A Python CLI tool for building a red team infrastructure using Terraform, Ansible, and Docker. Once deployed, all resources can be integrated into a Nebula network for secure communications across nodes as well as with centralized logging that all goes through Logstash and into an Elastic Stack.
Most documentation can be found in the Wiki pages. If there is something missing or unclear, please create a GitHub issue.
Getting started is relatively easy. Follow the Getting Started instructions to begin using Terry.
If you are interested to find out how I landed on this solution, go follow my "DevAttackOps" series on my blog where I talk through each step of this solution in a blog format.
https://ezrabuckingham.com/tags/devattackops/
I would like to thank all the people who have helped with the architecture of this project and the development of each piece. Initially, this project came to life from a co-worker, WJDigby. He had a much cooler name for the project than Terry. And not to mention all the people in BloodHound Slack that I pestered for getting feedback on this solution. Thank you!
Ezra Buckingham @BuckinghamEzra
Jay "L1ghtn1ng" Townsend @jay_townsend1
Terry contains a few known issues. Below are some of the ones I have identified:
- No central management of wildcard certs (wildcard cert generation likely coming in the future)
- PTR records need to be determined before SMTP will work
- DigitalOcean will create PTR records from the name of the host, need to make sure name of host is the FQDN
- Adding a secrets management solution to Terry to allow for dynamic generation of secrets and automatic pushing of secrets to a secure place
- Timeout date on infra (auto-destroy)
- Scan Terraform code for vulnerabilities
- Potential override templates