-
make sure you have vagrant and virtualbox installed: https://github.com/SamuraiWTF/samuraiwtf#initial-install
-
make sure you have this repo cloned
-
If you have a specific folder that you have client data in, then change the line that says:
config.vm.synced_folder
to specify the full path to that folder in the first set of quotes. For Windows hosts, remember to double escape the\
in your pathsconfig.vm.synced_folder "E:\\client_name\\someDir", "/client_code"
- (use this for more info: https://www.vagrantup.com/docs/synced-folders/basic_usage.html)
-
Inside this directory type the command
vagrant up
-
you will (most likely) get a pop up that asks for virtualbox to create an adapter, you have to select yes for this to work. (It is creating a host only adapter so you can access applications directly on the vm instead of port forwarding all the necssary ports.)
-
specify which tool(s)/client(s) you want to use with
vagrant provision --provision-with <tool_name|client_name>
, and you can specify multiple provisioniners (i.e.vagrant provision --provision-with <client_name>,<tool_name>,<other_tool_name>
). (More info here: https://www.vagrantup.com/docs/cli/provision.html#provision-with-x-y-z) -
After you run the provisions you want, then you can do
vagrant ssh
to access everything. All the ip addresses you will probably access are 192.168.33.xx (probably .10). Then the port number for the service
NOTE: If you want to run multiple commands for multiple tools that grab your console (i.e. multiple web servers that tail logs), you should consider a terminal multiplexing client. Examples are tmux or screen.
vagrant provision --provision-with sonarqube
# all these are wrappers for docker commands
si-sonarqube_create # this creates and starts the container
si-sonarqube_mon # this monitors the container's logs
si-sonarqube_start # this starts a previously stopped container
si-sonarqube_stop # this stops the container
si-sonarqube_rm # this removes the container
- You can access this tool on port 9000.
vagrant provision --provision-with bandit
si-bandit_stop # this deactivates the vitualenv
si-bandit2_start # this activates the python2 version of bandit
si-bandit3_start # this activates the python3 version of bandit
- this is a cli tool
vagrant provision --provision-with mobsf
si-mobsf_start # this starts mobsf
Ctrl+c # this stops mobsf (i.e. kill process)
- You can access this tool on port 8000.
vagrant provision --provision-with shellcheck
si-shellcheck # this uses shellcheck
shellcheck # this is the real command and can also be used
- This is a cli tool.