threatbox: standard and controlled Linux based attack platform
Threatbox – Standard Attack Platform
ThreatBox is a standard and controlled Linux based attack platform. I’ve used a version of this for years. It started as a collection of scripts, lived as a rolling virtual machine, existed as code to build a Linux ISO, and has now been converted to a set of ansible playbooks. Why Ansible? Why not? This seemed to be the next natural evolution to the configuration of standard attack platforms.
This project uses Ansible playbooks and roles to perform post-deployment configuration on a Linux target (Tested on Ubuntu 18.04).
The project is designed to be used as a starter process in creating, managing, and using a standard attack platform for red teaming or penetration testing.
The detail on the concept of a Standard Attack Platform can be found it the book Red Team Development and Operations – A practical guide, written by Joe Vest and James Tubberville.
Features
- Standard tools defined as ansible roles
- Customizations designed to make security testing easier
- Variable list to add or remove git repositories, OS packages, or python modules. (threatbox.yml)
- Version tracking of the deployed instance version and the deploy tool version. This is helpful it meeting compliance rules and can help minimize fear by actively tracking all tools.
- Threatbox version created at deployment and displayed in desktop wallpaper
- Deployed software tracked in ~/Desktop/readme
- SSH port auto-switching. The deployment starts on port 22, but reconfigures the target system to the desired SSH port using the
ansible_portvariable inthreatbox.yml - Download and compile several .net toolkits (i.e. SeatBelt.exe from Ghostpack https://github.com/GhostPack/Seatbelt)
- Most python projects installed using pipenv. Use
pipenv shellin the project directory to access. See https://realpython.com/pipenv-guide/ for pipenv usage guidance
Project Files
The following list highlights key components of this project.
| File/Directory | Description | Usage |
|---|---|---|
| host | Ansible hosts file | Update with IP addresses of target ansible systems |
| group_vars/threatbox.yml | common variables | variable used for the project. update as needed. |
| threatbox_playbox.yml | Primary ansible playbook | Update as need to add additional roles or features |
| roles/common | Common OS platform configuration | Setup common OS settings (i.e set version in background or build) |
| roles/. | other specific roles to configure or deploy tools | add or modify roles in roles/ |
Features
ThreatBox Custom Commands 
Tool Categories 
Tracking of all installed tools 
Automatic terminal logging 
Custom terminal options provide more context 
The light version of the terminal
Pipenv keep Python projects independent 
Example of SilentTrinity running in pipenv environment 
