Repository: RedTeamOperations/Red-Infra-Craft
Branch: main
Commit: 25bfa7a5a883
Files: 31
Total size: 121.8 KB
Directory structure:
gitextract_pfekmv1c/
├── LICENSE
├── README.md
├── html/
│ ├── EvilGinx.html
│ ├── Full_Infra.html
│ ├── GoPhish.html
│ ├── Mythic_C2.html
│ ├── Mythic_C2_with_ELB.html
│ └── pwndrop.html
├── infra_deployment_guide/
│ ├── AWS/
│ │ ├── assets/
│ │ │ └── test
│ │ └── readme.md
│ ├── Azure/
│ │ └── readme.md
│ └── GCP/
│ └── readme.md
└── redinfracraft/
├── Terraform/
│ ├── AWS/
│ │ ├── AWS_Evilginx_Phishing_Server/
│ │ │ └── main.tf
│ │ ├── AWS_GoPhish_Phishing_Server/
│ │ │ └── main.tf
│ │ ├── AWS_Mythic_C2/
│ │ │ └── main.tf
│ │ ├── AWS_Mythic_C2_with_CloudFront/
│ │ │ └── main.tf
│ │ └── AWS_Pwndrop_Payload_Server/
│ │ └── main.tf
│ ├── Azure/
│ │ ├── Azure_Evilginx_Phishing_Server/
│ │ │ ├── main.tf
│ │ │ └── script.sh
│ │ ├── Azure_GoPhish_Phishing_Server/
│ │ │ ├── main.tf
│ │ │ └── script.sh
│ │ ├── Azure_Mythic_C2/
│ │ │ ├── main.tf
│ │ │ └── script.sh
│ │ ├── Azure_Mythic_C2_with_Frontdoor/
│ │ │ ├── main.tf
│ │ │ └── script.sh
│ │ └── Azure_Pwndrop_Payload_Server/
│ │ ├── main.tf
│ │ └── script.sh
│ ├── GCP/
│ │ └── GCP_Mythic_C2_with_ELB/
│ │ ├── mythic.tf
│ │ └── script.sh
│ └── terraform.auto.tfvars
└── redinfracraft.py
================================================
FILE CONTENTS
================================================
================================================
FILE: LICENSE
================================================
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
================================================
FILE: README.md
================================================
<div align="center">
<picture>
<source media="(prefers-color-scheme: dark)" srcset="assets/RedinfraCraft_White.png">
<source media="(prefers-color-scheme: light)" srcset="assets/RedInfraCraft_Black.png">
<img align="center" alt="Mythic_C2" src="assets/RedinfraCraft_White.png">
</picture>
</div>
# Red-Infra-Craft (V2)
Welcome to the **RedInfraCraft (V2)** Tool - your gateway to automating the deployment of robust red team infrastructures! RedInfraCraft is your trusted companion in effortlessly setting up and managing red team infrastructures, streamlining the process so you can focus on your mission.
- Simplifies the deployment 🚀 of Mythic Command and Control (C2) frameworks.
- Facilitates the creation 🎯 and management of sophisticated phishing and payload setups.
- Designed 💡 to be intuitive and easy to use, reducing the learning curve for red teamers.
- Provides thorough documentation 📚 and guides to assist users at every step.
- Supports multi-cloud ☁️ environments, allowing deployments across different cloud providers with flexibility and ease.
Let's craft infrastructures together with **RedInfraCraft (V2)**!!
<br>
## 1. Prerequisite
To follow this guide, you'll need to have the following software installed on your machine:
- **Terraform**
To Download Terraform, you can visit their official website [HashiCorp](https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli). They provide instructions on how to install Terraform on Windows, Linux, and macOS.
- **Python**
Make sure you have [Python](https://www.python.org/) installed in your system.
- **Cloud Provider Access**
You should have an active account and proper credentials/license for at least one of the following cloud providers:
- Amazon Web Services (AWS)
- Microsoft Azure
- Google Cloud Platform (GCP)
This guide assumes you have sufficient permissions to create and manage resources within your chosen cloud environment.
<br>
## 2. RedInfraCraft Tool Installation
To acquire the tool, you need to clone this GitHub repository. Paste the below command in your terminal.
> [!IMPORTANT]
> Make sure you have installed [git](https://git-scm.com/downloads) in your machine
```bash
git clone https://github.com/RedTeamOperations/Red-Infra-Craft.git
```
<br>
## 3. How to spawn an Infrastructure?
RedInfraCraft enables you to deploy any infrastructure in a single step, automating your tasks efficiently.
<br>
<div align="center">
<picture>
<source media="(prefers-color-scheme: dark)" srcset="assets/Common_user1.png">
<source media="(prefers-color-scheme: light)" srcset="assets/Common_user.png">
<img align="center" alt="spawn an Infrastructure" src="assets/Common_user.png">
</picture>
</div>
### Available Infrastructures:
- **C2:**
- Mythic C2
- Mythic C2 with CloudFront and Load Balancer (AWS)
- Mythic C2 with Frontdoor and Load Balancer (Azure)
- Mythic C2 with Application Load Balancer (GCP)
- **Payload:**
- Pwndrop
- **Phishing:**
- EvilGinx
- GoPhish
- **All in One Infra:**
- Mythic C2 with CloudFront and Load Balancer, Pwndrop, EvilGinx, GoPhish.
- Mythic C2 with Frontdoor and Load Balancer, Pwndrop, EvilGinx, GoPhish.
