terry the terraformer

A CLI for deploying red team infrastructure across mutliple cloud providers, all integrated with a virtual Nebula network, and full ELK integration

112
14
Python

Terry the Terraformer

A Python CLI tool for building a red team infrastructure using Terraform, Ansible, and Docker. Once deployed, all resources can be integrated into a Nebula network for secure communications across nodes as well as with centralized logging that all goes through Logstash and into an Elastic Stack.

Documentation

Most documentation can be found in the Wiki pages. If there is something missing or unclear, please create a GitHub issue.

Getting Started

Getting started is relatively easy. Follow the Getting Started instructions to begin using Terry.

Why this solution?

If you are interested to find out how I landed on this solution, go follow my “DevAttackOps” series on my blog where I talk through each step of this solution in a blog format.

https://ezrabuckingham.com/tags/devattackops/

Contributors / Acknowledgement

I would like to thank all the people who have helped with the architecture of this project and the development of each piece. Initially, this project came to life from a co-worker, WJDigby. He had a much cooler name for the project than Terry. And not to mention all the people in BloodHound Slack that I pestered for getting feedback on this solution. Thank you!

Twitter Follow Ezra Buckingham @BuckinghamEzra

Twitter Follow Lee Baird @discoverscripts

Honorable Mentions

Twitter Follow Jay “L1ghtn1ng” Townsend @jay_townsend1

Known Issues

Terry contains a few known issues. Below are some of the ones I have identified:

  • No central management of wildcard certs (wildcard cert generation likely coming in the future)
  • PTR records need to be determined before SMTP will work
    • DigitalOcean will create PTR records from the name of the host, need to make sure name of host is the FQDN

What’s Next?

  • Adding a secrets management solution to Terry to allow for dynamic generation of secrets and automatic pushing of secrets to a secure place
  • Timeout date on infra (auto-destroy)
  • Scan Terraform code for vulnerabilities
  • Potential override templates