire" = "./scripts/install_empire.sh"
- "metasploit" = "./scripts/install_metasploit.sh"
- "cobaltstrike" = "./scripts/install_cobalt_strike.sh"
- }
+variable "http-port" {
+ default = 80
+}
+
+variable "https-port" {
+ default = 443
}
-*/
variable "amis" {
- type = "map"
+ type = map(string)
default = {
-
// Taken from https://wiki.debian.org/Cloud/AmazonEC2Image/Stretch
"ap-northeast-1" = "ami-b6b568d0"
"ap-northeast-2" = "ami-b7479dd9"
- "ap-south-1" = "ami-02aded6d"
+ "ap-south-1" = "ami-02aded6d"
"ap-southeast-1" = "ami-d76019b4"
"ap-southeast-2" = "ami-8359bae1"
- "ca-central-1" = "ami-3709b053"
- "eu-central-1" = "ami-8bb70be4"
- "eu-west-1" = "ami-ce76a7b7"
- "eu-west-2" = "ami-a6f9ebc2"
- "sa-east-1" = "ami-f5c7b899"
- "us-east-1" = "ami-71b7750b"
- "us-east-2" = "ami-dab895bf"
- "us-west-1" = "ami-58eedd38"
- "us-west-2" = "ami-c032f6b8"
-
+ "ca-central-1" = "ami-3709b053"
+ "eu-central-1" = "ami-8bb70be4"
+ "eu-west-1" = "ami-ce76a7b7"
+ "eu-west-2" = "ami-a6f9ebc2"
+ "sa-east-1" = "ami-f5c7b899"
+ "us-east-1" = "ami-71b7750b"
+ "us-east-2" = "ami-dab895bf"
+ "us-west-1" = "ami-58eedd38"
+ "us-west-2" = "ami-c032f6b8"
}
-}
\ No newline at end of file
+}
+
diff --git a/redbaron/modules/aws/http-rdir/versions.tf b/redbaron/modules/aws/http-rdir/versions.tf
new file mode 100644
index 0000000..ac97c6a
--- /dev/null
+++ b/redbaron/modules/aws/http-rdir/versions.tf
@@ -0,0 +1,4 @@
+
+terraform {
+ required_version = ">= 0.12"
+}
diff --git a/redbaron/modules/aws/mail-server/README.md b/redbaron/modules/aws/mail-server/README.md
index b38d4fb..193aba2 100644
--- a/redbaron/modules/aws/mail-server/README.md
+++ b/redbaron/modules/aws/mail-server/README.md
@@ -1,28 +1,18 @@
# mail-server
-Creates a Mail Server in Aws. By default, Overlord will also use the iRedMail script to configure the mail server.
-
-# Example
-
-```hcl
-module "create_mail_server" {
- source = "./modules/aws/mail-server"
-
- vpc_id = ""
- subnet_id = ""
- instance_type = "t2.micro"
-}
-```
+Creates a Mail Server on AWS. By default, Overlord will also use the iRedMail script to configure the mail server.
# Arguments
-| Name | Required | Value Type | Description
-|---------------------------| -------- | ---------- | -----------
-|`vpc_id` | Yes | String | ID of VPC to create instance in.
-|`subnet_id` | Yes | String | Subnet ID to create instance in.
-|`count` | No | Integer | Number of instances to launch. Defaults to 1.
-|`instance_type` | No | String | Instance type to launch. Defaults to "t2.medium"
-|`install` | No | List | Scripts to run on instance creation. Defaults to "./scripts/core_deps.sh".
+| Name | Value Type | Description
+|---------------------------| ---------- | -----------
+|`subnet_id` | String | Subnet ID to create instance in.
+|`vpc_id` | String | ID of VPC to create instance in.
+|`redirect_to` | List(string) | List of IPs to redirect DNS traffic to.
+|`counter` | Integer | Number of instances to launch. Defaults to 1.
+|`path` | String | Local path to retrieve the iredmail bash script
+|`instance_type` | String | Instance type to launch. Defaults to "t2.medium"
+|`amis` | Map(string) | The ami which is to be installed (according to the distro specified)
# Outputs
diff --git a/redbaron/modules/aws/mail-server/main.tf b/redbaron/modules/aws/mail-server/main.tf
index de81591..14a2052 100644
--- a/redbaron/modules/aws/mail-server/main.tf
+++ b/redbaron/modules/aws/mail-server/main.tf
@@ -1,77 +1,69 @@
-terraform {
- required_version = ">= 0.11.0"
+data "aws_region" "current" {
}
-data "aws_region" "current" {}
-
resource "random_id" "server" {
- count = "${var.count}"
+ count = var.counter
byte_length = 4
}
resource "tls_private_key" "ssh" {
- count = "${var.count}"
+ count = var.counter
algorithm = "RSA"
- rsa_bits = 4096
+ rsa_bits = 4096
}
resource "aws_key_pair" "mail-server" {
- count = "${var.count}"
- key_name = "mail-server-key-${random_id.server.*.hex[count.index]}"
- public_key = "${tls_private_key.ssh.*.public_key_openssh[count.index]}"
+ count = var.counter
+ key_name = "mail-server-key-${random_id.server[count.index].hex}"
+ public_key = tls_private_key.ssh[count.index].public_key_openssh
}
resource "aws_instance" "mail-server" {
- // Currently, variables in provider fields are not supported :(
- // This severely limits our ability to spin up instances in diffrent regions
- // https://github.com/hashicorp/terraform/issues/11578
-
- //provider = "aws.${element(var.regions, count.index)}"
-
- count = "${var.count}"
+ count = var.counter
tags = {
- Name = "mail-server-${random_id.server.*.hex[count.index]}"
+ Name = "mail-server-${random_id.server[count.index].hex}"
}
- ami = "${var.amis[data.aws_region.current.name]}"
- instance_type = "${var.instance_type}"
- key_name = "${aws_key_pair.mail-server.*.key_name[count.index]}"
- vpc_security_group_ids = ["${aws_security_group.mail-server.id}"]
- subnet_id = "${var.subnet_id}"
+ ami = var.amis[data.aws_region.current.name]
+ instance_type = var.instance_type
+ key_name = aws_key_pair.mail-server[count.index].key_name
+ vpc_security_group_ids = [aws_security_group.mail-server[count.index].id]
+ subnet_id = var.subnet_id
associate_public_ip_address = true
provisioner "local-exec" {
- command = "echo \"${tls_private_key.ssh.*.private_key_pem[count.index]}\" > ../../redbaron/data/ssh_keys/${self.public_ip} && echo \"${tls_private_key.ssh.*.public_key_openssh[count.index]}\" > ../../redbaron/data/ssh_keys/${self.public_ip}.pub && chmod 600 ../../redbaron/data/ssh_keys/*"
+ command = "echo \"${tls_private_key.ssh[count.index].private_key_pem}\" > ssh_keys/${self.public_ip} && echo \"${tls_private_key.ssh[count.index].public_key_openssh}\" > ssh_keys/${self.public_ip}.pub && chmod 600 ssh_keys/*"
}
provisioner "local-exec" {
- when = "destroy"
- command = "rm ../../redbaron/data/ssh_keys/${self.public_ip}*"
+ when = destroy
+ command = "rm ssh_keys/${self.public_ip}*"
}
provisioner "remote-exec" {
inline = [
"sudo apt-get update",
- "sudo apt-get install -y tmux mosh"
+ "sudo apt-get install -y tmux",
]
connection {
- type = "ssh"
- user = "admin"
- private_key = "${tls_private_key.ssh.*.private_key_pem[count.index]}"
+ host = coalesce(self.public_ip, self.private_ip)
+ type = "ssh"
+ user = "admin"
+ private_key = tls_private_key.ssh[count.index].private_key_pem
}
}
provisioner "file" {
- #source = "../../redbaron/data/scripts/iredmail.sh"
- source = "${var.path}"
+ source = var.path
destination = "/tmp/iredmail.sh"
connection {
- type = "ssh"
- user = "admin"
- private_key = "${tls_private_key.ssh.*.private_key_pem[count.index]}"
+ host = coalesce(self.public_ip, self.private_ip)
+ type = "ssh"
+ user = "admin"
+ private_key = tls_private_key.ssh[count.index].private_key_pem
}
}
@@ -82,69 +74,43 @@ resource "aws_instance" "mail-server" {
]
connection {
- type = "ssh"
- user = "admin"
- private_key = "${tls_private_key.ssh.*.private_key_pem[count.index]}"
+ host = coalesce(self.public_ip, self.private_ip)
+ type = "ssh"
+ user = "admin"
+ private_key = tls_private_key.ssh[count.index].private_key_pem
}
}
-
-}
-
-resource "null_resource" "ansible_provisioner" {
- count = "${signum(length(var.ansible_playbook)) == 1 ? var.count : 0}"
-
- depends_on = ["aws_instance.mail-server"]
-
- triggers {
- droplet_creation = "${join("," , aws_instance.mail-server.*.id)}"
- policy_sha1 = "${sha1(file(var.ansible_playbook))}"
- }
-
- provisioner "local-exec" {
- command = "ansible-playbook ${join(" ", compact(var.ansible_arguments))} --user=admin --private-key=../../redbaron/data/ssh_keys/${aws_instance.mail-server.*.public_ip[count.index]} -e host=${aws_instance.mail-server.*.public_ip[count.index]} ${var.ansible_playbook}"
-
- environment {
- ANSIBLE_HOST_KEY_CHECKING = "False"
- }
- }
-
- lifecycle {
- create_before_destroy = true
- }
}
data "template_file" "ssh_config" {
+ count = var.counter
- count = "${var.count}"
+ template = file("../../redbaron/data/templates/ssh_config.tpl")
- template = "${file("../../redbaron/data/templates/ssh_config.tpl")}"
+ depends_on = [aws_instance.mail-server]
- depends_on = ["aws_instance.mail-server"]
-
- vars {
- name = "dns_rdir_${aws_instance.mail-server.*.public_ip[count.index]}"
- hostname = "${aws_instance.mail-server.*.public_ip[count.index]}"
- user = "admin"
- identityfile = "${path.root}/data/ssh_keys/${aws_instance.mail-server.*.public_ip[count.index]}"
+ vars = {
+ name = "dns_rdir_${aws_instance.mail-server[count.index].public_ip}"
+ hostname = aws_instance.mail-server[count.index].public_ip
+ user = "admin"
+ identityfile = "${abspath(path.root)}/ssh_keys/${aws_instance.mail-server[count.index].public_ip}"
}
-
}
resource "null_resource" "gen_ssh_config" {
+ count = var.counter
- count = "${var.count}"
-
- triggers {
- template_rendered = "${data.template_file.ssh_config.*.rendered[count.index]}"
+ triggers = {
+ template_rendered = data.template_file.ssh_config[count.index].rendered
}
provisioner "local-exec" {
- command = "echo '${data.template_file.ssh_config.*.rendered[count.index]}' > ../../redbaron/data/ssh_configs/config_${random_id.server.*.hex[count.index]}"
+ command = "echo '${data.template_file.ssh_config[count.index].rendered}' > ssh_configs/config_${random_id.server[count.index].hex}"
}
provisioner "local-exec" {
- when = "destroy"
- command = "rm ../../redbaron/data/ssh_configs/config_${random_id.server.*.hex[count.index]}"
+ when = destroy
+ command = "rm ssh_configs/config_${random_id.server[count.index].hex}"
}
-
}
+
diff --git a/redbaron/modules/aws/mail-server/outputs.tf b/redbaron/modules/aws/mail-server/outputs.tf
index 169742c..15112c9 100644
--- a/redbaron/modules/aws/mail-server/outputs.tf
+++ b/redbaron/modules/aws/mail-server/outputs.tf
@@ -1,7 +1,3 @@
output "ips" {
- value = ["${aws_instance.mail-server.*.public_ip}"]
-}
-
-output "ssh_user" {
- value = "admin"
+ value = [aws_instance.mail-server.*.public_ip]
}
diff --git a/redbaron/modules/aws/mail-server/security_group.tf b/redbaron/modules/aws/mail-server/security_group.tf
index fe97a90..b6325ef 100644
--- a/redbaron/modules/aws/mail-server/security_group.tf
+++ b/redbaron/modules/aws/mail-server/security_group.tf
@@ -1,147 +1,145 @@
-terraform {
- required_version = ">= 0.11.0"
-}
-
data "external" "get_ip" {
- program = ["bash", "../../redbaron/data/scripts/get_public_ip.sh" ]
+ program = ["bash", "../../redbaron/data/scripts/get_public_ip.sh"]
}
resource "aws_security_group" "mail-server" {
- name = "mail-server-${random_id.server.*.hex[count.index]}"
+ count = var.counter
+
+ name = "mail-server-${random_id.server[count.index].hex}"
description = "Security group created by Red Baron"
- vpc_id = "${var.vpc_id}"
+ vpc_id = var.vpc_id
ingress {
- from_port = 22
- to_port = 22
- protocol = "tcp"
+ from_port = 22
+ to_port = 22
+ protocol = "tcp"
cidr_blocks = ["${data.external.get_ip.result["ip"]}/32"]
}
ingress {
- from_port = 80
- to_port = 80
- protocol = "tcp"
+ from_port = 80
+ to_port = 80
+ protocol = "tcp"
cidr_blocks = ["${data.external.get_ip.result["ip"]}/32"]
}
ingress {
- from_port = 443
- to_port = 443
- protocol = "tcp"
+ from_port = 443
+ to_port = 443
+ protocol = "tcp"
cidr_blocks = ["${data.external.get_ip.result["ip"]}/32"]
}
ingress {
- from_port = 25
- to_port = 25
- protocol = "tcp"
+ from_port = 25
+ to_port = 25
+ protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
- from_port = 587
- to_port = 587
- protocol = "tcp"
+ from_port = 587
+ to_port = 587
+ protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
- from_port = 143
- to_port = 143
- protocol = "tcp"
+ from_port = 143
+ to_port = 143
+ protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
- from_port = 993
- to_port = 993
- protocol = "tcp"
+ from_port = 993
+ to_port = 993
+ protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
- from_port = 995
- to_port = 995
- protocol = "tcp"
+ from_port = 995
+ to_port = 995
+ protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
- from_port = 110
- to_port = 110
- protocol = "tcp"
+ from_port = 110
+ to_port = 110
+ protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
- from_port = 60000
- to_port = 61000
- protocol = "udp"
+ from_port = 60000
+ to_port = 61000
+ protocol = "udp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
- from_port = 53
- to_port = 53
- protocol = "udp"
+ from_port = 53
+ to_port = 53
+ protocol = "udp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
- from_port = 80
- to_port = 80
- protocol = "tcp"
+ from_port = 80
+ to_port = 80
+ protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
- from_port = 443
- to_port = 443
- protocol = "tcp"
+ from_port = 443
+ to_port = 443
+ protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
- from_port = 25
- to_port = 25
- protocol = "tcp"
+ from_port = 25
+ to_port = 25
+ protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
- from_port = 143
- to_port = 143
- protocol = "tcp"
+ from_port = 143
+ to_port = 143
+ protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
- from_port = 587
- to_port = 587
- protocol = "tcp"
+ from_port = 587
+ to_port = 587
+ protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
- from_port = 993
- to_port = 993
- protocol = "tcp"
+ from_port = 993
+ to_port = 993
+ protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
- from_port = 995
- to_port = 995
- protocol = "tcp"
+ from_port = 995
+ to_port = 995
+ protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
-
- egress {
- from_port = 110
- to_port = 110
- protocol = "tcp"
- cidr_blocks = ["0.0.0.0/0"]
- }
+ egress {
+ from_port = 110
+ to_port = 110
+ protocol = "tcp"
+ cidr_blocks = ["0.0.0.0/0"]
+ }
}
+
diff --git a/redbaron/modules/aws/mail-server/variables.tf b/redbaron/modules/aws/mail-server/variables.tf
index 6fe99f0..ccea6da 100644
--- a/redbaron/modules/aws/mail-server/variables.tf
+++ b/redbaron/modules/aws/mail-server/variables.tf
@@ -1,69 +1,38 @@
-variable "subnet_id" {}
-
-variable "vpc_id" {}
-
-variable "count" {
- default = 1
+variable "subnet_id" {
}
-variable "ansible_playbook" {
- default = ""
- description = "Ansible Playbook to run"
+variable "vpc_id" {
}
-variable "ansible_arguments" {
- default = []
- type = "list"
- description = "Additional Ansible Arguments"
+variable "counter" {
+ default = 1
}
-variable "path" {}
-
-variable "ansible_vars" {
- default = []
- type = "list"
- description = "Environment variables"
+variable "path" {
}
variable "instance_type" {
default = "t2.micro"
}
-/*
-variable "install" {
- type = "map"
- default = {
- "empire" = "./scripts/install_empire.sh"
- "metasploit" = "./scripts/install_metasploit.sh"
- "cobaltstrike" = "./scripts/install_cobalt_strike.sh"
- }
-}
-*/
-
-variable "install" {
- type = "list"
- default = []
-}
-
variable "amis" {
- type = "map"
+ type = map(string)
default = {
-
// Taken from https://wiki.debian.org/Cloud/AmazonEC2Image/Stretch
"ap-northeast-1" = "ami-b6b568d0"
"ap-northeast-2" = "ami-b7479dd9"
- "ap-south-1" = "ami-02aded6d"
+ "ap-south-1" = "ami-02aded6d"
"ap-southeast-1" = "ami-d76019b4"
"ap-southeast-2" = "ami-8359bae1"
- "ca-central-1" = "ami-3709b053"
- "eu-central-1" = "ami-8bb70be4"
- "eu-west-1" = "ami-ce76a7b7"
- "eu-west-2" = "ami-a6f9ebc2"
- "sa-east-1" = "ami-f5c7b899"
- "us-east-1" = "ami-71b7750b"
- "us-east-2" = "ami-dab895bf"
- "us-west-1" = "ami-58eedd38"
- "us-west-2" = "ami-c032f6b8"
-
+ "ca-central-1" = "ami-3709b053"
+ "eu-central-1" = "ami-8bb70be4"
+ "eu-west-1" = "ami-ce76a7b7"
+ "eu-west-2" = "ami-a6f9ebc2"
+ "sa-east-1" = "ami-f5c7b899"
+ "us-east-1" = "ami-71b7750b"
+ "us-east-2" = "ami-dab895bf"
+ "us-west-1" = "ami-58eedd38"
+ "us-west-2" = "ami-c032f6b8"
}
}
+
diff --git a/redbaron/modules/aws/mail-server/versions.tf b/redbaron/modules/aws/mail-server/versions.tf
new file mode 100644
index 0000000..ac97c6a
--- /dev/null
+++ b/redbaron/modules/aws/mail-server/versions.tf
@@ -0,0 +1,4 @@
+
+terraform {
+ required_version = ">= 0.12"
+}
diff --git a/redbaron/modules/aws/phishing-server-gophish/README.md b/redbaron/modules/aws/phishing-server-gophish/README.md
index edf4227..9e31373 100644
--- a/redbaron/modules/aws/phishing-server-gophish/README.md
+++ b/redbaron/modules/aws/phishing-server-gophish/README.md
@@ -2,25 +2,16 @@
Creates an instance in AWS to be used as a phishing server (with Gophish installed). SSH keys for each instance will be outputted to the ssh_keys folder.
-# Example
-
-```hcl
-module "phishing_server" {
- source = "./modules/aws/phishing-server"
-
- vpc_id = ""
- subnet_id = ""
-}
-```
-
# Arguments
-| Name | Required | Value Type | Description
-|---------------------------| -------- | ---------- | -----------
-|`vpc_id` | Yes | String | ID of VPC to create instance in.
-|`subnet_id` | Yes | String | Subnet ID to create instance in.
-|`count` | No | Integer | Number of instances to launch. Defaults to 1.
-|`instance_type` | No | String | Instance type to launch. Defaults to "t2.medium"
+| Name | Value Type | Description
+|---------------------------| ------------ | -----------
+|`subnet_id` | String | Subnet ID to create instance in.
+|`vpc_id` | String | ID of VPC to create instance in.
+|`counter` | Integer | Number of instances to launch. Defaults to 1.
+|`instance_type` | String | Instance type to launch. Defaults to "t2.medium"
+|`install` | List(string) | Scripts to run on instance creation. Defaults to "./scripts/core_deps.sh".
+|`amis` | Map(string) | The ami which is to be installed (according to the distro specified)
# Outputs
diff --git a/redbaron/modules/aws/phishing-server-gophish/main.tf b/redbaron/modules/aws/phishing-server-gophish/main.tf
index c6435f2..5633ad9 100644
--- a/redbaron/modules/aws/phishing-server-gophish/main.tf
+++ b/redbaron/modules/aws/phishing-server-gophish/main.tf
@@ -1,118 +1,114 @@
-terraform {
- required_version = ">= 0.11.0"
+data "aws_region" "current" {
}
-data "aws_region" "current" {}
-
resource "random_id" "server" {
- count = "${var.count}"
+ count = var.counter
byte_length = 4
}
resource "tls_private_key" "ssh" {
- count = "${var.count}"
+ count = var.counter
algorithm = "RSA"
- rsa_bits = 4096
+ rsa_bits = 4096
}
resource "aws_key_pair" "gophish-server" {
- count = "${var.count}"
- key_name = "gophish-server-key-${random_id.server.*.hex[count.index]}"
- public_key = "${tls_private_key.ssh.*.public_key_openssh[count.index]}"
+ count = var.counter
+ key_name = "gophish-server-key-${random_id.server[count.index].hex}"
+ public_key = tls_private_key.ssh[count.index].public_key_openssh
}
resource "aws_instance" "gophish-server" {
- // Currently, variables in provider fields are not supported :(
- // This severely limits our ability to spin up instances in diffrent regions
- // https://github.com/hashicorp/terraform/issues/11578
-
- //provider = "aws.${element(var.regions, count.index)}"
-
- count = "${var.count}"
+ count = var.counter
tags = {
- Name = "gophish-server-${random_id.server.*.hex[count.index]}"
+ Name = "gophish-server-${random_id.server[count.index].hex}"
}
- ami = "${var.amis[data.aws_region.current.name]}"
- instance_type = "${var.instance_type}"
- key_name = "${aws_key_pair.gophish-server.*.key_name[count.index]}"
- vpc_security_group_ids = ["${aws_security_group.gophish-server.id}"]
- subnet_id = "${var.subnet_id}"
+ ami = var.amis[data.aws_region.current.name]
+ instance_type = var.instance_type
+ key_name = aws_key_pair.gophish-server[count.index].key_name
+ vpc_security_group_ids = [aws_security_group.gophish-server[count.index].id]
+ subnet_id = var.subnet_id
associate_public_ip_address = true
provisioner "local-exec" {
- command = "echo \"${tls_private_key.ssh.*.private_key_pem[count.index]}\" > ../../redbaron/data/ssh_keys/${self.public_ip} && echo \"${tls_private_key.ssh.*.public_key_openssh[count.index]}\" > ../../redbaron/data/ssh_keys/${self.public_ip}.pub && chmod 600 ../../redbaron/data/ssh_keys/*"
+ command = "echo \"${tls_private_key.ssh[count.index].private_key_pem}\" > ssh_keys/${self.public_ip} && echo \"${tls_private_key.ssh[count.index].public_key_openssh}\" > ssh_keys/${self.public_ip}.pub && chmod 600 ssh_keys/*"
}
provisioner "local-exec" {
- when = "destroy"
- command = "rm ../../redbaron/data/ssh_keys/${self.public_ip}*"
+ when = destroy
+ command = "rm ssh_keys/${self.public_ip}*"
}
provisioner "remote-exec" {
inline = [
"sudo apt-get update",
- "sudo apt-get install -y tmux apache2 certbot mosh",
+ "sudo apt-get install -y tmux",
]
connection {
- type = "ssh"
- user = "admin"
- private_key = "${tls_private_key.ssh.*.private_key_pem[count.index]}"
+ host = coalesce(self.public_ip, self.private_ip)
+ type = "ssh"
+ user = "admin"
+ private_key = tls_private_key.ssh[count.index].private_key_pem
}
}
-
provisioner "remote-exec" {
- scripts = "${concat(list("../../redbaron/data/scripts/core_deps.sh"), var.install)}"
+ scripts = concat(["../../redbaron/data/scripts/core_deps.sh"], var.install)
connection {
- type = "ssh"
- user = "admin"
- private_key = "${tls_private_key.ssh.*.private_key_pem[count.index]}"
+ host = coalesce(self.public_ip, self.private_ip)
+ type = "ssh"
+ user = "admin"
+ private_key = tls_private_key.ssh[count.index].private_key_pem
}
}
provisioner "file" {
source = "../../redbaron/data/scripts/gophish/gophish.service"
destination = "/tmp/gophish.service"
- connection {
- type = "ssh"
- user = "admin"
- private_key = "${tls_private_key.ssh.*.private_key_pem[count.index]}"
+ connection {
+ host = coalesce(self.public_ip, self.private_ip)
+ type = "ssh"
+ user = "admin"
+ private_key = tls_private_key.ssh[count.index].private_key_pem
}
}
provisioner "remote-exec" {
inline = [
- "sudo mv /tmp/gophish.service /lib/systemd/system/gophish.service"
+ "sudo mv /tmp/gophish.service /lib/systemd/system/gophish.service",
]
connection {
- type = "ssh"
- user = "admin"
- private_key = "${tls_private_key.ssh.*.private_key_pem[count.index]}"
+ host = coalesce(self.public_ip, self.private_ip)
+ type = "ssh"
+ user = "admin"
+ private_key = tls_private_key.ssh[count.index].private_key_pem
}
}
provisioner "file" {
source = "../../redbaron/data/scripts/gophish/gophish_service.sh"
destination = "/tmp/gophish.sh"
- connection {
- type = "ssh"
- user = "admin"
- private_key = "${tls_private_key.ssh.*.private_key_pem[count.index]}"
+ connection {
+ host = coalesce(self.public_ip, self.private_ip)
+ type = "ssh"
+ user = "admin"
+ private_key = tls_private_key.ssh[count.index].private_key_pem
}
}
provisioner "file" {
source = "../../redbaron/data/scripts/gophish.sh"
destination = "/tmp/gophish_install.sh"
- connection {
- type = "ssh"
- user = "admin"
- private_key = "${tls_private_key.ssh.*.private_key_pem[count.index]}"
+ connection {
+ host = coalesce(self.public_ip, self.private_ip)
+ type = "ssh"
+ user = "admin"
+ private_key = tls_private_key.ssh[count.index].private_key_pem
}
}
@@ -122,71 +118,44 @@ resource "aws_instance" "gophish-server" {
"sudo /tmp/gophish_install.sh",
]
- # "sudo /opt/goapps/src/github.com/gophish/gophish/gophish &"
connection {
- type = "ssh"
- user = "admin"
- private_key = "${tls_private_key.ssh.*.private_key_pem[count.index]}"
+ host = coalesce(self.public_ip, self.private_ip)
+ type = "ssh"
+ user = "admin"
+ private_key = tls_private_key.ssh[count.index].private_key_pem
}
}
-
-}
-
-resource "null_resource" "ansible_provisioner" {
- count = "${signum(length(var.ansible_playbook)) == 1 ? var.count : 0}"
-
- depends_on = ["aws_instance.gophish-server"]
-
- triggers {
- droplet_creation = "${join("," , aws_instance.gophish-server.*.id)}"
- policy_sha1 = "${sha1(file(var.ansible_playbook))}"
- }
-
- provisioner "local-exec" {
- command = "ansible-playbook ${join(" ", compact(var.ansible_arguments))} --user=admin --private-key=../../redbaron/data/ssh_keys/${aws_instance.gophish-server.*.public_ip[count.index]} -e host=${aws_instance.gophish-server.*.public_ip[count.index]} ${var.ansible_playbook}"
-
- environment {
- ANSIBLE_HOST_KEY_CHECKING = "False"
- }
- }
-
- lifecycle {
- create_before_destroy = true
- }
}
data "template_file" "ssh_config" {
+ count = var.counter
- count = "${var.count}"
-
- template = "${file("../../redbaron/data/templates/ssh_config.tpl")}"
+ template = file("../../redbaron/data/templates/ssh_config.tpl")
- depends_on = ["aws_instance.gophish-server"]
+ depends_on = [aws_instance.gophish-server]
- vars {
- name = "dns_rdir_${aws_instance.gophish-server.*.public_ip[count.index]}"
- hostname = "${aws_instance.gophish-server.*.public_ip[count.index]}"
- user = "admin"
- identityfile = "${path.root}/data/ssh_keys/${aws_instance.gophish-server.*.public_ip[count.index]}"
+ vars = {
+ name = "dns_rdir_${aws_instance.gophish-server[count.index].public_ip}"
+ hostname = aws_instance.gophish-server[count.index].public_ip
+ user = "admin"
+ identityfile = "${abspath(path.root)}/ssh_keys/${aws_instance.gophish-server[count.index].public_ip}"
}
-
}
resource "null_resource" "gen_ssh_config" {
+ count = var.counter
- count = "${var.count}"
-
- triggers {
- template_rendered = "${data.template_file.ssh_config.*.rendered[count.index]}"
+ triggers = {
+ template_rendered = data.template_file.ssh_config[count.index].rendered
}
provisioner "local-exec" {
- command = "echo '${data.template_file.ssh_config.*.rendered[count.index]}' > ../../redbaron/data/ssh_configs/config_${random_id.server.*.hex[count.index]}"
+ command = "echo '${data.template_file.ssh_config[count.index].rendered}' > ssh_configs/config_${random_id.server[count.index].hex}"
}
provisioner "local-exec" {
- when = "destroy"
- command = "rm ../../redbaron/data/ssh_configs/config_${random_id.server.*.hex[count.index]}"
+ when = destroy
+ command = "rm ssh_configs/config_${random_id.server[count.index].hex}"
}
-
}
+
diff --git a/redbaron/modules/aws/phishing-server-gophish/outputs.tf b/redbaron/modules/aws/phishing-server-gophish/outputs.tf
index 0921405..d9791ad 100644
--- a/redbaron/modules/aws/phishing-server-gophish/outputs.tf
+++ b/redbaron/modules/aws/phishing-server-gophish/outputs.tf
@@ -1,7 +1,4 @@
output "ips" {
- value = ["${aws_instance.gophish-server.*.public_ip}"]
+ value = [aws_instance.gophish-server.*.public_ip]
}
-output "ssh_user" {
- value = "admin"
-}
diff --git a/redbaron/modules/aws/phishing-server-gophish/security_group.tf b/redbaron/modules/aws/phishing-server-gophish/security_group.tf
index 9f79195..a2edee1 100644
--- a/redbaron/modules/aws/phishing-server-gophish/security_group.tf
+++ b/redbaron/modules/aws/phishing-server-gophish/security_group.tf
@@ -1,97 +1,82 @@
-terraform {
- required_version = ">= 0.11.0"
-}
-
data "external" "get_ip" {
- program = ["bash", "../../redbaron/data/scripts/get_public_ip.sh" ]
+ program = ["bash", "../../redbaron/data/scripts/get_public_ip.sh"]
}
resource "aws_security_group" "gophish-server" {
- name = "gophish-server-${random_id.server.*.hex[count.index]}"
- description = "Security group created by Red Baron"
- vpc_id = "${var.vpc_id}"
+ count = var.counter
+ name = "gophish-server-${random_id.server[count.index].hex}"
+ description = "Security group created by Red Baron"
+ vpc_id = var.vpc_id
ingress {
- from_port = 22
- to_port = 22
- protocol = "tcp"
+ from_port = 22
+ to_port = 22
+ protocol = "tcp"
cidr_blocks = ["${data.external.get_ip.result["ip"]}/32"]
}
ingress {
- from_port = 3333
- to_port = 3333
- protocol = "tcp"
+ from_port = 3333
+ to_port = 3333
+ protocol = "tcp"
cidr_blocks = ["${data.external.get_ip.result["ip"]}/32"]
}
ingress {
from_port = 80
- to_port = 80
- protocol = "tcp"
- /*
- cidr_blocks = ["${linode_linode.http-rdir-1.ip_address}/32",
- "${linode_linode.http-rdir-2.ip_address}/32",
- "${linode_linode.http-rdir-3.ip_address}/32",
- "${var.my_ip}/32"]
- */
+ to_port = 80
+ protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 443
- to_port = 443
- protocol = "tcp"
- /*
- cidr_blocks = ["${linode_linode.http-rdir-1.ip_address}/32",
- "${linode_linode.http-rdir-2.ip_address}/32",
- "${linode_linode.http-rdir-3.ip_address}/32",
- "${var.my_ip}/32"]
- */
-
+ to_port = 443
+ protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
- from_port = 60000
- to_port = 61000
- protocol = "udp"
+ from_port = 60000
+ to_port = 61000
+ protocol = "udp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
- from_port = 53
- to_port = 53
- protocol = "udp"
+ from_port = 53
+ to_port = 53
+ protocol = "udp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
- from_port = 80
- to_port = 80
- protocol = "tcp"
+ from_port = 80
+ to_port = 80
+ protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
- from_port = 443
- to_port = 443
- protocol = "tcp"
+ from_port = 443
+ to_port = 443
+ protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
- from_port = 25
- to_port = 25
- protocol = "tcp"
+ from_port = 25
+ to_port = 25
+ protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
- from_port = 587
- to_port = 587
- protocol = "tcp"
+ from_port = 587
+ to_port = 587
+ protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
}
+
diff --git a/redbaron/modules/aws/phishing-server-gophish/variables.tf b/redbaron/modules/aws/phishing-server-gophish/variables.tf
index 75059cb..b552b73 100644
--- a/redbaron/modules/aws/phishing-server-gophish/variables.tf
+++ b/redbaron/modules/aws/phishing-server-gophish/variables.tf
@@ -1,67 +1,40 @@
-variable "subnet_id" {}
-
-variable "vpc_id" {}
-
-variable "count" {
- default = 1
-}
-
-variable "ansible_playbook" {
- default = ""
- description = "Ansible Playbook to run"
+variable "subnet_id" {
}
-variable "ansible_arguments" {
- default = []
- type = "list"
- description = "Additional Ansible Arguments"
+variable "vpc_id" {
}
-variable "ansible_vars" {
- default = []
- type = "list"
- description = "Environment variables"
+variable "counter" {
+ default = 1
}
variable "instance_type" {
default = "t2.micro"
}
-/*
variable "install" {
- type = "map"
- default = {
- "empire" = "./scripts/install_empire.sh"
- "metasploit" = "./scripts/install_metasploit.sh"
- "cobaltstrike" = "./scripts/install_cobalt_strike.sh"
- }
-}
-*/
-
-variable "install" {
- type = "list"
+ type = list(string)
default = []
}
variable "amis" {
- type = "map"
+ type = map(string)
default = {
-
// Taken from https://wiki.debian.org/Cloud/AmazonEC2Image/Stretch
"ap-northeast-1" = "ami-b6b568d0"
"ap-northeast-2" = "ami-b7479dd9"
- "ap-south-1" = "ami-02aded6d"
+ "ap-south-1" = "ami-02aded6d"
"ap-southeast-1" = "ami-d76019b4"
"ap-southeast-2" = "ami-8359bae1"
- "ca-central-1" = "ami-3709b053"
- "eu-central-1" = "ami-8bb70be4"
- "eu-west-1" = "ami-ce76a7b7"
- "eu-west-2" = "ami-a6f9ebc2"
- "sa-east-1" = "ami-f5c7b899"
- "us-east-1" = "ami-71b7750b"
- "us-east-2" = "ami-dab895bf"
- "us-west-1" = "ami-58eedd38"
- "us-west-2" = "ami-c032f6b8"
-
+ "ca-central-1" = "ami-3709b053"
+ "eu-central-1" = "ami-8bb70be4"
+ "eu-west-1" = "ami-ce76a7b7"
+ "eu-west-2" = "ami-a6f9ebc2"
+ "sa-east-1" = "ami-f5c7b899"
+ "us-east-1" = "ami-71b7750b"
+ "us-east-2" = "ami-dab895bf"
+ "us-west-1" = "ami-58eedd38"
+ "us-west-2" = "ami-c032f6b8"
}
}
+
diff --git a/redbaron/modules/aws/phishing-server-gophish/versions.tf b/redbaron/modules/aws/phishing-server-gophish/versions.tf
new file mode 100644
index 0000000..ac97c6a
--- /dev/null
+++ b/redbaron/modules/aws/phishing-server-gophish/versions.tf
@@ -0,0 +1,4 @@
+
+terraform {
+ required_version = ">= 0.12"
+}
diff --git a/redbaron/modules/aws/phishing-server/README.md b/redbaron/modules/aws/phishing-server/README.md
index 3aff87c..eab528b 100644
--- a/redbaron/modules/aws/phishing-server/README.md
+++ b/redbaron/modules/aws/phishing-server/README.md
@@ -2,25 +2,15 @@
Creates an instance in AWS to be used as a phishing server. SSH keys for each instance will be outputted to the ssh_keys folder.
-# Example
-
-```hcl
-module "phishing_server" {
- source = "./modules/aws/phishing-server"
-
- vpc_id = ""
- subnet_id = ""
-}
-```
-
# Arguments
-| Name | Required | Value Type | Description
-|---------------------------| -------- | ---------- | -----------
-|`vpc_id` | Yes | String | ID of VPC to create instance in.
-|`subnet_id` | Yes | String | Subnet ID to create instance in.
-|`count` | No | Integer | Number of instances to launch. Defaults to 1.
-|`instance_type` | No | String | Instance type to launch. Defaults to "t2.medium"
+| Name | Value Type | Description
+|---------------------------| ---------- | -----------
+|`subnet_id` | String | Subnet ID to create instance in.
+|`vpc_id` | String | ID of VPC to create instance in.
+|`counter` | Integer | Number of instances to launch. Defaults to 1.
+|`instance_type` | String | Instance type to launch. Defaults to "t2.medium"
+|`amis` | Map(string) | The ami which is to be installed (according to the distro specified)
# Outputs
diff --git a/redbaron/modules/aws/phishing-server/main.tf b/redbaron/modules/aws/phishing-server/main.tf
index 45c23c9..729f952 100644
--- a/redbaron/modules/aws/phishing-server/main.tf
+++ b/redbaron/modules/aws/phishing-server/main.tf
@@ -1,127 +1,92 @@
-terraform {
- required_version = ">= 0.11.0"
+data "aws_region" "current" {
}
-data "aws_region" "current" {}
-
resource "random_id" "server" {
- count = "${var.count}"
+ count = var.counter
byte_length = 4
}
resource "tls_private_key" "ssh" {
- count = "${var.count}"
+ count = var.counter
algorithm = "RSA"
- rsa_bits = 4096
+ rsa_bits = 4096
}
resource "aws_key_pair" "phishing-server" {
- count = "${var.count}"
- key_name = "phishing-server-key-${random_id.server.*.hex[count.index]}"
- public_key = "${tls_private_key.ssh.*.public_key_openssh[count.index]}"
+ count = var.counter
+ key_name = "phishing-server-key-${random_id.server[count.index].hex}"
+ public_key = tls_private_key.ssh[count.index].public_key_openssh
}
resource "aws_instance" "phishing-server" {
- // Currently, variables in provider fields are not supported :(
- // This severely limits our ability to spin up instances in diffrent regions
- // https://github.com/hashicorp/terraform/issues/11578
-
- //provider = "aws.${element(var.regions, count.index)}"
-
- count = "${var.count}"
+ count = var.counter
tags = {
- Name = "phishing-server-${random_id.server.*.hex[count.index]}"
+ Name = "phishing-server-${random_id.server[count.index].hex}"
}
- ami = "${var.amis[data.aws_region.current.name]}"
- instance_type = "${var.instance_type}"
- key_name = "${aws_key_pair.phishing-server.*.key_name[count.index]}"
- vpc_security_group_ids = ["${aws_security_group.phishing-server.id}"]
- subnet_id = "${var.subnet_id}"
+ ami = var.amis[data.aws_region.current.name]
+ instance_type = var.instance_type
+ key_name = aws_key_pair.phishing-server[count.index].key_name
+ vpc_security_group_ids = [aws_security_group.phishing-server[count.index].id]
+ subnet_id = var.subnet_id
associate_public_ip_address = true
provisioner "remote-exec" {
inline = [
"sudo apt-get update",
- "sudo apt-get install -y tmux apache2 certbot mosh",
+ "sudo apt-get install -y tmux apache2 certbot python3-certbot-apache",
"sudo a2enmod ssl",
- "sudo systemctl stop apache2"
+ "sudo systemctl stop apache2",
]
connection {
- type = "ssh"
- user = "admin"
- private_key = "${tls_private_key.ssh.*.private_key_pem[count.index]}"
+ host = coalesce(self.public_ip, self.private_ip)
+ type = "ssh"
+ user = "admin"
+ private_key = tls_private_key.ssh[count.index].private_key_pem
}
}
provisioner "local-exec" {
- command = "echo \"${tls_private_key.ssh.*.private_key_pem[count.index]}\" > ../../redbaron/data/ssh_keys/${self.public_ip} && echo \"${tls_private_key.ssh.*.public_key_openssh[count.index]}\" > ../../redbaron/data/ssh_keys/${self.public_ip}.pub && chmod 600 ../../redbaron/data/ssh_keys/*"
+ command = "echo \"${tls_private_key.ssh[count.index].private_key_pem}\" > ssh_keys/${self.public_ip} && echo \"${tls_private_key.ssh[count.index].public_key_openssh}\" > ssh_keys/${self.public_ip}.pub && chmod 600 ssh_keys/*"
}
provisioner "local-exec" {
- when = "destroy"
- command = "rm ../../redbaron/data/ssh_keys/${self.public_ip}*"
- }
-
-}
-
-resource "null_resource" "ansible_provisioner" {
- count = "${signum(length(var.ansible_playbook)) == 1 ? var.count : 0}"
-
- depends_on = ["aws_instance.phishing-server"]
-
- triggers {
- droplet_creation = "${join("," , aws_instance.phishing-server.*.id)}"
- policy_sha1 = "${sha1(file(var.ansible_playbook))}"
- }
-
- provisioner "local-exec" {
- command = "ansible-playbook ${join(" ", compact(var.ansible_arguments))} --user=admin --private-key=../../redbaron/data/ssh_keys/${aws_instance.phishing-server.*.public_ip[count.index]} -e host=${aws_instance.phishing-server.*.public_ip[count.index]} ${var.ansible_playbook}"
-
- environment {
- ANSIBLE_HOST_KEY_CHECKING = "False"
- }
- }
-
- lifecycle {
- create_before_destroy = true
+ when = destroy
+ command = "rm ssh_keys/${self.public_ip}*"
}
}
data "template_file" "ssh_config" {
+ count = var.counter
- count = "${var.count}"
+ template = file("../../redbaron/data/templates/ssh_config.tpl")
- template = "${file("../../redbaron/data/templates/ssh_config.tpl")}"
+ depends_on = [aws_instance.phishing-server]
- depends_on = ["aws_instance.phishing-server"]
-
- vars {
- name = "dns_rdir_${aws_instance.phishing-server.*.public_ip[count.index]}"
- hostname = "${aws_instance.phishing-server.*.public_ip[count.index]}"
- user = "admin"
- identityfile = "${path.root}/data/ssh_keys/${aws_instance.phishing-server.*.public_ip[count.index]}"
+ vars = {
+ name = "dns_rdir_${aws_instance.phishing-server[count.index].public_ip}"
+ hostname = aws_instance.phishing-server[count.index].public_ip
+ user = "admin"
+ identityfile = "${abspath(path.root)}/ssh_keys/${aws_instance.phishing-server[count.index].public_ip}"
}
-
}
resource "null_resource" "gen_ssh_config" {
+ count = var.counter
- count = "${var.count}"
-
- triggers {
- template_rendered = "${data.template_file.ssh_config.*.rendered[count.index]}"
+ triggers = {
+ template_rendered = data.template_file.ssh_config[count.index].rendered
}
provisioner "local-exec" {
- command = "echo '${data.template_file.ssh_config.*.rendered[count.index]}' > ../../redbaron/data/ssh_configs/config_${random_id.server.*.hex[count.index]}"
+ command = "echo '${data.template_file.ssh_config[count.index].rendered}' > ssh_configs/config_${random_id.server[count.index].hex}"
}
provisioner "local-exec" {
- when = "destroy"
- command = "rm ../../redbaron/data/ssh_configs/config_${random_id.server.*.hex[count.index]}"
+ when = destroy
+ command = "rm ssh_configs/config_${random_id.server[count.index].hex}"
}
-
}
+
diff --git a/redbaron/modules/aws/phishing-server/outputs.tf b/redbaron/modules/aws/phishing-server/outputs.tf
index db38d78..362f254 100644
--- a/redbaron/modules/aws/phishing-server/outputs.tf
+++ b/redbaron/modules/aws/phishing-server/outputs.tf
@@ -1,7 +1,3 @@
output "ips" {
- value = ["${aws_instance.phishing-server.*.public_ip}"]
+ value = [aws_instance.phishing-server.*.public_ip]
}
-
-output "ssh_user" {
- value = "admin"
-}
\ No newline at end of file
diff --git a/redbaron/modules/aws/phishing-server/security_group.tf b/redbaron/modules/aws/phishing-server/security_group.tf
index 2e39f0b..7d61716 100644
--- a/redbaron/modules/aws/phishing-server/security_group.tf
+++ b/redbaron/modules/aws/phishing-server/security_group.tf
@@ -1,69 +1,55 @@
-terraform {
- required_version = ">= 0.11.0"
-}
-
data "external" "get_public_ip" {
- program = ["bash", "../../redbaron/data/scripts/get_public_ip.sh" ]
+ program = ["bash", "../../redbaron/data/scripts/get_public_ip.sh"]
}
resource "aws_security_group" "phishing-server" {
- name = "phishing-server-${random_id.server.*.hex[count.index]}"
+ count = var.counter
+
+ name = "phishing-server-${random_id.server[count.index].hex}"
description = "Security group created by Red Baron"
- vpc_id = "${var.vpc_id}"
+ vpc_id = var.vpc_id
ingress {
- from_port = 22
- to_port = 22
- protocol = "tcp"
+ from_port = 22
+ to_port = 22
+ protocol = "tcp"
cidr_blocks = ["${data.external.get_public_ip.result["ip"]}/32"]
}
ingress {
from_port = 80
- to_port = 80
- protocol = "tcp"
- /*
- cidr_blocks = ["${linode_linode.http-rdir-1.ip_address}/32",
- "${linode_linode.http-rdir-2.ip_address}/32",
- "${linode_linode.http-rdir-3.ip_address}/32",
- "${var.my_ip}/32"]
- */
+ to_port = 80
+ protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 443
- to_port = 443
- protocol = "tcp"
- /*
- cidr_blocks = ["${linode_linode.http-rdir-1.ip_address}/32",
- "${linode_linode.http-rdir-2.ip_address}/32",
- "${linode_linode.http-rdir-3.ip_address}/32",
- "${var.my_ip}/32"]
- */
-
+ to_port = 443
+ protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
- from_port = 60000
- to_port = 61000
- protocol = "udp"
+ from_port = 60000
+ to_port = 61000
+ protocol = "udp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
- from_port = 53
- to_port = 53
- protocol = "udp"
+ from_port = 53
+ to_port = 53
+ protocol = "udp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
- from_port = 80
- to_port = 80
- protocol = "tcp"
+ from_port = 80
+ to_port = 80
+ protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
- from_port = 443
- to_port = 443
- protocol = "tcp"
+ from_port = 443
+ to_port = 443
+ protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
}
+
diff --git a/redbaron/modules/aws/phishing-server/variables.tf b/redbaron/modules/aws/phishing-server/variables.tf
index cbe587b..b34bb91 100644
--- a/redbaron/modules/aws/phishing-server/variables.tf
+++ b/redbaron/modules/aws/phishing-server/variables.tf
@@ -1,62 +1,35 @@
-variable "subnet_id" {}
-
-variable "vpc_id" {}
-
-variable "count" {
- default = 1
+variable "subnet_id" {
}
-variable "ansible_playbook" {
- default = ""
- description = "Ansible Playbook to run"
+variable "vpc_id" {
}
-variable "ansible_arguments" {
- default = []
- type = "list"
- description = "Additional Ansible Arguments"
-}
-
-variable "ansible_vars" {
- default = []
- type = "list"
- description = "Environment variables"
+variable "counter" {
+ default = 1
}
variable "instance_type" {
default = "t2.medium"
}
-/*
-variable "install" {
- type = "map"
- default = {
- "empire" = "./scripts/install_empire.sh"
- "metasploit" = "./scripts/install_metasploit.sh"
- "cobaltstrike" = "./scripts/install_cobalt_strike.sh"
- }
-}
-*/
-
variable "amis" {
- type = "map"
+ type = map(string)
default = {
-
// Taken from https://wiki.debian.org/Cloud/AmazonEC2Image/Stretch
"ap-northeast-1" = "ami-b6b568d0"
"ap-northeast-2" = "ami-b7479dd9"
- "ap-south-1" = "ami-02aded6d"
+ "ap-south-1" = "ami-02aded6d"
"ap-southeast-1" = "ami-d76019b4"
"ap-southeast-2" = "ami-8359bae1"
- "ca-central-1" = "ami-3709b053"
- "eu-central-1" = "ami-8bb70be4"
- "eu-west-1" = "ami-ce76a7b7"
- "eu-west-2" = "ami-a6f9ebc2"
- "sa-east-1" = "ami-f5c7b899"
- "us-east-1" = "ami-71b7750b"
- "us-east-2" = "ami-dab895bf"
- "us-west-1" = "ami-58eedd38"
- "us-west-2" = "ami-c032f6b8"
-
+ "ca-central-1" = "ami-3709b053"
+ "eu-central-1" = "ami-8bb70be4"
+ "eu-west-1" = "ami-ce76a7b7"
+ "eu-west-2" = "ami-a6f9ebc2"
+ "sa-east-1" = "ami-f5c7b899"
+ "us-east-1" = "ami-71b7750b"
+ "us-east-2" = "ami-dab895bf"
+ "us-west-1" = "ami-58eedd38"
+ "us-west-2" = "ami-c032f6b8"
}
-}
\ No newline at end of file
+}
+
diff --git a/redbaron/modules/aws/phishing-server/versions.tf b/redbaron/modules/aws/phishing-server/versions.tf
new file mode 100644
index 0000000..ac97c6a
--- /dev/null
+++ b/redbaron/modules/aws/phishing-server/versions.tf
@@ -0,0 +1,4 @@
+
+terraform {
+ required_version = ">= 0.12"
+}
diff --git a/redbaron/modules/aws/smtp/README.md b/redbaron/modules/aws/smtp/README.md
deleted file mode 100644
index 69c98c4..0000000
--- a/redbaron/modules/aws/smtp/README.md
+++ /dev/null
@@ -1,56 +0,0 @@
-# smtp
-
-Configures AWS SES to send e-mails via SMTP. Handles SPF and DKIM configuration.
-
-# Example
-
-```hcl
-module "zone" {
- source = "./modules/aws/create-hosted-zone"
- domain = "example.com"
-}
-
-module "mail" {
- source = "./modules/aws/smtp"
- domain = "example.com"
- mx_subdomain = "mail"
- zone_id = "${module.zone.zone_id}"
-}
-
-output "smtp_name_servers" {
- value = ["${module.zone.name_servers}"]
-}
-
-output "smtp_server" {
- value = "${module.smtp.smtp_server}"
-}
-
-output "smtp_user" {
- value = "${module.smtp.smtp_username}"
-}
-
-output "smtp_password" {
- value = "${module.smtp.smtp_password}"
-}
-```
-
-Note: Once the AWS name servers have been set in the domain registrar configuration, it can
-take up to 72 for Amazon to verify the SES domain. Once the domain is verified, a service
-limit increase request must be done to disable the SES sandbox and be able to send e-mails
-to unverified recipients, this process is documented in the [AWS SES sandbox documentation](https://docs.aws.amazon.com/ses/latest/DeveloperGuide/request-production-access.html).
-
-# Arguments
-
-| Name | Required | Value Type | Description
-|---------------------------| -------- | ---------- | -----------
-|`zone_id` | Yes | String | Zone in which the DNS records should be created.
-|`domain` | Yes | String | Sender domain name.
-|`mx_subdomain` | No | String | MX record subdomain (default: mx).
-
-# Outputs
-
-| Name | Value Type | Description
-|---------------------------| ---------- | -----------
-|`smtp_server` | String | Hostname of the SMTP server to use for sending e-mails.
-|`smtp_username` | String | User name to connect to the SMTP server.
-|`smtp_password` | String | Password to connect to the SMTP server.
diff --git a/redbaron/modules/aws/smtp/main.tf b/redbaron/modules/aws/smtp/main.tf
deleted file mode 100644
index a541fd3..0000000
--- a/redbaron/modules/aws/smtp/main.tf
+++ /dev/null
@@ -1,100 +0,0 @@
-data "aws_region" "current" {}
-
-# Random ID generator
-resource "random_id" "username" {
- keepers = {
- zone_id = "${var.zone_id}"
- }
-
- byte_length = 6
-}
-
-# IAM user for SES SMTP
-resource "aws_iam_user" "smtp_user" {
- name = "ses-smtp-${random_id.username.hex}"
-}
-
-# IAM policy to send emails via SMTP through SES
-resource "aws_iam_user_policy" "smtp_policy" {
- name = "${aws_iam_user.smtp_user.name}-policy"
- user = "${aws_iam_user.smtp_user.name}"
-
- policy = < ../../redbaron/data/ssh_keys/${self.ipv4_address} && echo \"${tls_private_key.ssh.*.public_key_openssh[count.index]}\" > ../../redbaron/data/ssh_keys/${self.ipv4_address}.pub && chmod 600 ../../redbaron/data/ssh_keys/*"
- }
-
- provisioner "local-exec" {
- when = "destroy"
- command = "rm ../../redbaron/data/ssh_keys/${self.ipv4_address}*"
- }
-}
-
-resource "null_resource" "ansible_provisioner" {
- count = "${signum(length(var.ansible_playbook)) == 1 ? var.counter : 0}"
-
- depends_on = ["digitalocean_droplet.dns-c2"]
-
- triggers {
- droplet_creation = "${join("," , digitalocean_droplet.dns-c2.*.id)}"
- policy_sha1 = "${sha1(file(var.ansible_playbook))}"
+ command = "echo \"${tls_private_key.ssh[count.index].private_key_pem}\" > ssh_keys/${self.ipv4_address} && echo \"${tls_private_key.ssh[count.index].public_key_openssh}\" > ssh_keys/${self.ipv4_address}.pub && chmod 600 ssh_keys/*"
}
provisioner "local-exec" {
- command = "ansible-playbook ${join(" ", compact(var.ansible_arguments))} --user=root --private-key=../../redbaron/data/ssh_keys/${digitalocean_droplet.dns-c2.*.ipv4_address[count.index]} -e host=${digitalocean_droplet.dns-c2.*.ipv4_address[count.index]} ${var.ansible_playbook}"
-
- environment {
- ANSIBLE_HOST_KEY_CHECKING = "False"
- }
- }
-
- lifecycle {
- create_before_destroy = true
+ when = destroy
+ command = "rm ssh_keys/${self.ipv4_address}*"
}
}
data "template_file" "ssh_config" {
+ count = var.counter
- count = "${var.counter}"
+ template = file("../../redbaron/data/templates/ssh_config.tpl")
- template = "${file("../../redbaron/data/templates/ssh_config.tpl")}"
+ depends_on = [digitalocean_droplet.dns-c2]
- depends_on = ["digitalocean_droplet.dns-c2"]
-
- vars {
- name = "dns_c2_${digitalocean_droplet.dns-c2.*.ipv4_address[count.index]}"
- hostname = "${digitalocean_droplet.dns-c2.*.ipv4_address[count.index]}"
- user = "root"
- identityfile = "${path.root}/data/ssh_keys/${digitalocean_droplet.dns-c2.*.ipv4_address[count.index]}"
+ vars = {
+ name = "dns_c2_${digitalocean_droplet.dns-c2[count.index].ipv4_address}"
+ hostname = digitalocean_droplet.dns-c2[count.index].ipv4_address
+ user = "root"
+ identityfile = "${abspath(path.root)}/ssh_keys/${digitalocean_droplet.dns-c2[count.index].ipv4_address}"
}
-
}
resource "null_resource" "gen_ssh_config" {
+ count = var.counter
- count = "${var.counter}"
-
- triggers {
- template_rendered = "${data.template_file.ssh_config.*.rendered[count.index]}"
+ triggers = {
+ template_rendered = data.template_file.ssh_config[count.index].rendered
}
provisioner "local-exec" {
- command = "echo '${data.template_file.ssh_config.*.rendered[count.index]}' > ../../redbaron/data/ssh_configs/config_${random_id.server.*.hex[count.index]}"
+ command = "echo '${data.template_file.ssh_config[count.index].rendered}' > ssh_configs/config_${random_id.server[count.index].hex}"
}
provisioner "local-exec" {
- when = "destroy"
- command = "rm ../../redbaron/data/ssh_configs/config_${random_id.server.*.hex[count.index]}"
+ when = destroy
+ command = "rm ssh_configs/config_${random_id.server[count.index].hex}"
}
+}
-}
\ No newline at end of file
diff --git a/redbaron/modules/digitalocean/dns-c2/outputs.tf b/redbaron/modules/digitalocean/dns-c2/outputs.tf
index 92550da..bfb38d8 100644
--- a/redbaron/modules/digitalocean/dns-c2/outputs.tf
+++ b/redbaron/modules/digitalocean/dns-c2/outputs.tf
@@ -1,7 +1,4 @@
output "ips" {
- value = ["${digitalocean_droplet.dns-c2.*.ipv4_address}"]
+ value = [digitalocean_droplet.dns-c2.*.ipv4_address]
}
-output "ssh_user" {
- value = "root"
-}
\ No newline at end of file
diff --git a/redbaron/modules/digitalocean/dns-c2/variables.tf b/redbaron/modules/digitalocean/dns-c2/variables.tf
index 006552b..71183df 100644
--- a/redbaron/modules/digitalocean/dns-c2/variables.tf
+++ b/redbaron/modules/digitalocean/dns-c2/variables.tf
@@ -1,5 +1,5 @@
variable "install" {
- type = "list"
+ type = list(string)
default = []
}
@@ -7,21 +7,8 @@ variable "counter" {
default = 1
}
-variable "ansible_playbook" {
- default = ""
- description = "Ansible Playbook to run"
-}
-
-variable "ansible_arguments" {
- default = []
- type = "list"
- description = "Additional Ansible Arguments"
-}
-
-variable "ansible_vars" {
- default = []
- type = "list"
- description = "Environment variables"
+variable "distro" {
+ default = "debian-9-x64"
}
variable "size" {
@@ -29,12 +16,12 @@ variable "size" {
}
variable "regions" {
- type = "list"
+ type = list(string)
default = ["LON1"]
}
variable "available_regions" {
- type = "map"
+ type = map(string)
default = {
"NYC1" = "nyc1"
"NYC2" = "nyc2"
@@ -49,4 +36,5 @@ variable "available_regions" {
"TOR1" = "tor1"
"BLR1" = "blr1"
}
-}
\ No newline at end of file
+}
+
diff --git a/redbaron/modules/digitalocean/dns-c2/versions.tf b/redbaron/modules/digitalocean/dns-c2/versions.tf
new file mode 100644
index 0000000..ac97c6a
--- /dev/null
+++ b/redbaron/modules/digitalocean/dns-c2/versions.tf
@@ -0,0 +1,4 @@
+
+terraform {
+ required_version = ">= 0.12"
+}
diff --git a/redbaron/modules/digitalocean/dns-local-rdir/README.md b/redbaron/modules/digitalocean/dns-local-rdir/README.md
new file mode 100644
index 0000000..52d33c2
--- /dev/null
+++ b/redbaron/modules/digitalocean/dns-local-rdir/README.md
@@ -0,0 +1,19 @@
+# dns-rdir
+
+Creates a DNS Redirector droplet in DigitalOcean. SSH keys for each droplet will be outputted to the ssh_keys folder. The redirector points to an internal server of choice using the autossh tool.
+
+# Arguments
+
+| Name | Value Type | Description
+|---------------------------| ---------- | -----------
+|`redirect_to` | List(string) | List of IPs to redirect DNS traffic to.
+|`counter` | Integer | Number of droplets to launch. Defaults to `1`.
+|`size` | String | Droplet size to launch. Defaults to `1gb with 25 GB disk`.
+|`regions` | List(string) | Regions to create Droplet(s) in. Defaults to `NYC1`. Accepted values are NYC1/2/3, SFO1/2, AMS2/3, SGP1, LON1, FRA1, TOR1, BLR1.
+|`available_regions` | Map(string) | Regions to choose from in the regions variable
+
+# Outputs
+
+| Name | Value Type | Description
+|---------------------------| ---------- | -----------
+|`ips` | List | IPs of created droplets.
\ No newline at end of file
diff --git a/redbaron/modules/digitalocean/dns-local-rdir/firewall.tf b/redbaron/modules/digitalocean/dns-local-rdir/firewall.tf
new file mode 100644
index 0000000..451f6ff
--- /dev/null
+++ b/redbaron/modules/digitalocean/dns-local-rdir/firewall.tf
@@ -0,0 +1,56 @@
+data "external" "get_public_ip" {
+ program = ["bash", "../../redbaron/data/scripts/get_public_ip.sh"]
+}
+
+resource "random_id" "firewall" {
+ byte_length = 4
+}
+
+resource "digitalocean_firewall" "web" {
+ name = "dns-rdir-only-allow-dns-http-ssh-${random_id.firewall.hex}"
+
+ droplet_ids = digitalocean_droplet.dns-rdir.*.id
+
+ inbound_rule {
+ protocol = "tcp"
+ port_range = "53"
+ source_addresses = ["0.0.0.0/0", "::/0"]
+ }
+ inbound_rule {
+ protocol = "udp"
+ port_range = "53"
+ source_addresses = ["0.0.0.0/0", "::/0"]
+ }
+ inbound_rule {
+ protocol = "tcp"
+ port_range = "22"
+ source_addresses = ["${data.external.get_public_ip.result["ip"]}/32"]
+ }
+ inbound_rule {
+ protocol = "udp"
+ port_range = "60000-61000"
+ source_addresses = ["0.0.0.0/0", "::/0"]
+ }
+
+ outbound_rule {
+ protocol = "tcp"
+ port_range = "53"
+ destination_addresses = ["0.0.0.0/0", "::/0"]
+ }
+ outbound_rule {
+ protocol = "udp"
+ port_range = "53"
+ destination_addresses = ["0.0.0.0/0", "::/0"]
+ }
+ outbound_rule {
+ protocol = "tcp"
+ port_range = "443"
+ destination_addresses = ["0.0.0.0/0", "::/0"]
+ }
+ outbound_rule {
+ protocol = "tcp"
+ port_range = "80"
+ destination_addresses = ["0.0.0.0/0", "::/0"]
+ }
+}
+
diff --git a/redbaron/modules/digitalocean/dns-local-rdir/main.tf b/redbaron/modules/digitalocean/dns-local-rdir/main.tf
new file mode 100644
index 0000000..7512b6d
--- /dev/null
+++ b/redbaron/modules/digitalocean/dns-local-rdir/main.tf
@@ -0,0 +1,82 @@
+resource "random_id" "server" {
+ count = var.counter
+ byte_length = 4
+}
+
+resource "tls_private_key" "ssh" {
+ count = var.counter
+ algorithm = "RSA"
+ rsa_bits = 4096
+}
+
+resource "digitalocean_ssh_key" "ssh_key" {
+ count = var.counter
+ name = "dns-rdir-key-${random_id.server[count.index].hex}"
+ public_key = tls_private_key.ssh[count.index].public_key_openssh
+}
+
+resource "digitalocean_droplet" "dns-rdir" {
+ count = var.counter
+ image = "debian-9-x64"
+ name = "dns-rdir-${random_id.server[count.index].hex}"
+ region = var.available_regions[element(var.regions, count.index)]
+ ssh_keys = [digitalocean_ssh_key.ssh_key[count.index].id]
+ size = var.size
+
+ provisioner "remote-exec" {
+ inline = [
+ "apt-get update",
+ "apt-get install -y tmux socat",
+ "tmux new -d \"socat udp4-LISTEN:53,fork tcp4:localhost:2222\"",
+ ]
+
+ connection {
+ host = self.ipv4_address
+ type = "ssh"
+ user = "root"
+ private_key = tls_private_key.ssh[count.index].private_key_pem
+ }
+ }
+
+ provisioner "local-exec" {
+ command = "echo \"${tls_private_key.ssh[count.index].private_key_pem}\" > ssh_keys/${self.ipv4_address} && echo \"${tls_private_key.ssh[count.index].public_key_openssh}\" > ssh_keys/${self.ipv4_address}.pub && chmod 600 ssh_keys/*"
+ }
+
+ provisioner "local-exec" {
+ when = destroy
+ command = "rm ssh_keys/${self.ipv4_address}*"
+ }
+}
+
+data "template_file" "ssh_config" {
+ count = var.counter
+
+ template = file("../../redbaron/data/templates/ssh_config.tpl")
+
+ depends_on = [digitalocean_droplet.dns-rdir]
+
+ vars = {
+ name = "dns_rdir_${digitalocean_droplet.dns-rdir[count.index].ipv4_address}"
+ hostname = digitalocean_droplet.dns-rdir[count.index].ipv4_address
+ user = "root"
+ identityfile = "${abspath(path.root)}/ssh_keys/${digitalocean_droplet.dns-rdir[count.index].ipv4_address}"
+ }
+}
+
+resource "null_resource" "gen_ssh_config" {
+ count = var.counter
+
+ triggers = {
+ template_rendered = data.template_file.ssh_config[count.index].rendered
+ }
+
+ provisioner "local-exec" {
+ command = "echo '${data.template_file.ssh_config[count.index].rendered}' > ssh_configs/config_${random_id.server[count.index].hex}"
+ }
+
+ provisioner "local-exec" {
+ when = destroy
+ command = "rm ssh_configs/config_${random_id.server[count.index].hex}"
+ }
+}
+
diff --git a/redbaron/modules/digitalocean/dns-local-rdir/outputs.tf b/redbaron/modules/digitalocean/dns-local-rdir/outputs.tf
new file mode 100644
index 0000000..d7d18d5
--- /dev/null
+++ b/redbaron/modules/digitalocean/dns-local-rdir/outputs.tf
@@ -0,0 +1,3 @@
+output "ips" {
+ value = [digitalocean_droplet.dns-rdir.*.ipv4_address]
+}
diff --git a/redbaron/modules/digitalocean/dns-local-rdir/variables.tf b/redbaron/modules/digitalocean/dns-local-rdir/variables.tf
new file mode 100644
index 0000000..b0212de
--- /dev/null
+++ b/redbaron/modules/digitalocean/dns-local-rdir/variables.tf
@@ -0,0 +1,35 @@
+variable "redirect_to" {
+ type = list(string)
+}
+
+variable "counter" {
+ default = 1
+}
+
+variable "size" {
+ default = "s-1vcpu-1gb"
+}
+
+variable "regions" {
+ type = list(string)
+ default = ["LON1"]
+}
+
+variable "available_regions" {
+ type = map(string)
+ default = {
+ "NYC1" = "nyc1"
+ "NYC2" = "nyc2"
+ "NYC3" = "nyc3"
+ "SFO1" = "sfo1"
+ "SFO2" = "sfo2"
+ "AMS2" = "ams2"
+ "AMS3" = "ams3"
+ "SGP1" = "sgp1"
+ "LON1" = "lon1"
+ "FRA1" = "fra1"
+ "TOR1" = "tor1"
+ "BLR1" = "blr1"
+ }
+}
+
diff --git a/redbaron/modules/digitalocean/dns-local-rdir/versions.tf b/redbaron/modules/digitalocean/dns-local-rdir/versions.tf
new file mode 100644
index 0000000..ac97c6a
--- /dev/null
+++ b/redbaron/modules/digitalocean/dns-local-rdir/versions.tf
@@ -0,0 +1,4 @@
+
+terraform {
+ required_version = ">= 0.12"
+}
diff --git a/redbaron/modules/digitalocean/dns-rdir/README.md b/redbaron/modules/digitalocean/dns-rdir/README.md
index 72a8c80..407ecb6 100644
--- a/redbaron/modules/digitalocean/dns-rdir/README.md
+++ b/redbaron/modules/digitalocean/dns-rdir/README.md
@@ -2,24 +2,15 @@
Creates a DNS Redirector droplet in DigitalOcean. SSH keys for each droplet will be outputted to the ssh_keys folder.
-# Example
-
-```hcl
-module "dns_rdir" {
- source = "./modules/digitalocean/dns-rdir"
-
- redirect_to = ["192.168.0.1"]
-}
-```
-
# Arguments
-| Name | Required | Value Type | Description
-|---------------------------| -------- | ---------- | -----------
-|`redirect_to` | Yes | List | List of IPs to redirect DNS traffic to.
-|`counter` | No | Integer | Number of droplets to launch. Defaults to `1`.
-|`size` | No | String | Droplet size to launch. Defaults to `1gb with 25 GB disk`.
-|`regions` | No | List | Regions to create Droplet(s) in. Defaults to `NYC1`. Accepted values are NYC1/2/3, SFO1/2, AMS2/3, SGP1, LON1, FRA1, TOR1, BLR1.
+| Name | Value Type | Description
+|---------------------------| ---------- | -----------
+|`redirect_to` | List(string) | List of IPs to redirect DNS traffic to.
+|`counter` | Integer | Number of droplets to launch. Defaults to `1`.
+|`size` | String | Droplet size to launch. Defaults to `1gb with 25 GB disk`.
+|`regions` | List(string) | Regions to create Droplet(s) in. Defaults to `NYC1`. Accepted values are NYC1/2/3, SFO1/2, AMS2/3, SGP1, LON1, FRA1, TOR1, BLR1.
+|`available_regions` | Map(string) | Regions to choose from in the regions variable
# Outputs
diff --git a/redbaron/modules/digitalocean/dns-rdir/firewall.tf b/redbaron/modules/digitalocean/dns-rdir/firewall.tf
index 2fd305c..451f6ff 100644
--- a/redbaron/modules/digitalocean/dns-rdir/firewall.tf
+++ b/redbaron/modules/digitalocean/dns-rdir/firewall.tf
@@ -1,9 +1,5 @@
-terraform {
- required_version = ">= 0.11.0"
-}
-
data "external" "get_public_ip" {
- program = ["bash", "../../redbaron/data/scripts/get_public_ip.sh" ]
+ program = ["bash", "../../redbaron/data/scripts/get_public_ip.sh"]
}
resource "random_id" "firewall" {
@@ -13,51 +9,48 @@ resource "random_id" "firewall" {
resource "digitalocean_firewall" "web" {
name = "dns-rdir-only-allow-dns-http-ssh-${random_id.firewall.hex}"
- droplet_ids = ["${digitalocean_droplet.dns-rdir.*.id}"]
+ droplet_ids = digitalocean_droplet.dns-rdir.*.id
- inbound_rule = [
- {
- protocol = "tcp"
- port_range = "53"
- source_addresses = ["0.0.0.0/0", "::/0"]
- },
- {
- protocol = "udp"
- port_range = "53"
- source_addresses = ["0.0.0.0/0", "::/0"]
- },
- {
- protocol = "tcp"
- port_range = "22"
- source_addresses = ["${data.external.get_public_ip.result["ip"]}/32"]
- },
- {
- protocol = "udp"
- port_range = "60000-61000"
- source_addresses = ["0.0.0.0/0", "::/0"]
- }
- ]
+ inbound_rule {
+ protocol = "tcp"
+ port_range = "53"
+ source_addresses = ["0.0.0.0/0", "::/0"]
+ }
+ inbound_rule {
+ protocol = "udp"
+ port_range = "53"
+ source_addresses = ["0.0.0.0/0", "::/0"]
+ }
+ inbound_rule {
+ protocol = "tcp"
+ port_range = "22"
+ source_addresses = ["${data.external.get_public_ip.result["ip"]}/32"]
+ }
+ inbound_rule {
+ protocol = "udp"
+ port_range = "60000-61000"
+ source_addresses = ["0.0.0.0/0", "::/0"]
+ }
- outbound_rule = [
- {
- protocol = "tcp"
- port_range = "53"
- destination_addresses = ["0.0.0.0/0", "::/0"]
- },
- {
- protocol = "udp"
- port_range = "53"
- destination_addresses = ["0.0.0.0/0", "::/0"]
- },
- {
- protocol = "tcp"
- port_range = "443"
- destination_addresses = ["0.0.0.0/0", "::/0"]
- },
- {
- protocol = "tcp"
- port_range = "80"
- destination_addresses = ["0.0.0.0/0", "::/0"]
- },
- ]
+ outbound_rule {
+ protocol = "tcp"
+ port_range = "53"
+ destination_addresses = ["0.0.0.0/0", "::/0"]
+ }
+ outbound_rule {
+ protocol = "udp"
+ port_range = "53"
+ destination_addresses = ["0.0.0.0/0", "::/0"]
+ }
+ outbound_rule {
+ protocol = "tcp"
+ port_range = "443"
+ destination_addresses = ["0.0.0.0/0", "::/0"]
+ }
+ outbound_rule {
+ protocol = "tcp"
+ port_range = "80"
+ destination_addresses = ["0.0.0.0/0", "::/0"]
+ }
}
+
diff --git a/redbaron/modules/digitalocean/dns-rdir/main.tf b/redbaron/modules/digitalocean/dns-rdir/main.tf
index 0ae42d5..9905cef 100644
--- a/redbaron/modules/digitalocean/dns-rdir/main.tf
+++ b/redbaron/modules/digitalocean/dns-rdir/main.tf
@@ -1,113 +1,82 @@
-terraform {
- required_version = ">= 0.11.0"
-}
-
resource "random_id" "server" {
- count = "${var.counter}"
+ count = var.counter
byte_length = 4
}
resource "tls_private_key" "ssh" {
- count = "${var.counter}"
+ count = var.counter
algorithm = "RSA"
- rsa_bits = 4096
+ rsa_bits = 4096
}
resource "digitalocean_ssh_key" "ssh_key" {
- count = "${var.counter}"
- name = "dns-rdir-key-${random_id.server.*.hex[count.index]}"
- public_key = "${tls_private_key.ssh.*.public_key_openssh[count.index]}"
+ count = var.counter
+ name = "dns-rdir-key-${random_id.server[count.index].hex}"
+ public_key = tls_private_key.ssh[count.index].public_key_openssh
}
resource "digitalocean_droplet" "dns-rdir" {
- count = "${var.counter}"
- image = "debian-9-x64"
- name = "dns-rdir-${random_id.server.*.hex[count.index]}"
- region = "${var.available_regions[element(var.regions, count.index)]}"
- ssh_keys = ["${digitalocean_ssh_key.ssh_key.*.id[count.index]}"]
- size = "${var.size}"
+ count = var.counter
+ image = "debian-9-x64"
+ name = "dns-rdir-${random_id.server[count.index].hex}"
+ region = var.available_regions[element(var.regions, count.index)]
+ ssh_keys = [digitalocean_ssh_key.ssh_key[count.index].id]
+ size = var.size
provisioner "remote-exec" {
inline = [
- "apt-get update",
- "apt-get install -y tmux socat mosh",
- "tmux new -d \"socat udp4-recvfrom:53,reuseaddr,fork udp4-sendto:${element(var.redirect_to, count.index)}:53\""
+ "apt-get update",
+ "apt-get install -y tmux socat",
+ "tmux new -d \"socat udp4-recvfrom:53,reuseaddr,fork udp4-sendto:${element(var.redirect_to, count.index)}:53\"",
]
connection {
- host = "${self.ipv4_address}"
- type = "ssh"
- user = "root"
- private_key = "${tls_private_key.ssh.*.private_key_pem[count.index]}"
+ host = self.ipv4_address
+ type = "ssh"
+ user = "root"
+ private_key = tls_private_key.ssh[count.index].private_key_pem
}
}
provisioner "local-exec" {
- command = "echo \"${tls_private_key.ssh.*.private_key_pem[count.index]}\" > ../../redbaron/data/ssh_keys/${self.ipv4_address} && echo \"${tls_private_key.ssh.*.public_key_openssh[count.index]}\" > ../../redbaron/data/ssh_keys/${self.ipv4_address}.pub && chmod 600 ../../redbaron/data/ssh_keys/*"
+ command = "echo \"${tls_private_key.ssh[count.index].private_key_pem}\" > ssh_keys/${self.ipv4_address} && echo \"${tls_private_key.ssh[count.index].public_key_openssh}\" > ssh_keys/${self.ipv4_address}.pub && chmod 600 ssh_keys/*"
}
provisioner "local-exec" {
- when = "destroy"
- command = "rm ../../redbaron/data/ssh_keys/${self.ipv4_address}*"
- }
-
-}
-
-resource "null_resource" "ansible_provisioner" {
- count = "${signum(length(var.ansible_playbook)) == 1 ? var.counter : 0}"
-
- depends_on = ["digitalocean_droplet.dns-rdir"]
-
- triggers {
- droplet_creation = "${join("," , digitalocean_droplet.dns-rdir.*.id)}"
- policy_sha1 = "${sha1(file(var.ansible_playbook))}"
- }
-
- provisioner "local-exec" {
- command = "ansible-playbook ${join(" ", compact(var.ansible_arguments))} --user=root --private-key=../../redbaron/data/ssh_keys/${digitalocean_droplet.dns-rdir.*.ipv4_address[count.index]} -e host=${digitalocean_droplet.dns-rdir.*.ipv4_address[count.index]} ${var.ansible_playbook}"
-
- environment {
- ANSIBLE_HOST_KEY_CHECKING = "False"
- }
- }
-
- lifecycle {
- create_before_destroy = true
+ when = destroy
+ command = "rm ssh_keys/${self.ipv4_address}*"
}
}
data "template_file" "ssh_config" {
+ count = var.counter
- count = "${var.counter}"
+ template = file("../../redbaron/data/templates/ssh_config.tpl")
- template = "${file("../../redbaron/data/templates/ssh_config.tpl")}"
+ depends_on = [digitalocean_droplet.dns-rdir]
- depends_on = ["digitalocean_droplet.dns-rdir"]
-
- vars {
- name = "dns_rdir_${digitalocean_droplet.dns-rdir.*.ipv4_address[count.index]}"
- hostname = "${digitalocean_droplet.dns-rdir.*.ipv4_address[count.index]}"
- user = "root"
- identityfile = "${path.root}/data/ssh_keys/${digitalocean_droplet.dns-rdir.*.ipv4_address[count.index]}"
+ vars = {
+ name = "dns_rdir_${digitalocean_droplet.dns-rdir[count.index].ipv4_address}"
+ hostname = digitalocean_droplet.dns-rdir[count.index].ipv4_address
+ user = "root"
+ identityfile = "${abspath(path.root)}/ssh_keys/${digitalocean_droplet.dns-rdir[count.index].ipv4_address}"
}
-
}
resource "null_resource" "gen_ssh_config" {
+ count = var.counter
- count = "${var.counter}"
-
- triggers {
- template_rendered = "${data.template_file.ssh_config.*.rendered[count.index]}"
+ triggers = {
+ template_rendered = data.template_file.ssh_config[count.index].rendered
}
provisioner "local-exec" {
- command = "echo '${data.template_file.ssh_config.*.rendered[count.index]}' > ../../redbaron/data/ssh_configs/config_${random_id.server.*.hex[count.index]}"
+ command = "echo '${data.template_file.ssh_config[count.index].rendered}' > ssh_configs/config_${random_id.server[count.index].hex}"
}
provisioner "local-exec" {
- when = "destroy"
- command = "rm ../../redbaron/data/ssh_configs/config_${random_id.server.*.hex[count.index]}"
+ when = destroy
+ command = "rm ssh_configs/config_${random_id.server[count.index].hex}"
}
+}
-}
\ No newline at end of file
diff --git a/redbaron/modules/digitalocean/dns-rdir/outputs.tf b/redbaron/modules/digitalocean/dns-rdir/outputs.tf
index 2f7d2ab..df1845c 100644
--- a/redbaron/modules/digitalocean/dns-rdir/outputs.tf
+++ b/redbaron/modules/digitalocean/dns-rdir/outputs.tf
@@ -1,7 +1,4 @@
output "ips" {
- value = ["${digitalocean_droplet.dns-rdir.*.ipv4_address}"]
+ value = [digitalocean_droplet.dns-rdir.*.ipv4_address]
}
-output "ssh_user" {
- value = "root"
-}
\ No newline at end of file
diff --git a/redbaron/modules/digitalocean/dns-rdir/variables.tf b/redbaron/modules/digitalocean/dns-rdir/variables.tf
index 7ed6578..b0212de 100644
--- a/redbaron/modules/digitalocean/dns-rdir/variables.tf
+++ b/redbaron/modules/digitalocean/dns-rdir/variables.tf
@@ -1,39 +1,22 @@
variable "redirect_to" {
- type = "list"
+ type = list(string)
}
variable "counter" {
default = 1
}
-variable "ansible_playbook" {
- default = ""
- description = "Ansible Playbook to run"
-}
-
-variable "ansible_arguments" {
- default = []
- type = "list"
- description = "Additional Ansible Arguments"
-}
-
-variable "ansible_vars" {
- default = []
- type = "list"
- description = "Environment variables"
-}
-
variable "size" {
default = "s-1vcpu-1gb"
}
variable "regions" {
- type = "list"
+ type = list(string)
default = ["LON1"]
}
variable "available_regions" {
- type = "map"
+ type = map(string)
default = {
"NYC1" = "nyc1"
"NYC2" = "nyc2"
@@ -48,4 +31,5 @@ variable "available_regions" {
"TOR1" = "tor1"
"BLR1" = "blr1"
}
-}
\ No newline at end of file
+}
+
diff --git a/redbaron/modules/digitalocean/dns-rdir/versions.tf b/redbaron/modules/digitalocean/dns-rdir/versions.tf
new file mode 100644
index 0000000..ac97c6a
--- /dev/null
+++ b/redbaron/modules/digitalocean/dns-rdir/versions.tf
@@ -0,0 +1,4 @@
+
+terraform {
+ required_version = ">= 0.12"
+}
diff --git a/redbaron/modules/digitalocean/http-c2/README.md b/redbaron/modules/digitalocean/http-c2/README.md
index 65a0569..a508faf 100644
--- a/redbaron/modules/digitalocean/http-c2/README.md
+++ b/redbaron/modules/digitalocean/http-c2/README.md
@@ -2,30 +2,20 @@
Creates a HTTP C2 server in DigitalOcean. SSH keys for each droplet will be outputted to the ssh_keys folder.
-# Example
-
-```hcl
-module "http_c2" {
- source = "./modules/digitalocean/http-c2"
-}
-```
-
# Arguments
-| Name | Required | Value Type | Description
-|---------------------------| -------- | ---------- | -----------
-|`counter` | No | Integer | Number of droplets to launch. Defaults to 1.
-|`size` | No | String | Droplet size to launch. Defaults to `1gb with 25 GB disk`.
-|`install` | No | List | Scripts to run on droplet creation. Defaults to "./scripts/core_deps.sh".
-|`regions` | No | List | Regions to create Droplet(s) in. Defaults to `NYC1`. Accepted values are NYC1/2/3, SFO1/2, AMS2/3, SGP1, LON1, FRA1, TOR1, BLR1.
-|`ansible_playbook` | No | String | Ansible playbook to run on Droplet creation
-|`ansible_arguments` | No | List | Additional Ansible arguments
-|`ansible_vars` | No | List | Ansible environment variables
+| Name | Value Type | Description
+|---------------------------| ------------ | -----------
+|`install` | List(string) | Scripts to run on droplet creation. Defaults to "./scripts/core_deps.sh".
+|`counter` | Integer | Number of droplets to launch. Defaults to 1.
+|`distro` | String | Number of droplets to launch. Defaults to 1.
+|`size` | String | Droplet size to launch. Defaults to `1gb with 25 GB disk`.
+|`regions` | List(string) | Regions to create Droplet(s) in. Defaults to `NYC1`. Accepted values are NYC1/2/3, SFO1/2, AMS2/3, SGP1, LON1, FRA1, TOR1, BLR1.
+|`available_regions` | Map(string) | Regions to choose from in the regions variable
# Outputs
| Name | Value Type | Description
|---------------------------| ---------- | -----------
-|`ips` | List | IPs of created droplets.
-|`ssh_user` | String | Username that needs to be used in order to SSH into the droplet
+|`ips` | List | IPs of created droplets.
\ No newline at end of file
diff --git a/redbaron/modules/digitalocean/http-c2/firewall.tf b/redbaron/modules/digitalocean/http-c2/firewall.tf
index 73e084c..560faf1 100644
--- a/redbaron/modules/digitalocean/http-c2/firewall.tf
+++ b/redbaron/modules/digitalocean/http-c2/firewall.tf
@@ -1,9 +1,5 @@
-terraform {
- required_version = ">= 0.11.0"
-}
-
data "external" "get_public_ip" {
- program = ["bash", "../../redbaron/data/scripts/get_public_ip.sh" ]
+ program = ["bash", "../../redbaron/data/scripts/get_public_ip.sh"]
}
resource "random_id" "firewall" {
@@ -13,51 +9,48 @@ resource "random_id" "firewall" {
resource "digitalocean_firewall" "web" {
name = "http-c2-only-allow-dns-http-ssh-${random_id.firewall.hex}"
- droplet_ids = ["${digitalocean_droplet.http-c2.*.id}"]
+ droplet_ids = digitalocean_droplet.http-c2.*.id
- inbound_rule = [
- {
- protocol = "tcp"
- port_range = "443"
- source_addresses = ["0.0.0.0/0", "::/0"]
- },
- {
- protocol = "tcp"
- port_range = "80"
- source_addresses = ["0.0.0.0/0", "::/0"]
- },
- {
- protocol = "tcp"
- port_range = "22"
- source_addresses = ["${data.external.get_public_ip.result["ip"]}/32"]
- },
- {
- protocol = "udp"
- port_range = "60000-61000"
- source_addresses = ["0.0.0.0/0", "::/0"]
- }
- ]
+ inbound_rule {
+ protocol = "tcp"
+ port_range = "443"
+ source_addresses = ["0.0.0.0/0", "::/0"]
+ }
+ inbound_rule {
+ protocol = "tcp"
+ port_range = "80"
+ source_addresses = ["0.0.0.0/0", "::/0"]
+ }
+ inbound_rule {
+ protocol = "tcp"
+ port_range = "22"
+ source_addresses = ["${data.external.get_public_ip.result["ip"]}/32"]
+ }
+ inbound_rule {
+ protocol = "udp"
+ port_range = "60000-61000"
+ source_addresses = ["0.0.0.0/0", "::/0"]
+ }
- outbound_rule = [
- {
- protocol = "tcp"
- port_range = "53"
- destination_addresses = ["0.0.0.0/0", "::/0"]
- },
- {
- protocol = "udp"
- port_range = "53"
- destination_addresses = ["0.0.0.0/0", "::/0"]
- },
- {
- protocol = "tcp"
- port_range = "443"
- destination_addresses = ["0.0.0.0/0", "::/0"]
- },
- {
- protocol = "tcp"
- port_range = "80"
- destination_addresses = ["0.0.0.0/0", "::/0"]
- },
- ]
+ outbound_rule {
+ protocol = "tcp"
+ port_range = "53"
+ destination_addresses = ["0.0.0.0/0", "::/0"]
+ }
+ outbound_rule {
+ protocol = "udp"
+ port_range = "53"
+ destination_addresses = ["0.0.0.0/0", "::/0"]
+ }
+ outbound_rule {
+ protocol = "tcp"
+ port_range = "443"
+ destination_addresses = ["0.0.0.0/0", "::/0"]
+ }
+ outbound_rule {
+ protocol = "tcp"
+ port_range = "80"
+ destination_addresses = ["0.0.0.0/0", "::/0"]
+ }
}
+
diff --git a/redbaron/modules/digitalocean/http-c2/main.tf b/redbaron/modules/digitalocean/http-c2/main.tf
index 37a88da..8ac87d1 100644
--- a/redbaron/modules/digitalocean/http-c2/main.tf
+++ b/redbaron/modules/digitalocean/http-c2/main.tf
@@ -1,107 +1,78 @@
-terraform {
- required_version = ">= 0.11.0"
-}
-
resource "random_id" "server" {
- count = "${var.counter}"
+ count = var.counter
byte_length = 4
}
resource "tls_private_key" "ssh" {
- count = "${var.counter}"
+ count = var.counter
algorithm = "RSA"
- rsa_bits = 4096
+ rsa_bits = 4096
}
resource "digitalocean_ssh_key" "ssh_key" {
- count = "${var.counter}"
- name = "http-c2-key-${random_id.server.*.hex[count.index]}"
- public_key = "${tls_private_key.ssh.*.public_key_openssh[count.index]}"
+ count = var.counter
+ name = "http-c2-key-${random_id.server[count.index].hex}"
+ public_key = tls_private_key.ssh[count.index].public_key_openssh
}
resource "digitalocean_droplet" "http-c2" {
- count = "${var.counter}"
- image = "debian-9-x64"
- name = "http-c2-${random_id.server.*.hex[count.index]}"
- region = "${var.available_regions[element(var.regions, count.index)]}"
- ssh_keys = ["${digitalocean_ssh_key.ssh_key.*.id[count.index]}"]
- size = "${var.size}"
+ count = var.counter
+ image = var.distro
+ name = "http-c2-${random_id.server[count.index].hex}"
+ region = var.available_regions[element(var.regions, count.index)]
+ ssh_keys = [digitalocean_ssh_key.ssh_key[count.index].id]
+ size = var.size
provisioner "remote-exec" {
- scripts = "${concat(list("../../redbaron/data/scripts/core_deps.sh"), var.install)}"
+ scripts = concat(["../../redbaron/data/scripts/core_deps.sh"], var.install)
connection {
- type = "ssh"
- user = "root"
- private_key = "${tls_private_key.ssh.*.private_key_pem[count.index]}"
+ host = self.ipv4_address
+ type = "ssh"
+ user = "root"
+ private_key = tls_private_key.ssh[count.index].private_key_pem
}
}
provisioner "local-exec" {
- command = "echo \"${tls_private_key.ssh.*.private_key_pem[count.index]}\" > ../../redbaron/data/ssh_keys/${self.ipv4_address} && echo \"${tls_private_key.ssh.*.public_key_openssh[count.index]}\" > ../../redbaron/data/ssh_keys/${self.ipv4_address}.pub && chmod 600 ../../redbaron/data/ssh_keys/*"
+ command = "echo \"${tls_private_key.ssh[count.index].private_key_pem}\" > ssh_keys/${self.ipv4_address} && echo \"${tls_private_key.ssh[count.index].public_key_openssh}\" > ssh_keys/${self.ipv4_address}.pub && chmod 600 ssh_keys/*"
}
provisioner "local-exec" {
- when = "destroy"
- command = "rm ../../redbaron/data/ssh_keys/${self.ipv4_address}*"
- }
-}
-
-resource "null_resource" "ansible_provisioner" {
- count = "${signum(length(var.ansible_playbook)) == 1 ? var.counter : 0}"
-
- depends_on = ["digitalocean_droplet.http-c2"]
-
- triggers {
- droplet_creation = "${join("," , digitalocean_droplet.http-c2.*.id)}"
- policy_sha1 = "${sha1(file(var.ansible_playbook))}"
- }
-
- provisioner "local-exec" {
- command = "ansible-playbook ${join(" ", compact(var.ansible_arguments))} --user=root --private-key=../../redbaron/data/ssh_keys/${digitalocean_droplet.http-c2.*.ipv4_address[count.index]} -e host=${digitalocean_droplet.http-c2.*.ipv4_address[count.index]} ${var.ansible_playbook}"
-
- environment {
- ANSIBLE_HOST_KEY_CHECKING = "False"
- }
- }
-
- lifecycle {
- create_before_destroy = true
+ when = destroy
+ command = "rm ssh_keys/${self.ipv4_address}*"
}
}
data "template_file" "ssh_config" {
+ count = var.counter
- count = "${var.counter}"
-
- template = "${file("../../redbaron/data/templates/ssh_config.tpl")}"
+ template = file("../../redbaron/data/templates/ssh_config.tpl")
- depends_on = ["digitalocean_droplet.http-c2"]
+ depends_on = [digitalocean_droplet.http-c2]
- vars {
- name = "http_c2_${digitalocean_droplet.http-c2.*.ipv4_address[count.index]}"
- hostname = "${digitalocean_droplet.http-c2.*.ipv4_address[count.index]}"
- user = "root"
- identityfile = "${path.root}/data/ssh_keys/${digitalocean_droplet.http-c2.*.ipv4_address[count.index]}"
+ vars = {
+ name = "http_c2_${digitalocean_droplet.http-c2[count.index].ipv4_address}"
+ hostname = digitalocean_droplet.http-c2[count.index].ipv4_address
+ user = "root"
+ identityfile = "${abspath(path.root)}/ssh_keys/${digitalocean_droplet.http-c2[count.index].ipv4_address}"
}
-
}
resource "null_resource" "gen_ssh_config" {
+ count = var.counter
- count = "${var.counter}"
-
- triggers {
- template_rendered = "${data.template_file.ssh_config.*.rendered[count.index]}"
+ triggers = {
+ template_rendered = data.template_file.ssh_config[count.index].rendered
}
provisioner "local-exec" {
- command = "echo '${data.template_file.ssh_config.*.rendered[count.index]}' > ../../redbaron/data/ssh_configs/config_${random_id.server.*.hex[count.index]}"
+ command = "echo '${data.template_file.ssh_config[count.index].rendered}' > ssh_configs/config_${random_id.server[count.index].hex}"
}
provisioner "local-exec" {
- when = "destroy"
- command = "rm ../../redbaron/data/ssh_configs/config_${random_id.server.*.hex[count.index]}"
+ when = destroy
+ command = "rm ssh_configs/config_${random_id.server[count.index].hex}"
}
-
}
+
diff --git a/redbaron/modules/digitalocean/http-c2/outputs.tf b/redbaron/modules/digitalocean/http-c2/outputs.tf
index abc9787..d959023 100644
--- a/redbaron/modules/digitalocean/http-c2/outputs.tf
+++ b/redbaron/modules/digitalocean/http-c2/outputs.tf
@@ -1,11 +1,3 @@
output "ips" {
- value = ["${digitalocean_droplet.http-c2.*.ipv4_address}"]
+ value = [digitalocean_droplet.http-c2.*.ipv4_address]
}
-
-output "ssh_user" {
- value = "root"
-}
-
-# output "id" {
-# value = "${digitalocean_droplet.http-c2.id}"
-# }
diff --git a/redbaron/modules/digitalocean/http-c2/variables.tf b/redbaron/modules/digitalocean/http-c2/variables.tf
index 8e9fa95..71183df 100644
--- a/redbaron/modules/digitalocean/http-c2/variables.tf
+++ b/redbaron/modules/digitalocean/http-c2/variables.tf
@@ -1,5 +1,5 @@
variable "install" {
- type = "list"
+ type = list(string)
default = []
}
@@ -7,35 +7,21 @@ variable "counter" {
default = 1
}
-variable "ansible_playbook" {
- default = ""
- description = "Ansible Playbook to run"
-}
-
-variable "ansible_arguments" {
- default = []
- type = "list"
- description = "Additional Ansible Arguments"
-}
-
-variable "ansible_vars" {
- default = []
- type = "list"
- description = "Environment variables"
+variable "distro" {
+ default = "debian-9-x64"
}
variable "size" {
- # default = "1gb"
default = "s-1vcpu-1gb"
}
variable "regions" {
- type = "list"
+ type = list(string)
default = ["LON1"]
}
variable "available_regions" {
- type = "map"
+ type = map(string)
default = {
"NYC1" = "nyc1"
"NYC2" = "nyc2"
@@ -50,4 +36,5 @@ variable "available_regions" {
"TOR1" = "tor1"
"BLR1" = "blr1"
}
-}
\ No newline at end of file
+}
+
diff --git a/redbaron/modules/digitalocean/http-c2/versions.tf b/redbaron/modules/digitalocean/http-c2/versions.tf
new file mode 100644
index 0000000..ac97c6a
--- /dev/null
+++ b/redbaron/modules/digitalocean/http-c2/versions.tf
@@ -0,0 +1,4 @@
+
+terraform {
+ required_version = ">= 0.12"
+}
diff --git a/redbaron/modules/digitalocean/http-rdir/README.md b/redbaron/modules/digitalocean/http-rdir/README.md
index 3cbe3e5..6068d7e 100644
--- a/redbaron/modules/digitalocean/http-rdir/README.md
+++ b/redbaron/modules/digitalocean/http-rdir/README.md
@@ -2,24 +2,17 @@
Creates a HTTP Redirector droplet in DigitalOcean. SSH keys for each droplet will be outputted to the ssh_keys folder.
-# Example
-
-```hcl
-module "http_rdir" {
- source = "./modules/digitalocean/http-rdir"
-
- redirect_to = ["192.168.0.1"]
-}
-```
-
# Arguments
-| Name | Required | Value Type | Description
-|---------------------------| -------- | ---------- | -----------
-|`redirect_to` | Yes | List | List of IPs to redirect HTTP traffic to.
-|`counter` | No | Integer | Number of droplets to launch. Defaults to `1`.
-|`size` | No | String | Droplet size to launch. Defaults to `1gb with 25 GB disk`.
-|`regions` | No | List | Regions to create Droplet(s) in. Defaults to `NYC1`. Accepted values are NYC1/2/3, SFO1/2, AMS2/3, SGP1, LON1, FRA1, TOR1, BLR1.
+| Name | Value Type | Description
+|---------------------------| ---------- | -----------
+|`redirect_to` | List(string) | List of IPs to redirect DNS traffic to.
+|`counter` | Integer | Number of droplets to launch. Defaults to `1`.
+|`size` | String | Droplet size to launch. Defaults to `1gb with 25 GB disk`.
+|`regions` | List(string) | Regions to create Droplet(s) in. Defaults to `NYC1`. Accepted values are NYC1/2/3, SFO1/2, AMS2/3, SGP1, LON1, FRA1, TOR1, BLR1.
+|`http-port` | Integer | HTTP port to be used
+|`https-port` | Integer | HTTPS port to be used
+|`available_regions` | Map(string)| Regions to choose from in the regions variable
# Outputs
diff --git a/redbaron/modules/digitalocean/http-rdir/firewall.tf b/redbaron/modules/digitalocean/http-rdir/firewall.tf
index b4cdab7..0bf95da 100644
--- a/redbaron/modules/digitalocean/http-rdir/firewall.tf
+++ b/redbaron/modules/digitalocean/http-rdir/firewall.tf
@@ -1,9 +1,5 @@
-terraform {
- required_version = ">= 0.11.0"
-}
-
data "external" "get_public_ip" {
- program = ["bash", "../../redbaron/data/scripts/get_public_ip.sh" ]
+ program = ["bash", "../../redbaron/data/scripts/get_public_ip.sh"]
}
resource "random_id" "firewall" {
@@ -13,51 +9,48 @@ resource "random_id" "firewall" {
resource "digitalocean_firewall" "web" {
name = "http-rdir-only-allow-dns-http-ssh-${random_id.firewall.hex}"
- droplet_ids = ["${digitalocean_droplet.http-rdir.*.id}"]
+ droplet_ids = digitalocean_droplet.http-rdir.*.id
- inbound_rule = [
- {
- protocol = "tcp"
- port_range = "443"
- source_addresses = ["0.0.0.0/0", "::/0"]
- },
- {
- protocol = "tcp"
- port_range = "80"
- source_addresses = ["0.0.0.0/0", "::/0"]
- },
- {
- protocol = "tcp"
- port_range = "22"
- source_addresses = ["${data.external.get_public_ip.result["ip"]}/32"]
- },
- {
- protocol = "udp"
- port_range = "60000-61000"
- source_addresses = ["0.0.0.0/0", "::/0"]
- }
- ]
+ inbound_rule {
+ protocol = "tcp"
+ port_range = "443"
+ source_addresses = ["0.0.0.0/0", "::/0"]
+ }
+ inbound_rule {
+ protocol = "tcp"
+ port_range = "80"
+ source_addresses = ["0.0.0.0/0", "::/0"]
+ }
+ inbound_rule {
+ protocol = "tcp"
+ port_range = "22"
+ source_addresses = ["${data.external.get_public_ip.result["ip"]}/32"]
+ }
+ inbound_rule {
+ protocol = "udp"
+ port_range = "60000-61000"
+ source_addresses = ["0.0.0.0/0", "::/0"]
+ }
- outbound_rule = [
- {
- protocol = "tcp"
- port_range = "53"
- destination_addresses = ["0.0.0.0/0", "::/0"]
- },
- {
- protocol = "udp"
- port_range = "53"
- destination_addresses = ["0.0.0.0/0", "::/0"]
- },
- {
- protocol = "tcp"
- port_range = "443"
- destination_addresses = ["0.0.0.0/0", "::/0"]
- },
- {
- protocol = "tcp"
- port_range = "80"
- destination_addresses = ["0.0.0.0/0", "::/0"]
- },
- ]
+ outbound_rule {
+ protocol = "tcp"
+ port_range = "53"
+ destination_addresses = ["0.0.0.0/0", "::/0"]
+ }
+ outbound_rule {
+ protocol = "udp"
+ port_range = "53"
+ destination_addresses = ["0.0.0.0/0", "::/0"]
+ }
+ outbound_rule {
+ protocol = "tcp"
+ port_range = "443"
+ destination_addresses = ["0.0.0.0/0", "::/0"]
+ }
+ outbound_rule {
+ protocol = "tcp"
+ port_range = "80"
+ destination_addresses = ["0.0.0.0/0", "::/0"]
+ }
}
+
diff --git a/redbaron/modules/digitalocean/http-rdir/main.tf b/redbaron/modules/digitalocean/http-rdir/main.tf
index 14e8736..0f1a094 100644
--- a/redbaron/modules/digitalocean/http-rdir/main.tf
+++ b/redbaron/modules/digitalocean/http-rdir/main.tf
@@ -1,115 +1,84 @@
-terraform {
- required_version = ">= 0.11.0"
-}
-
resource "random_id" "server" {
- count = "${var.counter}"
+ count = var.counter
byte_length = 4
}
resource "tls_private_key" "ssh" {
- count = "${var.counter}"
+ count = var.counter
algorithm = "RSA"
- rsa_bits = 4096
+ rsa_bits = 4096
}
resource "digitalocean_ssh_key" "ssh_key" {
- count = "${var.counter}"
- name = "http-rdir-key-${random_id.server.*.hex[count.index]}"
- public_key = "${tls_private_key.ssh.*.public_key_openssh[count.index]}"
+ count = var.counter
+ name = "http-rdir-key-${random_id.server[count.index].hex}"
+ public_key = tls_private_key.ssh[count.index].public_key_openssh
}
resource "digitalocean_droplet" "http-rdir" {
- count = "${var.counter}"
- image = "debian-9-x64"
- name = "http-rdir-${random_id.server.*.hex[count.index]}"
- region = "${var.available_regions[element(var.regions, count.index)]}"
- ssh_keys = ["${digitalocean_ssh_key.ssh_key.*.id[count.index]}"]
- size = "${var.size}"
+ count = var.counter
+ image = "debian-9-x64"
+ name = "http-rdir-${random_id.server[count.index].hex}"
+ region = var.available_regions[element(var.regions, count.index)]
+ ssh_keys = [digitalocean_ssh_key.ssh_key[count.index].id]
+ size = var.size
provisioner "remote-exec" {
inline = [
- "apt-get update",
- "apt-get install -y tmux socat apache2 mosh",
- "a2enmod rewrite proxy proxy_http ssl",
- "systemctl stop apache2",
- "tmux new -d \"socat TCP4-LISTEN:80,fork TCP4:${element(var.redirect_to, count.index)}:80\" ';' split \"socat TCP4-LISTEN:443,fork TCP4:${element(var.redirect_to, count.index)}:443\""
+ "apt-get update",
+ "apt-get install -y tmux socat apache2",
+ "a2enmod rewrite proxy proxy_http ssl",
+ "systemctl stop apache2",
+ "tmux new -d \"socat TCP4-LISTEN:80,fork TCP4:${element(var.redirect_to, count.index)}:${var.http-port}\" ';' split \"socat TCP4-LISTEN:443,fork TCP4:${element(var.redirect_to, count.index)}:${var.https-port}\"",
]
connection {
- host = "${self.ipv4_address}"
- type = "ssh"
- user = "root"
- private_key = "${tls_private_key.ssh.*.private_key_pem[count.index]}"
+ host = self.ipv4_address
+ type = "ssh"
+ user = "root"
+ private_key = tls_private_key.ssh[count.index].private_key_pem
}
}
provisioner "local-exec" {
- command = "echo \"${tls_private_key.ssh.*.private_key_pem[count.index]}\" > ../../redbaron/data/ssh_keys/${self.ipv4_address} && echo \"${tls_private_key.ssh.*.public_key_openssh[count.index]}\" > ../../redbaron/data/ssh_keys/${self.ipv4_address}.pub && chmod 600 ../../redbaron/data/ssh_keys/*"
+ command = "echo \"${tls_private_key.ssh[count.index].private_key_pem}\" > ssh_keys/${self.ipv4_address} && echo \"${tls_private_key.ssh[count.index].public_key_openssh}\" > ssh_keys/${self.ipv4_address}.pub && chmod 600 ssh_keys/*"
}
provisioner "local-exec" {
- when = "destroy"
- command = "rm ../../redbaron/data/ssh_keys/${self.ipv4_address}*"
- }
-
-}
-
-resource "null_resource" "ansible_provisioner" {
- count = "${signum(length(var.ansible_playbook)) == 1 ? var.counter : 0}"
-
- depends_on = ["digitalocean_droplet.http-rdir"]
-
- triggers {
- droplet_creation = "${join("," , digitalocean_droplet.http-rdir.*.id)}"
- policy_sha1 = "${sha1(file(var.ansible_playbook))}"
- }
-
- provisioner "local-exec" {
- command = "ansible-playbook ${join(" ", compact(var.ansible_arguments))} --user=root --private-key=../../redbaron/data/ssh_keys/${digitalocean_droplet.http-rdir.*.ipv4_address[count.index]} -e host=${digitalocean_droplet.http-rdir.*.ipv4_address[count.index]} ${var.ansible_playbook}"
-
- environment {
- ANSIBLE_HOST_KEY_CHECKING = "False"
- }
- }
-
- lifecycle {
- create_before_destroy = true
+ when = destroy
+ command = "rm ssh_keys/${self.ipv4_address}*"
}
}
data "template_file" "ssh_config" {
+ count = var.counter
- count = "${var.counter}"
+ template = file("../../redbaron/data/templates/ssh_config.tpl")
- template = "${file("../../redbaron/data/templates/ssh_config.tpl")}"
+ depends_on = [digitalocean_droplet.http-rdir]
- depends_on = ["digitalocean_droplet.http-rdir"]
-
- vars {
- name = "http_rdir_${digitalocean_droplet.http-rdir.*.ipv4_address[count.index]}"
- hostname = "${digitalocean_droplet.http-rdir.*.ipv4_address[count.index]}"
- user = "root"
- identityfile = "${path.root}/data/ssh_keys/${digitalocean_droplet.http-rdir.*.ipv4_address[count.index]}"
+ vars = {
+ name = "http_rdir_${digitalocean_droplet.http-rdir[count.index].ipv4_address}"
+ hostname = digitalocean_droplet.http-rdir[count.index].ipv4_address
+ user = "root"
+ identityfile = "${abspath(path.root)}/ssh_keys/${digitalocean_droplet.http-rdir[count.index].ipv4_address}"
}
-
}
resource "null_resource" "gen_ssh_config" {
+ count = var.counter
- count = "${var.counter}"
-
- triggers {
- template_rendered = "${data.template_file.ssh_config.*.rendered[count.index]}"
+ triggers = {
+ template_rendered = data.template_file.ssh_config[count.index].rendered
}
provisioner "local-exec" {
- command = "echo '${data.template_file.ssh_config.*.rendered[count.index]}' > ../../redbaron/data/ssh_configs/config_${random_id.server.*.hex[count.index]}"
+ command = "echo '${data.template_file.ssh_config[count.index].rendered}' > ssh_configs/config_${random_id.server[count.index].hex}"
}
provisioner "local-exec" {
- when = "destroy"
- command = "rm ../../redbaron/data/ssh_configs/config_${random_id.server.*.hex[count.index]}"
+ when = destroy
+ command = "rm ssh_configs/config_${random_id.server[count.index].hex}"
}
+}
-}
\ No newline at end of file
diff --git a/redbaron/modules/digitalocean/http-rdir/outputs.tf b/redbaron/modules/digitalocean/http-rdir/outputs.tf
index 8f2ed1c..02a22de 100644
--- a/redbaron/modules/digitalocean/http-rdir/outputs.tf
+++ b/redbaron/modules/digitalocean/http-rdir/outputs.tf
@@ -1,7 +1,3 @@
output "ips" {
- value = ["${digitalocean_droplet.http-rdir.*.ipv4_address}"]
+ value = [digitalocean_droplet.http-rdir.*.ipv4_address]
}
-
-output "ssh_user" {
- value = "root"
-}
\ No newline at end of file
diff --git a/redbaron/modules/digitalocean/http-rdir/variables.tf b/redbaron/modules/digitalocean/http-rdir/variables.tf
index 7ed6578..750242b 100644
--- a/redbaron/modules/digitalocean/http-rdir/variables.tf
+++ b/redbaron/modules/digitalocean/http-rdir/variables.tf
@@ -1,39 +1,30 @@
variable "redirect_to" {
- type = "list"
+ type = list(string)
}
variable "counter" {
default = 1
}
-variable "ansible_playbook" {
- default = ""
- description = "Ansible Playbook to run"
-}
-
-variable "ansible_arguments" {
- default = []
- type = "list"
- description = "Additional Ansible Arguments"
-}
-
-variable "ansible_vars" {
- default = []
- type = "list"
- description = "Environment variables"
-}
-
variable "size" {
default = "s-1vcpu-1gb"
}
variable "regions" {
- type = "list"
+ type = list(string)
default = ["LON1"]
}
+variable "http-port" {
+ default = 80
+}
+
+variable "https-port" {
+ default = 443
+}
+
variable "available_regions" {
- type = "map"
+ type = map(string)
default = {
"NYC1" = "nyc1"
"NYC2" = "nyc2"
@@ -48,4 +39,5 @@ variable "available_regions" {
"TOR1" = "tor1"
"BLR1" = "blr1"
}
-}
\ No newline at end of file
+}
+
diff --git a/redbaron/modules/digitalocean/http-rdir/versions.tf b/redbaron/modules/digitalocean/http-rdir/versions.tf
new file mode 100644
index 0000000..ac97c6a
--- /dev/null
+++ b/redbaron/modules/digitalocean/http-rdir/versions.tf
@@ -0,0 +1,4 @@
+
+terraform {
+ required_version = ">= 0.12"
+}
diff --git a/redbaron/modules/digitalocean/mail-server/README.md b/redbaron/modules/digitalocean/mail-server/README.md
index 34716d0..d784b9e 100644
--- a/redbaron/modules/digitalocean/mail-server/README.md
+++ b/redbaron/modules/digitalocean/mail-server/README.md
@@ -2,21 +2,17 @@
Creates a droplet in DigitalOcean to be used as a mail server. SSH keys for each droplet will be outputted to the ssh_keys folder.
-# Example
-
-```hcl
-module "email_server" {
- source = "./modules/digitalocean/mail-server"
-}
-```
-
# Arguments
-| Name | Required | Value Type | Description
-|---------------------------| -------- | ---------- | -----------
-|`counter` | No | Integer | Number of droplets to launch. Defaults to `1`.
-|`size` | No | String | Droplet size to launch. Defaults to `1gb with 25 GB disk`.
-|`regions` | No | List | Regions to create Droplet(s) in. Defaults to `LON1`. Accepted values are NYC1/2/3, SFO1/2, AMS2/3, SGP1, LON1, FRA1, TOR1, BLR1.
+| Name | Value Type | Description
+|---------------------------| ---------- | -----------
+|`counter` | Integer | Number of droplets to launch. Defaults to `1`.
+|`size` | String | Droplet size to launch. Defaults to `1gb with 25 GB disk`.
+|`name` | String | Mail server name
+|`path` | String | Local path to retrieve the iredmail bash script
+|`regions` | List(string) | Regions to create Droplet(s) in. Defaults to `LON1`. Accepted values are NYC1/2/3, SFO1/2, AMS2/3, SGP1, LON1, FRA1, TOR1, BLR1.
+|`available_regions` | Map(string)| Regions to choose from in the regions variable
+
# Outputs
diff --git a/redbaron/modules/digitalocean/mail-server/firewall.tf b/redbaron/modules/digitalocean/mail-server/firewall.tf
index b38161a..754e28c 100644
--- a/redbaron/modules/digitalocean/mail-server/firewall.tf
+++ b/redbaron/modules/digitalocean/mail-server/firewall.tf
@@ -1,9 +1,5 @@
-terraform {
- required_version = ">= 0.11.0"
-}
-
data "external" "get_public_ip" {
- program = ["bash", "../../redbaron/data/scripts/get_public_ip.sh" ]
+ program = ["bash", "../../redbaron/data/scripts/get_public_ip.sh"]
}
resource "random_id" "firewall" {
@@ -13,113 +9,108 @@ resource "random_id" "firewall" {
resource "digitalocean_firewall" "web" {
name = "mail-server-only-allow-dns-http-ssh-mail-${random_id.firewall.hex}"
- droplet_ids = ["${digitalocean_droplet.mail-server.*.id}"]
+ droplet_ids = digitalocean_droplet.mail-server.*.id
- inbound_rule = [
- {
- protocol = "tcp"
- port_range = "25"
- source_addresses = ["0.0.0.0/0", "::/0"]
- },
- {
- protocol = "tcp"
- port_range = "143"
- source_addresses = ["0.0.0.0/0", "::/0"]
- },
- {
- protocol = "tcp"
- port_range = "993"
- source_addresses = ["0.0.0.0/0", "::/0"]
- },
- {
- protocol = "tcp"
- port_range = "995"
- source_addresses = ["0.0.0.0/0", "::/0"]
- },
- {
- protocol = "tcp"
- port_range = "110"
- source_addresses = ["0.0.0.0/0", "::/0"]
- },
- {
- protocol = "tcp"
- port_range = "587"
- source_addresses = ["0.0.0.0/0", "::/0"]
- },
- {
- protocol = "tcp"
- port_range = "443"
- source_addresses = ["${data.external.get_public_ip.result["ip"]}/32"]
- },
- {
- protocol = "tcp"
- port_range = "80"
- source_addresses = ["${data.external.get_public_ip.result["ip"]}/32"]
- },
- {
- protocol = "tcp"
- port_range = "22"
- source_addresses = ["${data.external.get_public_ip.result["ip"]}/32"]
- },
- {
- protocol = "udp"
- port_range = "60000-61000"
- source_addresses = ["0.0.0.0/0", "::/0"]
- }
- ]
+ inbound_rule {
+ protocol = "tcp"
+ port_range = "25"
+ source_addresses = ["0.0.0.0/0", "::/0"]
+ }
+ inbound_rule {
+ protocol = "tcp"
+ port_range = "143"
+ source_addresses = ["0.0.0.0/0", "::/0"]
+ }
+ inbound_rule {
+ protocol = "tcp"
+ port_range = "993"
+ source_addresses = ["0.0.0.0/0", "::/0"]
+ }
+ inbound_rule {
+ protocol = "tcp"
+ port_range = "995"
+ source_addresses = ["0.0.0.0/0", "::/0"]
+ }
+ inbound_rule {
+ protocol = "tcp"
+ port_range = "110"
+ source_addresses = ["0.0.0.0/0", "::/0"]
+ }
+ inbound_rule {
+ protocol = "tcp"
+ port_range = "587"
+ source_addresses = ["0.0.0.0/0", "::/0"]
+ }
+ inbound_rule {
+ protocol = "tcp"
+ port_range = "443"
+ source_addresses = ["${data.external.get_public_ip.result["ip"]}/32"]
+ }
+ inbound_rule {
+ protocol = "tcp"
+ port_range = "80"
+ source_addresses = ["${data.external.get_public_ip.result["ip"]}/32"]
+ }
+ inbound_rule {
+ protocol = "tcp"
+ port_range = "22"
+ source_addresses = ["${data.external.get_public_ip.result["ip"]}/32"]
+ }
+ inbound_rule {
+ protocol = "udp"
+ port_range = "60000-61000"
+ source_addresses = ["0.0.0.0/0", "::/0"]
+ }
- outbound_rule = [
- {
- protocol = "tcp"
- port_range = "53"
- destination_addresses = ["0.0.0.0/0", "::/0"]
- },
- {
- protocol = "udp"
- port_range = "53"
- destination_addresses = ["0.0.0.0/0", "::/0"]
- },
- {
- protocol = "tcp"
- port_range = "443"
- destination_addresses = ["0.0.0.0/0", "::/0"]
- },
- {
- protocol = "tcp"
- port_range = "80"
- destination_addresses = ["0.0.0.0/0", "::/0"]
- },
- {
- protocol = "tcp"
- port_range = "25"
- destination_addresses = ["0.0.0.0/0", "::/0"]
- },
- {
- protocol = "tcp"
- port_range = "143"
- destination_addresses = ["0.0.0.0/0", "::/0"]
- },
- {
- protocol = "tcp"
- port_range = "587"
- destination_addresses = ["0.0.0.0/0", "::/0"]
- },
- {
- protocol = "tcp"
- port_range = "993"
- destination_addresses = ["0.0.0.0/0", "::/0"]
- },
- {
- protocol = "tcp"
- port_range = "995"
- destination_addresses = ["0.0.0.0/0", "::/0"]
- },
- {
- protocol = "tcp"
- port_range = "110"
- destination_addresses = ["0.0.0.0/0", "::/0"]
- }
- ]
+ outbound_rule {
+ protocol = "tcp"
+ port_range = "53"
+ destination_addresses = ["0.0.0.0/0", "::/0"]
+ }
+ outbound_rule {
+ protocol = "udp"
+ port_range = "53"
+ destination_addresses = ["0.0.0.0/0", "::/0"]
+ }
+ outbound_rule {
+ protocol = "tcp"
+ port_range = "443"
+ destination_addresses = ["0.0.0.0/0", "::/0"]
+ }
+ outbound_rule {
+ protocol = "tcp"
+ port_range = "80"
+ destination_addresses = ["0.0.0.0/0", "::/0"]
+ }
+ outbound_rule {
+ protocol = "tcp"
+ port_range = "25"
+ destination_addresses = ["0.0.0.0/0", "::/0"]
+ }
+ outbound_rule {
+ protocol = "tcp"
+ port_range = "143"
+ destination_addresses = ["0.0.0.0/0", "::/0"]
+ }
+ outbound_rule {
+ protocol = "tcp"
+ port_range = "587"
+ destination_addresses = ["0.0.0.0/0", "::/0"]
+ }
+ outbound_rule {
+ protocol = "tcp"
+ port_range = "993"
+ destination_addresses = ["0.0.0.0/0", "::/0"]
+ }
+ outbound_rule {
+ protocol = "tcp"
+ port_range = "995"
+ destination_addresses = ["0.0.0.0/0", "::/0"]
+ }
+ outbound_rule {
+ protocol = "tcp"
+ port_range = "110"
+ destination_addresses = ["0.0.0.0/0", "::/0"]
+ }
}
-
diff --git a/redbaron/modules/digitalocean/mail-server/main.tf b/redbaron/modules/digitalocean/mail-server/main.tf
index 7c98efc..1e61fc5 100644
--- a/redbaron/modules/digitalocean/mail-server/main.tf
+++ b/redbaron/modules/digitalocean/mail-server/main.tf
@@ -1,63 +1,58 @@
-terraform {
- required_version = ">= 0.11.0"
-}
-
resource "random_id" "server" {
- count = "${var.counter}"
+ count = var.counter
byte_length = 4
}
resource "tls_private_key" "ssh" {
- count = "${var.counter}"
+ count = var.counter
algorithm = "RSA"
- rsa_bits = 4096
+ rsa_bits = 4096
}
resource "digitalocean_ssh_key" "ssh_key" {
- count = "${var.counter}"
- name = "mail-server-key-${random_id.server.*.hex[count.index]}"
- public_key = "${tls_private_key.ssh.*.public_key_openssh[count.index]}"
+ count = var.counter
+ name = "mail-server-key-${random_id.server[count.index].hex}"
+ public_key = tls_private_key.ssh[count.index].public_key_openssh
}
resource "digitalocean_droplet" "mail-server" {
- count = "${var.counter}"
- image = "debian-9-x64"
- name = "${var.name}" #"mail-server-${random_id.server.*.hex[count.index]}" #
- region = "${var.available_regions[element(var.regions, count.index)]}"
- ssh_keys = ["${digitalocean_ssh_key.ssh_key.*.id[count.index]}"]
- size = "${var.size}"
+ count = var.counter
+ image = "debian-9-x64"
+ name = var.name #"mail-server-${random_id.server.*.hex[count.index]}" #
+ region = var.available_regions[element(var.regions, count.index)]
+ ssh_keys = [digitalocean_ssh_key.ssh_key[count.index].id]
+ size = var.size
provisioner "remote-exec" {
inline = [
"apt-get update",
- "apt-get install -y tmux mosh",
+ "apt-get install -y tmux",
]
connection {
- host = "${self.ipv4_address}"
- type = "ssh"
- user = "root"
- private_key = "${tls_private_key.ssh.*.private_key_pem[count.index]}"
+ host = self.ipv4_address
+ type = "ssh"
+ user = "root"
+ private_key = tls_private_key.ssh[count.index].private_key_pem
}
}
provisioner "local-exec" {
- command = "echo \"${tls_private_key.ssh.*.private_key_pem[count.index]}\" > ../../redbaron/data/ssh_keys/${self.ipv4_address} && echo \"${tls_private_key.ssh.*.public_key_openssh[count.index]}\" > ../../redbaron/data/ssh_keys/${self.ipv4_address}.pub && chmod 600 ../../redbaron/data/ssh_keys/*"
+ command = "echo \"${tls_private_key.ssh[count.index].private_key_pem}\" > ssh_keys/${self.ipv4_address} && echo \"${tls_private_key.ssh[count.index].public_key_openssh}\" > ssh_keys/${self.ipv4_address}.pub && chmod 600 ssh_keys/*"
}
provisioner "local-exec" {
- when = "destroy"
- command = "rm ../../redbaron/data/ssh_keys/${self.ipv4_address}*"
+ when = destroy
+ command = "rm ssh_keys/${self.ipv4_address}*"
}
provisioner "file" {
- #source = "../../redbaron/data/scripts/iredmail.sh"
- source = "${var.path}"
+ source = var.path
destination = "/tmp/iredmail.sh"
- connection {
- host = "${self.ipv4_address}"
- type = "ssh"
- user = "root"
- private_key = "${tls_private_key.ssh.*.private_key_pem[count.index]}"
+ connection {
+ host = self.ipv4_address
+ type = "ssh"
+ user = "root"
+ private_key = tls_private_key.ssh[count.index].private_key_pem
}
}
@@ -68,69 +63,43 @@ resource "digitalocean_droplet" "mail-server" {
]
connection {
- host = "${self.ipv4_address}"
- type = "ssh"
- user = "root"
- private_key = "${tls_private_key.ssh.*.private_key_pem[count.index]}"
+ host = self.ipv4_address
+ type = "ssh"
+ user = "root"
+ private_key = tls_private_key.ssh[count.index].private_key_pem
}
- }
-}
-
-resource "null_resource" "ansible_provisioner" {
- count = "${signum(length(var.ansible_playbook)) == 1 ? var.counter : 0}"
-
- depends_on = ["digitalocean_droplet.mail-server"]
-
- triggers {
- droplet_creation = "${join("," , digitalocean_droplet.mail-server.*.id)}"
- policy_sha1 = "${sha1(file(var.ansible_playbook))}"
- }
-
- provisioner "local-exec" {
- command = "ansible-playbook ${join(" ", compact(var.ansible_arguments))} --user=root --private-key=../../redbaron/data/ssh_keys/${digitalocean_droplet.mail-server.*.ipv4_address[count.index]} -e host=${digitalocean_droplet.mail-server.*.ipv4_address[count.index]} ${var.ansible_playbook}"
-
- environment {
- ANSIBLE_HOST_KEY_CHECKING = "False"
- }
- }
-
- lifecycle {
- create_before_destroy = true
}
}
data "template_file" "ssh_config" {
+ count = var.counter
- count = "${var.counter}"
-
- template = "${file("../../redbaron/data/templates/ssh_config.tpl")}"
+ template = file("../../redbaron/data/templates/ssh_config.tpl")
- depends_on = ["digitalocean_droplet.mail-server"]
+ depends_on = [digitalocean_droplet.mail-server]
- vars {
- name = "mail_server_${digitalocean_droplet.mail-server.*.ipv4_address[count.index]}"
- hostname = "${digitalocean_droplet.mail-server.*.ipv4_address[count.index]}"
- user = "root"
- identityfile = "${path.root}/data/ssh_keys/${digitalocean_droplet.mail-server.*.ipv4_address[count.index]}"
+ vars = {
+ name = "mail_server_${digitalocean_droplet.mail-server[count.index].ipv4_address}"
+ hostname = digitalocean_droplet.mail-server[count.index].ipv4_address
+ user = "root"
+ identityfile = "${abspath(path.root)}/ssh_keys/${digitalocean_droplet.mail-server[count.index].ipv4_address}"
}
-
}
resource "null_resource" "gen_ssh_config" {
+ count = var.counter
- count = "${var.counter}"
-
- triggers {
- template_rendered = "${data.template_file.ssh_config.*.rendered[count.index]}"
+ triggers = {
+ template_rendered = data.template_file.ssh_config[count.index].rendered
}
provisioner "local-exec" {
- command = "echo '${data.template_file.ssh_config.*.rendered[count.index]}' > ../../redbaron/data/ssh_configs/config_${random_id.server.*.hex[count.index]}"
+ command = "echo '${data.template_file.ssh_config[count.index].rendered}' > ssh_configs/config_${random_id.server[count.index].hex}"
}
provisioner "local-exec" {
- when = "destroy"
- command = "rm ../../redbaron/data/ssh_configs/config_${random_id.server.*.hex[count.index]}"
+ when = destroy
+ command = "rm ssh_configs/config_${random_id.server[count.index].hex}"
}
-
}
+
diff --git a/redbaron/modules/digitalocean/mail-server/outputs.tf b/redbaron/modules/digitalocean/mail-server/outputs.tf
index aae662f..ba41793 100644
--- a/redbaron/modules/digitalocean/mail-server/outputs.tf
+++ b/redbaron/modules/digitalocean/mail-server/outputs.tf
@@ -1,7 +1,3 @@
output "ips" {
- value = ["${digitalocean_droplet.mail-server.*.ipv4_address}"]
-}
-
-output "ssh_user" {
- value = "root"
+ value = [digitalocean_droplet.mail-server.*.ipv4_address]
}
\ No newline at end of file
diff --git a/redbaron/modules/digitalocean/mail-server/variables.tf b/redbaron/modules/digitalocean/mail-server/variables.tf
index 781988f..8c1cbb2 100644
--- a/redbaron/modules/digitalocean/mail-server/variables.tf
+++ b/redbaron/modules/digitalocean/mail-server/variables.tf
@@ -2,38 +2,23 @@ variable "counter" {
default = 1
}
-variable "ansible_playbook" {
- default = ""
- description = "Ansible Playbook to run"
-}
-
-variable "ansible_arguments" {
- default = []
- type = "list"
- description = "Additional Ansible Arguments"
-}
-
-variable "ansible_vars" {
- default = []
- type = "list"
- description = "Environment variables"
-}
-
variable "size" {
default = "s-1vcpu-1gb"
}
-variable "name" {}
+variable "name" {
+}
-variable "path" {}
+variable "path" {
+}
variable "regions" {
- type = "list"
+ type = list(string)
default = ["LON1"]
}
variable "available_regions" {
- type = "map"
+ type = map(string)
default = {
"NYC1" = "nyc1"
"NYC2" = "nyc2"
@@ -49,3 +34,4 @@ variable "available_regions" {
"BLR1" = "blr1"
}
}
+
diff --git a/redbaron/modules/digitalocean/mail-server/versions.tf b/redbaron/modules/digitalocean/mail-server/versions.tf
new file mode 100644
index 0000000..ac97c6a
--- /dev/null
+++ b/redbaron/modules/digitalocean/mail-server/versions.tf
@@ -0,0 +1,4 @@
+
+terraform {
+ required_version = ">= 0.12"
+}
diff --git a/redbaron/modules/digitalocean/phishing-server-gophish/README.md b/redbaron/modules/digitalocean/phishing-server-gophish/README.md
index a2532af..8f4cf7c 100644
--- a/redbaron/modules/digitalocean/phishing-server-gophish/README.md
+++ b/redbaron/modules/digitalocean/phishing-server-gophish/README.md
@@ -1,27 +1,20 @@
# phishing-server-gophish
-#On development ( no changes from normal phishing server)
-
-Creates a droplet in DigitalOcean to be used as a phishing server. SSH keys for each droplet will be outputted to the ssh_keys folder.
-
-# Example
-
-```hcl
-module "phishing_server" {
- source = "./modules/digitalocean/phishing-server"
-}
-```
+Creates a droplet in Digital Ocean to be used as a phishing server. SSH keys for each droplet will be outputted to the ssh_keys folder.
# Arguments
-| Name | Required | Value Type | Description
-|---------------------------| -------- | ---------- | -----------
-|`counter` | No | Integer | Number of droplets to launch. Defaults to `1`.
-|`size` | No | String | Droplet size to launch. Defaults to `1gb with 25 GB disk`.
-|`regions` | No | List | Regions to create Droplet(s) in. Defaults to `NYC1`. Accepted values are NYC1/2/3, SFO1/2, AMS2/3, SGP1, LON1, FRA1, TOR1, BLR1.
+| Name | Value Type | Description
+|---------------------------| ------------ | -----------
+|`install` | List(string) | Scripts to run on droplet creation. Defaults to "./scripts/core_deps.sh".
+|`counter` | Integer | Number of droplets to launch. Defaults to 1.
+|`size` | String | Droplet size to launch. Defaults to `1gb with 25 GB disk`.
+|`regions` | List(string) | Regions to create Droplet(s) in. Defaults to `NYC1`. Accepted values are NYC1/2/3, SFO1/2, AMS2/3, SGP1, LON1, FRA1, TOR1, BLR1.
+|`available_regions` | Map(string) | Regions to choose from in the regions variable
+
# Outputs
| Name | Value Type | Description
|---------------------------| ---------- | -----------
-|`ips` | List | IPs of created droplets.
+|`ips` | List | IPs of created droplets.