### Cloud Providers
1) AWS
2) Azure
3) GCP
### Help Commands:
- To know more about this tool 💡
```bash
redinfracraft.py info
```
- To know about arguments 💡
```bash
redinfracraft.py --help
```
- To view available options 💡
```bash
redinfracraft.py help
```
### Commands to Spawn 🔧 and Destroy 🗑️ Infras:
Command Explanation:
--> redinfracraft.py action cloud_provider infra_type infra
- redinfracraft.py create aws c2 mythic
- redinfracraft.py destroy azure c2 mythic
- redinfracraft.py create gcp c2 mythic
For the step-by-step guide to spawn/destroy Infra go to [infra_deployment_guide](https://github.com/RedTeamOperations/Red-Infra-Craft/tree/main/infra_deployment_guide)
| Infrastructure | Cloud Provider | Command | Description |
| ----- | - | -------------- | ------ |
| Mythic C2 | AWS | redinfracraft.py create/destroy aws c2 mythic | To Create/destroy Mythic C2 infrastructure. |
| Mythic C2 | Azure | redinfracraft.py create/destroy azure c2 mythic | To Create/destroy Mythic C2 infrastructure. |
| Mythic C2 | AWS | redinfracraft.py create/destroy aws c2 mythic_lb | To Create/destroy Mythic C2 with ELB & CloudFront infrastructure. |
| Mythic C2 | Azure | redinfracraft.py create/destroy azure c2 mythic_lb | To Create/destroy Mythic C2 with ELB & Frontdoor infrastructure. |
| Mythic C2 | GCP | redinfracraft.py create/destroy gcp c2 mythic_lb | To Create/destroy Mythic C2 with ALB infrastructure. |
| Payload | AWS | redinfracraft.py create/destroy aws payload pwndrop | To Create/destroy pwndrop payload infrastructure. |
| Payload | Azure | redinfracraft.py create/destroy azure payload pwndrop | To Create/destroy pwndrop payload infrastructure. |
| Phishing | AWS | redinfracraft.py create/destroy aws phishing gophish | To Create/destroy Gophish phishing infrastructure. |
| Phishing | Azure | redinfracraft.py create/destroy azure phishing gophish | To Create/destroy Gophish phishing infrastructure. |
| Phishing | AWS | redinfracraft.py create/destroy aws phishing evilginx | To Create/destroy Evilginx phishing infrastructure. |
| Phishing | Azure | redinfracraft.py create/destroy azure phishing evilginx | To Create/destroy Evilginx phishing infrastructure. |
| All-in-one | AWS | redinfracraft.py create/destroy aws full_infra | To Create/destroy all infrastructures in one go (Mythic C2 with CloudFront and Load Balancer, Payload, Phishing). |
| All-in-one | Azure | redinfracraft.py create/destroy azure full_infra | To Create/destroy all infrastructures in one go (Mythic C2 with Frontdoor and Load Balancer, Payload, Phishing). |
<br>
## 4. Cost & Specification Overview (Cloud Resources)
### 1. AWS
| Resources | Details |
| ------ | ------------ |
| EC2 Instance | t2.medium (2 vCPU, 4 GB RAM) - Ubuntu AMI: ami-080e1f13689e07408 |
| Volume (Root Block Device) | 20 GB (gp2 EBS)|
| Security Groups | 1) "Terra_Ec2_sg: Allows SSH (22), HTTP (80) from ELB" 2) "terraElbSg: Allows HTTP (80)" |
| Key Pair | RSA 4096-bit key pair generated via Terraform |
| Application Load Balancer (ALB) | Internet-facing, HTTP only, with target group |
| Target Group | HTTP on port 80, attached to EC2 instance |
| CloudFront | CDN distribution pointing to the ALB |
| VPC & Subnets | Using default VPC and multiple subnets |
| Data sources used | 1) Public IP fetch (ipify), 2) AWS VPC, 3) Subnets in selected AZs |
Total Estimated Cost: $4.20/day
* Actual CloudFront + data transfer may vary with usage and traffic
### 2. Azure
| Resources | Details |
| ------ | ------------ |
| VM | Ubuntu 18.04, size: Standard_B1ms, SSH only, User: azureuser |
| NIC | Connected to subnet & public IP: Dynamic IP, DNS label hardcoded |
| NSG | Rules for HTTP, HTTPS (from AzureFrontDoor), SSH (from any) |
| SSH Key | RSA 4096-bit key pair generated locally |
| Frontdoor | Origin, Origin Group, Front Door Endpoint, Front Door Route |
Total Estimated Cost: $3.74/day
* This assumes light/moderate usage, 1 VM, and no additional premium services (like WAF, Private Link, or DDoS Protectio, actual cost may vary
### 3. GCP
| Resources | Details |
| ------ | ------------ |
| Compute Instance | Machine: n2-standard-2, OS: Debian 11, Public IP: Ephemeral, Scratch Disk: NVMe, Instance Group |
| Firewall Rule | Allow: TCP 80 , Allow: TCP 443, Allow: TCP 80/443 Sources: GCP Health Check IP ranges |
| Load Balancer | Global IP Address, Health Check, Frontend Service, Backend Service, URL Map, HTTP Proxy |
Total Estimated Cost: $5.6/day
* actual cost may vary
<br>
## Learning Content
If you want to learn more, please refer to this content:
<div align="center">
<picture>
<source media="(prefers-color-scheme: dark)" srcset="assets/Certification1.png">
<source media="(prefers-color-scheme: light)" srcset="assets/Certifications.png">
<img align="center" alt="Certifications" src="assets/Certifications.png">
</picture>
</div>
- Red Team Infra Dev [[CRT-ID](https://cyberwarfare.live/product/red-team-infra-developer/)]
- Multi-Cloud Red Team Analyst [[MCRTA](https://cyberwarfare.live/product/multi-cloud-red-team-analyst-mcrta/)]
- Hybrid Multi-Cloud Red Team Specialist [[CHMRTS](https://cyberwarfare.live/product/hybrid-multi-cloud-red-team-specialist-chmrts/)]
<br>
## Future Releases
Our tool now supports a multi-cloud environment, seamlessly operating across AWS, Microsoft Azure, and Google Cloud Platform (GCP). This broad support ensures maximum flexibility, allowing users to integrate the tool into their preferred cloud infrastructure with ease.
But we’re just getting started.
In upcoming releases, we plan to introduce new cloud-native architectures and additional Command and Control (C2) mechanisms across all supported platforms. These enhancements will further strengthen the tool's capabilities for cloud security operations, offering deeper insights and more powerful features for both offensive and defensive use cases.
Stay tuned as we continue to innovate and expand our tool to meet the evolving needs of the cloud security community.
<br>
## Your Feedback
We highly value your feedback, as it plays a crucial role in the continuous development of RedInfraCraft. Your suggestions and comments are invaluable in further enhancing the tool. Please don't hesitate to share your thoughts either by creating an Issue or reaching out to us via email at [info@cyberwarfare.live](mailto:info@cyberwarfare.live) with the subject **RedInfraCraft**.
================================================
FILE: html/EvilGinx.html
================================================
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Asciinema Demo</title>
<link rel="stylesheet" type="text/css" href="https://cdn.jsdelivr.net/npm/asciinema-player@2.6.1/resources/public/css/asciinema-player.css">
</head>
<body>
<h1>Infra Deployment Demo</h1>
<asciinema-player src="https://asciinema.org/a/ghmEEERKAfjkleV46XqYWmpoQ.cast" autoplay="true" loop="true"></asciinema-player>
<script src="https://cdn.jsdelivr.net/npm/asciinema-player@2.6.1/resources/public/js/asciinema-player.js"></script>
</body>
</html>
================================================
FILE: html/Full_Infra.html
================================================
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Asciinema Demo</title>
<link rel="stylesheet" type="text/css" href="https://cdn.jsdelivr.net/npm/asciinema-player@2.6.1/resources/public/css/asciinema-player.css">
</head>
<body>
<h1>Infra Deployment Demo</h1>
<asciinema-player src="https://asciinema.org/a/8R3ryvdt3zuJfS3FBX0TdFuXt.cast" autoplay="true" loop="true"></asciinema-player>
<script src="https://cdn.jsdelivr.net/npm/asciinema-player@2.6.1/resources/public/js/asciinema-player.js"></script>
</body>
</html>
================================================
FILE: html/GoPhish.html
================================================
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Asciinema Demo</title>
<link rel="stylesheet" type="text/css" href="https://cdn.jsdelivr.net/npm/asciinema-player@2.6.1/resources/public/css/asciinema-player.css">
</head>
<body>
<h1>Infra Deployment Demo</h1>
<asciinema-player src="https://asciinema.org/a/n7w974BlUBNeTMTLxGMb21NYd.cast" autoplay="true" loop="true"></asciinema-player>
<script src="https://cdn.jsdelivr.net/npm/asciinema-player@2.6.1/resources/public/js/asciinema-player.js"></script>
</body>
</html>
================================================
FILE: html/Mythic_C2.html
================================================
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Asciinema Demo</title>
<link rel="stylesheet" type="text/css" href="https://cdn.jsdelivr.net/npm/asciinema-player@2.6.1/resources/public/css/asciinema-player.css">
</head>
<body>
<h1>Infra Deployment Demo</h1>
<asciinema-player src="https://asciinema.org/a/688653.cast" autoplay="true" loop="true"></asciinema-player>
<script src="https://cdn.jsdelivr.net/npm/asciinema-player@2.6.1/resources/public/js/asciinema-player.js"></script>
</body>
</html>
================================================
FILE: html/Mythic_C2_with_ELB.html
================================================
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Asciinema Demo</title>
<link rel="stylesheet" type="text/css" href="https://cdn.jsdelivr.net/npm/asciinema-player@2.6.1/resources/public/css/asciinema-player.css">
</head>
<body>
<h1>Infra Deployment Demo</h1>
<asciinema-player src="https://asciinema.org/a/nsKnuaHiweu7euvhBPwcfpJL8.cast" autoplay="true" loop="true"></asciinema-player>
<script src="https://cdn.jsdelivr.net/npm/asciinema-player@2.6.1/resources/public/js/asciinema-player.js"></script>
</body>
</html>
================================================
FILE: html/pwndrop.html
================================================
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Asciinema Demo</title>
<link rel="stylesheet" type="text/css" href="https://cdn.jsdelivr.net/npm/asciinema-player@2.6.1/resources/public/css/asciinema-player.css">
</head>
<body>
<h1>Infra Deployment Demo</h1>
<asciinema-player src="https://asciinema.org/a/oKih2dKeQ3GwCfyipkiCwHWdZ.cast" autoplay="true" loop="true"></asciinema-player>
<script src="https://cdn.jsdelivr.net/npm/asciinema-player@2.6.1/resources/public/js/asciinema-player.js"></script>
</body>
</html>
================================================
FILE: infra_deployment_guide/AWS/assets/test
================================================
================================================
FILE: infra_deployment_guide/AWS/readme.md
================================================
# Infrastructure Walkthroughs:
**Common steps required to perform for each infrastructure deployment.**
Upon executing command to spawn infra, you need to authenticate yourself and provide the following details:
- **var.access_key: AWS Access Key ID**
You need to enter your AWS Management console Access Key ID here.
- **var.key_name**
RedInfraCraft automates the retrieval of the secret PEM key file for your EC2 instances, ensuring a hassle-free experience. *To ensure uniqueness, you need to
provide different name each time*. Remembering the PEM file name is essential as you'll need it frequently throughout your operations.
- **var.secret_key: AWS Secret Access Key**
You need to enter your AWS Management console Secret Access Key here.
You will see that your infra is deployed successfully.
> [!NOTE]
> Once the command is successfuly executed, you'll find the secret file (with the given name) in the same folder were you have deployed the tool inside the
respective infra's directory. Now, you need to connect the EC2 instance.
1. **First limit the permissions of the secret file:**
```bash
chmod 400 YourSecretFileName
```
You can also do it manually as well by visiting properties of the secret file.
2. **Make an SSH connection with the machine:**
```bash
ssh -i "YourSecretFileName" machine_name
```
You can get this command from your AWS Management Console as well, remember you dont need to add `.pem` while entering *YourSecretFileName*
<br>
## 1 Mythic C2
<br>
<div align="center">
<picture>
<source media="(prefers-color-scheme: dark)" srcset="assets/Mythic1.png">
<source media="(prefers-color-scheme: light)" srcset="assets/Mythic.png">
<img align="center" alt="Mythic_C2" src="assets/Mythic.png">
</picture>
</div>
<br>
<br>
### Demo: Infra Deployment 🎬
Check out the demo for Infra deployment (plays directly in browser):
[](https://RedTeamOperations.github.io/Red-Infra-Craft/html/Mythic_C2.html)
- To Deploy this infra you need to execute following command:
```bash
redinfracraft.py create c2 mythic
```
> [!NOTE]
> Perform Common necessary steps mentioned above
- After making the ssh connection with EC2 instance, Check for the “access” directory inside it, you will find Mythic, navigate into it:
```bash
cd access/Mythic
```
- To get the credentials of Mythic, run the following command:
```bash
cat .env
```
- If you encounter a *directory not found* error, you need to restart Mythic by running the following command:
```bash
sudo ./mythic-cli start
```
- Open a different PowerShell window to make a localhost connection for Mythic:
```bash
ssh -L 7443:127.0.0.1:7443 -i "YourSecretFileName" machine_name
```
- Now, you can open the .env file in the first powershell window to retrieve the credentials:
```bash
cat .env
```
These steps will help you properly set up and connect to Mythic after provisioning the infrastructure.
Visit https://localhost:7443/new/login to access Mythic.
<br>
## 2 Mythic C2 with ELB & CloudFront
<br>
<br>
<div align="center">
<picture>
<source media="(prefers-color-scheme: dark)" srcset="assets/Mythic_ELB1.png">
<source media="(prefers-color-scheme: light)" srcset="assets/Mythic_ELB.png">
<img align="center" alt="Mythic_c2_elb" src="assets/Mythic_ELB.png">
</picture>
</div>
<br>
### Demo: Infra Deployment 🎬
Check out the demo for Infra deployment (plays directly in browser):
[](https://RedTeamOperations.github.io/Red-Infra-Craft/html/Mythic_C2_with_ELB.html)
- To Deploy this infra you need to execute following command:
```bash
redinfracraft.py create c2 elb_c2
```
> [!NOTE]
> Perform Common necessary steps mentioned above
- After making the ssh connection with EC2 instance, Check for the “access” directory inside it, You will find Mythic, navigate into it:
```bash
cd access/Mythic
```
- To get the credentials of Mythic, run the following command:
```bash
cat .env
```
- If you encounter a "directory not found" error, you need to restart Mythic by running the following command:
```bash
sudo ./mythic-cli start
```
- Open a different PowerShell window to make a localhost connection for Mythic:
```bash
ssh -L 7443:127.0.0.1:7443 -i "YourSecretFileName" machine_name
```
- Now, you can open the .env file to retrieve the credentials:
```bash
cat .env
```
These steps will help you properly set up and connect to Mythic after provisioning the infrastructure.
**To Create Payload:**
After accessing Mythic, follow these steps to create a payload:
1. Visit "https://localhost:7443/new/login" to access Mythic.
2. Once logged in, navigate to the payload creation section.
3. In the "Domain" field, add the domain of the CloudFront distribution. You can obtain this domain from the management console of AWS.
4. Set the "Callback port" to 443.
5. Review your payload configuration.
6. You can view your payload details and download it for use.
These steps will help you create a payload in Mythic with the appropriate domain and callback port settings for your CloudFront distribution.
