Attack playbooks based on MITRE ATT&CK framework using ansible format
- ansible (
apt-get install ansible
) - ansible-winrm (
pip install "pywinrm>=0.3.0"
,pip install pywinrm[credssp]
) - customize vars.yaml file
- Ansible machine: Ubuntu 18.04
- Traget machine: Tested against Ubunutu 18.04 and Windows Server 2016
- Ansible Playbook machine with Semaphore GUI and mySQL database
- Victim machines, here windows and linux (Can be over the same LAN or accross the WAN, traffic is encrypted)
- Attacking machine, can be the same machine or can be split.
Attacking machine fqdn or IP are configured in the vars.yaml file
git clone https://github.com/rallyspeed/ansible-mitre.git
ansible-playbook [playbook].yaml
Some playbooks require tags
INSTALL sephamore for GUI interface. ref: https://github.com/ansible-semaphore/semaphore
apt-get install mysql-server
mysql_secure_installation
wget https://github.com/ansible-semaphore/semaphore/releases/download/v2.5.1/semaphore_2.5.1_linux_amd64.deb
dpkg -i semaphore_2.5.1_linux_amd64.deb
semaphore -setup
ssh-agent bash
ssh-add ~/.ssh/id_rsa
ssh -T git@github.com
To confirm ansible machine can reach the github reposemaphore -config /opt/config.json &
python3 -m pip uninstall pip && sudo apt install python3-pip --reinstall
apt-get install libmysqlclient-dev
pip3 install mysqlclient
pip3 install openpyxl
python3 report.py