Skip to content

af001/ansible-bounty

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
group_vars
group_vars
 
 
playbooks
playbooks
 
 
roles
roles
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
ansible.cfg
ansible.cfg
 
 
build-master.yml
build-master.yml
 
 

Repository files navigation

Ansible Bounty

A set of ansible playbooks to setup a bug bounty Linux environment and personal Interactsh server on a Linode VPS.

Ansible Version Supported OS Wireguard VPS Bounty

A set of Ansible playbooks to build a fresh bug bounty tools build on Debian 11. The playbooks also include options to build a personal interactsh-server for OOB testing and a wireguard server for remote to on-prem access.

Requirements

Domains are required for some builds to secure web applications and for interactsh-server functionality.

  • 1 x Debian VPS for attack machine build
  • 1 x Debian VPS for interactsh-server build w/domain
  • 1 x Debian VPS for interactsh-web build w/domain
  • 1 x Debian VPS for wireguard build w/domain
  • Linode API Token

For interactsh-server, you mush be able to modify your DNS zone file to add additional TXT and A records. SSL certs are obtained using certbot.

Installation

The master playbook will initialize Linode instances and run tasks based on the number and type of infrastructure you need. The common role is installed on each host and creates a baseline environment. Once complete, the additional roles are used to setup the specific tools and web applications. Ansible should be installed on your local machine. This can be done using apt or brew depending on your host OS.

Linux:

apt update && apt -y install ansible

OSX:

brew install ansible

Fetch this project:

git clone https://github.com/af001/ansible-bounty.git
cd ansible-bounty

Generate a vault-pass file that contains the key used to encrypt files and variables. Replace the values between <> with your password.

echo "<my-super-secret-password>" > .vault_pass
chmod 600 .vault-pass

Using the vault-pass file to encrypt your SSH public key, Linode API token, and SSH password. Replace the values between <> with your values.

# Add new line at end of main.yml
echo "" >> roles/linode/vars/main.yml

# Linode API Token
ansible-vault encrypt_string '<replace-with-your-Linode-API-token' --name 'api_token' --vault-password-file=.vault_pass | tee -a roles/linode/vars/main.yml

# Add new line at end of main.yml
echo "" >> roles/linode/vars/main.yml

# Root SSH Password
ansible-vault encrypt_string '<replace-with-your-ssh-password>' --name 'password' --vault-password-file=.vault_pass | tee -a roles/linode/vars/main.yml

# Add new line at end of main.yml
echo "" >> roles/linode/vars/main.yml

# SSH Public Key
ansible-vault encrypt_string '<replace-with-your-ssh-public_key>' --name 'pubkey' --vault-password-file=.vault_pass | tee -a roles/linode/vars/main.yml

Modify the number and type of Linodes you want to deploy.

vim roles/linode/vars/main.yml

Any instance with a value of 0 will skip that type of node from being deployed. The following example would deploy only 1 Linode with wireguard.

vim roles/linode/vars/main.yml

--- snippet ---

attack:
  instances: 0
  region: us-central
  type: g6-nanode-1
  label: "attack"
  tag: attack

iserver:
  instances: 0
  region: us-central
  type: g6-nanode-1
  label: "interactsh-server"
  tag: iserver

iweb:
  instances: 0
  region: us-central
  type: g6-standard-1
  label: "interactsh-web"
  tag: iweb

wireguard:
  instances: 1
  region: us-central
  type: g6-nanode-1
  label: "wireguard"
  tag: wireguard

Modify the location group_vars/all.yml to update the location of your private key on your host. This should be the matching private key to the public key that was referenced earlier.

vim group_vars/all.yml

--- snippet ---

ansible_ssh_private_key_file: <path-to-your-privkey>

For interactsh-server, interactsh-web, and wireguard, modify vars.yml to include your domains:

vim global_vars/all.yml

Run the master playbook:

ansible-playbook --vault-password-file=.vault_pass build-master.yml -K

Once complete, you can SSH to the hosts. The build will generate a random-high SSH port that will be displayed in the ansible output. Each build sets a default set of Iptable rules to help protect the server when it is not used. When running the interactsh builds, there is a start.sh file in the root of each host. This file will start the container and modify the rules appropriately. By default, the first time you login your IP address will be set as the only allowable SSH host to further harden the VPS.

Individual Playbooks

Individual playbooks for each role can also be found in the ./playboks/ directory. To run these, move the inventory.ini and <playbook>.yml file to the root directory.

# Example: Linode is already built, just run the attack playbook to setup the VPS
mv playbooks/build_attack.yml .
mv playbooks/inventory.ini .

# Update the inventory
vim inventory.ini

# Run the playbook
ansible-playbook build-attack.yml -i inventory_dev.ini

DNS Settings

The interactsh-server will need a wildcard A record so the random generated URLs resolve to your server.

*.example.com

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages