diff --git a/examples/basic_dns_c2_azure.tf b/examples/basic_dns_c2_azure.tf index 26836fd..df4efb8 100644 --- a/examples/basic_dns_c2_azure.tf +++ b/examples/basic_dns_c2_azure.tf @@ -8,23 +8,23 @@ module "resource_group" { module "storage_account" { source = "./modules/azure/create-storage-account" - resource_group_names = "${module.resource_group.resource_group_names}" - locations = "${module.resource_group.locations}" + resource_group_names = module.resource_group.resource_group_names + locations = module.resource_group.locations } module "dns_c2" { source = "./modules/azure/dns-c2" - resource_group_names = "${module.resource_group.resource_group_names}" - locations = "${module.resource_group.locations}" - primary_blob_endpoints = "${module.storage_account.primary_blob_endpoints}" - storage_container_names = "${module.storage_account.storage_container_names}" + resource_group_names = module.resource_group.resource_group_names + locations = module.resource_group.locations + primary_blob_endpoints = module.storage_account.primary_blob_endpoints + storage_container_names = module.storage_account.storage_container_names } module "dns_rdir" { source = "./modules/azure/dns-rdir" - redirect_to = "${module.dns_c2.ips}" - resource_group_names = "${module.resource_group.resource_group_names}" - locations = "${module.resource_group.locations}" - primary_blob_endpoints = "${module.storage_account.primary_blob_endpoints}" - storage_container_names = "${module.storage_account.storage_container_names}" + redirect_to = module.dns_c2.ips + resource_group_names = module.resource_group.resource_group_names + locations = module.resource_group.locations + primary_blob_endpoints = module.storage_account.primary_blob_endpoints + storage_container_names = module.storage_account.storage_container_names } diff --git a/examples/basic_dns_c2_digitalocean.tf b/examples/basic_dns_c2_digitalocean.tf index f9240a9..1fdcdb4 100644 --- a/examples/basic_dns_c2_digitalocean.tf +++ b/examples/basic_dns_c2_digitalocean.tf @@ -9,16 +9,16 @@ module "dns_c2" { //count = 2 // Wanna install empire? - //install = ["./scripts/empire.sh"] + //install = ["./data/scripts/empire.sh"] // Wanna install metasploit? - //install = ["./scripts/metasploit.sh"] + //install = ["./data/scripts/metasploit.sh"] // Wanna install CS? - //install = ["./scripts/cobaltstrike.sh"] + //install = ["./data/scripts/cobaltstrike.sh"] // I WANT EVERYTHING - //install = ["./scripts/empire.sh", "./scripts/metasploit.sh", "./scripts/cobaltstrike.sh"] + //install = ["./data/scripts/empire.sh", "./scripts/metasploit.sh", "./scripts/cobaltstrike.sh"] } module "dns_rdir" { @@ -27,16 +27,16 @@ module "dns_rdir" { // 1 redirector ha. ha. ha... 2 redirectors ha. ha. ha... 3 redirectors ha. ha. ha.. //count = 4 - redirect_to = "${module.dns_c2.ips}" + redirect_to = module.dns_c2.ips //regions = ["NYC1", "SGP1"] } // print the c2 and redirector ips to the screen all perty like when everything's done output "dns-c2-ips" { - value = "${module.dns_c2.ips}" + value = module.dns_c2.ips } output "dns-rdir-ips" { - value = "${module.dns_rdir.ips}" + value = module.dns_rdir.ips } \ No newline at end of file diff --git a/examples/basic_http_c2_aws.tf b/examples/basic_http_c2_aws.tf index 904db7c..fdf19ed 100644 --- a/examples/basic_http_c2_aws.tf +++ b/examples/basic_http_c2_aws.tf @@ -15,23 +15,23 @@ module "create_vpc" { module "http_c2" { source = "./modules/aws/http-c2" - vpc_id = "${module.create_vpc.vpc_id}" - subnet_id = "${module.create_vpc.subnet_id}" + vpc_id = module.create_vpc.vpc_id + subnet_id = module.create_vpc.subnet_id // 1 http C2 ha. ha. ha... 2 http C2s ha. ha. ha... 3 http C2s ha. ha. ha... //count = 2 // Wanna install empire? - //install = ["./scripts/empire.sh"] + //install = ["./data/scripts/empire.sh"] // Wanna install metasploit? - //install = ["./scripts/metasploit.sh"] + //install = ["./data/scripts/metasploit.sh"] // Wanna install CS? - //install = ["./scripts/cobaltstrike.sh"] + //install = ["./data/scripts/cobaltstrike.sh"] // I WANT EVERYTHING - //install = ["./scripts/empire.sh", "./scripts/metasploit.sh", "./scripts/cobaltstrike.sh"] + //install = ["./data/scripts/empire.sh", "./scripts/metasploit.sh", "./scripts/cobaltstrike.sh"] } @@ -39,10 +39,10 @@ module "http_rdir" { source = "./modules/aws/http-rdir" //count = 4 - vpc_id = "${module.create_vpc.vpc_id}" - subnet_id = "${module.create_vpc.subnet_id}" + vpc_id = module.create_vpc.vpc_id + subnet_id = module.create_vpc.subnet_id - redirect_to = "${module.http_c2.ips}" + redirect_to = module.http_c2.ips //regions = ["TX", "SG"] } diff --git a/examples/basic_http_c2_azure.tf b/examples/basic_http_c2_azure.tf index afa254f..17e627d 100644 --- a/examples/basic_http_c2_azure.tf +++ b/examples/basic_http_c2_azure.tf @@ -9,40 +9,40 @@ module "resource_group" { module "storage_account" { source = "./modules/azure/create-storage-account" - resource_group_names = "${module.resource_group.resource_group_names}" - locations = "${module.resource_group.locations}" + resource_group_names = module.resource_group.resource_group_names + locations = module.resource_group.locations count = 2 } module "http_c2" { source = "./modules/azure/http-c2" - resource_group_names = "${module.resource_group.resource_group_names}" - locations = "${module.resource_group.locations}" - primary_blob_endpoints = "${module.storage_account.primary_blob_endpoints}" - storage_container_names = "${module.storage_account.storage_container_names}" + resource_group_names = module.resource_group.resource_group_names + locations = module.resource_group.locations + primary_blob_endpoints = module.storage_account.primary_blob_endpoints + storage_container_names = module.storage_account.storage_container_names // 1 http C2 ha. ha. ha... 2 http C2s ha. ha. ha... 3 http C2s ha. ha. ha... //count = 2 // Wanna install empire? - //install = ["./scripts/empire.sh"] + //install = ["./data/scripts/empire.sh"] // Wanna install metasploit? - //install = ["./scripts/metasploit.sh"] + //install = ["./data/scripts/metasploit.sh"] // Wanna install CS? - //install = ["./scripts/cobaltstrike.sh"] + //install = ["./data/scripts/cobaltstrike.sh"] // I WANT EVERYTHING - //install = ["./scripts/empire.sh", "./scripts/metasploit.sh", "./scripts/cobaltstrike.sh"] + //install = ["./data/scripts/empire.sh", "./scripts/metasploit.sh", "./scripts/cobaltstrike.sh"] } module "http_rdir" { source = "./modules/azure/http-rdir" - redirect_to = "${module.http_c2.ips}" - resource_group_names = "${module.resource_group.resource_group_names}" - locations = "${module.resource_group.locations}" - primary_blob_endpoints = "${module.storage_account.primary_blob_endpoints}" - storage_container_names = "${module.storage_account.storage_container_names}" + redirect_to = module.http_c2.ips + resource_group_names = module.resource_group.resource_group_names + locations = module.resource_group.locations + primary_blob_endpoints = module.storage_account.primary_blob_endpoints + storage_container_names = module.storage_account.storage_container_names count = 2 } diff --git a/examples/basic_http_c2_digitalocean.tf b/examples/basic_http_c2_digitalocean.tf index fee0daf..a24c681 100644 --- a/examples/basic_http_c2_digitalocean.tf +++ b/examples/basic_http_c2_digitalocean.tf @@ -9,16 +9,16 @@ module "http_c2" { //count = 2 // Wanna install empire? - //install = ["./scripts/empire.sh"] + //install = ["./data/scripts/empire.sh"] // Wanna install metasploit? - //install = ["./scripts/metasploit.sh"] + //install = ["./data/scripts/metasploit.sh"] // Wanna install CS? - //install = ["./scripts/cobaltstrike.sh"] + //install = ["./data/scripts/cobaltstrike.sh"] // I WANT EVERYTHING - //install = ["./scripts/empire.sh", "./scripts/metasploit.sh", "./scripts/cobaltstrike.sh"] + //install = ["./data/scripts/empire.sh", "./scripts/metasploit.sh", "./scripts/cobaltstrike.sh"] } module "http_rdir" { @@ -27,16 +27,16 @@ module "http_rdir" { // 1 redirector ha. ha. ha... 2 redirectors ha. ha. ha... 3 redirectors ha. ha. ha.. //count = 4 - redirect_to = "${module.http_c2.ips}" + redirect_to = module.http_c2.ips //regions = ["NYC1", "SGP1"] } // print the c2 and redirector ips to the screen all perty like when everything's done output "http-c2-ips" { - value = "${module.http_c2.ips}" + value = module.http_c2.ips } output "http-rdir-ips" { - value = "${module.http_rdir.ips}" + value = module.http_rdir.ips } \ No newline at end of file diff --git a/examples/basic_http_c2_google.tf b/examples/basic_http_c2_google.tf index 6ad9cdb..7ab0b99 100644 --- a/examples/basic_http_c2_google.tf +++ b/examples/basic_http_c2_google.tf @@ -10,6 +10,6 @@ module "http_c2" { module "http_rdir" { source = "./modules/google/http-rdir" count = 2 - redirect_to = "${module.http_c2.ips}" + redirect_to = module.http_c2.ips zones = ["Canada-1", "Brazil-2"] } diff --git a/examples/basic_http_c2_linode.tf b/examples/basic_http_c2_linode.tf index f6d5af3..299e739 100644 --- a/examples/basic_http_c2_linode.tf +++ b/examples/basic_http_c2_linode.tf @@ -11,16 +11,16 @@ module "http_c2" { //count = 2 // Wanna install empire? - //install = ["./scripts/empire.sh"] + //install = ["./data/scripts/empire.sh"] // Wanna install metasploit? - //install = ["./scripts/metasploit.sh"] + //install = ["./data/scripts/metasploit.sh"] // Wanna install CS? - //install = ["./scripts/cobaltstrike.sh"] + //install = ["./data/scripts/cobaltstrike.sh"] // I WANT EVERYTHING - //install = ["./scripts/empire.sh", "./scripts/metasploit.sh", "./scripts/cobaltstrike.sh"] + //install = ["./data/scripts/empire.sh", "./scripts/metasploit.sh", "./scripts/cobaltstrike.sh"] } module "http_rdir" { @@ -28,7 +28,7 @@ module "http_rdir" { // 1 redirector ha. ha. ha... 2 redirectors ha. ha. ha... 3 redirectors ha. ha. ha.. //count = 4 - redirect_to = "${module.http_c2.ips}" + redirect_to = module.http_c2.ips //regions = ["TX", "SG"] } diff --git a/examples/basic_phishing_aws.tf b/examples/basic_phishing_aws.tf index 9ca2906..1db98af 100644 --- a/examples/basic_phishing_aws.tf +++ b/examples/basic_phishing_aws.tf @@ -17,8 +17,8 @@ module "phishing_server" { // 1 phishing server ha. ha. ha... 2 phishing servers ha. ha. ha... 3 phishing servers ha. ha. ha... //count = 2 - vpc_id = "${module.create_vpc.vpc_id}" - subnet_id = "${module.create_vpc.subnet_id}" + vpc_id = module.create_vpc.vpc_id + subnet_id = module.create_vpc.subnet_id } @@ -27,9 +27,9 @@ module "http_rdir" { // 1 redirector ha. ha. ha... 2 redirectors ha. ha. ha... 3 redirectors ha. ha. ha... //count = 4 - vpc_id = "${module.create_vpc.vpc_id}" - subnet_id = "${module.create_vpc.subnet_id}" + vpc_id = module.create_vpc.vpc_id + subnet_id = module.create_vpc.subnet_id - redirect_to = "${module.phishing_server.ips}" + redirect_to = module.phishing_server.ips } diff --git a/examples/basic_phishing_digitalocean.tf b/examples/basic_phishing_digitalocean.tf index 30cf781..681312b 100644 --- a/examples/basic_phishing_digitalocean.tf +++ b/examples/basic_phishing_digitalocean.tf @@ -9,5 +9,5 @@ module "phishing_server" { module "http_rdir" { source = "./modules/digitalocean/http-rdir" - redirect_to = "${module.phishing_server.ips}" + redirect_to = module.phishing_server.ips } diff --git a/examples/basic_phishing_google.tf b/examples/basic_phishing_google.tf index f8483e5..fa20fb5 100644 --- a/examples/basic_phishing_google.tf +++ b/examples/basic_phishing_google.tf @@ -13,7 +13,7 @@ module "phishing_server" { module "http_rdir" { source = "./modules/linode/http-rdir" count = 4 - redirect_to = "${module.phishing_server.ips}" + redirect_to = module.phishing_server.ips regions = ["Oregon-1", "Singapore-1", "Australia-2", "Japan-1"] } diff --git a/examples/basic_phishing_linode.tf b/examples/basic_phishing_linode.tf index fa1e65e..fc49a6c 100644 --- a/examples/basic_phishing_linode.tf +++ b/examples/basic_phishing_linode.tf @@ -17,7 +17,7 @@ module "http_rdir" { // 1 redirector ha. ha. ha... 2 redirectors ha. ha. ha... 3 redirectors ha. ha. ha... //count = 4 - redirect_to = "${module.phishing_server.ips}" + redirect_to = module.phishing_server.ips // 1337 APT's all come from Texas and Singapore //regions = ["TX", "SG"] diff --git a/examples/complete_c2.tf b/examples/complete_c2.tf index 5f880b5..6026513 100644 --- a/examples/complete_c2.tf +++ b/examples/complete_c2.tf @@ -59,31 +59,31 @@ module "create_vpc" { module "http_c2" { source = "./modules/aws/http-c2" - vpc_id = "${module.create_vpc.vpc_id}" - subnet_id = "${module.create_vpc.subnet_id}" + vpc_id = module.create_vpc.vpc_id + subnet_id = module.create_vpc.subnet_id - //install = ["./scripts/empire.sh"] + //install = ["./data/scripts/empire.sh"] } module "dns_c2" { source = "./modules/aws/dns-c2" - vpc_id = "${module.create_vpc.vpc_id}" - subnet_id = "${module.create_vpc.subnet_id}" + vpc_id = module.create_vpc.vpc_id + subnet_id = module.create_vpc.subnet_id } module "http_rdir" { source = "./modules/linode/http-rdir" count = 2 - redirect_to = "${module.http_c2.ips}" + redirect_to = module.http_c2.ips regions = ["UK", "SG"] } module "dns_rdir" { source = "./modules/linode/dns-rdir" - redirect_to = "${module.dns_c2.ips}" + redirect_to = module.dns_c2.ips } module "http_rdir1_records" { @@ -91,7 +91,7 @@ module "http_rdir1_records" { domain = "theredbaroness.com" type = "A" records = { - "theredbaroness.com" = "${module.http_rdir.ips[0]}" + "theredbaroness.com" = module.http_rdir.ips[0] } } @@ -100,7 +100,7 @@ module "http_rdir2_records" { domain = "pizzapastalasagna.com" type = "A" records = { - "pizzapastalasagna.com" = "${module.http_rdir.ips[1]}" + "pizzapastalasagna.com" = module.http_rdir.ips[1] } } @@ -110,8 +110,8 @@ module "dns_rdir_records" { domain = "goodyearbook.com" type = "A" records = { - "goodyearbook.com" = "${module.dns_rdir.ips[0]}" - "ns1.goodyearbook.com" = "${module.dns_rdir.ips[0]}" + "goodyearbook.com" = module.dns_rdir.ips[0] + "ns1.goodyearbook.com" = module.dns_rdir.ips[0] } } @@ -137,25 +137,25 @@ module "create_certs" { } output "http-c2-ips" { - value = "${module.http_c2.ips}" + value = module.http_c2.ips } output "dns-c2-ips" { - value = "${module.dns_c2.ips}" + value = module.dns_c2.ips } output "http-rdir-ips" { - value = "${module.http_rdir.ips}" + value = module.http_rdir.ips } output "dns-rdir-ips" { - value = "${module.dns_rdir.ips}" + value = module.dns_rdir.ips } output "http_rdir_domains" { - value = "${merge(module.http_rdir1_records.records, module.http_rdir2_records.records)}" + value = merge(module.http_rdir1_records.records, module.http_rdir2_records.records) } output "dns_rdir_domains" { - value = "${merge(module.dns_rdir_records.records, module.dns_rdir_ns_record.records)}" + value = merge(module.dns_rdir_records.records, module.dns_rdir_ns_record.records) } diff --git a/modules/ansible/README.md b/modules/ansible/README.md index e9da297..bceefab 100644 --- a/modules/ansible/README.md +++ b/modules/ansible/README.md @@ -8,8 +8,8 @@ Runs an ansible playbook on a specific resource module "ansible" { source = "./modules/ansible" - user = "${http_c2.ssh_user}" - ip = "${http_c2.ips[0]}" + user = http_c2.ssh_user + ip = http_c2.ips[0] playbook = "/path/to/playbook.yml" } ``` diff --git a/modules/ansible/main.tf b/modules/ansible/main.tf index 663e360..7ff8bdd 100644 --- a/modules/ansible/main.tf +++ b/modules/ansible/main.tf @@ -4,14 +4,14 @@ terraform { resource "null_resource" "ansible_provisioner" { - triggers { - policy_sha1 = "${sha1(file(var.playbook))}" + triggers = { + policy_sha1 = sha1(file(var.playbook)) } provisioner "local-exec" { command = "ansible-playbook ${join(" ", compact(var.arguments))} --user=${var.user} --private-key=./data/ssh_keys/${var.ip} -e host=${var.ip}${join(" -e ", compact(var.envs))} ${var.playbook}" - environment { + environment = { ANSIBLE_HOST_KEY_CHECKING = "False" } } diff --git a/modules/ansible/outputs.tf b/modules/ansible/outputs.tf index 9bf3a48..fa3f97c 100644 --- a/modules/ansible/outputs.tf +++ b/modules/ansible/outputs.tf @@ -1,9 +1,9 @@ output "arguments" { - value = "${var.arguments}" + value = var.arguments description = "Arguments" } output "envs" { - value = "${var.envs}" + value = var.envs description = "Environment variables" } \ No newline at end of file diff --git a/modules/ansible/variables.tf b/modules/ansible/variables.tf index ca124b8..267023d 100644 --- a/modules/ansible/variables.tf +++ b/modules/ansible/variables.tf @@ -13,13 +13,13 @@ variable "user" { variable "arguments" { default = [] - type = "list" + type = list(string) description = "Arguments" } variable "envs" { default = [] - type = "list" + type = list(string) description = "Environment variables" } diff --git a/modules/aws/create-dns-record/main.tf b/modules/aws/create-dns-record/main.tf index db36264..5b7a2dc 100644 --- a/modules/aws/create-dns-record/main.tf +++ b/modules/aws/create-dns-record/main.tf @@ -3,15 +3,15 @@ terraform { } data "aws_route53_zone" "selected" { - name = "${var.domain}" + name = var.domain } resource "aws_route53_record" "record" { - count = "${var.count}" + count = var.count_vm - zone_id = "${data.aws_route53_zone.selected.zone_id}" - name = "${element(keys(var.records), count.index)}" - type = "${var.type}" - ttl = "${var.ttl}" + zone_id = data.aws_route53_zone.selected.zone_id + name = element(keys(var.records), count.index) + type = var.type + ttl = var.ttl records = ["${lookup(var.records, element(keys(var.records), count.index))}"] } diff --git a/modules/aws/create-dns-record/outputs.tf b/modules/aws/create-dns-record/outputs.tf index 4e0b481..4adec69 100644 --- a/modules/aws/create-dns-record/outputs.tf +++ b/modules/aws/create-dns-record/outputs.tf @@ -1,3 +1,3 @@ output "records" { - value = "${var.records}" + value = var.records } \ No newline at end of file diff --git a/modules/aws/create-dns-record/variables.tf b/modules/aws/create-dns-record/variables.tf index f03999c..1a76ba9 100644 --- a/modules/aws/create-dns-record/variables.tf +++ b/modules/aws/create-dns-record/variables.tf @@ -2,7 +2,7 @@ variable "domain" {} variable "type" {} -variable "count" { +variable "count_vm" { default = 1 } @@ -11,5 +11,5 @@ variable "ttl" { } variable "records" { - type = "map" + type = map(string) } \ No newline at end of file diff --git a/modules/aws/create-hosted-zone/main.tf b/modules/aws/create-hosted-zone/main.tf index 687f921..a43e24c 100644 --- a/modules/aws/create-hosted-zone/main.tf +++ b/modules/aws/create-hosted-zone/main.tf @@ -1,3 +1,3 @@ resource "aws_route53_zone" "new_zone" { - name = "${var.domain}" + name = var.domain } \ No newline at end of file diff --git a/modules/aws/create-hosted-zone/outputs.tf b/modules/aws/create-hosted-zone/outputs.tf index d5f39f0..b954787 100644 --- a/modules/aws/create-hosted-zone/outputs.tf +++ b/modules/aws/create-hosted-zone/outputs.tf @@ -1,7 +1,7 @@ output "zone_id" { - value = "${aws_route53_zone.new_zone.zone_id}" + value = aws_route53_zone.new_zone.zone_id } output "name_servers" { - value = "${aws_route53_zone.new_zone.name_servers}" + value = aws_route53_zone.new_zone.name_servers } \ No newline at end of file diff --git a/modules/aws/create-vpc/main.tf b/modules/aws/create-vpc/main.tf index 9e2d16f..e8d43d7 100644 --- a/modules/aws/create-vpc/main.tf +++ b/modules/aws/create-vpc/main.tf @@ -7,7 +7,7 @@ terraform { // https://github.com/hashicorp/terraform/issues/11578 resource "aws_vpc" "default" { - //count = "${var.count}" + //count = var.count_vm //provider = "aws.${element(var.regions, count.index)}" cidr_block = "10.0.0.0/16" @@ -15,36 +15,36 @@ resource "aws_vpc" "default" { } resource "aws_subnet" "default" { - //count = "${var.count}" + //count = var.count_vm //provider = "aws.${element(var.regions, count.index)}" - vpc_id = "${aws_vpc.default.id}" + vpc_id = aws_vpc.default.id cidr_block = "10.0.0.0/24" } resource "aws_internet_gateway" "default" { - //count = "${var.count}" + //count = var.count_vm //provider = "aws.${element(var.regions, count.index)}" - vpc_id = "${aws_vpc.default.id}" + vpc_id = aws_vpc.default.id } resource "aws_route_table" "default" { - //count = "${var.count}" + //count = var.count_vm //provider = "aws.${element(var.regions, count.index)}" - vpc_id = "${aws_vpc.default.id}" + vpc_id = aws_vpc.default.id route { cidr_block = "0.0.0.0/0" - gateway_id = "${aws_internet_gateway.default.id}" + gateway_id = aws_internet_gateway.default.id } } resource "aws_route_table_association" "default" { - //count = "${var.count}" + //count = var.count_vm //provider = "aws.${element(var.regions, count.index)}" - subnet_id = "${aws_subnet.default.id}" - route_table_id = "${aws_route_table.default.id}" + subnet_id = aws_subnet.default.id + route_table_id = aws_route_table.default.id } diff --git a/modules/aws/create-vpc/outputs.tf b/modules/aws/create-vpc/outputs.tf index f1708ee..58e5a4c 100644 --- a/modules/aws/create-vpc/outputs.tf +++ b/modules/aws/create-vpc/outputs.tf @@ -1,7 +1,7 @@ output "subnet_id" { - value = "${aws_subnet.default.id}" + value = aws_subnet.default.id } output "vpc_id" { - value = "${aws_vpc.default.id}" + value = aws_vpc.default.id } \ No newline at end of file diff --git a/modules/aws/create-vpc/variables.tf b/modules/aws/create-vpc/variables.tf index 30ab063..4612f90 100644 --- a/modules/aws/create-vpc/variables.tf +++ b/modules/aws/create-vpc/variables.tf @@ -1,5 +1,5 @@ /* -variable "count" { +variable "count_vm" { default = 1 } */ \ No newline at end of file diff --git a/modules/aws/dns-c2/README.md b/modules/aws/dns-c2/README.md index dc1c275..326cef4 100644 --- a/modules/aws/dns-c2/README.md +++ b/modules/aws/dns-c2/README.md @@ -21,7 +21,7 @@ module "dns_c2" { |`subnet_id` | Yes | String | Subnet ID to create instance in. |`count` | No | Integer | Number of instances to launch. Defaults to 1. |`instance_type` | No | String | Instance type to launch. Defaults to "t2.medium" -|`install` | No | List | Scripts to run on instance creation. Defaults to "./scripts/core_deps.sh". +|`install` | No | List | Scripts to run on instance creation. Defaults to "./data/scripts/core_deps.sh". # Outputs diff --git a/modules/aws/dns-c2/main.tf b/modules/aws/dns-c2/main.tf index dcfda7c..84043fc 100644 --- a/modules/aws/dns-c2/main.tf +++ b/modules/aws/dns-c2/main.tf @@ -5,20 +5,20 @@ terraform { data "aws_region" "current" {} resource "random_id" "server" { - count = "${var.count}" + count = var.count_vm byte_length = 4 } resource "tls_private_key" "ssh" { - count = "${var.count}" + count = var.count_vm algorithm = "RSA" rsa_bits = 4096 } resource "aws_key_pair" "dns-c2" { - count = "${var.count}" + count = var.count_vm key_name = "dns-c2-key-${count.index}" - public_key = "${tls_private_key.ssh.*.public_key_openssh[count.index]}" + public_key = tls_private_key.ssh.*.public_key_openssh[count.index] } resource "aws_instance" "dns-c2" { @@ -28,26 +28,26 @@ resource "aws_instance" "dns-c2" { //provider = "aws.${element(var.regions, count.index)}" - count = "${var.count}" + count = var.count_vm tags = { Name = "dns-c2-${random_id.server.*.hex[count.index]}" } - ami = "${var.amis[data.aws_region.current.name]}" - instance_type = "${var.instance_type}" - key_name = "${aws_key_pair.dns-c2.*.key_name[count.index]}" + ami = var.amis[data.aws_region.current.name] + instance_type = var.instance_type + key_name = aws_key_pair.dns-c2.*.key_name[count.index] vpc_security_group_ids = ["${aws_security_group.dns-c2.id}"] - subnet_id = "${var.subnet_id}" + subnet_id = var.subnet_id associate_public_ip_address = true provisioner "remote-exec" { - scripts = "${concat(list("./scripts/core_deps.sh"), var.install)}" + scripts = concat(list("./data/scripts/core_deps.sh"), var.install) connection { type = "ssh" user = "admin" - private_key = "${tls_private_key.ssh.*.private_key_pem[count.index]}" + private_key = tls_private_key.ssh.*.private_key_pem[count.index] } } @@ -56,26 +56,26 @@ resource "aws_instance" "dns-c2" { } provisioner "local-exec" { - when = "destroy" + when = destroy command = "rm ./data/ssh_keys/${self.public_ip}*" } } resource "null_resource" "ansible_provisioner" { - count = "${signum(length(var.ansible_playbook)) == 1 ? var.count : 0}" + count = signum(length(var.ansible_playbook)) == 1 ? var.count_vm : 0 - depends_on = ["aws_instance.dns-c2"] + depends_on = [aws_instance.dns-c2] - triggers { - droplet_creation = "${join("," , aws_instance.dns-c2.*.id)}" - policy_sha1 = "${sha1(file(var.ansible_playbook))}" + triggers = { + droplet_creation = join("," , aws_instance.dns-c2.*.id) + policy_sha1 = sha1(file(var.ansible_playbook)) } provisioner "local-exec" { command = "ansible-playbook ${join(" ", compact(var.ansible_arguments))} --user=admin --private-key=./data/ssh_keys/${aws_instance.dns-c2.*.public_ip[count.index]} -e host=${aws_instance.dns-c2.*.public_ip[count.index]} ${var.ansible_playbook}" - environment { + environment = { ANSIBLE_HOST_KEY_CHECKING = "False" } } @@ -87,27 +87,27 @@ resource "null_resource" "ansible_provisioner" { data "template_file" "ssh_config" { - count = "${var.count}" + count = var.count_vm - template = "${file("./data/templates/ssh_config.tpl")}" + template = file("./data/templates/ssh_config.tpl") - depends_on = ["aws_instance.dns-c2"] + depends_on = [aws_instance.dns-c2] - vars { + vars = { name = "dns_c2_${aws_instance.dns-c2.*.public_ip[count.index]}" - hostname = "${aws_instance.dns-c2.*.public_ip[count.index]}" + hostname = aws_instance.dns-c2.*.public_ip[count.index] user = "admin" - identityfile = "${path.root}/data/ssh_keys/${aws_instance.dns-c2.*.public_ip[count.index]}" + identityfile = path.root}/data/ssh_keys/${aws_instance.dns-c2.*.public_ip[count.index] } } resource "null_resource" "gen_ssh_config" { - count = "${var.count}" + count = var.count_vm - triggers { - template_rendered = "${data.template_file.ssh_config.*.rendered[count.index]}" + triggers = { + template_rendered = data.template_file.ssh_config.*.rendered[count.index] } provisioner "local-exec" { @@ -115,7 +115,7 @@ resource "null_resource" "gen_ssh_config" { } provisioner "local-exec" { - when = "destroy" + when = destroy command = "rm ./data/ssh_configs/config_${random_id.server.*.hex[count.index]}" } diff --git a/modules/aws/dns-c2/security_group.tf b/modules/aws/dns-c2/security_group.tf index 7d1a51e..aaba70a 100644 --- a/modules/aws/dns-c2/security_group.tf +++ b/modules/aws/dns-c2/security_group.tf @@ -3,13 +3,13 @@ terraform { } data "external" "get_public_ip" { - program = ["bash", "./scripts/get_public_ip.sh" ] + program = ["bash", "./data/scripts/get_public_ip.sh" ] } resource "aws_security_group" "dns-c2" { name = "dns-c2" description = "Security group created by Red Baron" - vpc_id = "${var.vpc_id}" + vpc_id = var.vpc_id ingress { from_port = 22 diff --git a/modules/aws/dns-c2/variables.tf b/modules/aws/dns-c2/variables.tf index 0e58c81..e89858a 100644 --- a/modules/aws/dns-c2/variables.tf +++ b/modules/aws/dns-c2/variables.tf @@ -2,7 +2,7 @@ variable "subnet_id" {} variable "vpc_id" {} -variable "count" { +variable "count_vm" { default = 1 } @@ -13,13 +13,13 @@ variable "ansible_playbook" { variable "ansible_arguments" { default = [] - type = "list" + type = list(string) description = "Additional Ansible Arguments" } variable "ansible_vars" { default = [] - type = "list" + type = list(string) description = "Environment variables" } @@ -28,23 +28,23 @@ variable "instance_type" { } variable "install" { - type = "list" + type = list(string) default = [] } /* variable "install" { - type = "map" + type = map(string) default = { - "empire" = "./scripts/install_empire.sh" - "metasploit" = "./scripts/install_metasploit.sh" - "cobaltstrike" = "./scripts/install_cobalt_strike.sh" + "empire" = "./data/scripts/install_empire.sh" + "metasploit" = "./data/scripts/install_metasploit.sh" + "cobaltstrike" = "./data/scripts/install_cobalt_strike.sh" } } */ variable "amis" { - type = "map" + type = map(string) default = { // Taken from https://wiki.debian.org/Cloud/AmazonEC2Image/Stretch diff --git a/modules/aws/dns-rdir/main.tf b/modules/aws/dns-rdir/main.tf index b77b86d..5b999e7 100644 --- a/modules/aws/dns-rdir/main.tf +++ b/modules/aws/dns-rdir/main.tf @@ -5,20 +5,20 @@ terraform { data "aws_region" "current" {} resource "random_id" "server" { - count = "${var.count}" + count = var.count_vm byte_length = 4 } resource "tls_private_key" "ssh" { - count = "${var.count}" + count = var.count_vm algorithm = "RSA" rsa_bits = 4096 } resource "aws_key_pair" "dns-rdir" { - count = "${var.count}" + count = var.count_vm key_name = "dns-rdir-key-${count.index}" - public_key = "${tls_private_key.ssh.*.public_key_openssh[count.index]}" + public_key = tls_private_key.ssh.*.public_key_openssh[count.index] } resource "aws_instance" "dns-rdir" { @@ -28,17 +28,17 @@ resource "aws_instance" "dns-rdir" { //provider = "aws.${element(var.regions, count.index)}" - count = "${var.count}" + count = var.count_vm tags = { Name = "dns-rdir-${random_id.server.*.hex[count.index]}" } - ami = "${var.amis[data.aws_region.current.name]}" - instance_type = "${var.instance_type}" - key_name = "${aws_key_pair.dns-rdir.*.key_name[count.index]}" + ami = var.amis[data.aws_region.current.name] + instance_type = var.instance_type + key_name = aws_key_pair.dns-rdir.*.key_name[count.index] vpc_security_group_ids = ["${aws_security_group.dns-rdir.id}"] - subnet_id = "${var.subnet_id}" + subnet_id = var.subnet_id associate_public_ip_address = true provisioner "remote-exec" { @@ -51,7 +51,7 @@ resource "aws_instance" "dns-rdir" { connection { type = "ssh" user = "admin" - private_key = "${tls_private_key.ssh.*.private_key_pem[count.index]}" + private_key = tls_private_key.ssh.*.private_key_pem[count.index] } } @@ -60,26 +60,26 @@ resource "aws_instance" "dns-rdir" { } provisioner "local-exec" { - when = "destroy" + when = destroy command = "rm ./data/ssh_keys/${self.public_ip}*" } } resource "null_resource" "ansible_provisioner" { - count = "${signum(length(var.ansible_playbook)) == 1 ? var.count : 0}" + count = signum(length(var.ansible_playbook)) == 1 ? var.count_vm : 0 - depends_on = ["aws_instance.dns-rdir"] + depends_on = [aws_instance.dns-rdir] - triggers { - droplet_creation = "${join("," , aws_instance.dns-rdir.*.id)}" - policy_sha1 = "${sha1(file(var.ansible_playbook))}" + triggers = { + droplet_creation = join("," , aws_instance.dns-rdir.*.id) + policy_sha1 = sha1(file(var.ansible_playbook)) } provisioner "local-exec" { command = "ansible-playbook ${join(" ", compact(var.ansible_arguments))} --user=admin --private-key=./data/ssh_keys/${aws_instance.dns-rdir.*.public_ip[count.index]} -e host=${aws_instance.dns-rdir.*.public_ip[count.index]} ${var.ansible_playbook}" - environment { + environment = { ANSIBLE_HOST_KEY_CHECKING = "False" } } @@ -91,27 +91,27 @@ resource "null_resource" "ansible_provisioner" { data "template_file" "ssh_config" { - count = "${var.count}" + count = var.count_vm - template = "${file("./data/templates/ssh_config.tpl")}" + template = file("./data/templates/ssh_config.tpl") - depends_on = ["aws_instance.dns-rdir"] + depends_on = [aws_instance.dns-rdir] - vars { + vars = { name = "dns_rdir_${aws_instance.dns-rdir.*.public_ip[count.index]}" - hostname = "${aws_instance.dns-rdir.*.public_ip[count.index]}" + hostname = aws_instance.dns-rdir.*.public_ip[count.index] user = "admin" - identityfile = "${path.root}/data/ssh_keys/${aws_instance.dns-rdir.*.public_ip[count.index]}" + identityfile = path.root}/data/ssh_keys/${aws_instance.dns-rdir.*.public_ip[count.index] } } resource "null_resource" "gen_ssh_config" { - count = "${var.count}" + count = var.count_vm - triggers { - template_rendered = "${data.template_file.ssh_config.*.rendered[count.index]}" + triggers = { + template_rendered = data.template_file.ssh_config.*.rendered[count.index] } provisioner "local-exec" { @@ -119,7 +119,7 @@ resource "null_resource" "gen_ssh_config" { } provisioner "local-exec" { - when = "destroy" + when = destroy command = "rm ./data/ssh_configs/config_${random_id.server.*.hex[count.index]}" } diff --git a/modules/aws/dns-rdir/security_group.tf b/modules/aws/dns-rdir/security_group.tf index 5460d8f..f6f5af5 100644 --- a/modules/aws/dns-rdir/security_group.tf +++ b/modules/aws/dns-rdir/security_group.tf @@ -3,13 +3,13 @@ terraform { } data "external" "get_public_ip" { - program = ["bash", "./scripts/get_public_ip.sh" ] + program = ["bash", "./data/scripts/get_public_ip.sh" ] } resource "aws_security_group" "dns-rdir" { name = "dns-rdir" description = "Security group created by Red Baron" - vpc_id = "${var.vpc_id}" + vpc_id = var.vpc_id ingress { from_port = 22 diff --git a/modules/aws/dns-rdir/variables.tf b/modules/aws/dns-rdir/variables.tf index 7345d0d..9557947 100644 --- a/modules/aws/dns-rdir/variables.tf +++ b/modules/aws/dns-rdir/variables.tf @@ -3,10 +3,10 @@ variable "subnet_id" {} variable "vpc_id" {} variable "redirect_to" { - type = "list" + type = list(string) } -variable "count" { +variable "count_vm" { default = 1 } @@ -17,13 +17,13 @@ variable "ansible_playbook" { variable "ansible_arguments" { default = [] - type = "list" + type = list(string) description = "Additional Ansible Arguments" } variable "ansible_vars" { default = [] - type = "list" + type = list(string) description = "Environment variables" } @@ -33,17 +33,17 @@ variable "instance_type" { /* variable "install" { - type = "map" + type = map(string) default = { - "empire" = "./scripts/install_empire.sh" - "metasploit" = "./scripts/install_metasploit.sh" - "cobaltstrike" = "./scripts/install_cobalt_strike.sh" + "empire" = "./data/scripts/install_empire.sh" + "metasploit" = "./data/scripts/install_metasploit.sh" + "cobaltstrike" = "./data/scripts/install_cobalt_strike.sh" } } */ variable "amis" { - type = "map" + type = map(string) default = { // Taken from https://wiki.debian.org/Cloud/AmazonEC2Image/Stretch diff --git a/modules/aws/domain-front/main.tf b/modules/aws/domain-front/main.tf index 0285119..c075bc2 100644 --- a/modules/aws/domain-front/main.tf +++ b/modules/aws/domain-front/main.tf @@ -7,7 +7,7 @@ resource "aws_cloudfront_distribution" "http-c2" { is_ipv6_enabled = false origin { - domain_name = "${var.domain}" + domain_name = var.domain origin_id = "domain-front" custom_origin_config { diff --git a/modules/aws/domain-front/outputs.tf b/modules/aws/domain-front/outputs.tf index c9bdf6d..fc5e99d 100644 --- a/modules/aws/domain-front/outputs.tf +++ b/modules/aws/domain-front/outputs.tf @@ -1,3 +1,3 @@ output "cf-domain" { - value = "${aws_cloudfront_distribution.http-c2.domain_name}" + value = aws_cloudfront_distribution.http-c2.domain_name } \ No newline at end of file diff --git a/modules/aws/http-c2/README.md b/modules/aws/http-c2/README.md index a7ed954..208c93b 100644 --- a/modules/aws/http-c2/README.md +++ b/modules/aws/http-c2/README.md @@ -21,7 +21,7 @@ module "http_c2" { |`subnet_id` | Yes | String | Subnet ID to create instance in. |`count` | No | Integer | Number of instances to launch. Defaults to 1. |`instance_type` | No | String | Instance type to launch. Defaults to "t2.medium" -|`install` | No | List | Scripts to run on instance creation. Defaults to "./scripts/core_deps.sh". +|`install` | No | List | Scripts to run on instance creation. Defaults to "./data/scripts/core_deps.sh". # Outputs diff --git a/modules/aws/http-c2/main.tf b/modules/aws/http-c2/main.tf index 49d8d1f..280a795 100644 --- a/modules/aws/http-c2/main.tf +++ b/modules/aws/http-c2/main.tf @@ -5,20 +5,20 @@ terraform { data "aws_region" "current" {} resource "random_id" "server" { - count = "${var.count}" + count = var.count_vm byte_length = 4 } resource "tls_private_key" "ssh" { - count = "${var.count}" + count = var.count_vm algorithm = "RSA" rsa_bits = 4096 } resource "aws_key_pair" "http-c2" { - count = "${var.count}" + count = var.count_vm key_name = "http-c2-key-${count.index}" - public_key = "${tls_private_key.ssh.*.public_key_openssh[count.index]}" + public_key = tls_private_key.ssh.*.public_key_openssh[count.index] } resource "aws_instance" "http-c2" { @@ -28,26 +28,27 @@ resource "aws_instance" "http-c2" { //provider = "aws.${element(var.regions, count.index)}" - count = "${var.count}" + count = var.count_vm tags = { Name = "http-c2-${random_id.server.*.hex[count.index]}" } - ami = "${var.amis[data.aws_region.current.name]}" - instance_type = "${var.instance_type}" - key_name = "${aws_key_pair.http-c2.*.key_name[count.index]}" + ami = var.amis[data.aws_region.current.name] + instance_type = var.instance_type + key_name = aws_key_pair.http-c2.*.key_name[count.index] vpc_security_group_ids = ["${aws_security_group.http-c2.id}"] - subnet_id = "${var.subnet_id}" + subnet_id = var.subnet_id associate_public_ip_address = true provisioner "remote-exec" { - scripts = "${concat(list("./scripts/core_deps.sh"), var.install)}" + scripts = concat(list("./data/scripts/core_deps.sh"), var.install) connection { + host = self.public_ip type = "ssh" user = "admin" - private_key = "${tls_private_key.ssh.*.private_key_pem[count.index]}" + private_key = tls_private_key.ssh.*.private_key_pem[count.index] } } @@ -56,26 +57,26 @@ resource "aws_instance" "http-c2" { } provisioner "local-exec" { - when = "destroy" + when = destroy command = "rm ./data/ssh_keys/${self.public_ip}*" } } resource "null_resource" "ansible_provisioner" { - count = "${signum(length(var.ansible_playbook)) == 1 ? var.count : 0}" + count = signum(length(var.ansible_playbook)) == 1 ? var.count_vm : 0 - depends_on = ["aws_instance.http-c2"] + depends_on = [aws_instance.http-c2] - triggers { - droplet_creation = "${join("," , aws_instance.http-c2.*.id)}" - policy_sha1 = "${sha1(file(var.ansible_playbook))}" + triggers = { + droplet_creation = join("," , aws_instance.http-c2.*.id) + policy_sha1 = sha1(file(var.ansible_playbook)) } provisioner "local-exec" { command = "ansible-playbook ${join(" ", compact(var.ansible_arguments))} --user=admin --private-key=./data/ssh_keys/${aws_instance.http-c2.*.public_ip[count.index]} -e host=${aws_instance.http-c2.*.public_ip[count.index]} ${var.ansible_playbook}" - environment { + environment = { ANSIBLE_HOST_KEY_CHECKING = "False" } } @@ -87,15 +88,15 @@ resource "null_resource" "ansible_provisioner" { data "template_file" "ssh_config" { - count = "${var.count}" + count = var.count_vm - template = "${file("./data/templates/ssh_config.tpl")}" + template = file("./data/templates/ssh_config.tpl") - depends_on = ["aws_instance.http-c2"] + depends_on = [aws_instance.http-c2] - vars { + vars = { name = "dns_rdir_${aws_instance.http-c2.*.public_ip[count.index]}" - hostname = "${aws_instance.http-c2.*.public_ip[count.index]}" + hostname = aws_instance.http-c2.*.public_ip[count.index] user = "admin" identityfile = "${path.root}/data/ssh_keys/${aws_instance.http-c2.*.public_ip[count.index]}" } @@ -104,10 +105,11 @@ data "template_file" "ssh_config" { resource "null_resource" "gen_ssh_config" { - count = "${var.count}" + count = var.count_vm - triggers { - template_rendered = "${data.template_file.ssh_config.*.rendered[count.index]}" + triggers = { + template_rendered = data.template_file.ssh_config.*.rendered[count.index] + server = random_id.server.*.hex[count.index] } provisioner "local-exec" { @@ -115,8 +117,8 @@ resource "null_resource" "gen_ssh_config" { } provisioner "local-exec" { - when = "destroy" - command = "rm ./data/ssh_configs/config_${random_id.server.*.hex[count.index]}" + when = destroy + command = "rm ./data/ssh_configs/config_${self.triggers.server}" } -} \ No newline at end of file +} diff --git a/modules/aws/http-c2/security_group.tf b/modules/aws/http-c2/security_group.tf index 78e3dbf..818e1cf 100644 --- a/modules/aws/http-c2/security_group.tf +++ b/modules/aws/http-c2/security_group.tf @@ -3,13 +3,13 @@ terraform { } data "external" "get_public_ip" { - program = ["bash", "./scripts/get_public_ip.sh" ] + program = ["bash", "./data/scripts/get_public_ip.sh" ] } resource "aws_security_group" "http-c2" { name = "http-c2" description = "Security group created by Red Baron" - vpc_id = "${var.vpc_id}" + vpc_id = var.vpc_id ingress { from_port = 22 diff --git a/modules/aws/http-c2/variables.tf b/modules/aws/http-c2/variables.tf index 0e58c81..e89858a 100644 --- a/modules/aws/http-c2/variables.tf +++ b/modules/aws/http-c2/variables.tf @@ -2,7 +2,7 @@ variable "subnet_id" {} variable "vpc_id" {} -variable "count" { +variable "count_vm" { default = 1 } @@ -13,13 +13,13 @@ variable "ansible_playbook" { variable "ansible_arguments" { default = [] - type = "list" + type = list(string) description = "Additional Ansible Arguments" } variable "ansible_vars" { default = [] - type = "list" + type = list(string) description = "Environment variables" } @@ -28,23 +28,23 @@ variable "instance_type" { } variable "install" { - type = "list" + type = list(string) default = [] } /* variable "install" { - type = "map" + type = map(string) default = { - "empire" = "./scripts/install_empire.sh" - "metasploit" = "./scripts/install_metasploit.sh" - "cobaltstrike" = "./scripts/install_cobalt_strike.sh" + "empire" = "./data/scripts/install_empire.sh" + "metasploit" = "./data/scripts/install_metasploit.sh" + "cobaltstrike" = "./data/scripts/install_cobalt_strike.sh" } } */ variable "amis" { - type = "map" + type = map(string) default = { // Taken from https://wiki.debian.org/Cloud/AmazonEC2Image/Stretch diff --git a/modules/aws/http-rdir/main.tf b/modules/aws/http-rdir/main.tf index 59aa211..6081081 100644 --- a/modules/aws/http-rdir/main.tf +++ b/modules/aws/http-rdir/main.tf @@ -5,20 +5,20 @@ terraform { data "aws_region" "current" {} resource "random_id" "server" { - count = "${var.count}" + count = var.count_vm byte_length = 4 } resource "tls_private_key" "ssh" { - count = "${var.count}" + count = var.count_vm algorithm = "RSA" rsa_bits = 4096 } resource "aws_key_pair" "http-rdir" { - count = "${var.count}" + count = var.count_vm key_name = "http-rdir-key-${count.index}" - public_key = "${tls_private_key.ssh.