diff --git a/redbaron/modules/digitalocean/phishing-server-gophish/firewall.tf b/redbaron/modules/digitalocean/phishing-server-gophish/firewall.tf
index b9eca17..24ba51d 100644
--- a/redbaron/modules/digitalocean/phishing-server-gophish/firewall.tf
+++ b/redbaron/modules/digitalocean/phishing-server-gophish/firewall.tf
@@ -1,9 +1,5 @@
-terraform {
- required_version = ">= 0.11.0"
-}
-
data "external" "get_public_ip" {
- program = ["bash", "../../redbaron/data/scripts/get_public_ip.sh" ]
+ program = ["bash", "../../redbaron/data/scripts/get_public_ip.sh"]
}
resource "random_id" "firewall" {
@@ -13,66 +9,63 @@ resource "random_id" "firewall" {
resource "digitalocean_firewall" "web" {
name = "phishing-server-only-allow-dns-http-ssh-${random_id.firewall.hex}"
- droplet_ids = ["${digitalocean_droplet.phishing-server.*.id}"]
+ droplet_ids = digitalocean_droplet.phishing-server.*.id
- inbound_rule = [
- {
- protocol = "tcp"
- port_range = "443"
- source_addresses = ["0.0.0.0/0", "::/0"]
- },
- {
- protocol = "tcp"
- port_range = "80"
- source_addresses = ["0.0.0.0/0", "::/0"]
- },
- {
- protocol = "tcp"
- port_range = "22"
- source_addresses = ["${data.external.get_public_ip.result["ip"]}/32"]
- },
- {
- protocol = "tcp"
- port_range = "3333"
- source_addresses = ["${data.external.get_public_ip.result["ip"]}/32"]
- },
- {
- protocol = "udp"
- port_range = "60000-61000"
- source_addresses = ["0.0.0.0/0", "::/0"]
- }
- ]
+ inbound_rule {
+ protocol = "tcp"
+ port_range = "443"
+ source_addresses = ["0.0.0.0/0", "::/0"]
+ }
+ inbound_rule {
+ protocol = "tcp"
+ port_range = "80"
+ source_addresses = ["0.0.0.0/0", "::/0"]
+ }
+ inbound_rule {
+ protocol = "tcp"
+ port_range = "22"
+ source_addresses = ["${data.external.get_public_ip.result["ip"]}/32"]
+ }
+ inbound_rule {
+ protocol = "tcp"
+ port_range = "3333"
+ source_addresses = ["${data.external.get_public_ip.result["ip"]}/32"]
+ }
+ inbound_rule {
+ protocol = "udp"
+ port_range = "60000-61000"
+ source_addresses = ["0.0.0.0/0", "::/0"]
+ }
- outbound_rule = [
- {
- protocol = "tcp"
- port_range = "53"
- destination_addresses = ["0.0.0.0/0", "::/0"]
- },
- {
- protocol = "udp"
- port_range = "53"
- destination_addresses = ["0.0.0.0/0", "::/0"]
- },
- {
- protocol = "tcp"
- port_range = "443"
- destination_addresses = ["0.0.0.0/0", "::/0"]
- },
- {
- protocol = "tcp"
- port_range = "80"
- destination_addresses = ["0.0.0.0/0", "::/0"]
- },
- {
- protocol = "tcp"
- port_range = "587" #mailserver port for auth
- destination_addresses = ["0.0.0.0/0", "::/0"]
- },
- {
- protocol = "tcp"
- port_range = "25" #mailserver port for auth
- destination_addresses = ["0.0.0.0/0", "::/0"]
- }
- ]
+ outbound_rule {
+ protocol = "tcp"
+ port_range = "53"
+ destination_addresses = ["0.0.0.0/0", "::/0"]
+ }
+ outbound_rule {
+ protocol = "udp"
+ port_range = "53"
+ destination_addresses = ["0.0.0.0/0", "::/0"]
+ }
+ outbound_rule {
+ protocol = "tcp"
+ port_range = "443"
+ destination_addresses = ["0.0.0.0/0", "::/0"]
+ }
+ outbound_rule {
+ protocol = "tcp"
+ port_range = "80"
+ destination_addresses = ["0.0.0.0/0", "::/0"]
+ }
+ outbound_rule {
+ protocol = "tcp"
+ port_range = "587" #mailserver port for auth
+ destination_addresses = ["0.0.0.0/0", "::/0"]
+ }
+ outbound_rule {
+ protocol = "tcp"
+ port_range = "25" #mailserver port for auth
+ destination_addresses = ["0.0.0.0/0", "::/0"]
+ }
}
+
diff --git a/redbaron/modules/digitalocean/phishing-server-gophish/main.tf b/redbaron/modules/digitalocean/phishing-server-gophish/main.tf
index 140735e..e36806c 100644
--- a/redbaron/modules/digitalocean/phishing-server-gophish/main.tf
+++ b/redbaron/modules/digitalocean/phishing-server-gophish/main.tf
@@ -1,157 +1,125 @@
-terraform {
- required_version = ">= 0.11.0"
-}
-
resource "random_id" "server" {
- count = "${var.counter}"
+ count = var.counter
byte_length = 4
}
resource "tls_private_key" "ssh" {
- count = "${var.counter}"
+ count = var.counter
algorithm = "RSA"
- rsa_bits = 4096
+ rsa_bits = 4096
}
resource "digitalocean_ssh_key" "ssh_key" {
- count = "${var.counter}"
- name = "phishing-server-key-${random_id.server.*.hex[count.index]}"
- public_key = "${tls_private_key.ssh.*.public_key_openssh[count.index]}"
+ count = var.counter
+ name = "phishing-server-key-${random_id.server[count.index].hex}"
+ public_key = tls_private_key.ssh[count.index].public_key_openssh
}
resource "digitalocean_droplet" "phishing-server" {
- count = "${var.counter}"
- image = "debian-9-x64"
- name = "phishing-server-${random_id.server.*.hex[count.index]}"
- region = "${var.available_regions[element(var.regions, count.index)]}"
- ssh_keys = ["${digitalocean_ssh_key.ssh_key.*.id[count.index]}"]
- size = "${var.size}"
+ count = var.counter
+ image = "debian-9-x64"
+ name = "phishing-server-${random_id.server[count.index].hex}"
+ region = var.available_regions[element(var.regions, count.index)]
+ ssh_keys = [digitalocean_ssh_key.ssh_key[count.index].id]
+ size = var.size
provisioner "remote-exec" {
inline = [
"apt-get update",
- "apt-get install -y tmux mosh"
+ "apt-get install -y tmux",
]
connection {
- host = "${self.ipv4_address}"
- type = "ssh"
- user = "root"
- private_key = "${tls_private_key.ssh.*.private_key_pem[count.index]}"
+ host = self.ipv4_address
+ type = "ssh"
+ user = "root"
+ private_key = tls_private_key.ssh[count.index].private_key_pem
}
}
-
provisioner "remote-exec" {
- scripts = "${concat(list("../../redbaron/data/scripts/core_deps.sh"), var.install)}"
+ scripts = concat(["../../redbaron/data/scripts/core_deps.sh"], var.install)
connection {
- host = "${self.ipv4_address}"
- type = "ssh"
- user = "root"
- private_key = "${tls_private_key.ssh.*.private_key_pem[count.index]}"
+ host = self.ipv4_address
+ type = "ssh"
+ user = "root"
+ private_key = tls_private_key.ssh[count.index].private_key_pem
}
}
provisioner "file" {
source = "../../redbaron/data/scripts/gophish/gophish.service"
destination = "/lib/systemd/system/gophish.service"
- connection {
- host = "${self.ipv4_address}"
- type = "ssh"
- user = "root"
- private_key = "${tls_private_key.ssh.*.private_key_pem[count.index]}"
+ connection {
+ host = self.ipv4_address
+ type = "ssh"
+ user = "root"
+ private_key = tls_private_key.ssh[count.index].private_key_pem
}
}
provisioner "file" {
source = "../../redbaron/data/scripts/gophish/gophish_service.sh"
destination = "/tmp/gophish.sh"
- connection {
- host = "${self.ipv4_address}"
- type = "ssh"
- user = "root"
- private_key = "${tls_private_key.ssh.*.private_key_pem[count.index]}"
+ connection {
+ host = self.ipv4_address
+ type = "ssh"
+ user = "root"
+ private_key = tls_private_key.ssh[count.index].private_key_pem
}
}
provisioner "remote-exec" {
- scripts = "${concat(list("../../redbaron/data/scripts/gophish.sh"), var.install)}"
+ scripts = concat(["../../redbaron/data/scripts/gophish.sh"], var.install)
connection {
- host = "${self.ipv4_address}"
- type = "ssh"
- user = "root"
- private_key = "${tls_private_key.ssh.*.private_key_pem[count.index]}"
+ host = self.ipv4_address
+ type = "ssh"
+ user = "root"
+ private_key = tls_private_key.ssh[count.index].private_key_pem
}
}
provisioner "local-exec" {
- command = "echo \"${tls_private_key.ssh.*.private_key_pem[count.index]}\" > ../../redbaron/data/ssh_keys/${self.ipv4_address} && echo \"${tls_private_key.ssh.*.public_key_openssh[count.index]}\" > ../../redbaron/data/ssh_keys/${self.ipv4_address}.pub && chmod 600 ../../redbaron/data/ssh_keys/*"
+ command = "echo \"${tls_private_key.ssh[count.index].private_key_pem}\" > ssh_keys/${self.ipv4_address} && echo \"${tls_private_key.ssh[count.index].public_key_openssh}\" > ssh_keys/${self.ipv4_address}.pub && chmod 600 ssh_keys/*"
}
provisioner "local-exec" {
- when = "destroy"
- command = "rm ../../redbaron/data/ssh_keys/${self.ipv4_address}*"
- }
-
-}
-
-resource "null_resource" "ansible_provisioner" {
- count = "${signum(length(var.ansible_playbook)) == 1 ? var.counter : 0}"
-
- depends_on = ["digitalocean_droplet.phishing-server"]
-
- triggers {
- droplet_creation = "${join("," , digitalocean_droplet.phishing-server.*.id)}"
- policy_sha1 = "${sha1(file(var.ansible_playbook))}"
- }
-
- provisioner "local-exec" {
- command = "ansible-playbook ${join(" ", compact(var.ansible_arguments))} --user=root --private-key=../../redbaron/data/ssh_keys/${digitalocean_droplet.phishing-server.*.ipv4_address[count.index]} -e host=${digitalocean_droplet.phishing-server.*.ipv4_address[count.index]} ${var.ansible_playbook}"
-
- environment {
- ANSIBLE_HOST_KEY_CHECKING = "False"
- }
- }
-
- lifecycle {
- create_before_destroy = true
+ when = destroy
+ command = "rm ssh_keys/${self.ipv4_address}*"
}
}
data "template_file" "ssh_config" {
+ count = var.counter
- count = "${var.counter}"
+ template = file("../../redbaron/data/templates/ssh_config.tpl")
- template = "${file("../../redbaron/data/templates/ssh_config.tpl")}"
+ depends_on = [digitalocean_droplet.phishing-server]
- depends_on = ["digitalocean_droplet.phishing-server"]
-
- vars {
- name = "phishing_server_${digitalocean_droplet.phishing-server.*.ipv4_address[count.index]}"
- hostname = "${digitalocean_droplet.phishing-server.*.ipv4_address[count.index]}"
- user = "root"
- identityfile = "${path.root}/data/ssh_keys/${digitalocean_droplet.phishing-server.*.ipv4_address[count.index]}"
+ vars = {
+ name = "phishing_server_${digitalocean_droplet.phishing-server[count.index].ipv4_address}"
+ hostname = digitalocean_droplet.phishing-server[count.index].ipv4_address
+ user = "root"
+ identityfile = "${abspath(path.root)}/ssh_keys/${digitalocean_droplet.phishing-server[count.index].ipv4_address}"
}
-
}
resource "null_resource" "gen_ssh_config" {
+ count = var.counter
- count = "${var.counter}"
-
- triggers {
- template_rendered = "${data.template_file.ssh_config.*.rendered[count.index]}"
+ triggers = {
+ template_rendered = data.template_file.ssh_config[count.index].rendered
}
provisioner "local-exec" {
- command = "echo '${data.template_file.ssh_config.*.rendered[count.index]}' > ../../redbaron/data/ssh_configs/config_${random_id.server.*.hex[count.index]}"
+ command = "echo '${data.template_file.ssh_config[count.index].rendered}' > ssh_configs/config_${random_id.server[count.index].hex}"
}
provisioner "local-exec" {
- when = "destroy"
- command = "rm ../../redbaron/data/ssh_configs/config_${random_id.server.*.hex[count.index]}"
+ when = destroy
+ command = "rm ssh_configs/config_${random_id.server[count.index].hex}"
}
-
}
+
diff --git a/redbaron/modules/digitalocean/phishing-server-gophish/outputs.tf b/redbaron/modules/digitalocean/phishing-server-gophish/outputs.tf
index a6157b9..ab26038 100644
--- a/redbaron/modules/digitalocean/phishing-server-gophish/outputs.tf
+++ b/redbaron/modules/digitalocean/phishing-server-gophish/outputs.tf
@@ -1,7 +1,3 @@
output "ips" {
- value = ["${digitalocean_droplet.phishing-server.*.ipv4_address}"]
-}
-
-output "ssh_user" {
- value = "root"
+ value = [digitalocean_droplet.phishing-server.*.ipv4_address]
}
\ No newline at end of file
diff --git a/redbaron/modules/digitalocean/phishing-server-gophish/variables.tf b/redbaron/modules/digitalocean/phishing-server-gophish/variables.tf
index 0accd43..ef721c7 100644
--- a/redbaron/modules/digitalocean/phishing-server-gophish/variables.tf
+++ b/redbaron/modules/digitalocean/phishing-server-gophish/variables.tf
@@ -1,5 +1,5 @@
variable "install" {
- type = "list"
+ type = list(string)
default = []
}
@@ -7,34 +7,17 @@ variable "counter" {
default = 1
}
-variable "ansible_playbook" {
- default = ""
- description = "Ansible Playbook to run"
-}
-
-variable "ansible_arguments" {
- default = []
- type = "list"
- description = "Additional Ansible Arguments"
-}
-
-variable "ansible_vars" {
- default = []
- type = "list"
- description = "Environment variables"
-}
-
variable "size" {
default = "s-1vcpu-1gb"
}
variable "regions" {
- type = "list"
+ type = list(string)
default = ["LON1"]
}
variable "available_regions" {
- type = "map"
+ type = map(string)
default = {
"NYC1" = "nyc1"
"NYC2" = "nyc2"
@@ -50,3 +33,4 @@ variable "available_regions" {
"BLR1" = "blr1"
}
}
+
diff --git a/redbaron/modules/digitalocean/phishing-server-gophish/versions.tf b/redbaron/modules/digitalocean/phishing-server-gophish/versions.tf
new file mode 100644
index 0000000..ac97c6a
--- /dev/null
+++ b/redbaron/modules/digitalocean/phishing-server-gophish/versions.tf
@@ -0,0 +1,4 @@
+
+terraform {
+ required_version = ">= 0.12"
+}
diff --git a/redbaron/modules/digitalocean/phishing-server/README.md b/redbaron/modules/digitalocean/phishing-server/README.md
index 735a40a..290216d 100644
--- a/redbaron/modules/digitalocean/phishing-server/README.md
+++ b/redbaron/modules/digitalocean/phishing-server/README.md
@@ -2,21 +2,14 @@
Creates a droplet in DigitalOcean to be used as a phishing server. SSH keys for each droplet will be outputted to the ssh_keys folder.
-# Example
-
-```hcl
-module "phishing_server" {
- source = "./modules/digitalocean/phishing-server"
-}
-```
-
# Arguments
-| Name | Required | Value Type | Description
-|---------------------------| -------- | ---------- | -----------
-|`counter` | No | Integer | Number of droplets to launch. Defaults to `1`.
-|`size` | No | String | Droplet size to launch. Defaults to `1gb with 25 GB disk`.
-|`regions` | No | List | Regions to create Droplet(s) in. Defaults to `NYC1`. Accepted values are NYC1/2/3, SFO1/2, AMS2/3, SGP1, LON1, FRA1, TOR1, BLR1.
+| Name | Value Type | Description
+|---------------------------| ---------- | -----------
+|`counter` | Integer | Number of droplets to launch. Defaults to `1`.
+|`size` | String | Droplet size to launch. Defaults to `1gb with 25 GB disk`.
+|`regions` | List | Regions to create Droplet(s) in. Defaults to `NYC1`. Accepted values are NYC1/2/3, SFO1/2, AMS2/3, SGP1, LON1, FRA1, TOR1, BLR1.
+|`available_regions` | Map(string)| Regions to choose from in the regions variable
# Outputs
diff --git a/redbaron/modules/digitalocean/phishing-server/firewall.tf b/redbaron/modules/digitalocean/phishing-server/firewall.tf
index c68ddaa..ee73ad4 100644
--- a/redbaron/modules/digitalocean/phishing-server/firewall.tf
+++ b/redbaron/modules/digitalocean/phishing-server/firewall.tf
@@ -1,9 +1,5 @@
-terraform {
- required_version = ">= 0.11.0"
-}
-
data "external" "get_public_ip" {
- program = ["bash", "../../redbaron/data/scripts/get_public_ip.sh" ]
+ program = ["bash", "../../redbaron/data/scripts/get_public_ip.sh"]
}
resource "random_id" "firewall" {
@@ -13,51 +9,48 @@ resource "random_id" "firewall" {
resource "digitalocean_firewall" "web" {
name = "phishing-server-only-allow-dns-http-ssh-${random_id.firewall.hex}"
- droplet_ids = ["${digitalocean_droplet.phishing-server.*.id}"]
+ droplet_ids = digitalocean_droplet.phishing-server.*.id
- inbound_rule = [
- {
- protocol = "tcp"
- port_range = "443"
- source_addresses = ["0.0.0.0/0", "::/0"]
- },
- {
- protocol = "tcp"
- port_range = "80"
- source_addresses = ["0.0.0.0/0", "::/0"]
- },
- {
- protocol = "tcp"
- port_range = "22"
- source_addresses = ["${data.external.get_public_ip.result["ip"]}/32"]
- },
- {
- protocol = "udp"
- port_range = "60000-61000"
- source_addresses = ["0.0.0.0/0", "::/0"]
- }
- ]
+ inbound_rule {
+ protocol = "tcp"
+ port_range = "443"
+ source_addresses = ["0.0.0.0/0", "::/0"]
+ }
+ inbound_rule {
+ protocol = "tcp"
+ port_range = "80"
+ source_addresses = ["0.0.0.0/0", "::/0"]
+ }
+ inbound_rule {
+ protocol = "tcp"
+ port_range = "22"
+ source_addresses = ["${data.external.get_public_ip.result["ip"]}/32"]
+ }
+ inbound_rule {
+ protocol = "udp"
+ port_range = "60000-61000"
+ source_addresses = ["0.0.0.0/0", "::/0"]
+ }
- outbound_rule = [
- {
- protocol = "tcp"
- port_range = "53"
- destination_addresses = ["0.0.0.0/0", "::/0"]
- },
- {
- protocol = "udp"
- port_range = "53"
- destination_addresses = ["0.0.0.0/0", "::/0"]
- },
- {
- protocol = "tcp"
- port_range = "443"
- destination_addresses = ["0.0.0.0/0", "::/0"]
- },
- {
- protocol = "tcp"
- port_range = "80"
- destination_addresses = ["0.0.0.0/0", "::/0"]
- },
- ]
+ outbound_rule {
+ protocol = "tcp"
+ port_range = "53"
+ destination_addresses = ["0.0.0.0/0", "::/0"]
+ }
+ outbound_rule {
+ protocol = "udp"
+ port_range = "53"
+ destination_addresses = ["0.0.0.0/0", "::/0"]
+ }
+ outbound_rule {
+ protocol = "tcp"
+ port_range = "443"
+ destination_addresses = ["0.0.0.0/0", "::/0"]
+ }
+ outbound_rule {
+ protocol = "tcp"
+ port_range = "80"
+ destination_addresses = ["0.0.0.0/0", "::/0"]
+ }
}
+
diff --git a/redbaron/modules/digitalocean/phishing-server/main.tf b/redbaron/modules/digitalocean/phishing-server/main.tf
index 4eeb17f..7fd740c 100644
--- a/redbaron/modules/digitalocean/phishing-server/main.tf
+++ b/redbaron/modules/digitalocean/phishing-server/main.tf
@@ -1,114 +1,83 @@
-terraform {
- required_version = ">= 0.11.0"
-}
-
resource "random_id" "server" {
- count = "${var.counter}"
+ count = var.counter
byte_length = 4
}
resource "tls_private_key" "ssh" {
- count = "${var.counter}"
+ count = var.counter
algorithm = "RSA"
- rsa_bits = 4096
+ rsa_bits = 4096
}
resource "digitalocean_ssh_key" "ssh_key" {
- count = "${var.counter}"
- name = "phishing-server-key-${random_id.server.*.hex[count.index]}"
- public_key = "${tls_private_key.ssh.*.public_key_openssh[count.index]}"
+ count = var.counter
+ name = "phishing-server-key-${random_id.server[count.index].hex}"
+ public_key = tls_private_key.ssh[count.index].public_key_openssh
}
resource "digitalocean_droplet" "phishing-server" {
- count = "${var.counter}"
- image = "debian-9-x64"
- name = "phishing-server-${random_id.server.*.hex[count.index]}"
- region = "${var.available_regions[element(var.regions, count.index)]}"
- ssh_keys = ["${digitalocean_ssh_key.ssh_key.*.id[count.index]}"]
- size = "${var.size}"
+ count = var.counter
+ image = "debian-9-x64"
+ name = "phishing-server-${random_id.server[count.index].hex}"
+ region = var.available_regions[element(var.regions, count.index)]
+ ssh_keys = [digitalocean_ssh_key.ssh_key[count.index].id]
+ size = var.size
provisioner "remote-exec" {
inline = [
"apt-get update",
- "apt-get install -y tmux apache2 certbot mosh python-certbot-apache",
+ "apt-get install -y tmux apache2 certbot python-certbot-apache",
"a2enmod ssl",
- "systemctl stop apache2"
+ "systemctl stop apache2",
]
connection {
- host = "${self.ipv4_address}"
- type = "ssh"
- user = "root"
- private_key = "${tls_private_key.ssh.*.private_key_pem[count.index]}"
+ host = self.ipv4_address
+ type = "ssh"
+ user = "root"
+ private_key = tls_private_key.ssh[count.index].private_key_pem
}
}
provisioner "local-exec" {
- command = "echo \"${tls_private_key.ssh.*.private_key_pem[count.index]}\" > ../../redbaron/data/ssh_keys/${self.ipv4_address} && echo \"${tls_private_key.ssh.*.public_key_openssh[count.index]}\" > ../../redbaron/data/ssh_keys/${self.ipv4_address}.pub && chmod 600 ../../redbaron/data/ssh_keys/*"
+ command = "echo \"${tls_private_key.ssh[count.index].private_key_pem}\" > ssh_keys/${self.ipv4_address} && echo \"${tls_private_key.ssh[count.index].public_key_openssh}\" > ssh_keys/${self.ipv4_address}.pub && chmod 600 ssh_keys/*"
}
provisioner "local-exec" {
- when = "destroy"
- command = "rm ../../redbaron/data/ssh_keys/${self.ipv4_address}*"
- }
-
-}
-
-resource "null_resource" "ansible_provisioner" {
- count = "${signum(length(var.ansible_playbook)) == 1 ? var.counter : 0}"
-
- depends_on = ["digitalocean_droplet.phishing-server"]
-
- triggers {
- droplet_creation = "${join("," , digitalocean_droplet.phishing-server.*.id)}"
- policy_sha1 = "${sha1(file(var.ansible_playbook))}"
- }
-
- provisioner "local-exec" {
- command = "ansible-playbook ${join(" ", compact(var.ansible_arguments))} --user=root --private-key=../../redbaron/data/ssh_keys/${digitalocean_droplet.phishing-server.*.ipv4_address[count.index]} -e host=${digitalocean_droplet.phishing-server.*.ipv4_address[count.index]} ${var.ansible_playbook}"
-
- environment {
- ANSIBLE_HOST_KEY_CHECKING = "False"
- }
- }
-
- lifecycle {
- create_before_destroy = true
+ when = destroy
+ command = "rm ssh_keys/${self.ipv4_address}*"
}
}
data "template_file" "ssh_config" {
+ count = var.counter
- count = "${var.counter}"
+ template = file("../../redbaron/data/templates/ssh_config.tpl")
- template = "${file("../../redbaron/data/templates/ssh_config.tpl")}"
+ depends_on = [digitalocean_droplet.phishing-server]
- depends_on = ["digitalocean_droplet.phishing-server"]
-
- vars {
- name = "phishing_server_${digitalocean_droplet.phishing-server.*.ipv4_address[count.index]}"
- hostname = "${digitalocean_droplet.phishing-server.*.ipv4_address[count.index]}"
- user = "root"
- identityfile = "${path.root}/data/ssh_keys/${digitalocean_droplet.phishing-server.*.ipv4_address[count.index]}"
+ vars = {
+ name = "phishing_server_${digitalocean_droplet.phishing-server[count.index].ipv4_address}"
+ hostname = digitalocean_droplet.phishing-server[count.index].ipv4_address
+ user = "root"
+ identityfile = "${abspath(path.root)}/ssh_keys/${digitalocean_droplet.phishing-server[count.index].ipv4_address}"
}
-
}
resource "null_resource" "gen_ssh_config" {
+ count = var.counter
- count = "${var.counter}"
-
- triggers {
- template_rendered = "${data.template_file.ssh_config.*.rendered[count.index]}"
+ triggers = {
+ template_rendered = data.template_file.ssh_config[count.index].rendered
}
provisioner "local-exec" {
- command = "echo '${data.template_file.ssh_config.*.rendered[count.index]}' > ../../redbaron/data/ssh_configs/config_${random_id.server.*.hex[count.index]}"
+ command = "echo '${data.template_file.ssh_config[count.index].rendered}' > ssh_configs/config_${random_id.server[count.index].hex}"
}
provisioner "local-exec" {
- when = "destroy"
- command = "rm ../../redbaron/data/ssh_configs/config_${random_id.server.*.hex[count.index]}"
+ when = destroy
+ command = "rm ssh_configs/config_${random_id.server[count.index].hex}"
}
+}
-}
\ No newline at end of file
diff --git a/redbaron/modules/digitalocean/phishing-server/outputs.tf b/redbaron/modules/digitalocean/phishing-server/outputs.tf
index a6157b9..56c4948 100644
--- a/redbaron/modules/digitalocean/phishing-server/outputs.tf
+++ b/redbaron/modules/digitalocean/phishing-server/outputs.tf
@@ -1,7 +1,3 @@
output "ips" {
- value = ["${digitalocean_droplet.phishing-server.*.ipv4_address}"]
+ value = [digitalocean_droplet.phishing-server.*.ipv4_address]
}
-
-output "ssh_user" {
- value = "root"
-}
\ No newline at end of file
diff --git a/redbaron/modules/digitalocean/phishing-server/variables.tf b/redbaron/modules/digitalocean/phishing-server/variables.tf
index 40b4643..e3bb246 100644
--- a/redbaron/modules/digitalocean/phishing-server/variables.tf
+++ b/redbaron/modules/digitalocean/phishing-server/variables.tf
@@ -2,34 +2,17 @@ variable "counter" {
default = 1
}
-variable "ansible_playbook" {
- default = ""
- description = "Ansible Playbook to run"
-}
-
-variable "ansible_arguments" {
- default = []
- type = "list"
- description = "Additional Ansible Arguments"
-}
-
-variable "ansible_vars" {
- default = []
- type = "list"
- description = "Environment variables"
-}
-
variable "size" {
default = "s-1vcpu-1gb"
}
variable "regions" {
- type = "list"
+ type = list(string)
default = ["LON1"]
}
variable "available_regions" {
- type = "map"
+ type = map(string)
default = {
"NYC1" = "nyc1"
"NYC2" = "nyc2"
@@ -45,3 +28,4 @@ variable "available_regions" {
"BLR1" = "blr1"
}
}
+
diff --git a/redbaron/modules/digitalocean/phishing-server/versions.tf b/redbaron/modules/digitalocean/phishing-server/versions.tf
new file mode 100644
index 0000000..ac97c6a
--- /dev/null
+++ b/redbaron/modules/digitalocean/phishing-server/versions.tf
@@ -0,0 +1,4 @@
+
+terraform {
+ required_version = ">= 0.12"
+}
diff --git a/redbaron/modules/godaddy/create-dns-record/README.md b/redbaron/modules/godaddy/create-dns-record/README.md
deleted file mode 100644
index 1c94048..0000000
--- a/redbaron/modules/godaddy/create-dns-record/README.md
+++ /dev/null
@@ -1,3 +0,0 @@
-#create-dns-record
-
-#DOES NOT WORK
\ No newline at end of file
diff --git a/redbaron/modules/godaddy/create-dns-record/main.tf b/redbaron/modules/godaddy/create-dns-record/main.tf
deleted file mode 100644
index 049456d..0000000
--- a/redbaron/modules/godaddy/create-dns-record/main.tf
+++ /dev/null
@@ -1,16 +0,0 @@
-terraform {
- required_version = ">= 0.11.0"
-}
-
-#old
-resource "godaddy_domain_record" "record" {
- count = "${var.counter}"
- domain = "${var.domain}"
-
- record {
- name = "${element(keys(var.records), count.index)}"
- type = "${var.type}"
- data = "${lookup(var.records, element(keys(var.records), count.index))}"
- ttl = "${var.ttl}"
- }
-}
diff --git a/redbaron/modules/godaddy/create-dns-record/outputs.tf b/redbaron/modules/godaddy/create-dns-record/outputs.tf
deleted file mode 100644
index 4e0b481..0000000
--- a/redbaron/modules/godaddy/create-dns-record/outputs.tf
+++ /dev/null
@@ -1,3 +0,0 @@
-output "records" {
- value = "${var.records}"
-}
\ No newline at end of file
diff --git a/redbaron/modules/godaddy/create-dns-record/variables.tf b/redbaron/modules/godaddy/create-dns-record/variables.tf
deleted file mode 100644
index f9f29aa..0000000
--- a/redbaron/modules/godaddy/create-dns-record/variables.tf
+++ /dev/null
@@ -1,15 +0,0 @@
-variable "domain" {}
-
-variable "type" {}
-
-variable "counter" {
- default = 1
-}
-
-variable "ttl" {
- default = 600
-}
-
-variable "records" {
- type = "map"
-}
diff --git a/redbaron/modules/godaddy/redirect-nameservers/README.md b/redbaron/modules/godaddy/redirect-nameservers/README.md
index 6c5e123..509e506 100644
--- a/redbaron/modules/godaddy/redirect-nameservers/README.md
+++ b/redbaron/modules/godaddy/redirect-nameservers/README.md
@@ -2,22 +2,9 @@
Redirects the nameservers from Godaddy to another provider (AWS, DigitalOcean)
-# Example
-
-```hcl
-module "redirect_ns"{
- source = "./modules/godaddy/redirect-nameservers"
- domain = "${var.domain[1]}"
-
- # // specify any custom nameservers for your domain
- nameservers = ["ns1.test.com"]
-}
-
-```
-
# Arguments
-| Name | Required | Value Type | Description
-|---------------------------| -------- | ---------- | -----------
-|`domain` | Yes | String | The domain to create a hosted zone for.
-|`nameservers` | Yes | List | The nameservers to be used for the specified domain.
+| Name | Required | Value Type | Description
+|---------------------------| -------- | ------------ | -----------
+|`domain` | Yes | String | The domain to create a hosted zone for.
+|`nameservers` | Yes | List(string) | The nameservers to be used for the specified domain.
diff --git a/redbaron/modules/godaddy/redirect-nameservers/main.tf b/redbaron/modules/godaddy/redirect-nameservers/main.tf
index 4187198..eea79dc 100644
--- a/redbaron/modules/godaddy/redirect-nameservers/main.tf
+++ b/redbaron/modules/godaddy/redirect-nameservers/main.tf
@@ -1,10 +1,5 @@
-terraform {
- required_version = ">= 0.11.0"
-}
-
resource "godaddy_domain_record" "gd-fancy-domain" {
- domain = "${var.domain}"
-
- # // specify any custom nameservers for your domain
- nameservers = ["${var.nameservers}"]
+ domain = var.domain
+ nameservers = var.nameservers
}
+
diff --git a/redbaron/modules/godaddy/redirect-nameservers/outputs.tf b/redbaron/modules/godaddy/redirect-nameservers/outputs.tf
index e69de29..b6bc559 100644
--- a/redbaron/modules/godaddy/redirect-nameservers/outputs.tf
+++ b/redbaron/modules/godaddy/redirect-nameservers/outputs.tf
@@ -0,0 +1,3 @@
+output "redirected" {
+ value = 1
+}
diff --git a/redbaron/modules/godaddy/redirect-nameservers/variables.tf b/redbaron/modules/godaddy/redirect-nameservers/variables.tf
index 09cf935..3f93b74 100644
--- a/redbaron/modules/godaddy/redirect-nameservers/variables.tf
+++ b/redbaron/modules/godaddy/redirect-nameservers/variables.tf
@@ -1,5 +1,7 @@
-variable "domain" {}
+variable "domain" {
+}
-variable "nameservers"{
- type = "list"
+variable "nameservers" {
+ type = list(string)
}
+
diff --git a/redbaron/modules/godaddy/redirect-nameservers/versions.tf b/redbaron/modules/godaddy/redirect-nameservers/versions.tf
new file mode 100644
index 0000000..ac97c6a
--- /dev/null
+++ b/redbaron/modules/godaddy/redirect-nameservers/versions.tf
@@ -0,0 +1,4 @@
+
+terraform {
+ required_version = ">= 0.12"
+}
diff --git a/redbaron/modules/letsencrypt/aws/create-cert-dns-aws/README.md b/redbaron/modules/letsencrypt/aws/create-cert-dns-aws/README.md
index be73c83..f206a93 100644
--- a/redbaron/modules/letsencrypt/aws/create-cert-dns-aws/README.md
+++ b/redbaron/modules/letsencrypt/aws/create-cert-dns-aws/README.md
@@ -2,58 +2,16 @@
Creates a Let's Encrypt TLS certificate for the specified domain using the DNS challenge. It stores the certificates on the ~/data/certificates
-# Example
-
-```hcl
-module "create_certs" {
- source = "./modules/letsencrypt/create-cert-dns"
-
- domains = ["domain.com"]
-
- subject_alternative_names = {
- "domain.com" = ["www2.domain.com"]
- }
-}
-
-#Digital Ocean:
-module "create_certs" {
- source = "./modules/letsencrypt/create-cert-dns"
- provider ="digitalocean"
- count = 1
- domains = ["${var.domain[0]}"]
- do_token ="${var.do_token}"
- # subject_alternative_names = {
- # "${var.domain}" = []
- # }
-}
-```
# Arguments
-| Name | Required | Value Type | Description
-|---------------------------| -------- | ---------- | -----------
-|`domains` | Yes | List | The certificate's primary domain that the certificate will be recognized for.
-|`subject_alternative_names`| No | Map | The certificate's subject alternative domains that this certificate will also be recognized for.
-|`count` | No | Integer | Number of certificates to create. Defaults to 1.
-|`provider_name` | No | String | Provider to use for the DNS challenge. Defaults to "route53".
-|`do_token` | Yes | String | Digital Ocean Token
-|`server_url` | No | String | Registration server URL to use. Valid values are "staging" and "production". Defaults to "production".
-|`reg_email` | No | String | Email to use for certificate registration. Defaults to "nobody@example.com"
-|`key_type` | No | Integer | The key type for the certificate's private key. Defaults to 4096.
-
-
-
-
-
-# Arguments Before Modification
-
-| Name | Required | Value Type | Description
-|---------------------------| -------- | ---------- | -----------
-|`domains` | Yes | List | The certificate's primary domain that the certificate will be recognized for.
-|`subject_alternative_names`| Yes | Map | The certificate's subject alternative domains that this certificate will also be recognized for.
-|`count` | No | Integer | Number of certificates to create. Defaults to 1.
-|`provider` | No | String | Provider to use for the DNS challenge. Defaults to "route53".
-|`server_url` | No | String | Registration server URL to use. Valid values are "staging" and "production". Defaults to "production".
-|`reg_email` | No | String | Email to use for certificate registration. Defaults to "nobody@example.com"
-|`key_type` | No | Integer | The key type for the certificate's private key. Defaults to 4096.
+| Name | Value Type | Description
+|---------------------------| ---------- | -----------
+|`domain` | String | The certificate's primary domain that the certificate will be recognized for.
+|`server_url` | String | Registration server URL to use. Valid values are "staging" and "production". Defaults to "production".
+|`aws_key ` | String | AWS key to authenticate
+|`aws_secret ` | String | AWS key to authenticate
+|`zone` | String | Route53 hosted zone
+|`region` | String | AWS region - e.g. eu-west-1
+|`reg_email` | String | Email address to register the certificate
# Outputs
@@ -64,3 +22,4 @@ module "create_certs" {
|`certificate_pem` | String |
|`certificate_private_key_pem` | String |
|`certificate_issuer_pem` | String |
+|`certificate_file_path` | String |
diff --git a/redbaron/modules/letsencrypt/aws/create-cert-dns-aws/main.tf b/redbaron/modules/letsencrypt/aws/create-cert-dns-aws/main.tf
index b62bb94..a985698 100644
--- a/redbaron/modules/letsencrypt/aws/create-cert-dns-aws/main.tf
+++ b/redbaron/modules/letsencrypt/aws/create-cert-dns-aws/main.tf
@@ -1,5 +1,4 @@
provider "acme" {
- # server_url = "https://acme-v02.api.letsencrypt.org/directory" #"https://acme-staging-v02.api.letsencrypt.org/directory"
server_url = "https://acme-staging-v02.api.letsencrypt.org/directory"
}
@@ -8,32 +7,32 @@ resource "tls_private_key" "private_key" {
}
resource "acme_registration" "reg" {
- account_key_pem = "${tls_private_key.private_key.private_key_pem}"
- email_address = "${var.reg_email}"
+ account_key_pem = tls_private_key.private_key.private_key_pem
+ email_address = var.reg_email
}
resource "acme_certificate" "certificate" {
- account_key_pem = "${acme_registration.reg.account_key_pem}"
- common_name = "${var.domain}"
- # subject_alternative_names = ["${var.domain[0]}"]
+ account_key_pem = acme_registration.reg.account_key_pem
+ common_name = var.domain
dns_challenge {
provider = "route53"
- config {
- AWS_ACCESS_KEY_ID = "${var.aws_key}"
- AWS_SECRET_ACCESS_KEY = "${var.aws_secret}"
- AWS_REGION = "${var.region}"
- AWS_HOSTED_ZONE_ID = "${var.zone}"
- }
+ config = {
+ AWS_ACCESS_KEY_ID = var.aws_key
+ AWS_SECRET_ACCESS_KEY = var.aws_secret
+ AWS_REGION = var.region
+ AWS_HOSTED_ZONE_ID = var.zone
+ }
}
provisioner "local-exec" {
- command = "echo \"${self.private_key_pem}\" > ../../redbaron/data/certificates/${self.common_name}_privkey.pem && echo \"${self.certificate_pem}\" > ../../redbaron/data/certificates/${self.common_name}_cert.pem"
+ command = "echo \"${self.private_key_pem}\" > certificates/${self.common_name}_privkey.pem && echo \"${self.certificate_pem}\" > certificates/${self.common_name}_cert.pem"
}
provisioner "local-exec" {
- when = "destroy"
- command = "rm ../../redbaron/data/certificates/${self.common_name}*"
+ when = destroy
+ command = "rm certificates/${self.common_name}*"
}
}
+
diff --git a/redbaron/modules/letsencrypt/aws/create-cert-dns-aws/outputs.tf b/redbaron/modules/letsencrypt/aws/create-cert-dns-aws/outputs.tf
index d4fdf39..6f18490 100644
--- a/redbaron/modules/letsencrypt/aws/create-cert-dns-aws/outputs.tf
+++ b/redbaron/modules/letsencrypt/aws/create-cert-dns-aws/outputs.tf
@@ -1,22 +1,29 @@
output "certificate_domain" {
- value = ["${acme_certificate.certificate.*.certificate_domain}"]
+ value = [acme_certificate.certificate.*.certificate_domain]
}
+
output "certificate_url" {
- value = ["${acme_certificate.certificate.*.certificate_url}"]
+ value = [acme_certificate.certificate.*.certificate_url]
}
+
output "certificate_pem" {
- value = ["${acme_certificate.certificate.*.certificate_pem}"]
+ value = [acme_certificate.certificate.*.certificate_pem]
}
+
output "certificate_private_key_pem" {
sensitive = true
- value = ["${acme_certificate.certificate.*.private_key_pem}"]
+ value = [acme_certificate.certificate.*.private_key_pem]
}
+
output "certificate_issuer_pem" {
- value = ["${acme_certificate.certificate.*.issuer_pem}"]
+ value = [acme_certificate.certificate.*.issuer_pem]
}
+
output "certificate_file_path" {
- value = "../../redbaron/data/certificates/${acme_certificate.certificate.common_name}_cert.pem"
+ value = "certificates/${acme_certificate.certificate.common_name}_cert.pem"
}
+
output "certificate_private_key_file_path" {
- value = "../../redbaron/data/certificates/${acme_certificate.certificate.common_name}_privkey.pem"
-}
\ No newline at end of file
+ value = "certificates/${acme_certificate.certificate.common_name}_privkey.pem"
+}
+
diff --git a/redbaron/modules/letsencrypt/aws/create-cert-dns-aws/variables.tf b/redbaron/modules/letsencrypt/aws/create-cert-dns-aws/variables.tf
index 1b31b07..b542fba 100644
--- a/redbaron/modules/letsencrypt/aws/create-cert-dns-aws/variables.tf
+++ b/redbaron/modules/letsencrypt/aws/create-cert-dns-aws/variables.tf
@@ -1,36 +1,23 @@
-variable "provider_name" {}
-
-variable "domain" {}
-
-variable "aws_key" {}
-
-variable "aws_secret" {}
+variable "domain" {
+}
-variable "zone" {}
+variable "server_url" {
+ default = "staging" #"production"
+}
-variable "region" {}
+variable "aws_key" {
+}
-variable "subject_alternative_names" {
- type = "map"
- default = {}
+variable "aws_secret" {
}
-variable "server_url" {
- default = "staging" #"production"
+variable "zone" {
}
-variable "server_urls" {
- type = "map"
- default = {
- "staging" = "https://acme-staging-v02.api.letsencrypt.org/directory"
- "production" = "https://acme-v02.api.letsencrypt.org/directory"
- }
+variable "region" {
}
variable "reg_email" {
default = "nobody@kokos.com"
}
-variable "key_type" {
- default = 4096
-}
diff --git a/redbaron/modules/letsencrypt/aws/create-cert-dns-aws/versions.tf b/redbaron/modules/letsencrypt/aws/create-cert-dns-aws/versions.tf
new file mode 100644
index 0000000..ac97c6a
--- /dev/null
+++ b/redbaron/modules/letsencrypt/aws/create-cert-dns-aws/versions.tf
@@ -0,0 +1,4 @@
+
+terraform {
+ required_version = ">= 0.12"
+}
diff --git a/redbaron/modules/letsencrypt/aws/create-cert-dns-gophish-aws/README.md b/redbaron/modules/letsencrypt/aws/create-cert-dns-gophish-aws/README.md
index db0a309..022cad8 100644
--- a/redbaron/modules/letsencrypt/aws/create-cert-dns-gophish-aws/README.md
+++ b/redbaron/modules/letsencrypt/aws/create-cert-dns-gophish-aws/README.md
@@ -2,58 +2,18 @@
Creates a Let's Encrypt TLS certificate for the specified domain using the DNS challenge. It stores the certificates on the ~/data/certificates
-# Example
-
-```hcl
-module "create_certs" {
- source = "./modules/letsencrypt/create-cert-dns"
-
- domains = ["domain.com"]
-
- subject_alternative_names = {
- "domain.com" = ["www2.domain.com"]
- }
-}
-
-#Digital Ocean:
-module "create_certs" {
- source = "./modules/letsencrypt/create-cert-dns"
- provider ="digitalocean"
- count = 1
- domains = ["${var.domain[0]}"]
- do_token ="${var.do_token}"
- # subject_alternative_names = {
- # "${var.domain}" = []
- # }
-}
-```
# Arguments
-| Name | Required | Value Type | Description
-|---------------------------| -------- | ---------- | -----------
-|`domains` | Yes | List | The certificate's primary domain that the certificate will be recognized for.
-|`subject_alternative_names`| No | Map | The certificate's subject alternative domains that this certificate will also be recognized for.
-|`count` | No | Integer | Number of certificates to create. Defaults to 1.
-|`provider_name` | No | String | Provider to use for the DNS challenge. Defaults to "route53".
-|`do_token` | Yes | String | Digital Ocean Token
-|`server_url` | No | String | Registration server URL to use. Valid values are "staging" and "production". Defaults to "production".
-|`reg_email` | No | String | Email to use for certificate registration. Defaults to "nobody@example.com"
-|`key_type` | No | Integer | The key type for the certificate's private key. Defaults to 4096.
-
-
-
-
-
-# Arguments Before Modification
-
-| Name | Required | Value Type | Description
-|---------------------------| -------- | ---------- | -----------
-|`domains` | Yes | List | The certificate's primary domain that the certificate will be recognized for.
-|`subject_alternative_names`| Yes | Map | The certificate's subject alternative domains that this certificate will also be recognized for.
-|`count` | No | Integer | Number of certificates to create. Defaults to 1.
-|`provider` | No | String | Provider to use for the DNS challenge. Defaults to "route53".
-|`server_url` | No | String | Registration server URL to use. Valid values are "staging" and "production". Defaults to "production".
-|`reg_email` | No | String | Email to use for certificate registration. Defaults to "nobody@example.com"
-|`key_type` | No | Integer | The key type for the certificate's private key. Defaults to 4096.
+| Name | Value Type | Description
+|---------------------------| -------- | ----------
+|`domain` | String | The certificate's primary domain that the certificate will be recognized for.
+|`server_url` | String | Registration server URL to use. Valid values are "staging" and "production". Defaults to "production".
+|`aws_key ` | String | AWS key to authenticate
+|`aws_secret ` | String | AWS key to authenticate
+|`zone` | String | Route53 hosted zone
+|`region` | Integer | AWS region - e.g. eu-west-1
+|`server_urls` | map(string) | Registration server URL to use. Valid values are "staging" and "production". Defaults to "production".
+|`reg_email` | Integer | Email address to register the certificate
+|`phishing_server_ip` | Integer | IP address of the host to add the certificate
# Outputs
@@ -64,3 +24,5 @@ module "create_certs" {
|`certificate_pem` | String |
|`certificate_private_key_pem` | String |
|`certificate_issuer_pem` | String |
+|`certificate_file_path` | String |
+|`certificate_private_key_file_path` | String |
diff --git a/redbaron/modules/letsencrypt/aws/create-cert-dns-gophish-aws/main.tf b/redbaron/modules/letsencrypt/aws/create-cert-dns-gophish-aws/main.tf
index 63a5220..0515c06 100644
--- a/redbaron/modules/letsencrypt/aws/create-cert-dns-gophish-aws/main.tf
+++ b/redbaron/modules/letsencrypt/aws/create-cert-dns-gophish-aws/main.tf
@@ -1,6 +1,5 @@
provider "acme" {
- # server_url = "https://acme-v02.api.letsencrypt.org/directory" #"https://acme-staging-v02.api.letsencrypt.org/directory"
- server_url = "${lookup(var.server_urls, var.server_url)}"
+ server_url = var.server_urls[var.server_url]
}
resource "tls_private_key" "private_key" {
@@ -8,49 +7,49 @@ resource "tls_private_key" "private_key" {
}
resource "acme_registration" "reg" {
- account_key_pem = "${tls_private_key.private_key.private_key_pem}"
- email_address = "${var.reg_email}"
+ account_key_pem = tls_private_key.private_key.private_key_pem
+ email_address = var.reg_email
}
+
resource "acme_certificate" "certificate" {
- account_key_pem = "${acme_registration.reg.account_key_pem}"
- common_name = "${var.domain}"
- # subject_alternative_names = ["${var.domain[0]}"]
+ account_key_pem = acme_registration.reg.account_key_pem
+ common_name = var.domain
dns_challenge {
provider = "route53"
- config {
- AWS_ACCESS_KEY_ID = "${var.aws_key}"
- AWS_SECRET_ACCESS_KEY = "${var.aws_secret}"
- AWS_REGION = "${var.region}"
- AWS_HOSTED_ZONE_ID = "${var.zone}"
- }
+ config = {
+ AWS_ACCESS_KEY_ID = var.aws_key
+ AWS_SECRET_ACCESS_KEY = var.aws_secret
+ AWS_REGION = var.region
+ AWS_HOSTED_ZONE_ID = var.zone
+ }
}
provisioner "local-exec" {
- command = "echo \"${self.private_key_pem}\" > ../../redbaron/data/certificates/${self.common_name}_privkey.pem && echo \"${self.certificate_pem}\" > ../../redbaron/data/certificates/${self.common_name}_cert.pem"
+ command = "echo \"${self.private_key_pem}\" > certificates/${self.common_name}_privkey.pem && echo \"${self.certificate_pem}\" > certificates/${self.common_name}_cert.pem"
}
provisioner "file" {
- source = "../../redbaron/data/certificates/${var.domain}_privkey.pem"
+ source = "certificates/${var.domain}_privkey.pem"
destination = "/tmp/${var.domain}_privkey.pem"
- connection {
- host = "${var.phishing_server_ip}"
- type = "ssh"
- user = "admin"
- private_key = "${file("../../redbaron/data/ssh_keys/${var.phishing_server_ip}")}"
- }
+ connection {
+ host = var.phishing_server_ip
+ type = "ssh"
+ user = "admin"
+ private_key = file("ssh_keys/${var.phishing_server_ip}")
+ }
}
provisioner "file" {
- source = "../../redbaron/data/certificates/${var.domain}_cert.pem"
+ source = "certificates/${var.domain}_cert.pem"
destination = "/tmp/${var.domain}_cert.pem"
- connection {
- host = "${var.phishing_server_ip}"
- type = "ssh"
- user = "admin"
- private_key = "${file("../../redbaron/data/ssh_keys/${var.phishing_server_ip}")}"
- }
+ connection {
+ host = var.phishing_server_ip
+ type = "ssh"
+ user = "admin"
+ private_key = file("ssh_keys/${var.phishing_server_ip}")
+ }
}
provisioner "remote-exec" {
@@ -62,19 +61,20 @@ resource "acme_certificate" "certificate" {
"sudo sed -i 's/example.crt/${var.domain}_cert.pem/g' /opt/goapps/src/github.com/gophish/gophish/config.json",
"sudo sed -i 's/example.key/${var.domain}_privkey.pem/g' /opt/goapps/src/github.com/gophish/gophish/config.json",
"sudo systemctl stop gophish.service",
- "sudo systemctl start gophish.service"
+ "sudo systemctl start gophish.service",
]
connection {
- host = "${var.phishing_server_ip}"
- type = "ssh"
- user = "admin"
- private_key = "${file("../../redbaron/data/ssh_keys/${var.phishing_server_ip}")}"
+ host = var.phishing_server_ip
+ type = "ssh"
+ user = "admin"
+ private_key = file("ssh_keys/${var.phishing_server_ip}")
}
}
provisioner "local-exec" {
- when = "destroy"
- command = "rm ../../redbaron/data/certificates/${self.common_name}*"
+ when = destroy
+ command = "rm certificates/${self.common_name}*"
}
}
+
diff --git a/redbaron/modules/letsencrypt/aws/create-cert-dns-gophish-aws/outputs.tf b/redbaron/modules/letsencrypt/aws/create-cert-dns-gophish-aws/outputs.tf
index d4fdf39..6f18490 100644
--- a/redbaron/modules/letsencrypt/aws/create-cert-dns-gophish-aws/outputs.tf
+++ b/redbaron/modules/letsencrypt/aws/create-cert-dns-gophish-aws/outputs.tf
@@ -1,22 +1,29 @@
output "certificate_domain" {
- value = ["${acme_certificate.certificate.*.certificate_domain}"]
+ value = [acme_certificate.certificate.*.certificate_domain]
}
+
output "certificate_url" {
- value = ["${acme_certificate.certificate.*.certificate_url}"]
+ value = [acme_certificate.certificate.*.certificate_url]
}
+
output "certificate_pem" {
- value = ["${acme_certificate.certificate.*.certificate_pem}"]
+ value = [acme_certificate.certificate.*.certificate_pem]
}
+
output "certificate_private_key_pem" {
sensitive = true
- value = ["${acme_certificate.certificate.*.private_key_pem}"]
+ value = [acme_certificate.certificate.*.private_key_pem]
}
+
output "certificate_issuer_pem" {
- value = ["${acme_certificate.certificate.*.issuer_pem}"]
+ value = [acme_certificate.certificate.*.issuer_pem]
}
+
output "certificate_file_path" {
- value = "../../redbaron/data/certificates/${acme_certificate.certificate.common_name}_cert.pem"
+ value = "certificates/${acme_certificate.certificate.common_name}_cert.pem"
}
+
output "certificate_private_key_file_path" {
- value = "../../redbaron/data/certificates/${acme_certificate.certificate.common_name}_privkey.pem"
-}
\ No newline at end of file
+ value = "certificates/${acme_certificate.certificate.common_name}_privkey.pem"
+}
+
diff --git a/redbaron/modules/letsencrypt/aws/create-cert-dns-gophish-aws/variables.tf b/redbaron/modules/letsencrypt/aws/create-cert-dns-gophish-aws/variables.tf
index 0f36294..958479e 100644
--- a/redbaron/modules/letsencrypt/aws/create-cert-dns-gophish-aws/variables.tf
+++ b/redbaron/modules/letsencrypt/aws/create-cert-dns-gophish-aws/variables.tf
@@ -1,28 +1,26 @@
-variable "provider_name" {}
-
-variable "domain" {}
-
-variable "aws_key" {}
+variable "domain" {
+}
-variable "aws_secret" {}
+variable "server_url" {
+ default = "staging" #"production"
+}
-variable "zone" {}
+variable "aws_key" {
+}
-variable "region" {}
+variable "aws_secret" {
+}
-variable "subject_alternative_names" {
- type = "map"
- default = {}
+variable "zone" {
}
-variable "server_url" {
- default = "staging" #"production"
+variable "region" {
}
variable "server_urls" {
- type = "map"
+ type = map(string)
default = {
- "staging" = "https://acme-staging-v02.api.letsencrypt.org/directory"
+ "staging" = "https://acme-staging-v02.api.letsencrypt.org/directory"
"production" = "https://acme-v02.api.letsencrypt.org/directory"
}
}
@@ -31,8 +29,6 @@ variable "reg_email" {
default = "nobody@kokos.com"
}
-variable "key_type" {
- default = 4096
+variable "phishing_server_ip" {
}
-variable "phishing_server_ip" {}
diff --git a/redbaron/modules/letsencrypt/aws/create-cert-dns-gophish-aws/versions.tf b/redbaron/modules/letsencrypt/aws/create-cert-dns-gophish-aws/versions.tf
new file mode 100644
index 0000000..ac97c6a
--- /dev/null
+++ b/redbaron/modules/letsencrypt/aws/create-cert-dns-gophish-aws/versions.tf
@@ -0,0 +1,4 @@
+
+terraform {
+ required_version = ">= 0.12"
+}
diff --git a/redbaron/modules/letsencrypt/aws/create-cert-webserver-aws/README.md b/redbaron/modules/letsencrypt/aws/create-cert-webserver-aws/README.md
index 673868d..606917e 100644
--- a/redbaron/modules/letsencrypt/aws/create-cert-webserver-aws/README.md
+++ b/redbaron/modules/letsencrypt/aws/create-cert-webserver-aws/README.md
@@ -1,36 +1,10 @@
# create-cert-phishing
-# Dependencies ERRORS ( on development does not work as intended)
Creates a Let's Encrypt TLS certificate for the specified domain using the DNS challenge on the Phishing Server and restarts the service on HTTPS.
-# Example
-
-```hcl
-# module "lets_encrypt" {
- source = "./modules/letsencrypt/create-cert-phishing"
- # count = 1
- # domains = "${var.domain}"
- domain = "${module.create_root_record.domain}"
- phishing_server_ip = "${module.phishing_server.ips[0]}"
-}
-
-```
# Arguments
-| Name | Required | Value Type | Description
-|---------------------------| -------- | ---------- | -----------
-|`domains` | Yes | List | The certificate's primary domain that the certificate will be recognized for.
-|`subject_alternative_names`| No | Map | The certificate's subject alternative domains that this certificate will also be recognized for.
-|`counter` | No | Integer | Number of certificates to create. Defaults to 1.
-|`provider_name` | No | String | Provider to use for the DNS challenge. Defaults to "route53".
-|`do_token` | Yes | String | Digital Ocean Token
-|`server_url` | No | String | Registration server URL to use. Valid values are "staging" and "production". Defaults to "production".
-|`reg_email` | No | String | Email to use for certificate registration. Defaults to "nobody@example.com"
-|`key_type` | No | Integer | The key type for the certificate's private key. Defaults to 4096.
-
-
-
-
-# Outputs
-
-| Name | Value Type | Description
-|----------------------------- | ---------- | -----------
+| Name | Value Type | Description
+|---------------------------| -------- | ----------
+|`domain` | String | The certificate's primary domain that the certificate will be recognized for.
+|`phishing_server_ip` | List(string) | IP address of the host to add the certificate
+|`email` | String | Email address to register the certificate
\ No newline at end of file
diff --git a/redbaron/modules/letsencrypt/aws/create-cert-webserver-aws/main.tf b/redbaron/modules/letsencrypt/aws/create-cert-webserver-aws/main.tf
index 3c21c9b..da6e1b1 100644
--- a/redbaron/modules/letsencrypt/aws/create-cert-webserver-aws/main.tf
+++ b/redbaron/modules/letsencrypt/aws/create-cert-webserver-aws/main.tf
@@ -14,7 +14,7 @@ resource "null_resource" "lets-encrypt" {
host = "${var.phishing_server_ip}"
type = "ssh"
user = "admin"
- private_key = "${file("../../redbaron/data/ssh_keys/${var.phishing_server_ip}")}"
+ private_key = "${file("ssh_keys/${var.phishing_server_ip}")}"
}
}
-}
+}
\ No newline at end of file
diff --git a/redbaron/modules/letsencrypt/aws/create-cert-webserver-aws/outputs.tf b/redbaron/modules/letsencrypt/aws/create-cert-webserver-aws/outputs.tf
deleted file mode 100644
index e69de29..0000000
diff --git a/redbaron/modules/letsencrypt/aws/create-cert-webserver-aws/variables.tf b/redbaron/modules/letsencrypt/aws/create-cert-webserver-aws/variables.tf
index ad0d806..3c8567b 100644
--- a/redbaron/modules/letsencrypt/aws/create-cert-webserver-aws/variables.tf
+++ b/redbaron/modules/letsencrypt/aws/create-cert-webserver-aws/variables.tf
@@ -1,14 +1,10 @@
variable "domain" {
- # type = "list"
}
-variable "count" {
- default = 1
-}
variable "phishing_server_ip" {
- # type = "list"
}
variable "email" {
default = "fakeemail@a.com "
}
+
diff --git a/redbaron/modules/letsencrypt/aws/create-cert-webserver-aws/versions.tf b/redbaron/modules/letsencrypt/aws/create-cert-webserver-aws/versions.tf
new file mode 100644
index 0000000..ac97c6a
--- /dev/null
+++ b/redbaron/modules/letsencrypt/aws/create-cert-webserver-aws/versions.tf
@@ -0,0 +1,4 @@
+
+terraform {
+ required_version = ">= 0.12"
+}
diff --git a/redbaron/modules/letsencrypt/digitalocean/create-cert-dns-do/README.md b/redbaron/modules/letsencrypt/digitalocean/create-cert-dns-do/README.md
index be73c83..a6523b2 100644
--- a/redbaron/modules/letsencrypt/digitalocean/create-cert-dns-do/README.md
+++ b/redbaron/modules/letsencrypt/digitalocean/create-cert-dns-do/README.md
@@ -2,59 +2,17 @@
Creates a Let's Encrypt TLS certificate for the specified domain using the DNS challenge. It stores the certificates on the ~/data/certificates
-# Example
-
-```hcl
-module "create_certs" {
- source = "./modules/letsencrypt/create-cert-dns"
-
- domains = ["domain.com"]
-
- subject_alternative_names = {
- "domain.com" = ["www2.domain.com"]
- }
-}
-
-#Digital Ocean:
-module "create_certs" {
- source = "./modules/letsencrypt/create-cert-dns"
- provider ="digitalocean"
- count = 1
- domains = ["${var.domain[0]}"]
- do_token ="${var.do_token}"
- # subject_alternative_names = {
- # "${var.domain}" = []
- # }
-}
-```
# Arguments
-| Name | Required | Value Type | Description
+| Name | Value Type | Description
|---------------------------| -------- | ---------- | -----------
-|`domains` | Yes | List | The certificate's primary domain that the certificate will be recognized for.
-|`subject_alternative_names`| No | Map | The certificate's subject alternative domains that this certificate will also be recognized for.
-|`count` | No | Integer | Number of certificates to create. Defaults to 1.
-|`provider_name` | No | String | Provider to use for the DNS challenge. Defaults to "route53".
-|`do_token` | Yes | String | Digital Ocean Token
-|`server_url` | No | String | Registration server URL to use. Valid values are "staging" and "production". Defaults to "production".
-|`reg_email` | No | String | Email to use for certificate registration. Defaults to "nobody@example.com"
-|`key_type` | No | Integer | The key type for the certificate's private key. Defaults to 4096.
-
+|`provider_name` | String | Provider to use for the DNS challenge. Defaults to "route53".
+|`do_token` | String | Digital Ocean Token
+|`domain` | String | The certificate's primary domain that the certificate will be recognized for.
+|`server_url` | String | Registration server URL to use. Valid values are "staging" and "production". Defaults to "production".
+|`server_urls` | Map(string) | Registration server URL to use. Valid values are "staging" and "production". Defaults to "production".
+|`reg_email` | String | Email to use for certificate registration. Defaults to "nobody@example.com"
-
-
-# Arguments Before Modification
-
-| Name | Required | Value Type | Description
-|---------------------------| -------- | ---------- | -----------
-|`domains` | Yes | List | The certificate's primary domain that the certificate will be recognized for.
