Automated Purple Team Cyber Lab โ Built with Vagrant & Ansible.
Fully modular and scriptable infrastructure to simulate real-world attacks and defenses, reinforce enterprise resilience, and bridge the gap between Red & Blue Teams.
๐ Explore the full documentation ยท ๐ฅ View Demo ยท ๐ Report Bug ยท ๐ ๏ธ Request Feature
Click to collapse/expand
Vortex โ Purple Team Lab is a work-in-progress cyber range environment focused on enhancing enterprise resilience through realistic Purple Team exercises.
Built with Vagrant and Ansible, it enables automated deployment of virtual infrastructures to simulate advanced attack and defense scenarios.
Designed for:
- Practicing MITRE ATT&CK TTPs in a structured lab.
- Building modular topologies with Domain Controllers, SOC tools, firewalls, and attacker machines.
- Testing post-exploitation, log collection, detection engineering, and threat hunting workflows.
โ ๏ธ This project is developed during personal time, outside of any professional context. It is actively evolving and may be subject to changes.
The lab currently includes:
| Role | Technology |
|---|---|
| ๐ฃ Purple Backbone | Ansible Controller (Debian), orchestrates all provisioning |
| โ๏ธ Domain 1 | Windows Server 2022 โ Domain Controller |
| โ๏ธ Domain 2 | Windows Server 2016 โ Domain Controller |
| ๐ Firewall | PfSense |
| ๐งพ Vulnerable target | GLPI (with RCE) |
| ๐ด Red Team | Kali Linux |
| ๐ต Blue Team | Wazuh SIEM (Debian), Suricata (Ubuntu) |
Each system is deployed as an independent VM using VirtualBox, with provisioning handled by the Ansible Controller.
This setup allows users to simulate end-to-end Purple Team scenarios, from attack emulation to detection, logging, and analysis.
To use Vortex, make sure your system is properly configured with the following tools and settings:
- Base system setup
apt update && apt install -y \
curl wget git gpg \
build-essential gcc make perl \
linux-headers-$(uname -r)- Install Vagrant
wget -O- https://apt.releases.hashicorp.com/gpg \
| gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" \
| tee /etc/apt/sources.list.d/hashicorp.list
apt update && apt install -y vagrant- Install VirtualBox 7.1
wget https://download.virtualbox.org/virtualbox/7.1.6/virtualbox-7.1_7.1.6-167084~Debian~bookworm_amd64.deb
dpkg -i virtualbox-7.1_7.1.6-167084~Debian~bookworm_amd64.deb || apt --fix-broken install -yIf you encounter kernel module issues: /sbin/vboxconfig
- Install Ansible (Ubuntu PPA)
UBUNTU_CODENAME=jammy
wget -O- "https://keyserver.ubuntu.com/pks/lookup?fingerprint=on&op=get&search=0x6125E2A8C77F2818FB7BD15B93C4A3FD7BB9C367" \
| gpg --dearmour -o /usr/share/keyrings/ansible-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/ansible-archive-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu $UBUNTU_CODENAME main" \
| tee /etc/apt/sources.list.d/ansible.list
apt update && apt install -y ansible- Install required Vagrant plugins
vagrant plugin update
vagrant plugin install winrm-elevated
vagrant plugin install virtualbox- Configure VirtualBox Networking Add trusted subnets:
echo "* 10.10.1.0/24 10.10.2.0/24 10.10.0.0/24 192.168.1.0/24 192.168.2.0/24" >> /etc/vbox/networks.confCreate and configure host-only interfaces:
for i in {1..5}; do
VBoxManage hostonlyif create
done
VBoxManage hostonlyif ipconfig vboxnet1 --ip=10.10.1.254
VBoxManage hostonlyif ipconfig vboxnet2 --ip=10.10.2.254
VBoxManage hostonlyif ipconfig vboxnet3 --ip=10.10.0.254
VBoxManage hostonlyif ipconfig vboxnet4 --ip=192.168.2.254
VBoxManage hostonlyif ipconfig vboxnet5 --ip=192.168.1.254๐งช Recommended environment: Debian 12 with the above configuration. Ensure you have at least 32 GB of RAM and 256 GB of disk space available for smooth usage.
- Git clone the repository
git clone https://github.com/remington666/Vortex.git
cd Vortex- Launch the infrastructure (manual method) Provision each module in order (except the Ansible Controller, which should be launched last):
cd domaine1 && vagrant up --provision && cd ..
cd domaine2 && vagrant up --provision && cd ..
cd firewall && vagrant up --provision && cd ..
cd glpi-vagrant-ansible && vagrant up --provision && cd ..
cd kali-vagrant-ansible && vagrant up --provision && cd ..
cd soc && vagrant up --provision && cd ..
cd suricata && vagrant up --provision && cd ..
cd ansible-controller && vagrant upOnce everything is deployed, you can access the controller:
vagrant ssh๐ The Ansible configuration is automatically copied to /tmp on the controller VM.
- Use the CLI helper (recommended โ alpha) You can also use the experimental CLI script vortex.sh to automate most actions:
chmod +x vortex.sh
./vortex.sh up # Launch all modules except the controller
./vortex.sh controller # Launch the Ansible Controller only
./vortex.sh destroy # Destroy all modules except the controller
./vortex.sh destroy-all # Destroy everything
./vortex.sh list # Show all available modules
โ ๏ธ vortex.sh is in alpha. Contributions and feedback are welcome.
๐ก Notes Each module is deployed as an isolated VirtualBox VM, using Vagrant. The Ansible Controller is used to provision Windows servers, SOC components, and support post-deployment automation. The project is developed entirely in personal time and is still under active development.
Docker Integration (coming soon)
We are actively working on a Docker-based version of Vortex to streamline deployment and portability.
As mentioned in the installation section, you can use it in two ways:
-
โ With the CLI script vortex.sh (recommended): Automates all actions โ provisioning, starting, destroying, listing.
-
๐ ๏ธ Manually via vagrant up --provision in each folder (see Installation).
After deployment, you can connect to the Ansible Controller:
cd ansible-controller
vagrant sshEncountering issues? Don't worry. If you come across any problems or have questions, please don't hesitate to submit a ticket: Submit an issue on GitHub
We truly appreciate and welcome community involvement. Your contributions, feedback, and suggestions play a crucial role in improving the project for everyone. If you're interested in contributing or have ideas for enhancements, please feel free to open an issue or submit a pull request on our GitHub repository. Every contribution, no matter how big or small, is highly valued and greatly appreciated!
Please be aware that the use of the Vortex tool may be subject to specific laws and regulations in your country or region. Before using this tool, it is your responsibility to ensure that its use is in compliance with the laws applicable in your jurisdiction.
The creator of Vortex cannot be held responsible for any improper or illegal use of this tool. By using Vortex, you acknowledge and agree that you are solely responsible for complying with local laws and regulations.
In some instances, the use of Vortex might be justified for legitimate purposes such as protection against authoritarian regimes or for survival matters. However, it is strongly advised to take all necessary measures to protect yourself and to abide by the law.
By using Vortex, you acknowledge having read this disclaimer and agree to act accordingly. The creator of Vortex does not in any way endorse the use of this tool for illegal or harmful purposes.
Explore the star history of this project and see how it has evolved over time:
Your support is greatly appreciated. We're grateful for every star! Your backing fuels our passion. โจ
This project is licensed under the GNU Affero General Public License, Version 3.0. For more details, please refer to the LICENSE file in the repository: Read the license on GitHub