*.public_key_openssh[count.index]}" + public_key = tls_private_key.ssh.*.public_key_openssh[count.index] } resource "aws_instance" "http-rdir" { @@ -28,17 +28,17 @@ resource "aws_instance" "http-rdir" { //provider = "aws.${element(var.regions, count.index)}" - count = "${var.count}" + count = var.count_vm tags = { Name = "http-rdir-${random_id.server.*.hex[count.index]}" } - ami = "${var.amis[data.aws_region.current.name]}" - instance_type = "${var.instance_type}" - key_name = "${aws_key_pair.http-rdir.*.key_name[count.index]}" + ami = var.amis[data.aws_region.current.name] + instance_type = var.instance_type + key_name = aws_key_pair.http-rdir.*.key_name[count.index] vpc_security_group_ids = ["${aws_security_group.http-rdir.id}"] - subnet_id = "${var.subnet_id}" + subnet_id = var.subnet_id associate_public_ip_address = true provisioner "remote-exec" { @@ -51,9 +51,10 @@ resource "aws_instance" "http-rdir" { ] connection { + host = self.public_ip type = "ssh" user = "admin" - private_key = "${tls_private_key.ssh.*.private_key_pem[count.index]}" + private_key = tls_private_key.ssh.*.private_key_pem[count.index] } } @@ -62,26 +63,26 @@ resource "aws_instance" "http-rdir" { } provisioner "local-exec" { - when = "destroy" + when = destroy command = "rm ./data/ssh_keys/${self.public_ip}*" } } resource "null_resource" "ansible_provisioner" { - count = "${signum(length(var.ansible_playbook)) == 1 ? var.count : 0}" + count = signum(length(var.ansible_playbook)) == 1 ? var.count_vm : 0 - depends_on = ["aws_instance.http-rdir"] + depends_on = [aws_instance.http-rdir] - triggers { - droplet_creation = "${join("," , aws_instance.http-rdir.*.id)}" - policy_sha1 = "${sha1(file(var.ansible_playbook))}" + triggers = { + droplet_creation = join("," , aws_instance.http-rdir.*.id) + policy_sha1 = sha1(file(var.ansible_playbook)) } provisioner "local-exec" { command = "ansible-playbook ${join(" ", compact(var.ansible_arguments))} --user=admin --private-key=./data/ssh_keys/${aws_instance.http-rdir.*.public_ip[count.index]} -e host=${aws_instance.http-rdir.*.public_ip[count.index]} ${var.ansible_playbook}" - environment { + environment = { ANSIBLE_HOST_KEY_CHECKING = "False" } } @@ -93,15 +94,15 @@ resource "null_resource" "ansible_provisioner" { data "template_file" "ssh_config" { - count = "${var.count}" + count = var.count_vm - template = "${file("./data/templates/ssh_config.tpl")}" + template = file("./data/templates/ssh_config.tpl") - depends_on = ["aws_instance.http-rdir"] + depends_on = [aws_instance.http-rdir] - vars { + vars = { name = "dns_rdir_${aws_instance.http-rdir.*.public_ip[count.index]}" - hostname = "${aws_instance.http-rdir.*.public_ip[count.index]}" + hostname = aws_instance.http-rdir.*.public_ip[count.index] user = "admin" identityfile = "${path.root}/data/ssh_keys/${aws_instance.http-rdir.*.public_ip[count.index]}" } @@ -110,10 +111,11 @@ data "template_file" "ssh_config" { resource "null_resource" "gen_ssh_config" { - count = "${var.count}" + count = var.count_vm - triggers { - template_rendered = "${data.template_file.ssh_config.*.rendered[count.index]}" + triggers = { + template_rendered = data.template_file.ssh_config.*.rendered[count.index] + server = random_id.server.*.hex[count.index] } provisioner "local-exec" { @@ -121,8 +123,8 @@ resource "null_resource" "gen_ssh_config" { } provisioner "local-exec" { - when = "destroy" - command = "rm ./data/ssh_configs/config_${random_id.server.*.hex[count.index]}" + when = destroy + command = "rm ./data/ssh_configs/config_${self.triggers.server}" } -} \ No newline at end of file +} diff --git a/modules/aws/http-rdir/security_group.tf b/modules/aws/http-rdir/security_group.tf index 68ce3d5..f0ebb58 100644 --- a/modules/aws/http-rdir/security_group.tf +++ b/modules/aws/http-rdir/security_group.tf @@ -3,13 +3,13 @@ terraform { } data "external" "get_public_ip" { - program = ["bash", "./scripts/get_public_ip.sh" ] + program = ["bash", "./data/scripts/get_public_ip.sh" ] } resource "aws_security_group" "http-rdir" { name = "http-rdir" description = "Security group created by Red Baron" - vpc_id = "${var.vpc_id}" + vpc_id = var.vpc_id ingress { from_port = 22 diff --git a/modules/aws/http-rdir/variables.tf b/modules/aws/http-rdir/variables.tf index 48bbaa8..efc3473 100644 --- a/modules/aws/http-rdir/variables.tf +++ b/modules/aws/http-rdir/variables.tf @@ -3,7 +3,7 @@ variable "subnet_id" {} variable "vpc_id" {} variable "redirect_to" { - type = "list" + type = list(string) } variable "ansible_playbook" { @@ -13,17 +13,17 @@ variable "ansible_playbook" { variable "ansible_arguments" { default = [] - type = "list" + type = list(string) description = "Additional Ansible Arguments" } variable "ansible_vars" { default = [] - type = "list" + type = list(string) description = "Environment variables" } -variable "count" { +variable "count_vm" { default = 1 } @@ -33,17 +33,17 @@ variable "instance_type" { /* variable "install" { - type = "map" + type = map(string) default = { - "empire" = "./scripts/install_empire.sh" - "metasploit" = "./scripts/install_metasploit.sh" - "cobaltstrike" = "./scripts/install_cobalt_strike.sh" + "empire" = "./data/scripts/install_empire.sh" + "metasploit" = "./data/scripts/install_metasploit.sh" + "cobaltstrike" = "./data/scripts/install_cobalt_strike.sh" } } */ variable "amis" { - type = "map" + type = map(string) default = { // Taken from https://wiki.debian.org/Cloud/AmazonEC2Image/Stretch diff --git a/modules/aws/phishing-server/main.tf b/modules/aws/phishing-server/main.tf index e8c6a4e..83eb384 100644 --- a/modules/aws/phishing-server/main.tf +++ b/modules/aws/phishing-server/main.tf @@ -5,20 +5,20 @@ terraform { data "aws_region" "current" {} resource "random_id" "server" { - count = "${var.count}" + count = var.count_vm byte_length = 4 } resource "tls_private_key" "ssh" { - count = "${var.count}" + count = var.count_vm algorithm = "RSA" rsa_bits = 4096 } resource "aws_key_pair" "phishing-server" { - count = "${var.count}" + count = var.count_vm key_name = "phishing-server-key-${count.index}" - public_key = "${tls_private_key.ssh.*.public_key_openssh[count.index]}" + public_key = tls_private_key.ssh.*.public_key_openssh[count.index] } resource "aws_instance" "phishing-server" { @@ -28,17 +28,17 @@ resource "aws_instance" "phishing-server" { //provider = "aws.${element(var.regions, count.index)}" - count = "${var.count}" + count = var.count_vm tags = { Name = "phishing-server-${random_id.server.*.hex[count.index]}" } - ami = "${var.amis[data.aws_region.current.name]}" - instance_type = "${var.instance_type}" - key_name = "${aws_key_pair.phishing-server.*.key_name[count.index]}" + ami = var.amis[data.aws_region.current.name] + instance_type = var.instance_type + key_name = aws_key_pair.phishing-server.*.key_name[count.index] vpc_security_group_ids = ["${aws_security_group.phishing-server.id}"] - subnet_id = "${var.subnet_id}" + subnet_id = var.subnet_id associate_public_ip_address = true provisioner "remote-exec" { @@ -52,7 +52,7 @@ resource "aws_instance" "phishing-server" { connection { type = "ssh" user = "admin" - private_key = "${tls_private_key.ssh.*.private_key_pem[count.index]}" + private_key = tls_private_key.ssh.*.private_key_pem[count.index] } } @@ -61,26 +61,26 @@ resource "aws_instance" "phishing-server" { } provisioner "local-exec" { - when = "destroy" + when = destroy command = "rm ./data/ssh_keys/${self.public_ip}*" } } resource "null_resource" "ansible_provisioner" { - count = "${signum(length(var.ansible_playbook)) == 1 ? var.count : 0}" + count = signum(length(var.ansible_playbook)) == 1 ? var.count_vm : 0 - depends_on = ["aws_instance.phishing-server"] + depends_on = [aws_instance.phishing-server] - triggers { - droplet_creation = "${join("," , aws_instance.phishing-server.*.id)}" - policy_sha1 = "${sha1(file(var.ansible_playbook))}" + triggers = { + droplet_creation = join("," , aws_instance.phishing-server.*.id) + policy_sha1 = sha1(file(var.ansible_playbook)) } provisioner "local-exec" { command = "ansible-playbook ${join(" ", compact(var.ansible_arguments))} --user=admin --private-key=./data/ssh_keys/${aws_instance.phishing-server.*.public_ip[count.index]} -e host=${aws_instance.phishing-server.*.public_ip[count.index]} ${var.ansible_playbook}" - environment { + environment = { ANSIBLE_HOST_KEY_CHECKING = "False" } } @@ -92,27 +92,27 @@ resource "null_resource" "ansible_provisioner" { data "template_file" "ssh_config" { - count = "${var.count}" + count = var.count_vm - template = "${file("./data/templates/ssh_config.tpl")}" + template = file("./data/templates/ssh_config.tpl") - depends_on = ["aws_instance.phishing-server"] + depends_on = [aws_instance.phishing-server] - vars { + vars = { name = "dns_rdir_${aws_instance.phishing-server.*.public_ip[count.index]}" - hostname = "${aws_instance.phishing-server.*.public_ip[count.index]}" + hostname = aws_instance.phishing-server.*.public_ip[count.index] user = "admin" - identityfile = "${path.root}/data/ssh_keys/${aws_instance.phishing-server.*.public_ip[count.index]}" + identityfile = path.root}/data/ssh_keys/${aws_instance.phishing-server.*.public_ip[count.index] } } resource "null_resource" "gen_ssh_config" { - count = "${var.count}" + count = var.count_vm - triggers { - template_rendered = "${data.template_file.ssh_config.*.rendered[count.index]}" + triggers = { + template_rendered = data.template_file.ssh_config.*.rendered[count.index] } provisioner "local-exec" { @@ -120,7 +120,7 @@ resource "null_resource" "gen_ssh_config" { } provisioner "local-exec" { - when = "destroy" + when = destroy command = "rm ./data/ssh_configs/config_${random_id.server.*.hex[count.index]}" } diff --git a/modules/aws/phishing-server/security_group.tf b/modules/aws/phishing-server/security_group.tf index 97edcc0..d8199c1 100644 --- a/modules/aws/phishing-server/security_group.tf +++ b/modules/aws/phishing-server/security_group.tf @@ -3,13 +3,13 @@ terraform { } data "external" "get_public_ip" { - program = ["bash", "./scripts/get_public_ip.sh" ] + program = ["bash", "./data/scripts/get_public_ip.sh" ] } resource "aws_security_group" "phishing-server" { name = "phishing-server" description = "Security group created by Red Baron" - vpc_id = "${var.vpc_id}" + vpc_id = var.vpc_id ingress { from_port = 22 diff --git a/modules/aws/phishing-server/variables.tf b/modules/aws/phishing-server/variables.tf index cbe587b..db876f3 100644 --- a/modules/aws/phishing-server/variables.tf +++ b/modules/aws/phishing-server/variables.tf @@ -2,7 +2,7 @@ variable "subnet_id" {} variable "vpc_id" {} -variable "count" { +variable "count_vm" { default = 1 } @@ -13,13 +13,13 @@ variable "ansible_playbook" { variable "ansible_arguments" { default = [] - type = "list" + type = list(string) description = "Additional Ansible Arguments" } variable "ansible_vars" { default = [] - type = "list" + type = list(string) description = "Environment variables" } @@ -29,17 +29,17 @@ variable "instance_type" { /* variable "install" { - type = "map" + type = map(string) default = { - "empire" = "./scripts/install_empire.sh" - "metasploit" = "./scripts/install_metasploit.sh" - "cobaltstrike" = "./scripts/install_cobalt_strike.sh" + "empire" = "./data/scripts/install_empire.sh" + "metasploit" = "./data/scripts/install_metasploit.sh" + "cobaltstrike" = "./data/scripts/install_cobalt_strike.sh" } } */ variable "amis" { - type = "map" + type = map(string) default = { // Taken from https://wiki.debian.org/Cloud/AmazonEC2Image/Stretch diff --git a/modules/aws/smtp/README.md b/modules/aws/smtp/README.md index 69c98c4..2635f26 100644 --- a/modules/aws/smtp/README.md +++ b/modules/aws/smtp/README.md @@ -14,7 +14,7 @@ module "mail" { source = "./modules/aws/smtp" domain = "example.com" mx_subdomain = "mail" - zone_id = "${module.zone.zone_id}" + zone_id = module.zone.zone_id } output "smtp_name_servers" { @@ -22,15 +22,15 @@ output "smtp_name_servers" { } output "smtp_server" { - value = "${module.smtp.smtp_server}" + value = module.smtp.smtp_server } output "smtp_user" { - value = "${module.smtp.smtp_username}" + value = module.smtp.smtp_username } output "smtp_password" { - value = "${module.smtp.smtp_password}" + value = module.smtp.smtp_password } ``` diff --git a/modules/aws/smtp/main.tf b/modules/aws/smtp/main.tf index a541fd3..73983b5 100644 --- a/modules/aws/smtp/main.tf +++ b/modules/aws/smtp/main.tf @@ -3,7 +3,7 @@ data "aws_region" "current" {} # Random ID generator resource "random_id" "username" { keepers = { - zone_id = "${var.zone_id}" + zone_id = var.zone_id } byte_length = 6 @@ -17,7 +17,7 @@ resource "aws_iam_user" "smtp_user" { # IAM policy to send emails via SMTP through SES resource "aws_iam_user_policy" "smtp_policy" { name = "${aws_iam_user.smtp_user.name}-policy" - user = "${aws_iam_user.smtp_user.name}" + user = aws_iam_user.smtp_user.name policy = < 0 ? var.subject_alternative_names[element(var.domains, count.index)] : [] dns_challenge { - provider = "${var.provider}" + provider = var.provider } provisioner "local-exec" { @@ -36,7 +36,7 @@ resource "acme_certificate" "certificate" { } provisioner "local-exec" { - when = "destroy" + when = destroy command = "rm ./data/certificates/${self.common_name}*" } } \ No newline at end of file diff --git a/modules/letsencrypt/create-cert-dns/variables.tf b/modules/letsencrypt/create-cert-dns/variables.tf index 2c68cbe..c1454b5 100644 --- a/modules/letsencrypt/create-cert-dns/variables.tf +++ b/modules/letsencrypt/create-cert-dns/variables.tf @@ -2,15 +2,15 @@ variable "provider" { } variable "domains" { - type = "list" + type = list(string) } variable "subject_alternative_names" { - type = "map" + type = map(string) default = {} } -variable "count" { +variable "count_vm" { default = 1 } @@ -19,7 +19,7 @@ variable "server_url" { } variable "server_urls" { - type = "map" + type = map(string) default = { "staging" = "https://acme-staging-v02.api.letsencrypt.org/directory" "production" = "https://acme-v02.api.letsencrypt.org/directory" diff --git a/modules/linode/dns-c2/README.md b/modules/linode/dns-c2/README.md index e4f58aa..e12a5c8 100644 --- a/modules/linode/dns-c2/README.md +++ b/modules/linode/dns-c2/README.md @@ -16,7 +16,7 @@ module "dns_c2" { |---------------------------| -------- | ---------- | ----------- |`count` | No | Integer | Number of instances to launch. Defaults to 1. |`size` | No | Integer | Linode size to launch. Defaults to 1024. -|`install` | No | List | Scripts to run on instance creation. Defaults to "./scripts/core_deps.sh". +|`install` | No | List | Scripts to run on instance creation. Defaults to "./data/scripts/core_deps.sh". |`regions` | No | List | Regions to create Linode(s) in. Defaults to NJ. Accepted values are NJ, CA, TX, GA, UK, JP, JP2, SG and DE. |`group` | No | String | Group name for created Linode(s). Defaults to "Red Baron" diff --git a/modules/linode/dns-c2/main.tf b/modules/linode/dns-c2/main.tf index 01b8cde..9d889b4 100644 --- a/modules/linode/dns-c2/main.tf +++ b/modules/linode/dns-c2/main.tf @@ -3,18 +3,18 @@ terraform { } resource "random_id" "server" { - count = "${var.count}" + count = var.count_vm byte_length = 4 } resource "random_string" "password" { - count = "${var.count}" + count = var.count_vm length = 16 special = true } resource "tls_private_key" "ssh" { - count = "${var.count}" + count = var.count_vm algorithm = "RSA" rsa_bits = 4096 } @@ -22,25 +22,25 @@ resource "tls_private_key" "ssh" { resource "linode_linode" "dns-c2" { // Due to a current limitation the count parameter cannot be a dynamic value :( // https://github.com/hashicorp/terraform/issues/14677 - // count = "${length(var.dns_c2_ips)}" + // count = length(var.dns_c2_ips) - count = "${var.count}" + count = var.count_vm image = "Debian 9" kernel = "Latest 64 bit" name = "dns-c2-${random_id.server.*.hex[count.index]}" - group = "${var.group}" - region = "${var.available_regions[element(var.regions, count.index)]}" - size = "${var.size}" - ssh_key = "${tls_private_key.ssh.*.public_key_openssh[count.index]}" - root_password = "${random_string.password.*.result[count.index]}" + group = var.group + region = var.available_regions[element(var.regions, count.index)] + size = var.size + ssh_key = tls_private_key.ssh.*.public_key_openssh[count.index] + root_password = random_string.password.*.result[count.index] provisioner "remote-exec" { - scripts = "${concat(list("./scripts/core_deps.sh"), var.install)}" + scripts = concat(list("./data/scripts/core_deps.sh"), var.install) connection { type = "ssh" user = "root" - private_key = "${tls_private_key.ssh.*.private_key_pem[count.index]}" + private_key = tls_private_key.ssh.*.private_key_pem[count.index] } } @@ -49,25 +49,25 @@ resource "linode_linode" "dns-c2" { } provisioner "local-exec" { - when = "destroy" + when = destroy command = "rm ./data/ssh_keys/${self.ip_address}*" } } resource "null_resource" "ansible_provisioner" { - count = "${signum(length(var.ansible_playbook)) == 1 ? var.count : 0}" + count = signum(length(var.ansible_playbook)) == 1 ? var.count_vm : 0 - depends_on = ["linode_linode.dns-c2"] + depends_on = [linode_linode.dns-c2] - triggers { - droplet_creation = "${join("," , linode_linode.dns-c2.*.id)}" - policy_sha1 = "${sha1(file(var.ansible_playbook))}" + triggers = { + droplet_creation = join("," , linode_linode.dns-c2.*.id) + policy_sha1 = sha1(file(var.ansible_playbook)) } provisioner "local-exec" { command = "ansible-playbook ${join(" ", compact(var.ansible_arguments))} --user=root --private-key=./data/ssh_keys/${linode_linode.dns-c2.*.ip_address[count.index]} -e host=${linode_linode.dns-c2.*.ip_address[count.index]} ${var.ansible_playbook}" - environment { + environment = { ANSIBLE_HOST_KEY_CHECKING = "False" } } @@ -79,27 +79,27 @@ resource "null_resource" "ansible_provisioner" { data "template_file" "ssh_config" { - count = "${var.count}" + count = var.count_vm - template = "${file("./data/templates/ssh_config.tpl")}" + template = file("./data/templates/ssh_config.tpl") - depends_on = ["linode_linode.dns-c2"] + depends_on = [linode_linode.dns-c2] - vars { + vars = { name = "dns_c2_${linode_linode.dns-c2.*.ip_address[count.index]}" - hostname = "${linode_linode.dns-c2.*.ip_address[count.index]}" + hostname = linode_linode.dns-c2.*.ip_address[count.index] user = "root" - identityfile = "${path.root}/data/ssh_keys/${linode_linode.dns-c2.*.ip_address[count.index]}" + identityfile = path.root}/data/ssh_keys/${linode_linode.dns-c2.*.ip_address[count.index] } } resource "null_resource" "gen_ssh_config" { - count = "${var.count}" + count = var.count_vm - triggers { - template_rendered = "${data.template_file.ssh_config.*.rendered[count.index]}" + triggers = { + template_rendered = data.template_file.ssh_config.*.rendered[count.index] } provisioner "local-exec" { @@ -107,7 +107,7 @@ resource "null_resource" "gen_ssh_config" { } provisioner "local-exec" { - when = "destroy" + when = destroy command = "rm ./data/ssh_configs/config_${random_id.server.*.hex[count.index]}" } diff --git a/modules/linode/dns-c2/variables.tf b/modules/linode/dns-c2/variables.tf index 57d9c6e..a649bdd 100644 --- a/modules/linode/dns-c2/variables.tf +++ b/modules/linode/dns-c2/variables.tf @@ -1,9 +1,9 @@ variable "install" { - type = "list" + type = list(string) default = [] } -variable "count" { +variable "count_vm" { default = 1 } @@ -14,13 +14,13 @@ variable "ansible_playbook" { variable "ansible_arguments" { default = [] - type = "list" + type = list(string) description = "Additional Ansible Arguments" } variable "ansible_vars" { default = [] - type = "list" + type = list(string) description = "Environment variables" } @@ -29,12 +29,12 @@ variable "size" { } variable "regions" { - type = "list" + type = list(string) default = ["NJ"] } variable "available_regions" { - type = "map" + type = map(string) default = { "NJ" = "Newark, NJ, USA" "CA" = "Freemont, CA, USA" diff --git a/modules/linode/dns-rdir/main.tf b/modules/linode/dns-rdir/main.tf index a4697c6..7da4650 100644 --- a/modules/linode/dns-rdir/main.tf +++ b/modules/linode/dns-rdir/main.tf @@ -3,18 +3,18 @@ terraform { } resource "random_id" "server" { - count = "${var.count}" + count = var.count_vm byte_length = 4 } resource "random_string" "password" { - count = "${var.count}" + count = var.count_vm length = 16 special = true } resource "tls_private_key" "ssh" { - count = "${var.count}" + count = var.count_vm algorithm = "RSA" rsa_bits = 4096 } @@ -22,17 +22,17 @@ resource "tls_private_key" "ssh" { resource "linode_linode" "dns-rdir" { // Due to a current limitation the count parameter cannot be a dynamic value :( // https://github.com/hashicorp/terraform/issues/14677 - // count = "${length(var.redirect_to)}" + // count = length(var.redirect_to) - count = "${var.count}" + count = var.count_vm image = "Debian 9" kernel = "Latest 64 bit" name = "dns-rdir-${random_id.server.*.hex[count.index]}" - group = "${var.group}" - region = "${var.available_regions[element(var.regions, count.index)]}" - size = "${var.size}" - ssh_key = "${tls_private_key.ssh.*.public_key_openssh[count.index]}" - root_password = "${random_string.password.*.result[count.index]}" + group = var.group + region = var.available_regions[element(var.regions, count.index)] + size = var.size + ssh_key = tls_private_key.ssh.*.public_key_openssh[count.index] + root_password = random_string.password.*.result[count.index] provisioner "remote-exec" { inline = [ @@ -44,7 +44,7 @@ resource "linode_linode" "dns-rdir" { connection { type = "ssh" user = "root" - private_key = "${tls_private_key.ssh.*.private_key_pem[count.index]}" + private_key = tls_private_key.ssh.*.private_key_pem[count.index] } } @@ -53,26 +53,26 @@ resource "linode_linode" "dns-rdir" { } provisioner "local-exec" { - when = "destroy" + when = destroy command = "rm ./data/ssh_keys/${self.ip_address}*" } } resource "null_resource" "ansible_provisioner" { - count = "${signum(length(var.ansible_playbook)) == 1 ? var.count : 0}" + count = signum(length(var.ansible_playbook)) == 1 ? var.count_vm : 0 - depends_on = ["linode_linode.dns-rdir"] + depends_on = [linode_linode.dns-rdir] - triggers { - droplet_creation = "${join("," , linode_linode.dns-rdir.*.id)}" - policy_sha1 = "${sha1(file(var.ansible_playbook))}" + triggers = { + droplet_creation = join("," , linode_linode.dns-rdir.*.id) + policy_sha1 = sha1(file(var.ansible_playbook)) } provisioner "local-exec" { command = "ansible-playbook ${join(" ", compact(var.ansible_arguments))} --user=root --private-key=./data/ssh_keys/${linode_linode.dns-rdir.*.ip_address[count.index]} -e host=${linode_linode.dns-rdir.*.ip_address[count.index]} ${var.ansible_playbook}" - environment { + environment = { ANSIBLE_HOST_KEY_CHECKING = "False" } } @@ -84,27 +84,27 @@ resource "null_resource" "ansible_provisioner" { data "template_file" "ssh_config" { - count = "${var.count}" + count = var.count_vm - template = "${file("./data/templates/ssh_config.tpl")}" + template = file("./data/templates/ssh_config.tpl") - depends_on = ["linode_linode.dns-rdir"] + depends_on = [linode_linode.dns-rdir] - vars { + vars = { name = "dns_rdir_${linode_linode.dns-rdir.*.ip_address[count.index]}" - hostname = "${linode_linode.dns-rdir.*.ip_address[count.index]}" + hostname = linode_linode.dns-rdir.*.ip_address[count.index] user = "root" - identityfile = "${path.root}/data/ssh_keys/${linode_linode.dns-rdir.*.ip_address[count.index]}" + identityfile = path.root}/data/ssh_keys/${linode_linode.dns-rdir.*.ip_address[count.index] } } resource "null_resource" "gen_ssh_config" { - count = "${var.count}" + count = var.count_vm - triggers { - template_rendered = "${data.template_file.ssh_config.*.rendered[count.index]}" + triggers = { + template_rendered = data.template_file.ssh_config.*.rendered[count.index] } provisioner "local-exec" { @@ -112,7 +112,7 @@ resource "null_resource" "gen_ssh_config" { } provisioner "local-exec" { - when = "destroy" + when = destroy command = "rm ./data/ssh_configs/config_${random_id.server.*.hex[count.index]}" } diff --git a/modules/linode/dns-rdir/variables.tf b/modules/linode/dns-rdir/variables.tf index dc259b7..7d5e134 100644 --- a/modules/linode/dns-rdir/variables.tf +++ b/modules/linode/dns-rdir/variables.tf @@ -1,8 +1,8 @@ variable "redirect_to" { - type = "list" + type = list(string) } -variable "count" { +variable "count_vm" { default = 1 } @@ -13,13 +13,13 @@ variable "ansible_playbook" { variable "ansible_arguments" { default = [] - type = "list" + type = list(string) description = "Additional Ansible Arguments" } variable "ansible_vars" { default = [] - type = "list" + type = list(string) description = "Environment variables" } @@ -28,12 +28,12 @@ variable "size" { } variable "regions" { - type = "list" + type = list(string) default = ["NJ"] } variable "available_regions" { - type = "map" + type = map(string) default = { "NJ" = "Newark, NJ, USA" "CA" = "Freemont, CA, USA" diff --git a/modules/linode/http-c2/README.md b/modules/linode/http-c2/README.md index fcc7a23..3645a32 100644 --- a/modules/linode/http-c2/README.md +++ b/modules/linode/http-c2/README.md @@ -16,7 +16,7 @@ module "http_c2" { |---------------------------| -------- | ---------- | ----------- |`count` | No | Integer | Number of instances to launch. Defaults to 1. |`size` | No | Integer | Linode size to launch. Defaults to 1024. -|`install` | No | List | Scripts to run on instance creation. Defaults to "./scripts/core_deps.sh". +|`install` | No | List | Scripts to run on instance creation. Defaults to "./data/scripts/core_deps.sh". |`regions` | No | List | Regions to create Linode(s) in. Defaults to NJ. Accepted values are NJ, CA, TX, GA, UK, JP, JP2, SG and DE. |`group` | No | String | Group name for created Linode(s). Defaults to "Red Baron" diff --git a/modules/linode/http-c2/main.tf b/modules/linode/http-c2/main.tf index 939447b..930db59 100644 --- a/modules/linode/http-c2/main.tf +++ b/modules/linode/http-c2/main.tf @@ -3,18 +3,18 @@ terraform { } resource "random_id" "server" { - count = "${var.count}" + count = var.count_vm byte_length = 4 } resource "random_string" "password" { - count = "${var.count}" + count = var.count_vm length = 16 special = true } resource "tls_private_key" "ssh" { - count = "${var.count}" + count = var.count_vm algorithm = "RSA" rsa_bits = 4096 } @@ -22,25 +22,25 @@ resource "tls_private_key" "ssh" { resource "linode_linode" "http-c2" { // Due to a current limitation the count parameter cannot be a dynamic value :( // https://github.com/hashicorp/terraform/issues/14677 - // count = "${length(var.http_c2_ips)}" + // count = length(var.http_c2_ips) - count = "${var.count}" + count = var.count_vm image = "Debian 9" kernel = "Latest 64 bit" name = "http-c2-${random_id.server.*.hex[count.index]}" - group = "${var.group}" - region = "${var.available_regions[element(var.regions, count.index)]}" - size = "${var.size}" - ssh_key = "${tls_private_key.ssh.*.public_key_openssh[count.index]}" - root_password = "${random_string.password.*.result[count.index]}" + group = var.group + region = var.available_regions[element(var.regions, count.index)] + size = var.size + ssh_key = tls_private_key.ssh.*.public_key_openssh[count.index] + root_password = random_string.password.*.result[count.index] provisioner "remote-exec" { - scripts = "${concat(list("./scripts/core_deps.sh"), var.install)}" + scripts = concat(list("./data/scripts/core_deps.sh"), var.install) connection { type = "ssh" user = "root" - private_key = "${tls_private_key.ssh.*.private_key_pem[count.index]}" + private_key = tls_private_key.ssh.*.private_key_pem[count.index] } } @@ -49,26 +49,26 @@ resource "linode_linode" "http-c2" { } provisioner "local-exec" { - when = "destroy" + when = destroy command = "rm ./data/ssh_keys/${self.ip_address}*" } } resource "null_resource" "ansible_provisioner" { - count = "${signum(length(var.ansible_playbook)) == 1 ? var.count : 0}" + count = signum(length(var.ansible_playbook)) == 1 ? var.count_vm : 0 - depends_on = ["linode_linode.http-c2"] + depends_on = [linode_linode.http-c2] - triggers { - droplet_creation = "${join("," , linode_linode.http-c2.*.id)}" - policy_sha1 = "${sha1(file(var.ansible_playbook))}" + triggers = { + droplet_creation = join("," , linode_linode.http-c2.*.id) + policy_sha1 = sha1(file(var.ansible_playbook)) } provisioner "local-exec" { command = "ansible-playbook ${join(" ", compact(var.ansible_arguments))} --user=root --private-key=./data/ssh_keys/${linode_linode.http-c2.*.ip_address[count.index]} -e host=${linode_linode.http-c2.*.ip_address[count.index]} ${var.ansible_playbook}" - environment { + environment = { ANSIBLE_HOST_KEY_CHECKING = "False" } } @@ -80,27 +80,27 @@ resource "null_resource" "ansible_provisioner" { data "template_file" "ssh_config" { - count = "${var.count}" + count = var.count_vm - template = "${file("./data/templates/ssh_config.tpl")}" + template = file("./data/templates/ssh_config.tpl") - depends_on = ["linode_linode.http-c2"] + depends_on = [linode_linode.http-c2] - vars { + vars = { name = "http_c2_${linode_linode.http-c2.*.ip_address[count.index]}" - hostname = "${linode_linode.http-c2.*.ip_address[count.index]}" + hostname = linode_linode.http-c2.*.ip_address[count.index] user = "root" - identityfile = "${path.root}/data/ssh_keys/${linode_linode.http-c2.*.ip_address[count.index]}" + identityfile = path.root}/data/ssh_keys/${linode_linode.http-c2.*.ip_address[count.index] } } resource "null_resource" "gen_ssh_config" { - count = "${var.count}" + count = var.count_vm - triggers { - template_rendered = "${data.template_file.ssh_config.*.rendered[count.index]}" + triggers = { + template_rendered = data.template_file.ssh_config.*.rendered[count.index] } provisioner "local-exec" { @@ -108,7 +108,7 @@ resource "null_resource" "gen_ssh_config" { } provisioner "local-exec" { - when = "destroy" + when = destroy command = "rm ./data/ssh_configs/config_${random_id.server.*.hex[count.index]}" } diff --git a/modules/linode/http-c2/variables.tf b/modules/linode/http-c2/variables.tf index 57d9c6e..a649bdd 100644 --- a/modules/linode/http-c2/variables.tf +++ b/modules/linode/http-c2/variables.tf @@ -1,9 +1,9 @@ variable "install" { - type = "list" + type = list(string) default = [] } -variable "count" { +variable "count_vm" { default = 1 } @@ -14,13 +14,13 @@ variable "ansible_playbook" { variable "ansible_arguments" { default = [] - type = "list" + type = list(string) description = "Additional Ansible Arguments" } variable "ansible_vars" { default = [] - type = "list" + type = list(string) description = "Environment variables" } @@ -29,12 +29,12 @@ variable "size" { } variable "regions" { - type = "list" + type = list(string) default = ["NJ"] } variable "available_regions" { - type = "map" + type = map(string) default = { "NJ" = "Newark, NJ, USA" "CA" = "Freemont, CA, USA" diff --git a/modules/linode/http-rdir/main.tf b/modules/linode/http-rdir/main.tf index 0c3fe19..018994e 100644 --- a/modules/linode/http-rdir/main.tf +++ b/modules/linode/http-rdir/main.tf @@ -3,18 +3,18 @@ terraform { } resource "random_id" "server" { - count = "${var.count}" + count = var.count_vm byte_length = 4 } resource "random_string" "password" { - count = "${var.count}" + count = var.count_vm length = 16 special = true } resource "tls_private_key" "ssh" { - count = "${var.count}" + count = var.count_vm algorithm = "RSA" rsa_bits = 4096 } @@ -22,17 +22,17 @@ resource "tls_private_key" "ssh" { resource "linode_linode" "http-rdir" { // Due to a current limitation the count parameter cannot be a dynamic value :( // https://github.com/hashicorp/terraform/issues/14677 - // count = "${length(var.redirect_to)}" + // count = length(var.redirect_to) - count = "${var.count}" + count = var.count_vm image = "Debian 9" kernel = "Latest 64 bit" name = "http-rdir-${random_id.server.*.hex[count.index]}" - group = "${var.group}" - region = "${var.available_regions[element(var.regions, count.index)]}" - size = "${var.size}" - ssh_key = "${tls_private_key.ssh.*.public_key_openssh[count.index]}" - root_password = "${random_string.password.*.result[count.index]}" + group = var.group + region = var.available_regions[element(var.regions, count.index)] + size = var.size + ssh_key = tls_private_key.ssh.*.public_key_openssh[count.index] + root_password = random_string.password.*.result[count.index] provisioner "remote-exec" { inline = [ @@ -46,7 +46,7 @@ resource "linode_linode" "http-rdir" { connection { type = "ssh" user = "root" - private_key = "${tls_private_key.ssh.*.private_key_pem[count.index]}" + private_key = tls_private_key.ssh.*.private_key_pem[count.index] } } @@ -55,26 +55,26 @@ resource "linode_linode" "http-rdir" { } provisioner "local-exec" { - when = "destroy" + when = destroy command = "rm ./data/ssh_keys/${self.ip_address}*" } } resource "null_resource" "ansible_provisioner" { - count = "${signum(length(var.ansible_playbook)) == 1 ? var.count : 0}" + count = signum(length(var.ansible_playbook)) == 1 ? var.count_vm : 0 - depends_on = ["linode_linode.http-rdir"] + depends_on = [linode_linode.http-rdir] - triggers { - droplet_creation = "${join("," , linode_linode.http-rdir.*.id)}" - policy_sha1 = "${sha1(file(var.ansible_playbook))}" + triggers = { + droplet_creation = join("," , linode_linode.http-rdir.*.id) + policy_sha1 = sha1(file(var.ansible_playbook)) } provisioner "local-exec" { command = "ansible-playbook ${join(" ", compact(var.ansible_arguments))} --user=root --private-key=./data/ssh_keys/${linode_linode.http-rdir.*.ip_address[count.index]} -e host=${linode_linode.http-rdir.*.ip_address[count.index]} ${var.ansible_playbook}" - environment { + environment = { ANSIBLE_HOST_KEY_CHECKING = "False" } } @@ -86,27 +86,27 @@ resource "null_resource" "ansible_provisioner" { data "template_file" "ssh_config" { - count = "${var.count}" + count = var.count_vm - template = "${file("./data/templates/ssh_config.tpl")}" + template = file("./data/templates/ssh_config.tpl") - depends_on = ["linode_linode.http-rdir"] + depends_on = [linode_linode.http-rdir] - vars { + vars = { name = "http_rdir_${linode_linode.http-rdir.*.ip_address[count.index]}" - hostname = "${linode_linode.http-rdir.*.ip_address[count.index]}" + hostname = linode_linode.http-rdir.*.ip_address[count.index] user = "root" - identityfile = "${path.root}/data/ssh_keys/${linode_linode.http-rdir.*.ip_address[count.index]}" + identityfile = path.root}/data/ssh_keys/${linode_linode.http-rdir.*.ip_address[count.index] } } resource "null_resource" "gen_ssh_config" { - count = "${var.count}" + count = var.count_vm - triggers { - template_rendered = "${data.template_file.ssh_config.*.rendered[count.index]}" + triggers = { + template_rendered = data.template_file.ssh_config.*.rendered[count.index] } provisioner "local-exec" { @@ -114,7 +114,7 @@ resource "null_resource" "gen_ssh_config" { } provisioner "local-exec" { - when = "destroy" + when = destroy command = "rm ./data/ssh_configs/config_${random_id.server.*.hex[count.index]}" } diff --git a/modules/linode/http-rdir/variables.tf b/modules/linode/http-rdir/variables.tf index dc259b7..7d5e134 100644 --- a/modules/linode/http-rdir/variables.tf +++ b/modules/linode/http-rdir/variables.tf @@ -1,8 +1,8 @@ variable "redirect_to" { - type = "list" + type = list(string) } -variable "count" { +variable "count_vm" { default = 1 } @@ -13,13 +13,13 @@ variable "ansible_playbook" { variable "ansible_arguments" { default = [] - type = "list" + type = list(string) description = "Additional Ansible Arguments" } variable "ansible_vars" { default = [] - type = "list" + type = list(string) description = "Environment variables" } @@ -28,12 +28,12 @@ variable "size" { } variable "regions" { - type = "list" + type = list(string) default = ["NJ"] } variable "available_regions" { - type = "map" + type = map(string) default = { "NJ" = "Newark, NJ, USA" "CA" = "Freemont, CA, USA" diff --git a/modules/linode/phishing-server/main.tf b/modules/linode/phishing-server/main.tf index 291857a..de625f3 100644 --- a/modules/linode/phishing-server/main.tf +++ b/modules/linode/phishing-server/main.tf @@ -3,18 +3,18 @@ terraform { } resource "random_id" "server" { - count = "${var.count}" + count = var.count_vm byte_length = 4 } resource "random_string" "password" { - count = "${var.count}" + count = var.count_vm length = 16 special = true } resource "tls_private_key" "ssh" { - count = "${var.count}" + count = var.count_vm algorithm = "RSA" rsa_bits = 4096 } @@ -22,17 +22,17 @@ resource "tls_private_key" "ssh" { resource "linode_linode" "phishing-server" { // Due to a current limitation the count parameter cannot be a dynamic value :( // https://github.com/hashicorp/terraform/issues/14677 - // count = "${length(var.http_c2_ips)}" + // count = length(var.http_c2_ips) - count = "${var.count}" + count = var.count_vm image = "Debian 9" kernel = "Latest 64 bit" name = "phishing-server-${random_id.server.*.hex[count.index]}" - group = "${var.group}" - region = "${var.available_regions[element(var.regions, count.index)]}" - size = "${var.size}" - ssh_key = "${tls_private_key.ssh.*.public_key_openssh[count.index]}" - root_password = "${random_string.password.*.result[count.index]}" + group = var.group + region = var.available_regions[element(var.regions, count.index)] + size = var.size + ssh_key = tls_private_key.ssh.*.public_key_openssh[count.index] + root_password = random_string.password.*.result[count.index] provisioner "remote-exec" { inline = [ @@ -45,7 +45,7 @@ resource "linode_linode" "phishing-server" { connection { type = "ssh" user = "root" - private_key = "${tls_private_key.ssh.*.private_key_pem[count.index]}" + private_key = tls_private_key.ssh.*.private_key_pem[count.index] } } @@ -54,26 +54,26 @@ resource "linode_linode" "phishing-server" { } provisioner "local-exec" { - when = "destroy" + when = destroy command = "rm ./data/ssh_keys/${self.ip_address}*" } } resource "null_resource" "ansible_provisioner" { - count = "${signum(length(var.ansible_playbook)) == 1 ? var.count : 0}" + count = signum(length(var.ansible_playbook)) == 1 ? var.count_vm : 0 - depends_on = ["linode_linode.phishing-server"] + depends_on = [linode_linode.phishing-server] - triggers { - droplet_creation = "${join("," , linode_linode.phishing-server.*.id)}" - policy_sha1 = "${sha1(file(var.ansible_playbook))}" + triggers = { + droplet_creation = join("," , linode_linode.phishing-server.*.id) + policy_sha1 = sha1(file(var.ansible_playbook)) } provisioner "local-exec" { command = "ansible-playbook ${join(" ", compact(var.ansible_arguments))} --user=root --private-key=./data/ssh_keys/${linode_linode.phishing-server.*.ip_address[count.index]} -e host=${linode_linode.phishing-server.*.ip_address[count.index]} ${var.ansible_playbook}" - environment { + environment = { ANSIBLE_HOST_KEY_CHECKING = "False" } } @@ -85,27 +85,27 @@ resource "null_resource" "ansible_provisioner" { data "template_file" "ssh_config" { - count = "${var.count}" + count = var.count_vm - template = "${file("./data/templates/ssh_config.tpl")}" + template = file("./data/templates/ssh_config.tpl") - depends_on = ["linode_linode.phishing-server"] + depends_on = [linode_linode.phishing-server] - vars { + vars = { name = "phishing_server_${linode_linode.phishing-server.*.ip_address[count.index]}" - hostname = "${linode_linode.phishing-server.*.ip_address[count.index]}" + hostname = linode_linode.phishing-server.*.ip_address[count.index] user = "root" - identityfile = "${path.root}/data/ssh_keys/${linode_linode.phishing-server.*.ip_address[count.index]}" + identityfile = path.root}/data/ssh_keys/${linode_linode.phishing-server.*.ip_address[count.index] } } resource "null_resource" "gen_ssh_config" { - count = "${var.count}" + count = var.count_vm - triggers { - template_rendered = "${data.template_file.ssh_config.*.rendered[count.index]}" + triggers = { + template_rendered = data.template_file.ssh_config.*.rendered[count.index] } provisioner "local-exec" { @@ -113,8 +113,8 @@ resource "null_resource" "gen_ssh_config" { } provisioner "local-exec" { - when = "destroy" + when = destroy command = "rm ./data/ssh_configs/config_${random_id.server.*.hex[count.index]}" } -} \ No newline at end of file +} diff --git a/modules/linode/phishing-server/variables.tf b/modules/linode/phishing-server/variables.tf index e657175..c89d468 100644 --- a/modules/linode/phishing-server/variables.tf +++ b/modules/linode/phishing-server/variables.tf @@ -1,4 +1,4 @@ -variable "count" { +variable "count_vm" { default = 1 } @@ -9,13 +9,13 @@ variable "ansible_playbook" { variable "ansible_arguments" { default = [] - type = "list" + type = list(string) description = "Additional Ansible Arguments" } variable "ansible_vars" { default = [] - type = "list" + type = list(string) description = "Environment variables" } @@ -24,12 +24,12 @@ variable "size" { } variable "regions" { - type = "list" + type = list(string) default = ["NJ"] } variable "available_regions" { - type = "map" + type = map(string) default = { "NJ" = "Newark, NJ, USA" "CA" = "Freemont, CA, USA"