-|`subject_alternative_names`| Yes | Map | The certificate's subject alternative domains that this certificate will also be recognized for.
-|`count` | No | Integer | Number of certificates to create. Defaults to 1.
-|`provider` | No | String | Provider to use for the DNS challenge. Defaults to "route53".
-|`server_url` | No | String | Registration server URL to use. Valid values are "staging" and "production". Defaults to "production".
-|`reg_email` | No | String | Email to use for certificate registration. Defaults to "nobody@example.com"
-|`key_type` | No | Integer | The key type for the certificate's private key. Defaults to 4096.
-
# Outputs
| Name | Value Type | Description
@@ -64,3 +22,5 @@ module "create_certs" {
|`certificate_pem` | String |
|`certificate_private_key_pem` | String |
|`certificate_issuer_pem` | String |
+|`certificate_file_path` | String |
+|`certificate_private_key_file_path` | String |
diff --git a/redbaron/modules/letsencrypt/digitalocean/create-cert-dns-do/main.tf b/redbaron/modules/letsencrypt/digitalocean/create-cert-dns-do/main.tf
index 6223e12..ad0bf63 100644
--- a/redbaron/modules/letsencrypt/digitalocean/create-cert-dns-do/main.tf
+++ b/redbaron/modules/letsencrypt/digitalocean/create-cert-dns-do/main.tf
@@ -1,6 +1,5 @@
provider "acme" {
- # server_url = "https://acme-v02.api.letsencrypt.org/directory" #"https://acme-staging-v02.api.letsencrypt.org/directory"
- server_url = "${lookup(var.server_urls, var.server_url)}"
+ server_url = var.server_urls[var.server_url]
}
resource "tls_private_key" "private_key" {
@@ -8,28 +7,29 @@ resource "tls_private_key" "private_key" {
}
resource "acme_registration" "reg" {
- account_key_pem = "${tls_private_key.private_key.private_key_pem}"
- email_address = "${var.reg_email}"
+ account_key_pem = tls_private_key.private_key.private_key_pem
+ email_address = var.reg_email
}
+
resource "acme_certificate" "certificate" {
- account_key_pem = "${acme_registration.reg.account_key_pem}"
- common_name = "${var.domain}"
- # subject_alternative_names = ["${var.domain[0]}"]
+ account_key_pem = acme_registration.reg.account_key_pem
+ common_name = var.domain
dns_challenge {
- provider ="${var.provider_name}" #"digitalocean"
+ provider = var.provider_name
- config ={
- DO_AUTH_TOKEN = "${var.do_token}"
+ config = {
+ DO_AUTH_TOKEN = var.do_token
}
}
provisioner "local-exec" {
- command = "echo \"${self.private_key_pem}\" > ../../redbaron/data/certificates/${self.common_name}_privkey.pem && echo \"${self.certificate_pem}\" > ../../redbaron/data/certificates/${self.common_name}_cert.pem"
+ command = "echo \"${self.private_key_pem}\" > certificates/${self.common_name}_privkey.pem && echo \"${self.certificate_pem}\" > certificates/${self.common_name}_cert.pem"
}
provisioner "local-exec" {
- when = "destroy"
- command = "rm ../../redbaron/data/certificates/${self.common_name}*"
+ when = destroy
+ command = "rm certificates/${self.common_name}*"
}
}
+
diff --git a/redbaron/modules/letsencrypt/digitalocean/create-cert-dns-do/main_from_redbaron b/redbaron/modules/letsencrypt/digitalocean/create-cert-dns-do/main_from_redbaron
deleted file mode 100644
index c613eb0..0000000
--- a/redbaron/modules/letsencrypt/digitalocean/create-cert-dns-do/main_from_redbaron
+++ /dev/null
@@ -1,47 +0,0 @@
-terraform {
- required_version = ">= 0.11.0"
-}
-
-# Create the private key for the registration (not the certificate)
-resource "tls_private_key" "private_key" {
- count = "${var.count}"
- algorithm = "RSA"
- rsa_bits = "${var.key_type}"
-}
-
-provider "acme" {
- server_url = "${lookup(var.server_urls, var.server_url)}"
- #server_url = "https://acme-staging-v02.api.letsencrypt.org/directory"
-}
-
-# Set up a registration using a private key from tls_private_key
-resource "acme_registration" "reg" {
- count = "${var.count}"
- account_key_pem = "${element(tls_private_key.private_key.*.private_key_pem, count.index)}"
- email_address = "${var.reg_email}"
- # account_key_pem = "${tls_private_key.private_key.private_key_pem}"
-}
-
-# Create a certificate
-resource "acme_certificate" "certificate" {
- count = "${var.count}"
- account_key_pem = "${element(acme_registration.reg.*.account_key_pem, count.index)}"
- common_name = "${element(var.domains, count.index)}"
- # subject_alternative_names = "${length(var.subject_alternative_names) > 0 ? var.subject_alternative_names[element(var.domains, count.index)] : []}"
-
- dns_challenge {
- provider = "${var.provider}"
- config ={
- DO_AUTH_TOKEN = "${var.do_token}"
- }
- }
-
- provisioner "local-exec" {
- command = "echo \"${self.private_key_pem}\" > ./data/certificates/${self.common_name}_privkey.pem && echo \"${self.certificate_pem}\" > ./data/certificates/${self.common_name}_cert.pem"
- }
-
- provisioner "local-exec" {
- when = "destroy"
- command = "rm ./data/certificates/${self.common_name}*"
- }
-}
diff --git a/redbaron/modules/letsencrypt/digitalocean/create-cert-dns-do/outputs.tf b/redbaron/modules/letsencrypt/digitalocean/create-cert-dns-do/outputs.tf
index d4fdf39..6f18490 100644
--- a/redbaron/modules/letsencrypt/digitalocean/create-cert-dns-do/outputs.tf
+++ b/redbaron/modules/letsencrypt/digitalocean/create-cert-dns-do/outputs.tf
@@ -1,22 +1,29 @@
output "certificate_domain" {
- value = ["${acme_certificate.certificate.*.certificate_domain}"]
+ value = [acme_certificate.certificate.*.certificate_domain]
}
+
output "certificate_url" {
- value = ["${acme_certificate.certificate.*.certificate_url}"]
+ value = [acme_certificate.certificate.*.certificate_url]
}
+
output "certificate_pem" {
- value = ["${acme_certificate.certificate.*.certificate_pem}"]
+ value = [acme_certificate.certificate.*.certificate_pem]
}
+
output "certificate_private_key_pem" {
sensitive = true
- value = ["${acme_certificate.certificate.*.private_key_pem}"]
+ value = [acme_certificate.certificate.*.private_key_pem]
}
+
output "certificate_issuer_pem" {
- value = ["${acme_certificate.certificate.*.issuer_pem}"]
+ value = [acme_certificate.certificate.*.issuer_pem]
}
+
output "certificate_file_path" {
- value = "../../redbaron/data/certificates/${acme_certificate.certificate.common_name}_cert.pem"
+ value = "certificates/${acme_certificate.certificate.common_name}_cert.pem"
}
+
output "certificate_private_key_file_path" {
- value = "../../redbaron/data/certificates/${acme_certificate.certificate.common_name}_privkey.pem"
-}
\ No newline at end of file
+ value = "certificates/${acme_certificate.certificate.common_name}_privkey.pem"
+}
+
diff --git a/redbaron/modules/letsencrypt/digitalocean/create-cert-dns-do/variables.tf b/redbaron/modules/letsencrypt/digitalocean/create-cert-dns-do/variables.tf
index f7e03c3..433ae79 100644
--- a/redbaron/modules/letsencrypt/digitalocean/create-cert-dns-do/variables.tf
+++ b/redbaron/modules/letsencrypt/digitalocean/create-cert-dns-do/variables.tf
@@ -2,14 +2,9 @@ variable "provider_name" {
}
variable "do_token" {
-
-}
-variable "domain" {
}
-variable "subject_alternative_names" {
- type = "map"
- default = {}
+variable "domain" {
}
variable "server_url" {
@@ -17,9 +12,9 @@ variable "server_url" {
}
variable "server_urls" {
- type = "map"
+ type = map(any)
default = {
- "staging" = "https://acme-staging-v02.api.letsencrypt.org/directory"
+ "staging" = "https://acme-staging-v02.api.letsencrypt.org/directory"
"production" = "https://acme-v02.api.letsencrypt.org/directory"
}
}
@@ -28,6 +23,3 @@ variable "reg_email" {
default = "nobody@kokos.com"
}
-variable "key_type" {
- default = 4096
-}
diff --git a/redbaron/modules/letsencrypt/digitalocean/create-cert-dns-do/variables_from_redbaron b/redbaron/modules/letsencrypt/digitalocean/create-cert-dns-do/variables_from_redbaron
deleted file mode 100644
index 154086c..0000000
--- a/redbaron/modules/letsencrypt/digitalocean/create-cert-dns-do/variables_from_redbaron
+++ /dev/null
@@ -1,38 +0,0 @@
-variable "provider" {
-}
-
-variable "do_token" {
-
-}
-variable "domains" {
- type = "list"
-}
-
-variable "subject_alternative_names" {
- type = "map"
- default = {}
-}
-
-variable "count" {
- default = 1
-}
-
-variable "server_url" {
- default = "production"
-}
-
-variable "server_urls" {
- type = "map"
- default = {
- "staging" = "https://acme-staging-v02.api.letsencrypt.org/directory"
- "production" = "https://acme-v02.api.letsencrypt.org/directory"
- }
-}
-
-variable "reg_email" {
- default = "nobody@kokos.com"
-}
-
-variable "key_type" {
- default = 4096
-}
diff --git a/redbaron/modules/letsencrypt/digitalocean/create-cert-dns-do/versions.tf b/redbaron/modules/letsencrypt/digitalocean/create-cert-dns-do/versions.tf
new file mode 100644
index 0000000..ac97c6a
--- /dev/null
+++ b/redbaron/modules/letsencrypt/digitalocean/create-cert-dns-do/versions.tf
@@ -0,0 +1,4 @@
+
+terraform {
+ required_version = ">= 0.12"
+}
diff --git a/redbaron/modules/letsencrypt/digitalocean/create-cert-dns-gophish-do/README.md b/redbaron/modules/letsencrypt/digitalocean/create-cert-dns-gophish-do/README.md
index db0a309..5b57700 100644
--- a/redbaron/modules/letsencrypt/digitalocean/create-cert-dns-gophish-do/README.md
+++ b/redbaron/modules/letsencrypt/digitalocean/create-cert-dns-gophish-do/README.md
@@ -2,58 +2,16 @@
Creates a Let's Encrypt TLS certificate for the specified domain using the DNS challenge. It stores the certificates on the ~/data/certificates
-# Example
-
-```hcl
-module "create_certs" {
- source = "./modules/letsencrypt/create-cert-dns"
-
- domains = ["domain.com"]
-
- subject_alternative_names = {
- "domain.com" = ["www2.domain.com"]
- }
-}
-
-#Digital Ocean:
-module "create_certs" {
- source = "./modules/letsencrypt/create-cert-dns"
- provider ="digitalocean"
- count = 1
- domains = ["${var.domain[0]}"]
- do_token ="${var.do_token}"
- # subject_alternative_names = {
- # "${var.domain}" = []
- # }
-}
-```
# Arguments
-| Name | Required | Value Type | Description
-|---------------------------| -------- | ---------- | -----------
-|`domains` | Yes | List | The certificate's primary domain that the certificate will be recognized for.
-|`subject_alternative_names`| No | Map | The certificate's subject alternative domains that this certificate will also be recognized for.
-|`count` | No | Integer | Number of certificates to create. Defaults to 1.
-|`provider_name` | No | String | Provider to use for the DNS challenge. Defaults to "route53".
-|`do_token` | Yes | String | Digital Ocean Token
-|`server_url` | No | String | Registration server URL to use. Valid values are "staging" and "production". Defaults to "production".
-|`reg_email` | No | String | Email to use for certificate registration. Defaults to "nobody@example.com"
-|`key_type` | No | Integer | The key type for the certificate's private key. Defaults to 4096.
-
-
-
-
-
-# Arguments Before Modification
-
-| Name | Required | Value Type | Description
+| Name | Value Type | Description
|---------------------------| -------- | ---------- | -----------
-|`domains` | Yes | List | The certificate's primary domain that the certificate will be recognized for.
-|`subject_alternative_names`| Yes | Map | The certificate's subject alternative domains that this certificate will also be recognized for.
-|`count` | No | Integer | Number of certificates to create. Defaults to 1.
-|`provider` | No | String | Provider to use for the DNS challenge. Defaults to "route53".
-|`server_url` | No | String | Registration server URL to use. Valid values are "staging" and "production". Defaults to "production".
-|`reg_email` | No | String | Email to use for certificate registration. Defaults to "nobody@example.com"
-|`key_type` | No | Integer | The key type for the certificate's private key. Defaults to 4096.
+|`provider_name` | String | Provider to use for the DNS challenge. Defaults to "route53".
+|`do_token` | String | Digital Ocean Token
+|`domain` | String | The certificate's primary domain that the certificate will be recognized for.
+|`server_url` | String | Registration server URL to use. Valid values are "staging" and "production". Defaults to "production".
+|`server_urls` | Map(string) | Registration server URL to use. Valid values are "staging" and "production". Defaults to "production".
+|`reg_email` | String | Email to use for certificate registration. Defaults to "nobody@example.com"
+|`phishing_server_ip` | List(string) | IP address of the host to add the certificate
# Outputs
@@ -64,3 +22,5 @@ module "create_certs" {
|`certificate_pem` | String |
|`certificate_private_key_pem` | String |
|`certificate_issuer_pem` | String |
+|`certificate_file_path` | String |
+|`certificate_private_key_file_path` | String |
diff --git a/redbaron/modules/letsencrypt/digitalocean/create-cert-dns-gophish-do/main.tf b/redbaron/modules/letsencrypt/digitalocean/create-cert-dns-gophish-do/main.tf
index 57a7f2a..8a20296 100644
--- a/redbaron/modules/letsencrypt/digitalocean/create-cert-dns-gophish-do/main.tf
+++ b/redbaron/modules/letsencrypt/digitalocean/create-cert-dns-gophish-do/main.tf
@@ -1,6 +1,5 @@
provider "acme" {
- # server_url = "https://acme-v02.api.letsencrypt.org/directory" #"https://acme-staging-v02.api.letsencrypt.org/directory"
- server_url = "${lookup(var.server_urls, var.server_url)}"
+ server_url = var.server_urls[var.server_url]
}
resource "tls_private_key" "private_key" {
@@ -8,46 +7,46 @@ resource "tls_private_key" "private_key" {
}
resource "acme_registration" "reg" {
- account_key_pem = "${tls_private_key.private_key.private_key_pem}"
- email_address = "${var.reg_email}"
+ account_key_pem = tls_private_key.private_key.private_key_pem
+ email_address = var.reg_email
}
+
resource "acme_certificate" "certificate" {
- account_key_pem = "${acme_registration.reg.account_key_pem}"
- common_name = "${var.domain}"
- # subject_alternative_names = ["${var.domain[0]}"]
-
+ account_key_pem = acme_registration.reg.account_key_pem
+ common_name = var.domain
+
dns_challenge {
- provider ="${var.provider_name}"
+ provider = var.provider_name
- config ={
- DO_AUTH_TOKEN = "${var.do_token}"
+ config = {
+ DO_AUTH_TOKEN = var.do_token
}
}
-
+
provisioner "local-exec" {
- command = "echo \"${self.private_key_pem}\" > ../../redbaron/data/certificates/${self.common_name}_privkey.pem && echo \"${self.certificate_pem}\" > ../../redbaron/data/certificates/${self.common_name}_cert.pem"
+ command = "echo \"${self.private_key_pem}\" > certificates/${self.common_name}_privkey.pem && echo \"${self.certificate_pem}\" > certificates/${self.common_name}_cert.pem"
}
provisioner "file" {
- source = "../../redbaron/data/certificates/${var.domain}_privkey.pem"
+ source = "certificates/${var.domain}_privkey.pem"
destination = "/opt/goapps/src/github.com/gophish/gophish/${var.domain}_privkey.pem"
- connection {
- host = "${var.phishing_server_ip}"
- type = "ssh"
- user = "root"
- private_key = "${file("../../redbaron/data/ssh_keys/${var.phishing_server_ip}")}"
- }
+ connection {
+ host = var.phishing_server_ip
+ type = "ssh"
+ user = "root"
+ private_key = file("ssh_keys/${var.phishing_server_ip}")
+ }
}
provisioner "file" {
- source = "../../redbaron/data/certificates/${var.domain}_cert.pem"
+ source = "certificates/${var.domain}_cert.pem"
destination = "/opt/goapps/src/github.com/gophish/gophish/${var.domain}_cert.pem"
- connection {
- host = "${var.phishing_server_ip}"
- type = "ssh"
- user = "root"
- private_key = "${file("../../redbaron/data/ssh_keys/${var.phishing_server_ip}")}"
- }
+ connection {
+ host = var.phishing_server_ip
+ type = "ssh"
+ user = "root"
+ private_key = file("ssh_keys/${var.phishing_server_ip}")
+ }
}
provisioner "remote-exec" {
@@ -57,20 +56,20 @@ resource "acme_certificate" "certificate" {
"sed -i 's/example.crt/${var.domain}_cert.pem/g' /opt/goapps/src/github.com/gophish/gophish/config.json",
"sed -i 's/example.key/${var.domain}_privkey.pem/g' /opt/goapps/src/github.com/gophish/gophish/config.json",
"systemctl stop gophish.service",
- "systemctl start gophish.service"
+ "systemctl start gophish.service",
]
connection {
- host = "${var.phishing_server_ip}"
- type = "ssh"
- user = "root"
- private_key = "${file("../../redbaron/data/ssh_keys/${var.phishing_server_ip}")}"
+ host = var.phishing_server_ip
+ type = "ssh"
+ user = "root"
+ private_key = file("ssh_keys/${var.phishing_server_ip}")
}
- }
+ }
provisioner "local-exec" {
- when = "destroy"
- command = "rm ../../redbaron/data/certificates/${self.common_name}*"
+ when = destroy
+ command = "rm certificates/${self.common_name}*"
}
}
diff --git a/redbaron/modules/letsencrypt/digitalocean/create-cert-dns-gophish-do/outputs.tf b/redbaron/modules/letsencrypt/digitalocean/create-cert-dns-gophish-do/outputs.tf
index d4fdf39..6f18490 100644
--- a/redbaron/modules/letsencrypt/digitalocean/create-cert-dns-gophish-do/outputs.tf
+++ b/redbaron/modules/letsencrypt/digitalocean/create-cert-dns-gophish-do/outputs.tf
@@ -1,22 +1,29 @@
output "certificate_domain" {
- value = ["${acme_certificate.certificate.*.certificate_domain}"]
+ value = [acme_certificate.certificate.*.certificate_domain]
}
+
output "certificate_url" {
- value = ["${acme_certificate.certificate.*.certificate_url}"]
+ value = [acme_certificate.certificate.*.certificate_url]
}
+
output "certificate_pem" {
- value = ["${acme_certificate.certificate.*.certificate_pem}"]
+ value = [acme_certificate.certificate.*.certificate_pem]
}
+
output "certificate_private_key_pem" {
sensitive = true
- value = ["${acme_certificate.certificate.*.private_key_pem}"]
+ value = [acme_certificate.certificate.*.private_key_pem]
}
+
output "certificate_issuer_pem" {
- value = ["${acme_certificate.certificate.*.issuer_pem}"]
+ value = [acme_certificate.certificate.*.issuer_pem]
}
+
output "certificate_file_path" {
- value = "../../redbaron/data/certificates/${acme_certificate.certificate.common_name}_cert.pem"
+ value = "certificates/${acme_certificate.certificate.common_name}_cert.pem"
}
+
output "certificate_private_key_file_path" {
- value = "../../redbaron/data/certificates/${acme_certificate.certificate.common_name}_privkey.pem"
-}
\ No newline at end of file
+ value = "certificates/${acme_certificate.certificate.common_name}_privkey.pem"
+}
+
diff --git a/redbaron/modules/letsencrypt/digitalocean/create-cert-dns-gophish-do/variables.tf b/redbaron/modules/letsencrypt/digitalocean/create-cert-dns-gophish-do/variables.tf
index 53a6249..d7e0a29 100644
--- a/redbaron/modules/letsencrypt/digitalocean/create-cert-dns-gophish-do/variables.tf
+++ b/redbaron/modules/letsencrypt/digitalocean/create-cert-dns-gophish-do/variables.tf
@@ -2,14 +2,9 @@ variable "provider_name" {
}
variable "do_token" {
-
-}
-variable "domain" {
}
-variable "subject_alternative_names" {
- type = "map"
- default = {}
+variable "domain" {
}
variable "server_url" {
@@ -17,9 +12,9 @@ variable "server_url" {
}
variable "server_urls" {
- type = "map"
+ type = map(string)
default = {
- "staging" = "https://acme-staging-v02.api.letsencrypt.org/directory"
+ "staging" = "https://acme-staging-v02.api.letsencrypt.org/directory"
"production" = "https://acme-v02.api.letsencrypt.org/directory"
}
}
@@ -28,8 +23,6 @@ variable "reg_email" {
default = "nobody@kokos.com"
}
-variable "key_type" {
- default = 4096
-}
variable "phishing_server_ip" {
}
+
diff --git a/redbaron/modules/letsencrypt/digitalocean/create-cert-dns-gophish-do/versions.tf b/redbaron/modules/letsencrypt/digitalocean/create-cert-dns-gophish-do/versions.tf
new file mode 100644
index 0000000..ac97c6a
--- /dev/null
+++ b/redbaron/modules/letsencrypt/digitalocean/create-cert-dns-gophish-do/versions.tf
@@ -0,0 +1,4 @@
+
+terraform {
+ required_version = ">= 0.12"
+}
diff --git a/redbaron/modules/letsencrypt/digitalocean/create-cert-webserver-do/README.md b/redbaron/modules/letsencrypt/digitalocean/create-cert-webserver-do/README.md
index c4dc199..bc33a14 100644
--- a/redbaron/modules/letsencrypt/digitalocean/create-cert-webserver-do/README.md
+++ b/redbaron/modules/letsencrypt/digitalocean/create-cert-webserver-do/README.md
@@ -3,35 +3,10 @@
# Dependencies ERRORS ( on development does not work as intended)
Creates a Let's Encrypt TLS certificate for the specified domain using the DNS challenge on the Phishing Server and restarts the service on HTTPS.
-# Example
-
-```hcl
-# module "lets_encrypt" {
- source = "./modules/letsencrypt/create-cert-phishing"
- # count = 1
- # domains = "${var.domain}"
- domain = "${module.create_root_record.domain}"
- phishing_server_ip = "${module.phishing_server.ips[0]}"
-}
-
-```
# Arguments
-| Name | Required | Value Type | Description
+| Name | Value Type | Description
|---------------------------| -------- | ---------- | -----------
-|`domains` | Yes | List | The certificate's primary domain that the certificate will be recognized for.
-|`subject_alternative_names`| No | Map | The certificate's subject alternative domains that this certificate will also be recognized for.
-|`counter` | No | Integer | Number of certificates to create. Defaults to 1.
-|`provider_name` | No | String | Provider to use for the DNS challenge. Defaults to "route53".
-|`do_token` | Yes | String | Digital Ocean Token
-|`server_url` | No | String | Registration server URL to use. Valid values are "staging" and "production". Defaults to "production".
-|`reg_email` | No | String | Email to use for certificate registration. Defaults to "nobody@example.com"
-|`key_type` | No | Integer | The key type for the certificate's private key. Defaults to 4096.
-
-
-
-
-# Outputs
-
-| Name | Value Type | Description
-|----------------------------- | ---------- | -----------
-
+|`domain` | String | The certificate's primary domain that the certificate will be recognized for.
+|`counter` | Integer | Number of certificates to create. Defaults to 1.
+|`phishing_server_ip` | List(string) | IP address of the host to add the certificate
+|`email` | String | Email address to register the certificate|`do_token` | Yes | String | Digital Ocean Token
diff --git a/redbaron/modules/letsencrypt/digitalocean/create-cert-webserver-do/main.tf b/redbaron/modules/letsencrypt/digitalocean/create-cert-webserver-do/main.tf
index 6fc6537..ecc03d0 100644
--- a/redbaron/modules/letsencrypt/digitalocean/create-cert-webserver-do/main.tf
+++ b/redbaron/modules/letsencrypt/digitalocean/create-cert-webserver-do/main.tf
@@ -1,37 +1,17 @@
-
resource "null_resource" "lets-encrypt" {
- count = "${var.counter}"
+ count = var.counter
provisioner "remote-exec" {
inline = [
- "certbot --apache --non-interactive --agree-tos --email ${var.email} --domain ${var.domain} --pre-hook 'sudo service apache2 stop' --post-hook 'sudo service apache2 start' --dry-run", #--dry-run is for staging not production chage this
- "certbot renew --dry-run"
+ "certbot --apache --non-interactive --agree-tos --email ${var.email} --domain ${var.domain} --pre-hook 'sudo service apache2 stop' --post-hook 'sudo service apache2 start'", #--dry-run is for staging not production chage this
+ "certbot renew",
]
connection {
- host = "${var.phishing_server_ip}"
- type = "ssh"
- user = "root"
- private_key = "${file("../../redbaron/data/ssh_keys/${var.phishing_server_ip}")}"
+ host = var.phishing_server_ip
+ type = "ssh"
+ user = "root"
+ private_key = file("ssh_keys/${var.phishing_server_ip}")
}
}
}
-
-
-# Resource for lets-encrypt with multiple domains
-#resource "null_resource" "lets-encrypt" {
-# count = "${var.counter}"
-# provisioner "remote-exec" {
-# inline = [
-# "certbot --apache --non-interactive --agree-tos --email ${var.email} --domain ${element(var.domains, count.index)} --pre-hook 'sudo service apache2 stop' --post-hook 'sudo service apache2 start'",
-# "certbot renew --dry-run"
-# ]
-
-# connection {
-# host = "${element(var.phishing_server_ip, count.index)}"
-# type = "ssh"
-# user = "root"
-# private_key = "${file("../../redbaron/data/ssh_keys/${element(var.phishing_server_ip, count.index)}")}"
-# }
-# }
-# }
diff --git a/redbaron/modules/letsencrypt/digitalocean/create-cert-webserver-do/outputs.tf b/redbaron/modules/letsencrypt/digitalocean/create-cert-webserver-do/outputs.tf
deleted file mode 100644
index e69de29..0000000
diff --git a/redbaron/modules/letsencrypt/digitalocean/create-cert-webserver-do/variables.tf b/redbaron/modules/letsencrypt/digitalocean/create-cert-webserver-do/variables.tf
index 29fc0ec..e0d5a1f 100644
--- a/redbaron/modules/letsencrypt/digitalocean/create-cert-webserver-do/variables.tf
+++ b/redbaron/modules/letsencrypt/digitalocean/create-cert-webserver-do/variables.tf
@@ -2,13 +2,15 @@ variable "domain" {
# type = "list"
}
-variable "count" {
+variable "counter" {
default = 1
}
+
variable "phishing_server_ip" {
- # type = "list"
+ # type = "list"
}
variable "email" {
default = "fakeemail@a.com"
}
+
diff --git a/redbaron/modules/letsencrypt/digitalocean/create-cert-webserver-do/versions.tf b/redbaron/modules/letsencrypt/digitalocean/create-cert-webserver-do/versions.tf
new file mode 100644
index 0000000..ac97c6a
--- /dev/null
+++ b/redbaron/modules/letsencrypt/digitalocean/create-cert-webserver-do/versions.tf
@@ -0,0 +1,4 @@
+
+terraform {
+ required_version = ">= 0.12"
+}