A general purpose attack-defense range for zero-config deployment
- Drop each service into a folder in the
./services
directory. Each service must have adocker-compose.yml
file that defines the service, or adeploy.sh
which starts the service. (Services README). - Drop each checker script in the
./checkers
directory. Each checker directory must be named the same as the service it corresponds to. (Checkers README). - Run
cp sample.env .env
and modify the.env
as desired for all configuration options - Run
bash scripts/install.sh
to install all dependancies. - Run
bash scripts/up.sh
to start the range. - Distribute the printed team links to each team, which will allow them to download the VPN configs and credentials.
To temporarily stop the range, run bash scripts/down.sh
.
To delete all data associated with the range, run bash scripts/clear.sh
.
Warning
scripts/clear.sh
runs a docker image and volume prune. This can have unintended consequences if you have other docker containers on the host system. Use with caution.
Credentials for all services are printed to STDOUT during the range startup.
For local testing, you can get a shell inside the range environment with the command bash scripts/rangemaster.sh
.
By default, frontend is at http://10.101.0.6:80
inside of the range and http://<server>:80
from outside the range.
As long as the SERVER_URL
is properly set and port forwarding is enabled for UDP 51820, you can connect to the range from anywhere with the Wireguard client.
Wireguard configs are stored in the .docker/vpn
directory, or can be downloaded from the API at http://<server>:8000/vpn/<team_id>/wg<vpn_id>.conf
. (i.e. http://api/vpn/1/wg1.conf
)
Note
Team IDs, Service IDs, and VPN IDs are all 1-indexed. This is to avoid subnetting/IP confusion.
By default, API is at http://10.101.0.2:80
inside the range and http://<server>:8000
from outside the range.
- To get all targets,
GET /hosts
. - To get flag IDs,
GET /flagids
. - To submit a flag,
POST /steal
- To list scores,
GET /scores
- To list detailed scoring checks,
GET /checks
For full API documentation, visit http://10.101.0.2/docs
The range network is defined in docker-compose.yaml
:
- Range network:
10.100.0.0/15
- Infrastructure subnet:
10.101.0.0/16
- VPN Server:
10.101.0.1
(hostnamevpn
) - NAT Source for all traffic (players and checkers) - API:
10.101.0.2
(hostnameapi
) - Docker Registry:
10.101.0.3
(hostnameregistry
) - Rangemaster:
10.101.0.5
(hostnamerangemaster
) - For troubleshooting - Frontend:
10.101.0.6
(hostnamefrontend
)
- VPN Server:
- Team subnet:
10.100.<team_id>.0/24
- Service host:
10.100.<team_id>.<service_id>
(hostnameteam<team_id>-<service_name>
- i.e.team1-web
)
- Service host:
- Infrastructure subnet:
- Internal network:
10.102.0.0/16
- Ticker:
10.102.0.1
(hostnameticker
) - API:
10.102.0.2
(hostnameapi
) - DB:
10.102.0.3
(hostnamedb
) - Rangemaster:
10.102.0.5
(hostnamerangemaster
) - Frontend:
10.102.0.6
(hostnamefrontend
)
- Ticker:
- Checker network:
10.103.0.0/16
- VPN Server:
10.103.1.1
(hostnamevpn
) - Ticker:
10.103.1.2
(hostnameticker
) - Docker Registry:
10.103.1.3
(hostnameregistry
) - Rangemaster:
10.103.1.5
(hostnamerangemaster
) - Checker:
10.103.2.<service_id
(hostnamechecker-<service_name>
- i.e.checker-web
)
- VPN Server:
-
SECCONF (argv) ~40 services: https://github.com/HITB-CyberWeek
-
ICC (checklib) ~15 services: https://github.com/CybersecNatLab
-
HACKERDOM (custom/checklib) ~40 services: https://github.com/HackerDom
-
C4T-BUT-S4D (checklib) ~30 services: https://github.com/C4T-BuT-S4D
-
FAUST (faust) ~50 services: https://github.com/fausecteam
-
More: (checklib dependants): https://github.com/pomo-mondreganto/checklib/network/dependents
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.