From 00dec164e76b6313094f92d556c97b3d7c802e24 Mon Sep 17 00:00:00 2001 From: nasbench <8741929+nasbench@users.noreply.github.com> Date: Mon, 2 Mar 2026 14:11:57 +0100 Subject: [PATCH] update wireguard section --- README.md | 28 ++++++++++++++++++++-------- docs/source/getting-started.md | 20 +++++++++++--------- 2 files changed, 31 insertions(+), 17 deletions(-) diff --git a/README.md b/README.md index 419e4f15..169aeb58 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,5 @@ # Splunk Attack Range v5 + ![Attack Range Logo](docs/attack_range.png) The Splunk Attack Range builds instrumented cloud environments (AWS, Azure, GCP), simulates attacks, and forwards data into Splunk for detection development and testing. @@ -28,8 +29,9 @@ The Splunk Attack Range builds instrumented cloud environments (AWS, Azure, GCP) 2. **Clone and start:** ```bash - git clone - cd attack_range_2 + git clone https://github.com/splunk/attack_range + cd attack_range + docker compose -f docker/docker-compose.yml build --no-cache docker compose -f docker/docker-compose.yml up ``` @@ -56,18 +58,24 @@ The Splunk Attack Range builds instrumented cloud environments (AWS, Azure, GCP) ## Ways to run | Method | Use case | -|-------|----------| +|--------|----------| | **Docker Compose** (recommended) | Run API + web app + optional CLI with one `docker compose`; no local Python/Ansible/Terraform. | | **Web app** | Build, destroy, simulate, and share via the UI at port 4321. | | **REST API** | Automate from scripts or CI; full OpenAPI docs at `/openapi/swagger`. | -| **CLI** | `attack_range.py build | destroy | simulate | share` for terminal-based workflows. | +| **CLI** | `attack_range.py build \| destroy \| simulate \| share` for terminal-based workflows. | --- ## Documentation - **Full docs (Read the Docs):** [https://attack-range.readthedocs.io/](https://attack-range.readthedocs.io/en/latest/) -- Chapters: **Getting Started**, **Configuration**, **Networking**, **Sharing**, **Templates**, **Ansible Roles** +- Chapters: + - [Getting Started](https://attack-range.readthedocs.io/en/latest/getting-started.html) + - [Configuration](https://attack-range.readthedocs.io/en/latest/configuration.html) + - [Networking](https://attack-range.readthedocs.io/en/latest/networking.html) + - [Sharing](https://attack-range.readthedocs.io/en/latest/sharing.html) + - [Templates](https://attack-range.readthedocs.io/en/latest/templates.html) + - [Ansible Roles](https://attack-range.readthedocs.io/en/latest/ansible-roles.html) --- @@ -79,7 +87,8 @@ The Splunk Attack Range builds instrumented cloud environments (AWS, Azure, GCP) --- -## Support +## Support + Please use the [GitHub issue tracker](https://github.com/splunk/attack_range/issues) to submit bugs or request features. If you have questions or need support, you can: @@ -90,16 +99,19 @@ If you have questions or need support, you can: --- -## Contributing +## Contributing + We welcome feedback and contributions from the community! Please see our [contribution guidelines](docs/CONTRIBUTING.md) for more information on how to get involved. --- -## Author +## Author(s) + * [Jose Hernandez](https://twitter.com/_josehelps) * [Patrick Bareiß](https://twitter.com/bareiss_patrick) ## Contributors + * [Bhavin Patel](https://twitter.com/hackpsy) * [Rod Soto](https://twitter.com/rodsoto) * Russ Nolen diff --git a/docs/source/getting-started.md b/docs/source/getting-started.md index 522a8522..2a50f6d6 100644 --- a/docs/source/getting-started.md +++ b/docs/source/getting-started.md @@ -18,14 +18,16 @@ Docker Compose runs the API, web app, and (optionally) the CLI without installin 1. **Start the stack:** ```bash - cd attack_range_2 - docker compose -f docker/docker-compose.yml up + git clone https://github.com/splunk/attack_range.git + cd attack_range + docker compose -f docker/docker-compose.yml build --no-cache + docker compose -f docker/docker-compose.yml up ``` This starts: - - **API** on port **4000** - - **Web app** on port **4321** + - The **API** on port **4000** + - The **Web app** on port **4321** 2. **Open the web app:** [http://localhost:4321](http://localhost:4321) @@ -33,8 +35,8 @@ Docker Compose runs the API, web app, and (optionally) the CLI without installin - Choose a template (e.g. **aws/splunk_minimal_aws**). - Click build. The backend runs **Phase 1** (VPN infrastructure). - - When status is **Waiting for VPN**, download the WireGuard client config. - - Connect to the VPN using WireGuard (Desktop or mobile). + - When status changes to **Waiting for VPN**, download/copy the WireGuard client config. + - Connect to the VPN using WireGuard (Desktop or mobile). If you are using WSL2 make sure to install WireGuard on the host machine not the WSL instance. - Click **Continue build** to run **Phase 2** (lab: Splunk, Windows, etc.). 4. **Optional — CLI in Docker:** @@ -107,9 +109,9 @@ Config can be a path or an attack range ID (e.g. `uuid.yml` in `config/`). If om Attack Range uses a two-phase build so the lab is only reachable over VPN: -1. **Phase 1 (VPN):** Terraform creates the network and a router; Ansible configures WireGuard on the router and generates a client config. Status becomes **wait_for_vpn**. -2. **You:** Download the WireGuard config, connect with the WireGuard client. -3. **Phase 2 (Lab):** You trigger the continuation (in the app or with a second API call or by answering the CLI prompt). Ansible provisions Splunk, Windows, Kali, etc. over the VPN. Status becomes **running**. +1. **Phase 1 (VPN):** Terraform creates the network and a router; Ansible configures WireGuard on the router and generates a client config. Status becomes `wait_for_vpn`. +2. **You:** Download or copy the WireGuard config, connect with the WireGuard client. +3. **Phase 2 (Lab):** You trigger the continuation (in the app or with a second API call or by answering the CLI prompt). Ansible provisions Splunk, Windows, Kali, etc. over the VPN. Status becomes `running`. This keeps lab IPs (e.g. 10.0.2.x) off the public internet.