Red Baron
Red Baron is a set of modules and custom/third-party providers for Terraform which tries to automate creating resilient, disposable, secure and agile infrastructure for Red Teams.
Third-party Providers
This repository comes with a few pre-compiled Terraform plugins (you can find them under the terraform.d
directory), some of these have been modified to better suit the tool:
- Linode Provider: https://github.com/LinodeContent/terraform-provider-linode
- GoDaddy Provider: https://github.com/n3integration/terraform-godaddy
Author and Acknowledgments
Author: Marcello Salvati (@byt3bl33d3r)
The initial inspiration for this came from @_RastaMouse's excellent 'Automated Red Team Infrastructure Deployment with Terraform' blog posts series:
And @bluscreenofjeff's amazing Red Team Infrastructure Wiki
Both of these resources were referenced heavily while building this.
Setup
Red Baron only supports Terraform version 0.11.0 or newer and will only work on Linux x64 systems.
#~ git clone https://github.com/byt3bl33d3r/Red-Baron && cd Red-Baron
#~ export AWS_ACCESS_KEY_ID="accesskey"
#~ export AWS_SECRET_ACCESS_KEY="secretkey"
#~ export AWS_DEFAULT_REGION="us-east-1"
#~ export LINODE_API_KEY="apikey"
#~ export DIGITALOCEAN_TOKEN="token"
#~ export GODADDY_API_KEY="gdkey"
#~ export GODADDY_API_SECRET="gdsecret"
#~ export ARM_SUBSCRIPTION_ID="azure_subscription_id"
#~ export ARM_CLIENT_ID="azure_app_id"
#~ export ARM_CLIENT_SECRET="azure_app_password"
#~ export ARM_TENANT_ID="azure_tenant_id"
# For Google Cloud Compute see https://www.terraform.io/docs/providers/google/index.html#configuration-reference
# and set the appropriate environment variable for your use case
# copy an infrastructure configuration file from the examples folder to the root directory and modify it to your needs
#~ cp examples/complete_c2.tf .
#~ terraform init
#~ terraform plan
#~ terraform apply
Tool & Module Documentation
For detailed documentation on the tool and each module please see Red Baron's wiki.
Most of the documentation assumes you are familiar with Terraform itself, Terraform's documentation can be found here.
Known Bugs/Limitations
-
SSH keys are deleted only when you explicitly run
terraform destroy
(hashicorp/terraform#13549) -
Variables in provider fields are not supported which removes the ability to spin up AWS instances in different regions (hashicorp/terraform#11578)
-
A resources
count
parameter cannot be a dynamic value which means we must pass it as a module variable instead of inferring it from the length of the list we give it as a argument (hashicorp/terraform#14677) -
LetsEncrypt cert creation using the TLS challenge currently doesn't work due to the third-party terraform ACME plugin implementation (https://github.com/paybyphone/terraform-provider-acme#using-http-and-tls-challenges). (I probably could get it to work with some extra tinkering) -
The GoDaddy modules replace all of the DNS entries instead of adding the specified record to the existing zone file due to the implementation of the third-party provider (https://github.com/n3integration/terraform-godaddy). (Not ideal and definitely need to work on this, but it will due for now)
License
This fork of the original Red Baron repository is licensed under the GNU General Public License v3.0.