Skip to content
An Ansible playbook to provision a host for penetration testing and CTF challenges
Branch: master
Clone or download
Latest commit b5abc32 May 19, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
group_vars Add several binary analysis tools May 9, 2019
roles Add LinEnum May 19, 2019
.gitignore Add .gitignore Apr 28, 2019
LICENSE Add LICENSE May 5, 2019 Update README May 19, 2019
inventory.ini Replace address in template May 5, 2019
playbook.yml Add xortool May 19, 2019

What is Shiva?

Shiva is an Ansible playbook to provision a host to be used for playing CTF games, such as HackTheBox.

Quick start

  1. Create a Ubuntu 18.04 server host and ensure you have root access via SSH
  2. Install Ansible on your local machine
  3. Clone the repository to your local machine: git clone
  4. Replace with the IP address of the host to provision in the ubuntu_bionic section of inventory.ini
  5. Run the playbook: ansible-playbook -i inventory.ini -u root -l ubuntu_bionic playbook.yml

Why Shiva and not another Hindu deity?

When playing CTFs, I prefer to use cloud providers (such as Digital Ocean) rather than a local virtual machine running Kali. Although Kali is a great system, I find myself using only a small subset of the available tools and frequently find myself spinning up a cloud instance for persistence purposes anyway.

For this reason, I put together Shiva to automate building hosts in the cloud for pentesting / CTF purposes with my preferred environment. It's not a replacement for distros such as Kali and Parrot, but a way to build a more concise environment for similar purposes.

What operating systems can Shiva be used with?

Currently, Shiva has only been tested against Ubuntu 18.04.

What tools / packages are included?

Name Category Home Page
binwalk Binary Analysis
GDB Binary Analysis
nasm Binary Analysis
PEDA Binary Analysis
pwntools Binary Analysis
Radare2 Binary Analysis
Ropper Binary Analysis
FCrackZip Cracking
hashcat Cracking
John The Ripper Cracking
Hash Identifier Crypto
xortool Crypto
Go Environment
Node.js Environment
Oh My ZSH Environment
Ruby Environment
Empire Exploitation
Metasploit Exploitation
PowerSploit Exploitation
SearchSploit Exploitation
SuperTTY Exploitation
Hydra Password Attacks
Medusa Password Attacks
Ncrack Password Attacks
SecLists Password Attacks
CrackMapExec Recon
DNSRecon Recon
LinEnum Recon
Masscan Recon
Nmap Recon
pspy Recon
Recon-ng Recon
Responder Recon
Snmpcheck Recon
sslscan Recon
theHarvester Recon
tshark Recon
Apache Services
PostgreSQL Services
vsftpd Services
OpenVPN Tools
smbclient Tools
Socat Tools
Cookie Monster Web
Dirb Web
Gobuster Web
Magescan Web
Nikto Web
Shocker Web
sqlmap Web
wafw00f Web
WhatWeb Web
wfuzz Web
WPScan Web

Several directories can also be found which include pre-compiled binaries and files to aid with exploitation and post-exploitation:

Path Description
/usr/share/linux-binaries Pre-compiled Linux binaries for post-exploitation (such as pspy)
/usr/share/webshells Web shells written in several languages
/usr/share/windows-binaries Pre-compiled Windows binaries for post-exploitation (such as Mimikatz)
/usr/share/wordlists Wordlists to be used with password attacks / enumeration

What services does Shiva expose out of the box?

None; other than SSH. Apache, PostgreSQL and vsftpd are all installed, but the ports are not open to the public by default.

If you want to lock down where SSH is available out of the box, you can run the playbook with the --extra-vars switch to specify the trusted_ssh_ip variable.

For example, running the playbook with ansible-playbook -i inventory.ini -u root -l ubuntu_bionic --extra-vars "trusted_ssh_ip=" playbook.yml would add a firewall rule that would only allow to connect to port 22 and drop traffic from any other IP address.

Be cautious when doing this, a typo could lead to you locking yourself out!

Does Shiva create any user accounts?

Yes - an account named ftp is created without a default password. This is for use with vsftpd (see next section on connecting to vsftpd) but cannot be used to access the server via SSH.

How do I connect to vsftpd?

As the firewall does not expose vsftpd out of the box, you will need to open the following ports:

  • 21
  • 40000-50000

Only one user is authorised to access the FTP server out of the box (aptly named ftp). Before this user can authenticate, a password must be created for the account by running passwd ftp as root.

Note: the ftp user account is explicitly prohibited from logging into the server via SSH

If you want to allow other local user accounts to authenticate, you must:

  • Create a directory owned by root at: /srv/ftp/users/$USER
  • Create a directory owned by the user at /srv/ftp/users/$USER/files
  • Add the user's name to /etc/vsftpd.userlist

What aliases are available?


An alias that will serve the current working directory using the Python SimpleHTTPServer module


# Serve /tmp/shiva on port 9090
cd /tmp/shiva
serve-this 9090


An alias which will first start the postgresql service prior to launching the standard msfconsole binary; allowing for Metasploit to have access to the database.

Note: the postgresql service is not automatically stopped after msfconsole is stopped


There are three things I'd like to push with this going forward:

  • Increase the tool set (with useful tools, not just pushing up the count with useless stuff)
  • Setup Travis to add testing against the GitHub repository
  • Test against systems other than Ubuntu 18.04 and make adjustments to allow for a more robust list of base systems

If you can help with any of these and [more importantly] would like to - please feel free to submit pull requests or open issues with information!

You can’t perform that action at this time.