Red Baron: creating resilient, disposable, secure & agile infrastructure for Red Teams

Red Baron is a set of modules and custom/third-party providers for Terraform which tries to automate creating resilient, disposable, secure and agile infrastructure for Red Teams.

During Red Team assessments, infrastructure creation and management can be a huge time sink. This project tries to alleviate this by attempting to automate some (if not all) aspects by providing a set of modules and example configurations: testers can pick & choose the infrastructure to be created and configure it to their needs. Additionally, thanks to the taint Terraform command, burned infrastructure can be re-created in a matter of minutes.


Red Baron only supports Terraform version 0.10.0 or newer and will only work on Linux x64 systems.

  1. Clone the repository and cd into the directory:
    #~ git clone && cd Red-Baron


  2. Create environment variables with the appropriate API Keys
    #~ export AWS_ACCESS_KEY_ID="accesskey"
    #~ export AWS_SECRET_ACCESS_KEY="secretkey"
    #~ export AWS_DEFAULT_REGION="us-east-1"
    #~ export LINODE_API_KEY="apikey"
    #~ export GODADDY_API_KEY="gdkey"
    #~ export GODADDY_API_SECRET="gdsecret"


  3. Copy an infrastructure configuration file from the examples folder to the root directory and modify it to your needs
    #~ cp examples/ .


  4. Initialize terraform plugins, make sure everything looks ok, finally create the infrastructure
    #~ terraform init
    #~ terraform plan
    #~ terraform apply


Google Cloud Compute

Google Cloud Compute requires creating a project under the Google Cloud console.

  • Create a project, generate a service key, and download the json file to the google_keys dir.
  • Modify the and files to reference your service account key json file and your project-id.
  • Set up firewall rules in the Google Cloud Console: Settings -> VPC network -> Firewall rules. Create a new rule:
    network=default, priority=1, direction=ingress, action on match=allow, ip-range=, protocols:ports=tcp:22,tcp:80,tcp:443