红队基础设施搭建-RedCloud

##0x01 引子

在红队行动中，为了匿名和便携性，经常会重复性的建设基础设施，如C2、钓鱼、代理平台等等，这样会浪费大量的精力和时间，如何去快速部署迁移这些基础设施呢？最近看到一个挺不错的项目，非常适合红队快速部署设施。

0x02 简介

RedCloud是一款强大的工具箱，使用Docker快速部署红队设施，能够在几分钟内快速部署如Kali、Metasploit、Gofish等基础设施，并且通过Web界面管理容器。

RedCloud-Github传送门

RedCloud文件架构：

• RedCloud.py:使用Docker和Portainer启动/停止Web界面和应用模板
• Portainer:Portainer Web界面
• traefik:Traefik反向代理容器到Web界面，api和文件容器
• templates :http.server提供基础设施的python3 容器
• cert_gen：生成SSL证书的omgwtfssl容器。

相关URL：

• https:/your-server-ip / portainer : RedCloud web界面
• https:// your-server-ip / files:Redcloud redcloud_files文件卷。默认密码：admin/Redcloud
• https// your-server-ip / api：Traefik反向代理运行状况监视页面。显示有关路由，后端，返回码的实时统计信息。

0x03 环境信息

Centos 7

1核1G（穷🐶买不起服务器）

此配置仅为测试，实战还是需要较高配置来搭建RedCloud。

0x04安装部署

1. 下载拉取RedCloud存储库

git clone https://github.com/khast3x/Redcloud.git

2. 启动 redcloud.py

相关选项如下：

• 在本地机器部署RedCloud
• 通过SSH远程部署RedCloud
• 远程部署Docker RedCloud
• 停止本地应用或者docker机器
• 停止远程部署
• 列出所有可用的模板

---

所有模板

[>] Metasploit - Nightly : Official bare Metasploit Alpine build. Includes beta features from dev branch.

[>] Metasploit - Stable + Postgresql : Debian Metasploit build with Postgres and additional helper scripts

[>] Empire : Pure Python & PowerShell post-exploitation

[>] Sn1per : Automated pentest framework for offensive security experts

[>] Metasploithelper : MetasploitHelper is meant to assist penetration testers in network penetration tests. Comes with everything installed

[>] Pentest-tools : Ubuntu build with: searchsploit, sqlmap, nmap, nikto, dnsutils, sn1per, knock, sqliv, pasko, uniscan, wpscan, ncrack, wfuzz, sublist3r, massdns

[>] Kali - Bare : Official Kali container. Install desired metapackages

[>] Kali - Full : Non-Official Kali container with kali-linux-full metapackage installed, built every night

[>] Tor Socks Proxy : The smallest (15 MB) docker image with Tor and Privoxy on Alpine Linux

[>] Multi Tor Socks Proxy : A multi TOR (x10) + privoxy socks proxy instances load-balancer 

[>] GoPhish : Open-Source Phishing Toolkit

[>] gscript : Framework to rapidly implement custom droppers for all three major operating systems

[>] Spiderfoot : SpiderFoot automates OSINT to find out everything possible about your target.

[>] ZAP Proxy WebSwing : Official in-browser version of ZAP.

[>] Ubuntu Web VNC : Docker container images with VNC and http NoVNC

[>] Kali Web noVNC + LXDE : Kali Docker container with minimal LXDE

[>] Lockdoor Framework : Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

[>] DVWA : Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable

[>] JuiceShop : OWASP Juice Shop is an intentionally insecure web application written entirely in JavaScript which encompasses the entire range of OWASP Top Ten and other severe security flaws.

[>] Vulnerable Wordpress : Vulnerable WordPress Installation

[>] Vulnerable Shellshock : Vulnerable Shellshock Installation - CVE-2014-6271

[>] Vulnerable SambaCry : Vulnerable Samba Installation - CVE-2017-7494

[>] OWASP Mutillidae II : Docker container for OWASP Mutillidae II Web Pen-Test Practice Application

[>] Network Utilities : A lightweight docker container with a set of networking tools<br>Use /bin/sh

[>] SoftEtherVPN : A simple SoftEther VPN server

[>] Cowrie Honeypot : SSH Honeypot that logs authentication attempts and interactions

[>] Endlessh tarpit : SSH tarpit that slowly sends an endless banner

[>] Beagle : Incident response and digital forensics tool which transforms data sources and logs into graphs. Supported data sources include FireEye HX Triages, Windows EVTX files, SysMon logs and Raw Windows memory images.

[>] Nginx : High performance web server

[>] Httpd : Open-source HTTP server

[>] Caddy : HTTP/2 web server with automatic HTTPS

[>] MySQL : The most popular open-source database

[>] PostgreSQL : The most advanced open-source database

[>] Elasticsearch : Open-source search and analytics engine

[>] Gitlab CE : Open-source end-to-end software development platform

[>] Minio : A distributed object storage server built for cloud applications and devops

[>] Solr : Open-source enterprise search platform

[>] Joomla : Another free and open-source CMS

[>] Drupal : Open-source content management framework

[>] Odoo : Open-source business apps

[>] Urbackup : Open-source network backup

[>] Portainer Agent : Manage all the resources in your Swarm cluster

[>] Wordpress : Wordpress setup with a MySQL database

0x05 安装成功

后续只需要选择自己所需要的红队设施部署就行，启动对应的容器即可。后续还有新功能请自行摸索……鸽了咕咕咕咕