diff --git a/ansible/.gitignore b/ansible/.gitignore new file mode 100644 index 0000000..ea40935 --- /dev/null +++ b/ansible/.gitignore @@ -0,0 +1,97 @@ +# Add any directories, files, or patterns you don't want to be tracked by version control +# Add any directories, files, or patterns you don't want to be tracked by version control +.idea/ + +# Byte-compiled / optimized / DLL files +__pycache__/ +*.py[cod] +*$py.class + +# C extensions +*.so + +# Distribution / packaging +.Python +env/ +build/ +develop-eggs/ +dist/ +downloads/ +eggs/ +.eggs/ +lib/ +lib64/ +parts/ +sdist/ +var/ +*.egg-info/ +.installed.cfg +*.egg + +# PyInstaller +# Usually these files are written by a python script from a template +# before PyInstaller builds the exe, so as to inject date/other infos into it. +*.manifest +*.spec + +# Installer logs +pip-log.txt +pip-delete-this-directory.txt + +# Unit test / coverage reports +htmlcov/ +.tox/ +.coverage +.coverage.* +.cache +nosetests.xml +coverage.xml +*,cover +.hypothesis/ +cover*/ + +# Translations +*.mo +*.pot + +# Django stuff: +*.log +local_settings.py + +# Flask instance folder +instance/ + +# Scrapy stuff: +.scrapy + +# Sphinx documentation +docs/_build/ + +# PyBuilder +target/ + +# IPython Notebook +.ipynb_checkpoints + +# pyenv +.python-version + +# celery beat schedule file +celerybeat-schedule + +# dotenv +.env + +# Spyder project settings +.spyderproject + +# Emacs +*~ +[#]*[#] +.[#]*[#] +.[#]* + +# Ansible +*.retry +hosts.conf + diff --git a/ansible/README.md b/ansible/README.md new file mode 100644 index 0000000..c06ad33 --- /dev/null +++ b/ansible/README.md @@ -0,0 +1,176 @@ +# ADHD Ansible Installation + +In the interest of integrating the Active Defense philosophy into a +DevOps workflow, this is an attempt at creating an Ansible role for +ADHD. + +## Who is it for? + +Anyone that wants to play around with using the ADHD tools in their +environment or in the cloud. + +## Requirements + +- Some familiarity with [Ansible](https://www.ansible.com/get-started) + and a working installation of the same using Python**3.5+** +- Access to either: + - An Ubuntu 16.04 (**32-bit**) machine/VM + - A working [DigitalOcean](http://www.digitalocean.com) account + +### Installing Ansible + +The easiest way to install ansible is via the Python packaging +program, `pip` and the virtual environment program, `virtualenv`. + +- **macOS** + - Get [Homebrew](https://brew.sh/) + - `brew install python3` + - `pip3 install virtualenv` +- **Ubuntu 16.04** or any other modern Deb-ish if doing remote install + - `apt install python3 python3-pip` + - `pip3 install virtualenv` +- **Windows** + - Get [MiniConda for Python3](https://conda.io/miniconda.html) + - From Anaconda Prompt: `conda install -c conda-forge ansible` + - *Caveat Emptor*: I haven't played around with any of this on + Windows + +``` +virtualenv adhd_env +source adhd_env/bin/activate +pip3 install -r requirements.txt +``` + +## AHDH in the Cloud (DigitalOcean) + +You now have the tools to create a number of ADHD hosts in the cloud +using DigitalOcean. Below are some rough instructions to accomplish +this. + +- Go to your DigitalOcean account and create an application token for + your ADHD instance(s). Copy it. +- Initialize the `.tokenmanager.yml` token management file + +``` +python -m tokenmanager --init +``` + +- Edit `~/.tokenmanager.yml` and add the following YAML code: + +``` +digitalocean: + adhd: +``` + +- Edit the `dowright.yml` file in this directory to match your needs + +```yaml +token: adhd +prefix: adhd +droplets: + # This ("data") is a droplet group that will be both a DigitalOcean + # tag as well as an Ansible inventory group + data: + # Multiple nodes can be specified using Ansible's syntax + - name: data[00:02] + # you can provide shell commands in the list below that will be + # executed on all created droplets once created + cloud_config_commands: + - apt update + - apt install -y python python-pip python3 python3-pip + - pip2 install --upgrade pip + - pip3 install --upgrade pip + +defaults: + image: ubuntu-16-04-x32 # Currently, only this slug is supported + size_slug: 1gb + region: nyc1 + ssh_keys: + # put your SSH key ids here + - 439892 + - 438959 + private_networking: yes + +domains: + # make sure the domain listed here (e.g. mydomain.net) is one that + # 1) you own and 2) is managed by DigitalOcean's DNS infrastructure + mydomain.net: + - type: A + name: adhd-master # i.e. adhd-master.mydomain.net + + data: data00 # this is the droplet name as written + # in the "droplets:" section above + + - type: A + name: financialdata + data: data01 + - type: A + name: juicyinfo + data: data02 + +# Here we specify the structure of the generated