- Joined
- Jan 8, 2019
- Messages
- 56,605
- Solutions
- 2
- Reputation
- 32
- Reaction score
- 100,451
- Points
- 2,313
- Credits
- 32,570
6 Years of Service
76%
ThreatBox is a standard and controlled Linux based attack platform. I've used a version of this for years. It started as a collection of scripts, lived as a rolling virtual machine, existed as code to build a Linux ISO, and has now been converted to a set of ansible playbooks. Why Ansible? Why not? This seemed a natural evolution.
Features
Standard tools defined as ansible roles
Customizations designed to make security testing easier
Variable list to add or remove git repositories, OS packages, or python modules. (threatbox.yml)
Version tracking of the deployed instance version and the deploy tool version. This is helpful it meeting compliance rules and can help minimize fear by actively tracking all tools.
Threatbox version created at deployment and displayed in desktop wallpaper
Deployed software tracked in ~/Desktop/readme
SSH port auto-switching. The deployment starts on port 22, but reconfigures the target system to the desired SSH port using the ansible_port variable in threatbox.yml
Download and compile several .net toolkits (i.e. SeatBelt.exe from Ghostpack https://github.com/GhostPack/Seatbelt)
Most python projects installed using pipenv. Use pipenv shell in the project directory to access. See https://realpython.com/pipenv-guide/ for pipenv usage guidance