0

pentest-env

Pentest environment deployer (kali linux + targets) using vagrant and chef.

官方網站
Github 資源庫
主要指標

Github星跟蹤圖

Pentest Environment Deployer, Build Status

This repo provides an easy way to deploy a clean and customized pentesting environment with Kali linux using vagrant and virtualbox.

Requirements

I assume you are familiar with virtualbox and vagrant.

Latest pentest-env release is tested with:

  • Virtualbox (6.0.4)
  • Vagrant (2.2.3)

Current box

Kali 2018.1, Box, SHA256, ------------------, -----------------------------------------------------------------, Kali 2018.1, 407b01c550e1f230fc238d12d91da899644bec2cac76a1202d7bab2f9d6cbefd, Kali 2018.1 Light, 1f58f62417219ce8fe7d5f0b72dc3a8e0c13c019e7f485e10d27a0f1f096e266, Kali 2018.1 KDE, 0f44327c2606ead670679254f27945c82eb7cc2966c4a4f1d3137160dad07fe3, Kali 2018.1 LXDE, f3765b918aec03024c2657fc75090c540d95602cd90c0ab8835b4c0a0f1da23a, Kali 2018.1 Xfce, eec6b371743467244d3f4f1032c9dc576a1ce482a32ad18b8605bd3013e142a0, Kali 2018.1 Mate, 221f1bf6936b560d8980290c2af0702f1e705798eb4ef51acc144e36c89fe51c, Kali 2018.1 E17, 0466384e8338e269b441b5f2872c28888528d244a0d31b73c7fb9d15d4f1bd0d, See the documentation page about boxes for more details.

See also others available instances.

Getting started

To get started with pentest-env, clone this repository and run vagrant up inside the directory.
This will download and run the Kali instance.

You can customize, add targets, create new targets etc.. inside pentest-env.
Some examples are available in the examples/ directory, to use one simply set the PENTESTRC environment variable:

> PENTESTRC=examples/ctf.pentestrc vagrant status
Current machine states:

kali                      running (virtualbox)
metasploitable2           not created (virtualbox)
primer                    not created (virtualbox)

This environment represents multiple VMs. The VMs are all listed
above with their current state. For more information about a specific
VM, run `vagrant status NAME`.

For more details, visit the documentation pages:

  1. Installation
  2. Usage
  3. Docker
  4. Openstack
  5. Customizations
  6. Instances
  7. Targets
  8. Write custom instances and targets
  9. Debugging
  10. Security
  11. About boxes
  12. Known issues

Some configuration examples:

  1. Configure Kali linux with Tor & proxychains
  2. Configure Kali linux with Whonix gateway
  3. Faraday cscan against metasploitable 2 & 3 targets
  4. Configure a Teamserver

Target examples:

  1. Basic Chef environment
  2. Simple & insecure Kubernetes cluster

About Security

verify checksums

It's recommended to check downloaded box files with provided checksums (SHA256).
See https://raw.githubusercontent.com/Sliim/pentest-env/master/checksums.txt for checksums list.

sshd is running

Provided boxes run the sshd service.
So if you plan to run the Kali linux with a Bridged interface, default setup can be dangerous!

  • root password of kali is toor.
  • SSH private key is not private! Anyone can use this key to connect to your instance.

See the secure the environment page to automatically change these defaults values.

I recommend to disable SharedFoldersEnableSymlinksCreate which are enabled by default by vagrant.

More details and source in the Security/Disable SharedFoldersEnableSymlinksCreate section.

Here is some projects you can build and integrate easily with pentest-env.

License

See COPYING file

主要指標

概覽
名稱與所有者Sliim/pentest-env
主編程語言Ruby
編程語言Ruby (語言數: 2)
平台
許可證GNU General Public License v3.0
所有者活动
創建於2013-04-01 15:00:49
推送於2019-06-21 14:53:59
最后一次提交2019-06-21 16:52:59
發布數15
最新版本名稱1.1.0 (發布於 2016-08-07 01:13:44)
第一版名稱0.1 (發布於 2013-08-14 17:24:22)
用户参与
星數635
關注者數58
派生數169
提交數264
已啟用問題?
問題數50
打開的問題數1
拉請求數4
打開的拉請求數0
關閉的拉請求數1
项目设置
已啟用Wiki?
已存檔?
是復刻?
已鎖定?
是鏡像?
是私有?