Skip to content

A small infraestructure for a beginner pentesting team

Notifications You must be signed in to change notification settings

Marmeus/pentesting-infra

Repository files navigation

Infra pentesting

It has a very simple infrastructure with the tools you might need when working on a pentesting team.

It contains:

  • WireGuard (VPN)
  • PiHole (DNS) - dns.lan
  • PwnDoc - pwndoc.lan
  • Gitea - git.lan
  • Netdata - netdata.lan
  • Nginx
  • KMS

Requirements

Before executing the script install.sh, you need to modify your Ubuntu machine so you can initialise the docker container while having the DNS resolver working for the installation..

  1. Modify the file /etc/systemd/resolved.conf with the following content.
[Resolve]
DNS=1.1.1.1
#FallbackDNS=
#Domains=
#LLMNR=no
#MulticastDNS=no
#DNSSEC=no
#DNSOverTLS=no
#Cache=no
DNSStubListener=no
#ReadEtcHosts=yes
  1. Create a symbolic link for /run/systemd/resolve/resolv.conf.
sudo ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf
  1. Restart systemd-resolved
sudo systemctl restart systemd-resolved

Setup

To deploy the infraestructure, just execute the installation script, passing the PiHole password as argument and the IP or domain where the VPN server will be located.

bash ./install.sh <PIHOLE_PASSWORD>

Once everything is set and running, change the IP of /run/systemd/resolve/resolv.conf by 127.0.0.1.

Finally, you only need to add your telegram API key and CHATID to the netdata container so you can be notified if something odd happens on your machine. To do so, follow this link.

Create Backups

PwnDoc

sudo tar -czf ~/Infra/BackUps/PwnDoc/mongo-data.tar.gz -C ~/Infra/PwnDoc/backend/mongo-data/ .

Gitea

docker exec -u git -d -w /backup infra-gitea-1 bash -c '/usr/local/bin/gitea dump --tempdir /backup/'

PiHole

docker exec -d -w /backup pihole bash -c "pihole -a -t pihole.tar.gz"

Restore backups

PwnDoc

  1. Stop the backend container
docker stop pwndoc-backend
  1. Restore the data Reference: https://pwndoc.github.io/pwndoc/#/installation?id=backup
sudo rm -rf ./PwnDoc/backend/mongo-data/*
sudo tar -xzf ~/Downloads/mongo-data.tar.gz -C ./PwnDoc/backend/mongo-data
  1. Restart the frontend container.
docker restart pwndoc-frontend

Gitea

  1. Stop the containers
  2. Copy the backup file, unzip it and move everything to its place. Reference: https://docs.gitea.com/administration/backup-and-restore#using-docker-rootless-restore
sudo cp ~/Downloads/gitea-dump.zip ./Gitea/backup/
sudo chown 1000:1000 ./Gitea/backup/gitea-dump.zip
docker exec -u git -it -w /backup infra-gitea-1 bash 
unzip gitea-dump.zip
mv app.ini /etc/gitea/app.ini; 
rm -rf  /var/lib/gitea/* && mv data/* /var/lib/gitea; 
cp -r ./repos/. /var/lib/gitea/git/repositories/
chown -R git:git /etc/gitea/app.ini /var/lib/gitea
  1. Restore the database
sudo cp ./Gitea/backup/gitea-db.sql ./Gitea/postgres/
docker exec -it infra-gitea-postgress-1 bash 
psql -U gitea -d gitea < /var/lib/postgresql/data/gitea-db.sql
  1. Restart the containers.
docker restart infra-gitea-1 infra-gitea-postgress-1

PiHole

  1. Access to https://raspi.lan/admin/settings.php?tab=teleporter
  2. Upload the backup file and press on restore.
  3. Access the container and update the list of ad-serving domains
docker exec -d pihole bash -c 'pihole -g'

About

A small infraestructure for a beginner pentesting team

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages