forked from kindlyops/examples
-
Notifications
You must be signed in to change notification settings - Fork 0
/
pentest.yaml
150 lines (120 loc) · 4.16 KB
/
pentest.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
---
AWSTemplateFormatVersion: 2010-09-09
Description: Deploy Kali Linux and allow SSM access.
# CLI Command: aws cloudformation create-stack --stack-name kali-pentest --template-body file://$(pwd)/pentest.yaml --parameters file://$(pwd)/pentest-params.json --capabilities CAPABILITY_NAMED_IAM --region us-west-2
# Get Instance ID: aws cloudformation describe-stacks --stack-name kali-pentest --region us-west-2 --output json | jq .'Stacks[].Outputs[].OutputValue'
Parameters:
ami:
Type: AWS::EC2::Image::Id
Description: The Kali Linux AMI to use. Remember to subscribe in the marketplace. (Default AMI from us-west-2)
Default: ami-0a6335995610caf00
subnet:
Type: String
Description: The subnet to deploy the instance in. (Private is preferred.)
group:
Type: String
Description: The iam group that will be allowed access to the instance.
password:
Type: String
Description: The password for VNC.
NoEcho: true
Resources:
kindlyInstanceRole4C88F8DF:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Statement:
- Action: 'sts:AssumeRole'
Effect: Allow
Principal:
Service: ec2.amazonaws.com
Version: 2012-10-17
ManagedPolicyArns:
- !Join
- ''
- - 'arn:'
- !Ref 'AWS::Partition'
- ':iam::aws:policy/AmazonSSMManagedInstanceCore'
kindlyInstanceProfile:
Type: 'AWS::IAM::InstanceProfile'
Properties:
Roles:
- !Ref kindlyInstanceRole4C88F8DF
kindlyInstance:
Type: 'AWS::EC2::Instance'
Properties:
BlockDeviceMappings:
- DeviceName: /dev/sda1
Ebs:
DeleteOnTermination: true
VolumeSize: 40
IamInstanceProfile: !Ref kindlyInstanceProfile
ImageId: !Ref ami
InstanceType: t2.xlarge
SubnetId: !Ref subnet
Tags:
- Key: Name
Value: kindlyops-internal-pentest
UserData: !Base64
'Fn::Sub': >-
#!/bin/bash
export DEBIAN_FRONTEND=noninteractive
apt update
# Install cfn tools
apt install -y python-pip
apt install -y python-setuptools
cd /tmp/ || return
wget https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz
pip install aws-cfn-bootstrap-latest.tar.gz
# Install kali goodies
apt install -y kali-linux-default
apt install -y offsec-pwk
apt install -y kali-desktop-xfce
apt install -y tightvncserver
# Install ssm
mkdir /tmp/ssm
cd /tmp/ssm || return
wget https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/debian_amd64/amazon-ssm-agent.deb
sudo dpkg -i amazon-ssm-agent.deb
sudo systemctl enable amazon-ssm-agent
sudo systemctl start amazon-ssm-agent
/usr/local/bin/cfn-signal -e $? --resource kindlyInstance \
--stack ${AWS::StackName} \
--region ${AWS::Region}
export HOME=/home/kali/
export USER=kali
# Configure vncserver
mkdir /home/kali/.vnc/
echo "${password}" | vncpasswd -f >/home/kali/.vnc/passwd
chmod 0600 /home/kali/.vnc/passwd
vncserver -geometry 1920x1080
CreationPolicy:
ResourceSignal:
Count: 1
Timeout: PT45M
kindlySSMPolicy:
Type: 'AWS::IAM::Policy'
Properties:
PolicyDocument:
Statement:
- Sid: ssmStart
Effect: Allow
Action:
- 'ssm:StartSession'
Resource:
- !Sub >-
arn:aws:ec2:${AWS::Region}:${AWS::AccountId}:instance/${kindlyInstance}
- !Sub >-
arn:aws:ssm:${AWS::Region}:*:document/AWS-StartPortForwardingSession
- Sid: ssmTerminate
Effect: Allow
Action:
- 'ssm:TerminateSession'
Resource: 'arn:aws:ssm:*:*:session/${aws:username}-*'
PolicyName: kindlySSMPolicy
Groups:
- !Ref group
Outputs:
InstanceID:
Description: "Instance ID"
Value: !Ref kindlyInstance