Ansible inventory +# file. +inventory: + name: hosts.conf # Inventory filename + groups: # Inventory groups + adhd_master: + hosts: + - name: data00 + adhd: + children: + - name: data +``` + +- Run the `dowright` script. The below command will: + 1. Build the droplets and run their cloud configurations (`-b`) + 2. Wait until the build/config process completes (`-w`) + 3. Create the DNS entries for the created droplets (`-d`) + 4. Render an Ansible inventory file for the created droplets + (`-i`) + +``` +python -m dowright dowright.yml -bwdi +``` + +- Run the `setup_adhd.yml` playbook: + +``` +ansible-playbook -i hosts.conf setup_adhd.yml +``` + +- Get a cup of coffee. Hopefully, after you've had a few draughts of + the tasty beverage, you'll have a set of ADHD nodes to play with. + +## Warning: Public Webkit + +All of your AHDH nodes have Apache2 serving the ADHD webkit publicly +on port 80. This is the way the `adhd-install.sh` file does it, and as +this was a (semi) faithful representation of that script, it results +in the same outcome. + +You might want to stop the apache2 service until you get your +bearings: + +``` +ansible -i hosts.conf adhd -m service -a 'name=apache2 state=stopped' +``` + +## Picking and Choosing ADHD Tools + +You can modify the tools to be installed for any particular droplet or +groups of droplets by providing the following Ansible variable in a +host file in `host_vars` or a group file in `group_vars`: + +```yaml +ansible_tool_names_to_install: + - opencanary + - cowrie +``` + +This will only install the tools listed on those droplets. + +## Kludges + +- beef: had to "fix" the json gem (forcing it to use the 'json_pure' + package) reference so the beef package would `bundle update` + correctly diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg new file mode 100644 index 0000000..0febeaa --- /dev/null +++ b/ansible/ansible.cfg @@ -0,0 +1,2 @@ +[defaults] +host_key_checking=False \ No newline at end of file diff --git a/ansible/dowright.yml b/ansible/dowright.yml new file mode 100644 index 0000000..9b060e5 --- /dev/null +++ b/ansible/dowright.yml @@ -0,0 +1,60 @@ +token: adhd +prefix: adhd +droplets: + # This ("data") is a droplet group that will be both a DigitalOcean + # tag as well as an Ansible inventory group + data: + # Multiple nodes can be specified using Ansible's syntax + - name: data[00:02] + # you can provide shell commands in the list below that will be + # executed on all created droplets once created + cloud_config_commands: + - apt update + - apt install -y python python-pip python3 python3-pip + - pip2 install --upgrade pip + - pip3 install --upgrade pip + +defaults: + image: ubuntu-16-04-x32 # Currently, only this slug is supported + size_slug: 1gb + region: nyc1 + ssh_keys: + # put your SSH key ids here + - 439892 + - 438959 + private_networking: yes + +domains: + # make sure the domain listed here (e.g. mydomain.net) is one that + # 1) you own and 2) is managed by DigitalOcean's DNS infrastructure + mydomain.net: + - type: A + name: adhd-master # i.e. adhd-master.mydomain.net + + data: data00 # this is the droplet name as written + # in the "droplets:" section above + + - type: A + name: financialdata + data: data01 + - type: A + name: juicyinfo + data: data02 + +# Here we specify the structure of the generated Ansible inventory +# file. +inventory: + name: hosts.conf # Inventory filename + groups: # Inventory groups + adhd_master: + hosts: + - name: data00 + adhd: + children: + - name: data + + + + + + diff --git a/ansible/filter_plugins/filter_utils.py b/ansible/filter_plugins/filter_utils.py new file mode 100644 index 0000000..9047eaa --- /dev/null +++ b/ansible/filter_plugins/filter_utils.py @@ -0,0 +1,68 @@ +from pathlib import Path + +def map_default(seq, attribute, default=None): + for v in seq: + yield v.get(attribute, default) + +def map_omit(seq, attribute): + for v in seq: + if attribute in v: + yield v[attribute] + +def map_format(seq, format_str): + for obj in seq: + args, kwargs = (), {} + if type(obj) is str: + args = [obj] + elif type(obj) is dict: + kwargs = obj + else: + if len(obj) == 2: + args, kwargs = obj + else: + args = obj + yield format_str.format(*args, **kwargs) + +def exists(fname): + for root in ['.','roles/adhd/tasks']: + p = Path(root, fname) + if p.exists(): + return True + return False + +def file_exists(seq): + for fname in seq: + if exists(fname): + yield fname + +def lower_all(seq): + return [v.lower() for v in seq] + +def merge_tools(seq): + merged = {} + for tools in seq: + for tool_name in tools: + new_tools = merged.setdefault(tool_name, {}) + tdict = tools[tool_name] + for key in tdict: + if key in new_tools: + if type(new_tools[key]) in {list,tuple}: + new_tools[key].extend(tdict[key]) + else: + new_tools[key] = tdict[key] + else: + new_tools[key] = tdict[key] + return merged + +class FilterModule(object): + ''' Filter utilities ''' + + def filters(self): + return { + 'map_default': map_default, + 'map_omit': map_omit, + 'merge_tools': merge_tools, + 'map_format': map_format, + 'file_exists': file_exists, + 'lower_all': lower_all, + } diff --git a/ansible/group_vars/adhd/vars.yml b/ansible/group_vars/adhd/vars.yml new file mode 100644 index 0000000..9abdcad --- /dev/null +++ b/ansible/group_vars/adhd/vars.yml @@ -0,0 +1,5 @@ +adhd_mysql_root_password: adhd +adhd_mysql_webbuguser_password: adhd +adhd_mysql_weblabyrinthuser_password: adhd +adhd_postgres_root_password: adhd +adhd_postgres_decloakuser_password: adhd diff --git a/ansible/group_vars/ubuntu-15-10.yml b/ansible/group_vars/ubuntu-15-10.yml new file mode 100644 index 0000000..7613239 --- /dev/null +++ b/ansible/group_vars/ubuntu-15-10.yml @@ -0,0 +1,11 @@ +adhd_ubuntu_version_packages: + - php5 + - php5-mysql + - php5-pgsql + - php5-sqlite + - php5-odbc + +adhd_ubuntu_version_tools: + decloak: + apt: + - openjdk-7-jdk diff --git a/ansible/group_vars/ubuntu-16-04-x32.yml b/ansible/group_vars/ubuntu-16-04-x32.yml new file mode 120000 index 0000000..e34a459 --- /dev/null +++ b/ansible/group_vars/ubuntu-16-04-x32.yml @@ -0,0 +1 @@ +ubuntu-16-04-x64.yml \ No newline at end of file diff --git a/ansible/requirements.txt b/ansible/requirements.txt new file mode 100644 index 0000000..681453f --- /dev/null +++ b/ansible/requirements.txt @@ -0,0 +1,3 @@ +ansible +dowright +tokenmanager diff --git a/ansible/roles/adhd/defaults/main.yml b/ansible/roles/adhd/defaults/main.yml new file mode 100644 index 0000000..5d2d964 --- /dev/null +++ b/ansible/roles/adhd/defaults/main.yml @@ -0,0 +1,476 @@ +# roles/adhd/defaults/main.yml + +adhd_user: adhd +adhd_group: '{{ adhd_user }}' +adhd_home: /adhd +adhd_tool_root: /opt + +adhd_general_packages: + - git + - screen + - sqlite3 + - sqlite + - nmap + - vim + - icedtea-8-plugin + - browser-plugin-freshplayer-pepperflash + - python-dev + - python3-dev + - python-pip + - python3-pip + - python-virtualenv + - python3-virtualenv + - ruby + - ruby-bundler +adhd_ubuntu_version_packages: [] # to be overridden in /group_vars +adhd_packages: '{{ adhd_general_packages + adhd_ubuntu_version_packages }}' + +adhd_neoadhd_repo: 'deb https://prometheaninfosec.com/neoadhd ./' + +adhd_tool_names_to_install: >- + {{ adhd_toolsets | sum(attribute="tools", start=[]) | union([]) }} + +adhd_webkit: + repo: 'https://github.com/adhdproject/webkit' + dir: /var/www/adhd + interface: '*' + port: 80 + site_conf: 999-adhd.conf + enable_modules: + - rewrite + - php7.0 + - mpm_prefork + disable_modules: + - mpm_event + + +adhd_passwords: + mysql: + root: '{{ adhd_mysql_root_password }}' + webbuguser: '{{ adhd_mysql_webbuguser_password }}' + weblabyrinthuser: '{{ adhd_mysql_weblabyrinthuser_password }}' + postgres: + root: '{{ adhd_postgres_root_password }}' + decloakuser: '{{ adhd_postgres_decloakuser_password }}' + +adhd_toolsets: + - name: annoyance + tools: + - artillery + - beartrap + - cowrie + - cryptolocked + - cryptolocked-ng + - defense-by-numbers + - denyhosts + - invisiport + - kippo + - nova + - oschameleon + - PHP-HTTP-Tarpit + - portspoof + - psad + - remux + - rubberglue + - spidertrap + - tcprooter + - weblabyrinth + - windows-tools + - wordpot + + - name: attribution + tools: + - creepy + - decloak + - docz.py + - honeybadger + - honeybadgerv2 + - jar-combiner + - sqlitebugserver + - webbugserver + - whosthere + + - name: absolution + tools: + - human.py + - lockdown + - TALOS + - OpenBAC + # - sent.py + - simple-pivot-detect + - sweeper + - opencanary + + - name: attack + tools: + - beef + - gcat + - ghostwriting + - java-web-attack + - metasploit + - recon-ng + - sidejack + +adhd_tools: + #----- + # A + artillery: + package: adhd-artillery + git: https://github.com/BinaryDefense/artillery.git + dir: /opt/artillery + + #----- + # B + beartrap: + package: adhd-beartrap + git: https://github.com/chrisbdaemon/beartrap.git + dir: /opt/beartrap + apt: + - ruby + gem: + - getopt + + beef: + package: adhd-beef + dir: /opt/beef + apt: + - ruby + - ruby-dev + - sqlite3 + - sqlite3-doc + - libsqlite-dev + - libsqlite3-dev + - software-properties-common + gem: + - bundler + + #----- + # C + cowrie: + package: adhd-cowrie + dir: /opt/cowrie + keyfile: 'ssh_host_dsa_key' + apt: + - libmpfr-dev + - libssl-dev + - libffi-dev + - build-essential + - libpython-dev + - libmpc-dev + - libmysqlclient-dev + - git + - python-twisted + - python-configparser + - python-crypto + - python-pyasn1 + - python-gmpy2 + - python-mysqldb + - python-zope.interface + pip: + - twisted # [conch] + - cryptography + - configparser + - pyopenssl + - gmpy2 + - service_identity + - pycrypto + - MySQL-python + pip3: + - mysqlclient + + creepy: + package: adhd-creepy + dir: /opt/creepy + apt: + - python-qt4 + - python-pip + pip: + - pytz + - python-qt + - flickrapi + - python-instagram + - yapsy + - tweepy + - google-api-python-client + - python-dateutil + - configobj + - dominate + + cryptolocked: + package: adhd-cryptolocked + git: https://bitbucket.org/Zaeyx/cryptolocked.git + dir: /opt/cryptolocked + + cryptolocked-ng: + package: adhd-cryptolocked-ng + dir: /opt/cryptolocked-ng + + #----- + # D + decloak: + package: adhd-decloak + dir: /opt/decloak + postgres_dir: /opt/decloak/.postgres_operations_dir + apt: + - haxe + - postgresql + - postgresql-contrib + pip: + - psycopg2 + pip3: + - psycopg2 + + defense-by-numbers: + package: adhd-defense-by-numbers + dir: /opt/defense-by-numbers + + denyhosts: + package: adhd-denyhosts + dir: /opt/denyhosts + + docz.py: + package: adhd-docz.py + dir: /opt/docz.py + + #----- + # G + gcat: + package: adhd-gcat + dir: /opt/gcat + + ghostwriting: + package: adhd-ghostwriting + dir: /opt/ghostwriting + + #----- + # H + honeyports: + package: adhd-honeyports + dir: /opt/honeyports/cross-platform/honeyports/ + apt: + - arpspoof + + honeybadger: + package: adhd-honeybadger + dir: /opt/honeybadger + + honeybadgerv2: + package: adhd-honeybadgerv2 + dir: /opt/honeybadgerv2 + + human.py: + package: adhd-human.py + dir: /opt/human.py + + #----- + # I + invisiport: + package: adhd-invisiport + dir: /opt/invisiport + + #----- + # J + jar-combiner: + package: adhd-jar-combiner + dir: /opt/jar-combiner + + java-web-attack: + package: adhd-java-web-attack + dir: /opt/java-web-attack + + #----- + # K + kippo: + package: adhd-kippo + dir: /opt/kippo + apt: + - python-twisted + + #----- + # L + lockdown: + package: adhd-lockdown + dir: /opt/lockdown + pip: + - splinter + geckodriver: + url: https://github.com/mozilla/geckodriver/releases/download/v0.11.1/geckodriver-v0.11.1-linux32.tar.gz + + + #----- + # M + metasploit: + dir: /opt/metasploit + repo: 'https://github.com/rapid7/metasploit-framework' + apt: + - zlib1g-dev + - libpq-dev + - libpcap-dev + - libsqlite-dev + - libsqlite3-dev + - libpq-dev + - libpcap-dev + + #----- + # N + nova: + package: adhd-nova + dir: /opt/nova + + #----- + # O + OpenBAC: + package: adhd-openbac + dir: /opt/OpenBAC + + opencanary: + package: adhd-opencanary + dir: /opt/opencanary + + oschameleon: + package: adhd-oschameleon + dir: /opt/oschameleon + apt: + - python-nfqueue + - python-gevent + - python-scapy + + #----- + # P + PHP-HTTP-Tarpit: + package: adhd-php-http-tarpit + dir: /opt/PHP-HTTP-Tarpit + git: https://github.com/msigley/PHP-HTTP-Tarpit + + portspoof: + package: adhd-portspoof + dir: /opt/portspoof + + psad: + package: adhd-psad + dir: /opt/psad + apt: + - cpanminus + + #----- + # R + recon-ng: + package: adhd-recon-ng + dir: /opt/recon-ng + apt: + - libxml2-dev + - libxslt1-dev + + remux: + package: adhd-remux + dir: /opt/remux + + rubberglue: + package: adhd-rubberglue + dir: /opt/rubberglue + + #----- + # S + # sent.py: + # dir: /opt/sent.py + + set: + dir: /opt/set + config_path: /etc/setoolkit/set.config + + sidejack: + package: adhd-sidejack + dir: /opt/sidejack + + simple-pivot-detect: + package: adhd-simple-pivot-detect + dir: /opt/simple-pivot-detect + + spidertrap: + package: adhd-spidertrap + dir: /opt/spidertrap + + sqlitebugserver: + package: adhd-sqlitebugserver + dir: /opt/sqlitebugserver + + sweeper: + package: adhd-sweeper + dir: /opt/sweeper + + #----- + # T + TALOS: + package: adhd-talos + dir: /opt/TALOS + pip: + - netaddr + - twisted + - paramiko + + tcprooter: + package: adhd-tcprooter + dir: /opt/tcprooter + + #----- + # W + webbugserver: + package: adhd-webbugserver + dir: /opt/webbugserver + mysql_dir: /opt/webbugserver/.mysql_operations_dir + apt: + - libmysqlclient-dev + - python-mysqldb + - mysql-server + pip: + - MySQL-python + pip3: + - mysqlclient + + weblabyrinth: + package: adhd-weblabyrinth + dir: /opt/weblabyrinth + mysql_dir: /opt/weblabyrinth/.mysql_operations_dir + apt: + - libmysqlclient-dev + - python-mysqldb + - mysql-server + pip: + - MySQL-python + pip3: + - mysqlclient + + whosthere: + package: adhd-whosthere + dir: /opt/whosthere + apt: + - golang + - golang-go + + windows-tools: + package: adhd-windows-tools + dir: /opt/windows-tools + + wordpot: + package: adhd-wordpot + dir: /opt/wordpot + pip: + - flask + +adhd_all_tools: >- + {{ [adhd_tools, adhd_ubuntu_version_tools] | merge_tools }} + +adhd_tools_to_install: >- + {{ adhd_tool_names_to_install | map("extract", adhd_all_tools) | list }} + +adhd_tool_packages: + apt: '{{ adhd_tools_to_install|map_default("apt",[])|sum(start=[]) }}' + pip: '{{ adhd_tools_to_install|map_default("pip",[])|sum(start=[]) }}' + pip3: '{{ adhd_tools_to_install|map_default("pip3",[])|sum(start=[]) }}' + gem: '{{ adhd_tools_to_install|map_default("gem",[])|sum(start=[]) }}' + tools: '{{ adhd_tools_to_install | map_omit("package") | list }}' + +adhd_mysql_tools: + - cowrie + - weblabyrinth + - webbugserver diff --git a/ansible/roles/adhd/handlers/main.yml b/ansible/roles/adhd/handlers/main.yml new file mode 100644 index 0000000..42410f0 --- /dev/null +++ b/ansible/roles/adhd/handlers/main.yml @@ -0,0 +1,56 @@ +# roles/adhd/handlers/main.yml + +- name: stop apache + service: + name: apache2 + state: stopped + +- name: restart apache + service: + name: apache2 + state: restarted + listen: modified webkit + +- name: reset adhd webkit owner + file: + path: '{{ adhd_webkit.dir }}' + owner: www-data + group: www-data + recurse: yes + listen: modified webkit + +- name: set /opt owner to adhd user + file: + path: '{{ adhd_tool_root }}' + owner: '{{ adhd_user }}' + group: '{{ adhd_user }}' + recurse: yes + listen: modified tool root + +- name: restart postgresql + service: + name: postgresql + state: restarted + +- name: create weblabyrinth.crawlers table + mysql_db: + name: weblabyrinth + state: import + target: '{{ adhd_tools.weblabyrinth.mysql_dir }}/weblabyrinth_mysql.sql' + login_user: root + login_password: '{{ adhd_passwords.mysql.root }}' + +- name: create webbug.requests table + mysql_db: + name: webbug + state: import + target: '{{ adhd_tools.webbugserver.mysql_dir }}/webbugserver_mysql.sql' + login_user: root + login_password: '{{ adhd_passwords.mysql.root }}' + +- name: create decloak requests table + become: yes + become_user: postgres + shell: >- + psql -f {{ adhd_tools.decloak.postgres_dir }}/decloak_postgres.sql + diff --git a/ansible/roles/adhd/tasks/artillery.yml b/ansible/roles/adhd/tasks/artillery.yml new file mode 100644 index 0000000..61c1ecb --- /dev/null +++ b/ansible/roles/adhd/tasks/artillery.yml @@ -0,0 +1,6 @@ +- name: link artillery to /var + file: + state: link + src: '{{ adhd_tools.artillery.dir }}' + dest: '/var/artillery' + diff --git a/ansible/roles/adhd/tasks/beef.yml b/ansible/roles/adhd/tasks/beef.yml new file mode 100644 index 0000000..471f95f --- /dev/null +++ b/ansible/roles/adhd/tasks/beef.yml @@ -0,0 +1,18 @@ +- name: ___KLUDGE___ fix json gem error + lineinfile: + path: '{{ adhd_tools.beef.dir }}/Gemfile' + regexp: "gem 'json'" + line: "gem 'json_pure'" + backrefs: yes + tags: + - beef + +- name: update beef bundle + shell: 'bundle update && touch {{ adhd_tools.beef.dir }}/.done' + args: + chdir: '{{ adhd_tools.beef.dir }}' + creates: '{{ adhd_tools.beef.dir }}/.done' + executable: /bin/bash + tags: + - beef + diff --git a/ansible/roles/adhd/tasks/cowrie.yml b/ansible/roles/adhd/tasks/cowrie.yml new file mode 100644 index 0000000..16d2e9a --- /dev/null +++ b/ansible/roles/adhd/tasks/cowrie.yml @@ -0,0 +1,10 @@ +- name: generate cowrie dsa key + command: 'ssh-keygen -N "" -t dsa -b 1024 -f {{ adhd_tools.cowrie.dir }}/{{ adhd_tools.cowrie.keyfile }}' + args: + creates: '{{ adhd_tools.cowrie.dir }}/{{ adhd_tools.cowrie.keyfile }}' + +- name: install cowrie requirements + pip: + requirements: '{{ adhd_tools.cowrie.dir }}/requirements.txt' + executable: pip2 + diff --git a/ansible/roles/adhd/tasks/decloak.yml b/ansible/roles/adhd/tasks/decloak.yml new file mode 100644 index 0000000..eb3b472 --- /dev/null +++ b/ansible/roles/adhd/tasks/decloak.yml @@ -0,0 +1,48 @@ +- name: create postgres user directory for decloak operations + file: + path: '{{ adhd_tools.decloak.postgres_dir }}' + state: directory + owner: postgres + +- name: create decloak user + become: yes + become_user: postgres + postgresql_user: + name: decloakuser + password: '{{ adhd_passwords.postgres.decloakuser }}' + +- name: create decloak database + become: yes + become_user: postgres + postgresql_db: + name: decloak + state: present + notify: + - create decloak requests table + - restart postgresql + +- name: render decloak postgres sql + template: + src: decloak_postgres.sql + dest: '{{ adhd_tools.decloak.postgres_dir }}/decloak_postgres.sql' + notify: + - create decloak requests table + +- name: configure postgres for decloak + lineinfile: + path: '/etc/postgresql/9.5/main/pg_hba.conf' + regexp: "local all all peer" + line: "local all all md5" + backrefs: yes + notify: + - restart postgresql + # with_fileglob: + # - '/etc/postgresql/9.5/main/pg_hba.conf' + # register: configure_pg_hba + +# - name: restart postgres with change in pg_hba.conf +# service: +# name: postgresql +# state: restarted +# when: configure_pg_hba.changed + diff --git a/ansible/roles/adhd/tasks/honeybadgerv2.yml b/ansible/roles/adhd/tasks/honeybadgerv2.yml new file mode 100644 index 0000000..46c6250 --- /dev/null +++ b/ansible/roles/adhd/tasks/honeybadgerv2.yml @@ -0,0 +1,11 @@ +- name: install honeybadgerv2 pip2 requirements + pip: + requirements: '{{ adhd_tools.honeybadgerv2.dir }}/server/requirements.txt' + executable: pip2 + +- name: init honeybadgerv2 db + command: python -c "import honeybadger; honeybadger.initdb('adhd','adhd')" + args: + chdir: '{{ adhd_tools.honeybadgerv2.dir }}/server' + creates: '/tmp/data.db' + diff --git a/ansible/roles/adhd/tasks/lockdown.yml b/ansible/roles/adhd/tasks/lockdown.yml new file mode 100644 index 0000000..086129a --- /dev/null +++ b/ansible/roles/adhd/tasks/lockdown.yml @@ -0,0 +1,5 @@ +- name: install geckodriver for lockdown + unarchive: + src: '{{ adhd_tools.lockdown.geckodriver.url }}' + dest: /usr/local/bin + remote_src: yes diff --git a/ansible/roles/adhd/tasks/main.yml b/ansible/roles/adhd/tasks/main.yml new file mode 100644 index 0000000..b21b956 --- /dev/null +++ b/ansible/roles/adhd/tasks/main.yml @@ -0,0 +1,135 @@ +# roles/adhd/tasks/main.yml + +- name: setup adhd group + group: + name: '{{ adhd_group }}' + state: present + +- name: setup adhd user + user: + name: '{{ adhd_user }}' + groups: '{{ adhd_group }},sudo' + +- name: neoadhd repo + apt_repository: + repo: '{{ adhd_neoadhd_repo }}' + state: present + +- name: apt update + apt: + update_cache: yes + + + +#---------------------------------------------------------------------- +# Configure root MySQL password (before installing mysql package) +- name: setup root mysql password 1 + debconf: + name: 'mysql-server' + question: 'mysql-server/root_password' + vtype: password + value: '{{ adhd_passwords.mysql.root }}' + when: adhd_tool_names_to_install | intersect(adhd_mysql_tools) + +- name: setup root mysql password 2 + debconf: + name: 'mysql-server' + question: 'mysql-server/root_password_again' + vtype: password + value: '{{ adhd_passwords.mysql.root }}' + when: adhd_tool_names_to_install | intersect(adhd_mysql_tools) +#---------------------------------------------------------------------- + + + +- name: install general apt packages for adhd + apt: + name: '{{ adhd_packages | join(",") }}' + state: present + +- name: 'install tool-specific apt packages' + apt: + name: '{{ adhd_tool_packages.apt | join(",") }}' + state: present + +- name: 'install tool-specific pip2 packages' + pip: + name: '{{ adhd_tool_packages.pip | join(",") }}' + state: present + executable: pip2 + +- name: 'install tool-specific pip3 packages' + pip: + name: '{{ adhd_tool_packages.pip3 | join(",") }}' + state: present + executable: pip3 + +- name: 'install tool-specific gems packages' + gem: + name: '{{ item }}' + state: present + with_items: '{{ adhd_tool_packages.gem }}' + +- name: install neoadhd tool packages + apt: + name: '{{ adhd_tool_packages.tools | join(",") }}' + state: present + force: yes + allow_unauthenticated: yes + notify: modified tool root + +- name: 'include/run tool-specific tasks' + include_tasks: '{{ item }}' + with_items: '{{ adhd_tool_names_to_install | map_format("{}.yml") | file_exists | list }}' + notify: modified tool root + + + +#---------------------------------------------------------------------- +# Webkit +- name: install apache2 + apt: + name: apache2 + state: present + +- name: disable apache2 modules + apache2_module: + state: absent + name: '{{ item }}' + with_items: '{{ adhd_webkit.disable_modules }}' + notify: restart apache + +- name: enable apache2 modules + apache2_module: + state: present + name: '{{ item }}' + with_items: '{{ adhd_webkit.enable_modules }}' + notify: restart apache + +- name: disable default site + command: a2dissite 000-default.conf + args: + removes: /etc/apache2/sites-enabled/000-default.conf + notify: restart apache + +- name: clone adhd webkit repo + git: + repo: '{{ adhd_webkit.repo }}' + dest: '{{ adhd_webkit.dir }}' + notify: modified webkit + +- name: render adhd webkit site config + template: + src: sites-available_adhd.conf.j2 + dest: '/etc/apache2/sites-available/{{ adhd_webkit.site_conf }}' + group: www-data + owner: www-data + notify: modified webkit + +- name: enable adhd webkit site + command: 'a2ensite {{ adhd_webkit.site_conf }}' + args: + creates: '/etc/apache2/sites-enabled/{{ adhd_webkit.site_conf }}' + notify: modified webkit +#---------------------------------------------------------------------- + diff --git a/ansible/roles/adhd/tasks/metasploit.yml b/ansible/roles/adhd/tasks/metasploit.yml new file mode 100644 index 0000000..23215d2 --- /dev/null +++ b/ansible/roles/adhd/tasks/metasploit.yml @@ -0,0 +1,10 @@ +- name: clone metasploit repo + git: + repo: '{{ adhd_tools.metasploit.repo }}' + dest: '{{ adhd_tools.metasploit.dir }}' + +- name: install metasploit packages + command: 'bundle install' + args: + chdir: '{{ adhd_tools.metasploit.dir }}' + creates: '{{ adhd_tools.metasploit.dir }}/Gemfile.lock' diff --git a/ansible/roles/adhd/tasks/opencanary.yml b/ansible/roles/adhd/tasks/opencanary.yml new file mode 100644 index 0000000..eb2b905 --- /dev/null +++ b/ansible/roles/adhd/tasks/opencanary.yml @@ -0,0 +1,16 @@ +- name: install opencanary pip2 requirements + pip: + requirements: requirements.txt + executable: pip2 + chdir: '{{ adhd_tools.opencanary.dir }}' + +# - name: install opencanary via pip2 +# pip: +# name: 'file:///opt/opencanary' +# state: present +# executable: pip2 + +- name: opencanary config + command: opencanaryd --copyconfig + args: + creates: '/root/.opencanary.conf' diff --git a/ansible/roles/adhd/tasks/portspoof.yml b/ansible/roles/adhd/tasks/portspoof.yml new file mode 100644 index 0000000..5addb8a --- /dev/null +++ b/ansible/roles/adhd/tasks/portspoof.yml @@ -0,0 +1,6 @@ +- name: build/compile portspoof + shell: "./configure && make && make install" + args: + chdir: '{{ adhd_tools.portspoof.dir }}' + creates: /usr/local/bin/portspoof + executable: /bin/bash diff --git a/ansible/roles/adhd/tasks/psad.yml b/ansible/roles/adhd/tasks/psad.yml new file mode 100644 index 0000000..f6e5df6 --- /dev/null +++ b/ansible/roles/adhd/tasks/psad.yml @@ -0,0 +1,4 @@ +- name: 'add Date::Calc for psad' + cpanm: + name: 'Date::Calc' + diff --git a/ansible/roles/adhd/tasks/recon-ng.yml b/ansible/roles/adhd/tasks/recon-ng.yml new file mode 100644 index 0000000..bdbf55d --- /dev/null +++ b/ansible/roles/adhd/tasks/recon-ng.yml @@ -0,0 +1,5 @@ +- name: 'install recon-ng requirements' + pip: + requirements: '{{ adhd_tools["recon-ng"].dir }}/REQUIREMENTS' + executable: pip2 + diff --git a/ansible/roles/adhd/tasks/set.yml b/ansible/roles/adhd/tasks/set.yml new file mode 100644 index 0000000..8bec139 --- /dev/null +++ b/ansible/roles/adhd/tasks/set.yml @@ -0,0 +1,22 @@ +- name: clone SET repo + git: + repo: 'https://github.com/trustedsec/social-engineer-toolkit' + dest: '{{ adhd_tools.set.dir }}' + +- name: install SET requirements + pip: + requirements: '{{ adhd_tools.set.dir }}/requirements.txt' + executable: pip2 + +- name: create SET config + command: 'setoolkit & sleep 5 && killall python' + args: + chdir: '{{ adhd_tools.set.dir }}' + creates: '{{ adhd_tools.set.config_path }}' + +- name: fix SET metasploit path + lineinfile: + path: '{{ adhd_tools.set.config_path }}' + regexp: METASPLOIT_PATH + line: 'METASPLOIT_PATH={{ adhd_tools.metasploit.dir }}' + diff --git a/ansible/roles/adhd/tasks/tool_tasks.yml b/ansible/roles/adhd/tasks/tool_tasks.yml new file mode 100644 index 0000000..54b5248 --- /dev/null +++ b/ansible/roles/adhd/tasks/tool_tasks.yml @@ -0,0 +1,21 @@ +- include_tasks: artillery.yml + when: '{{ "artillery" in adhd_tool_names_to_install }}' + +- include_tasks: beef.yml + when: '{{ "beef" in adhd_tool_names_to_install }}' + +- include_tasks: beef.yml + when: '{{ "beef" in adhd_tool_names_to_install }}' + +- include_tasks: beef.yml + when: '{{ "beef" in adhd_tool_names_to_install }}' + +- include_tasks: beef.yml + when: '{{ "beef" in adhd_tool_names_to_install }}' + +- include_tasks: beef.yml + when: '{{ "beef" in adhd_tool_names_to_install }}' + +- include_tasks: beef.yml + when: '{{ "beef" in adhd_tool_names_to_install }}' + diff --git a/ansible/roles/adhd/tasks/webbugserver.yml b/ansible/roles/adhd/tasks/webbugserver.yml new file mode 100644 index 0000000..1147982 --- /dev/null +++ b/ansible/roles/adhd/tasks/webbugserver.yml @@ -0,0 +1,28 @@ +- name: create directory for webbugserver mysql operations + file: + path: '{{ adhd_tools.webbugserver.mysql_dir }}' + state: directory + +- name: create webbugserver database + mysql_db: + name: webbug + state: present + login_user: root + login_password: '{{ adhd_passwords.mysql.root }}' + notify: create webbug.requests table + +- name: create webbugserver user + mysql_user: + name: webbuguser + password: '{{ adhd_passwords.mysql.webbuguser }}' + state: present + login_user: root + login_password: '{{ adhd_passwords.mysql.root }}' + priv: 'webbug.*:ALL' + +- name: render webbug.requests table mysql code + template: + src: webbugserver_mysql.sql + dest: '{{ adhd_tools.webbugserver.mysql_dir }}/webbugserver_mysql.sql' + notify: create webbug.requests table + diff --git a/ansible/roles/adhd/tasks/weblabyrinth.yml b/ansible/roles/adhd/tasks/weblabyrinth.yml new file mode 100644 index 0000000..6d8f938 --- /dev/null +++ b/ansible/roles/adhd/tasks/weblabyrinth.yml @@ -0,0 +1,27 @@ +- name: create directory for weblabyrinth mysql operations + file: + path: '{{ adhd_tools.weblabyrinth.mysql_dir }}' + state: directory + +- name: create weblabyrinth database + mysql_db: + name: weblabyrinth + state: present + login_user: root + login_password: '{{ adhd_passwords.mysql.root }}' + notify: create weblabyrinth.crawlers table + +- name: create weblabyrinth user + mysql_user: + name: weblabyrinthuser + password: '{{ adhd_passwords.mysql.weblabyrinthuser }}' + state: present + login_user: root + login_password: '{{ adhd_passwords.mysql.root }}' + priv: 'weblabyrinth.*:ALL' + +- name: render weblabyrinth.crawlers table mysql code + template: + src: weblabyrinth_mysql.sql + dest: '{{ adhd_tools.weblabyrinth.mysql_dir }}/weblabyrinth_mysql.sql' + notify: create weblabyrinth.crawlers table diff --git a/ansible/roles/adhd/templates/decloak_postgres.sql b/ansible/roles/adhd/templates/decloak_postgres.sql new file mode 100644 index 0000000..2fdf058 --- /dev/null +++ b/ansible/roles/adhd/templates/decloak_postgres.sql @@ -0,0 +1,83 @@ +CREATE TABLE IF NOT EXISTS requests ( + cip character(32), + type character varying(16), + eip character varying(16), + iip character varying(16), + dip character varying(16), + stamp timestamp without time zone DEFAULT now() +); + + +ALTER TABLE public.requests OWNER TO decloakuser; + +-- CREATE DATABASE decloak; +-- \\connect decloak +-- -- +-- -- PostgreSQL database dump +-- -- + +-- SET statement_timeout = 0; +-- SET client_encoding = 'UTF8'; +-- SET standard_conforming_strings = on; +-- SET check_function_bodies = false; +-- SET client_min_messages = warning; + +-- -- +-- -- Name: plpgsql; Type: EXTENSION; Schema: -; Owner: +-- -- + +-- CREATE EXTENSION IF NOT EXISTS plpgsql WITH SCHEMA pg_catalog; + + +-- -- +-- -- Name: EXTENSION plpgsql; Type: COMMENT; Schema: -; Owner: +-- -- + +-- COMMENT ON EXTENSION plpgsql IS 'PL/pgSQL procedural language'; + + +-- SET search_path = public, pg_catalog; + +-- SET default_tablespace = ''; + +-- SET default_with_oids = false; + +-- -- +-- -- Name: requests; Type: TABLE; Schema: public; Owner: decloakuser; +-- -- Tablespace: +-- -- + +-- CREATE TABLE requests ( +-- cip character(32), +-- type character varying(16), +-- eip character varying(16), +-- iip character varying(16), +-- dip character varying(16), +-- stamp timestamp without time zone DEFAULT now() +-- ); + + +-- ALTER TABLE public.requests OWNER TO decloakuser; + +-- -- +-- -- Data for Name: requests; Type: TABLE DATA; Schema: public; +-- -- Owner: decloakuser +-- -- + +-- COPY requests (cip, type, eip, iip, dip, stamp) FROM stdin; +-- \. + + +-- -- +-- -- Name: public; Type: ACL; Schema: -; Owner: postgres +-- -- + +-- REVOKE ALL ON SCHEMA public FROM PUBLIC; +-- REVOKE ALL ON SCHEMA public FROM postgres; +-- GRANT ALL ON SCHEMA public TO postgres; +-- GRANT ALL ON SCHEMA public TO PUBLIC; + + +-- -- +-- -- PostgreSQL database dump complete +-- -- diff --git a/ansible/roles/adhd/templates/sites-available_adhd.conf.j2 b/ansible/roles/adhd/templates/sites-available_adhd.conf.j2 new file mode 100644 index 0000000..e397636 --- /dev/null +++ b/ansible/roles/adhd/templates/sites-available_adhd.conf.j2 @@ -0,0 +1,26 @@ + + ServerAdmin webmaster@localhost + DocumentRoot {{ adhd_webkit.dir }} + + DirectoryIndex index.php + + + + Options -Indexes +FollowSymLinks -MultiViews + AllowOverride all + Order allow,deny + Allow from all + + + + + Options +Indexes + + + + RedirectMatch 404 /(\.git|include|data|admin) + + + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log combined + diff --git a/ansible/roles/adhd/templates/webbugserver_mysql.sql b/ansible/roles/adhd/templates/webbugserver_mysql.sql new file mode 100644 index 0000000..4096e67 --- /dev/null +++ b/ansible/roles/adhd/templates/webbugserver_mysql.sql @@ -0,0 +1,7 @@ +create table if not exists webbug.requests ( + id TEXT, + type TEXT, + ip_address TEXT, + user_agent TEXT, + time INT(11) +); diff --git a/ansible/roles/adhd/templates/weblabyrinth_mysql.sql b/ansible/roles/adhd/templates/weblabyrinth_mysql.sql new file mode 100644 index 0000000..8086256 --- /dev/null +++ b/ansible/roles/adhd/templates/weblabyrinth_mysql.sql @@ -0,0 +1,9 @@ +create table if not exists weblabyrinth.crawlers ( + crawler_ip TEXT, + crawler_rdns TEXT, + crawler_useragent TEXT, + first_seen INT(11), + last_seen INT(11), + last_alert INT(11), + num_hits INT(11) +); diff --git a/ansible/setup_adhd.yml b/ansible/setup_adhd.yml new file mode 100644 index 0000000..4eb8364 --- /dev/null +++ b/ansible/setup_adhd.yml @@ -0,0 +1,5 @@ +- name: Installation of ADHD distribution + hosts: adhd + become: true + roles: + - adhd