<br>
## 3 Payload - Pwndrop
<br>
<div align="center">
<picture>
<source media="(prefers-color-scheme: dark)" srcset="assets/pwndrop1.png">
<source media="(prefers-color-scheme: light)" srcset="assets/pwndrop.png">
<img align="center" alt="pwndrop" src="assets/pwndrop.png">
</picture>
</div>
<br>
<br>
### Demo: Infra Deployment 🎬
Check out the demo for Infra deployment (plays directly in browser):
[](https://RedTeamOperations.github.io/Red-Infra-Craft/html/pwndrop.html)
- To Deploy this infra you need to execute following command:
- ```bash
redinfracraft.py create payload pwndrop
```
> [!NOTE]
> Perform Common necessary steps mentioned above
- After making the ssh connection with EC2 instance, Check for the “pwndrop” directory, navigate into it:
```bash
cd pwndrop
```
- To start the Pwndrop on your machine:
```bash
sudo ./pwndrop
```
Visit https://<your_machine_ip>/pwndrop to access Pwndrop dashboard
These steps will help you properly set up and connect to pwndrop after provisioning the infrastructure.
<br>
## 4 Phishing - GoPhish
<br>
<div align="center">
<picture>
<source media="(prefers-color-scheme: dark)" srcset="assets/gophish1.png">
<source media="(prefers-color-scheme: light)" srcset="assets/gophish.png">
<img align="center" alt="gophish" src="assets/gophish.png">
</picture>
</div>
<br>
<br>
### Demo: Infra Deployment 🎬
Check out the demo for Infra deployment (plays directly in browser):
[](https://RedTeamOperations.github.io/Red-Infra-Craft/html/GoPhish.html)
- To Deploy this infra you need to execute following command:
```bash
redinfracraft.py create phishing gophish
```
> [!NOTE]
> Perform Common necessary steps mentioned above
- After making the ssh connection with EC2 instance, to start the GoPhish on your machine, you need to execute following command:
```bash
sudo ./gophish
```
Visit https://<your_machine_ip>:3333 to access Gophish dashboard
- Username (default): admin
- Password (default): gophish
Now you can access all options of GoPhish.
These steps will help you properly set up and connect to GoPhish after provisioning the infrastructure.
<br>
## 5 Phishing - EvilGinx
<br>
<div align="center">
<picture>
<source media="(prefers-color-scheme: dark)" srcset="assets/evilginx1.png">
<source media="(prefers-color-scheme: light)" srcset="assets/evilginx.png">
<img align="center" alt="evilginx" src="assets/evilginx.png">
</picture>
</div>
<br>
<br>
### Demo: Infra Deployment 🎬
Check out the demo for Infra deployment (plays directly in browser):
[](https://RedTeamOperations.github.io/Red-Infra-Craft/html/EvilGinx.html)
- To Deploy this infra you need to execute following command:
```bash
redinfracraft.py create phishing evilginx
```
> [!NOTE]
> Perform Common necessary steps mentioned above
- After making the ssh connection with EC2 instance, Check for the “evilginx2” directory, navigate into it:
```bash
cd evilginx2
```
- To start the EvilGinx on your machine :
```bash
sudo ~/evilginx2/evilginx2 -p ./phishlets/
```
These steps should help you properly set up and connect to EvilGinx after provisioning the infrastructure
<br>
## 6 All-in-one
<br>
<div align="center">
<picture>
<source media="(prefers-color-scheme: dark)" srcset="assets/Aws_Full_infra_White.png">
<source media="(prefers-color-scheme: light)" srcset="assets/AWS_Full_infra_Black.png">
<img align="center" alt="overall" src="assets/Aws_Full_infra_White.png">
</picture>
</div>
### Demo: Infra Deployment 🎬
Check out the demo for Infra deployment (plays directly in browser):
[](https://RedTeamOperations.github.io/Red-Infra-Craft/html/Full_Infra.html)
- To Deploy this infra you need to execute following command:
```bash
redinfracraft.py create full_infra
```
> [!NOTE]
> Perform Common necessary steps mentioned above**
This infrastructure offers you the flexibility to utilize every component. You must adhere to the specified steps for each respective component.
<br>
================================================
FILE: infra_deployment_guide/Azure/readme.md
================================================
# Infrastructure Walkthroughs:
**Common steps required to perform for each infrastructure deployment.**
Before spinning any of the infra make sure you modify **terraform.auto.tfvars** and provide the following required details:
Location of **terraform.auto.tfvars** file: RedInfraCraft (V2) << Terraform << terraform.auto.tfvars
- **subscription_id = <YOUR_SUBSCRIPTIO_ID>**
You need to enter your Azure Subscription ID here.
- **tenant_id = <YOUR_TENANT_ID>**
You need to enter your Aure Tenant ID here.
- **client_id = <YOUR_CLIENT_ID>**
You need to enter Service Account's Client ID here.
- **client_secret = <YOUR_CLIENT_SECRET>**
You need to enter Service Account's Client ID here.
- **vm_key_name = <VM_Secret_File_Name>**
RedInfraCraft automates the retrieval of the secret PEM key file for your VM instances, ensuring a hassle-free experience. *To ensure uniqueness, you need to
provide different name each time*. Remembering the PEM file name is essential as you'll need it frequently throughout your operations.
**Once you make the required changes, you can spawn your infra, every architectures command you will find further in this document!! **
After that you will see that your infra is deployed successfully.
> [!NOTE]
> Once the command is successfuly executed, you'll find the secret file (with the given name) in the same folder were you have deployed the tool inside the
respective infra's directory. Now, you need to connect the VM instance.
1. **First limit the permissions of the secret file:**
```bash
chmod 400 YourSecretFileName
```
You can also do it manually as well by visiting properties of the secret file.
2. **Make an SSH connection with the machine:**
```bash
ssh -i "YourSecretFileName" username@ip_address
```
<br>
## 1 Mythic C2
<br>
<div align="center">
<picture>
<source media="(prefers-color-scheme: dark)" srcset="assets/Mythic_C2_Azure_White.png">
<source media="(prefers-color-scheme: light)" srcset="assets/Mythic_C2_Azure_Black.png">
<img align="center" alt="Mythic_C2" src="assets/Mythic_C2_Azure_White.png">
</picture>
</div>
<br>
<br>
- To Deploy this infra you need to execute following command:
```bash
redinfracraft.py create azure c2 mythic
```
> [!NOTE]
> Perform Common necessary steps mentioned above
- After making the ssh connection with VM instance, Check for the “access” directory inside it, you will find Mythic, navigate into it:
```bash
cd access/Mythic
```
- To get the credentials of Mythic, run the following command:
```bash
cat .env
```
- If you encounter a *directory not found* error, you need to restart Mythic by running the following command:
```bash
sudo ./mythic-cli start
```
- Open a different PowerShell window to make a localhost connection for Mythic:
```bash
ssh -L 7443:127.0.0.1:7443 -i "YourSecretFileName" machine_name
```
- Now, you can open the .env file in the first powershell window to retrieve the credentials:
```bash
cat .env
```
These steps will help you properly set up and connect to Mythic after provisioning the infrastructure.
Visit https://localhost:7443/new/login to access Mythic.
<br>
## 2 Mythic C2 with Frontdoor
<br>
<br>
<div align="center">
<picture>
<source media="(prefers-color-scheme: dark)" srcset="assets/Mythic_C2with_ELB_Azure_White.png">
<source media="(prefers-color-scheme: light)" srcset="assets/Mythic_C2with_ELB_Azure_Black.png">
<img align="center" alt="Mythic_c2_elb" src="assets/Mythic_C2with_ELB_Azure_White.png">
</picture>
</div>
<br>
- To Deploy this infra you need to execute following command:
```bash
redinfracraft.py create aure c2 elb_c2
```
> [!NOTE]
> Perform Common necessary steps mentioned above
- After making the ssh connection with VM instance, Check for the “access” directory inside it, You will find Mythic, navigate into it:
```bash
cd access/Mythic
```
- To get the credentials of Mythic, run the following command:
```bash
cat .env
```
- If you encounter a "directory not found" error, you need to restart Mythic by running the following command:
```bash
sudo ./mythic-cli start
```
- Open a different PowerShell window to make a localhost connection for Mythic:
```bash
ssh -L 7443:127.0.0.1:7443 -i "YourSecretFileName" machine_name
```
- Now, you can open the .env file to retrieve the credentials:
```bash
cat .env
```
These steps will help you properly set up and connect to Mythic after provisioning the infrastructure.
**To Create Payload:**
After accessing Mythic, follow these steps to create a payload:
1. Visit "https://localhost:7443/new/login" to access Mythic.
2. Once logged in, navigate to the payload creation section.
3. In the "Domain" field, add the domain of the CloudFront distribution. You can obtain this domain from the management console of AWS.
4. Set the "Callback port" to 443.
5. Review your payload configuration.
6. You can view your payload details and download it for use.
These steps will help you create a payload in Mythic with the appropriate domain and callback port settings for your CloudFront distribution.
<br>
## 3 Payload - Pwndrop
<br>
<div align="center">
<picture>
<source media="(prefers-color-scheme: dark)" srcset="assets/pwndrop_Azure_White.png">
<source media="(prefers-color-scheme: light)" srcset="assets/pwndrop_Azure_Black.png">
<img align="center" alt="pwndrop" src="assets/pwndrop_Azure_White.png">
</picture>
</div>
<br>
<br>
- To Deploy this infra you need to execute following command:
- ```bash
redinfracraft.py create azure payload pwndrop
```
> [!NOTE]
> Perform Common necessary steps mentioned above
- After making the ssh connection with VM instance, Check for the “pwndrop” directory, navigate into it:
```bash
cd pwndrop
```
- To start the Pwndrop on your machine:
```bash
sudo ./pwndrop
```
Visit https://<your_machine_ip>/pwndrop to access Pwndrop dashboard
These steps will help you properly set up and connect to pwndrop after provisioning the infrastructure.
<br>
## 4 Phishing - GoPhish
<br>
<div align="center">
<picture>
<source media="(prefers-color-scheme: dark)" srcset="assets/GoPhish_Azure_White.png">
<source media="(prefers-color-scheme: light)" srcset="assets/GoPhish_Azure_Black.png">
<img align="center" alt="gophish" src="assets/GoPhish_Azure_White.png">
</picture>
</div>
<br>
<br>
- To Deploy this infra you need to execute following command:
```bash
redinfracraft.py create azure phishing gophish
```
> [!NOTE]
> Perform Common necessary steps mentioned above
- After making the ssh connection with VM instance, to start the GoPhish on your machine, you need to execute following command:
```bash
sudo ./gophish
```
Visit https://<your_machine_ip>:3333 to access Gophish dashboard
- Username (default): admin
- Password (default): gophish
Now you can access all options of GoPhish.
These steps will help you properly set up and connect to GoPhish after provisioning the infrastructure.
<br>
## 5 Phishing - EvilGinx
<br>
<div align="center">
<picture>
<source media="(prefers-color-scheme: dark)" srcset="assets/Evilginx_Azure_White.png">
<source media="(prefers-color-scheme: light)" srcset="assets/Evilginx_Azure_Black.png">
<img align="center" alt="evilginx" src="assets/Evilginx_Azure_White.png">
</picture>
</div>
<br>
<br>
- To Deploy this infra you need to execute following command:
```bash
redinfracraft.py create azure phishing evilginx
```
> [!NOTE]
> Perform Common necessary steps mentioned above
- After making the ssh connection with VM instance, Check for the “evilginx2” directory, navigate into it:
```bash
cd evilginx2
```
- To start the EvilGinx on your machine :
```bash
sudo ~/evilginx2/evilginx2 -p ./phishlets/
```
These steps should help you properly set up and connect to EvilGinx after provisioning the infrastructure
<br>
## 6 All-in-one
<br>
<div align="center">
<picture>
<source media="(prefers-color-scheme: dark)" srcset="assets/azure_Full_infra_White.png">
<source media="(prefers-color-scheme: light)" srcset="assets/Azure_Full_infra_Black.png">
<img align="center" alt="overall" src="assets/azure_Full_infra_White.png">
</picture>
</div>
- To Deploy this infra you need to execute following command:
```bash
redinfracraft.py create azure full_infra
```
> [!NOTE]
> Perform Common necessary steps mentioned above**
This infrastructure offers you the flexibility to utilize every component. You must adhere to the specified steps for each respective component.
<br>
================================================
FILE: infra_deployment_guide/GCP/readme.md
================================================
# Infrastructure Walkthroughs:
**Common steps required to perform for each infrastructure deployment.**
Step-1: Before spinning any of the infra make sure you modify **terraform.auto.tfvars** and provide the following required details:
Location of **terraform.auto.tfvars** file: RedInfraCraft (V2) << Terraform << terraform.auto.tfvars
- **project_id = "<YOUR_PROJECT_ID>"**
You need to enter your Azure Project ID here.
- **location = "<YOUR_GCP_LOCATION>"**
You need to enter your GCP Location here.
Step-2: You need to authenticate to your Google Cloud Platform
```bash
gcloud auth activate-service-account --key-file <Path_of_Service_account_key_file>
```
**Once you make the required changes and authenticate to Google Cloud Platform, you can spawn your infra, every architectures command you will find further in this document!! **
After that you will see that your infra is deployed successfully.
> [!NOTE]
> Once the command is successfuly executed, you'll find the secret file (with the given name) in the same folder were you have deployed the tool inside the
respective infra's directory. Now, you need to connect the VM instance.
1. **First limit the permissions of the secret file:**
```bash
chmod 400 YourSecretFileName
```
You can also do it manually as well by visiting properties of the secret file.
2. **Make an SSH connection with the machine:**
```bash
ssh -i "YourSecretFileName" username@ip_address
```
<br>
## 2 Mythic C2 with ALB
<br>
<br>
<div align="center">
<picture>
<source media="(prefers-color-scheme: dark)" srcset="assets/Mythic_C2_ALB_GCP_White.png">
<source media="(prefers-color-scheme: light)" srcset="assets/Mythic_C2_ALB_GCP_Black.png">
<img align="center" alt="Mythic_c2_elb" src="assets/Mythic_C2with_ELB_Azure_White.png">
</picture>
</div>
<br>
- To Deploy this infra you need to execute following command:
```bash
redinfracraft.py create aure c2 elb_c2
```
> [!NOTE]
> Perform Common necessary steps mentioned above
- After making the ssh connection with instance, Check for the “access” directory inside it, You will find Mythic, navigate into it:
```bash
cd access/Mythic
```
- To get the credentials of Mythic, run the following command:
```bash
cat .env
```
- If you encounter a "directory not found" error, you need to restart Mythic by running the following command:
```bash
sudo ./mythic-cli start
```
- Open a different PowerShell window to make a localhost connection for Mythic:
```bash
ssh -L 7443:127.0.0.1:7443 -i "YourSecretFileName" machine_name
```
- Now, you can open the .env file to retrieve the credentials:
```bash
cat .env
```
These steps will help you properly set up and connect to Mythic after provisioning the infrastructure.
**To Create Payload:**
After accessing Mythic, follow these steps to create a payload:
1. Visit "https://localhost:7443/new/login" to access Mythic.
2. Once logged in, navigate to the payload creation section.
3. In the "Domain" field, add the domain of the CloudFront distribution. You can obtain this domain from the management console of AWS.
4. Set the "Callback port" to 443.
5. Review your payload configuration.
6. You can view your payload details and download it for use.
These steps will help you create a payload in Mythic with the appropriate domain and callback port settings for your CloudFront distribution.
<br>
================================================
FILE: redinfracraft/Terraform/AWS/AWS_Evilginx_Phishing_Server/main.tf
================================================
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "5.46.0"
}
}
}
# AWS Provider
provider "aws" {
region = var.region
access_key = var.access_key
secret_key = var.secret_key
}
variable "access_key" {
description = "AWS Access Key ID"
}
variable "secret_key" {
description = "AWS Secret Access Key"
}
variable "region" {
description = "AWS Region"
}
variable "key_name" {
description = "EC2 secret file name"
}
variable "security_group" {
description = "Security group for EC2 Instance creatted through Terraform."
default = "Terra_Phish_Ec2_sg"
}
data "http" "my_ip" {
url = "https://api.ipify.org?format=text"
}
locals {
my_ip = "${chomp(data.http.my_ip.response_body)}/32"
}
# Key Pair
resource "tls_private_key" "rsa-4096" {
algorithm = "RSA"
rsa_bits = 4096
}
resource "aws_key_pair" "key_pair" {
key_name = var.key_name
public_key = tls_private_key.rsa-4096.public_key_openssh
}
resource "local_file" "private_key" {
content = tls_private_key.rsa-4096.private_key_pem
filename = var.key_name
}
# EC2 Instance
resource "aws_instance" "Terra_Phish_Ec2" {
ami = "ami-080e1f13689e07408"
instance_type = "t2.micro"
key_name = aws_key_pair.key_pair.key_name
security_groups = [var.security_group]
availability_zone = "us-east-1a"
root_block_device {
volume_size = 16
delete_on_termination = true
}
user_data = <<EOF
#!/bin/bash
sudo apt update
cd /home/ubuntu
sudo apt install -y wget
wget https://golang.org/dl/go1.19.5.linux-amd64.tar.gz
sudo tar -C /usr/local -xvf go1.19.5.linux-amd64.tar.gz
echo -e "export GOROOT=/usr/local/go" | sudo tee -a .profile
echo -e 'export GOPATH=$HOME/go' | sudo tee -a /home/ubuntu/.profile
echo -e 'export PATH=$GOPATH/bin:$GOROOT/bin:$PATH' | sudo tee -a /home/ubuntu/.profile
source .profile
sudo apt-get -y install git make
sudo git clone https://github.com/kgretzky/evilginx2.git
cd /home/ubuntu/evilginx2/
sudo /usr/local/go/bin/go build -o /home/ubuntu/evilginx2/evilginx2 -ldflags="-s -w -buildid=" -buildvcs=false
sudo hostnamectl set-hostname cwltraining.live
sudo reboot
EOF
# sudo ~/evilginx2/evilginx2 -p ./phishlets/
tags = {
Name = "Terra_Phish_Ec2"
}
}
# Security Group for EC2 Instance
resource "aws_security_group" "Terra_Phish_Ec2_sg" {
name = var.security_group
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
# VPC
data "aws_vpc" "default" {
default = true
}
# Output the public IP of the instance
output "instance_ip" {
value = <<EOF
************************************************************
| 🖥️ Machine Ip: ${aws_instance.Terra_Phish_Ec2.public_ip} |
************************************************************
EOF
}
# Output the Username of the instance
output "username" {
value = <<EOF
**********************************
| 👤 Username of Machine: ubuntu |
**********************************
EOF
}
output "destroy_infra" {
value = <<EOF
***************************************************************
| 🗑️ Command: redinfracraft.py destroy aws phishing evilginx |
***************************************************************
EOF
}
================================================
FILE: redinfracraft/Terraform/AWS/AWS_GoPhish_Phishing_Server/main.tf
================================================
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "5.46.0"
}
}
}
# AWS Provider
provider "aws" {
region = var.region
access_key = var.access_key
secret_key = var.secret_key
}
variable "access_key" {
description = "AWS Access Key ID"
}
variable "secret_key" {
description = "AWS Secret Access Key"
}
variable "region" {
description = "AWS Region"
}
variable "key_name" {
description = "EC2 secret file name"
}
variable "security_group" {
description = "Security group for EC2 Instance creatted through Terraform."
default = "Terra_GoPhish_Ec2_sg"
}
data "http" "my_ip" {
url = "https://api.ipify.org?format=text"
}
locals {
my_ip = "${chomp(data.http.my_ip.response_body)}/32"
}
# Key Pair
resource "tls_private_key" "rsa-4096" {
algorithm = "RSA"
rsa_bits = 4096
}
resource "aws_key_pair" "key_pair" {
key_name = var.key_name
public_key = tls_private_key.rsa-4096.public_key_openssh
}
resource "local_file" "private_key" {
content = tls_private_key.rsa-4096.private_key_pem
filename = var.key_name
}
# EC2 Instance
resource "aws_instance" "Terra_GoPhish_Ec2" {
ami = "ami-080e1f13689e07408"
instance_type = "t2.micro"
key_name = aws_key_pair.key_pair.key_name
security_groups = [var.security_group]
availability_zone = "us-east-1a"
root_block_device {
volume_size = 16
delete_on_termination = true
}
user_data = <<EOF
#!/bin/bash
sudo apt update
cd /home/ubuntu
sudo apt install -y git
sudo apt install -y wget
sudo wget https://github.com/gophish/gophish/releases/download/0.7.1/gophish-v0.7.1-linux-64bit.zip
sudo apt install -y unzip
sudo unzip gophish-v0.7.1-linux-64bit.zip
chmod +x gophish
sudo sh -c 'echo "" > config.json'
echo '{
"admin_server": {
"listen_url": "0.0.0.0:3333",
"use_tls": true,
"cert_path": "gophish_admin.crt",
"key_path": "gophish_admin.key"
},
"phish_server": {
"listen_url": "0.0.0.0:80",
"use_tls": false,
"cert_path": "example.crt",
"key_path": "example.key"
},
"db_name": "sqlite3",
"db_path": "gophish.db",
"migrations_prefix": "db/db_",
"contact_address": ""
}' | sudo tee config.json > /dev/null
sudo apt install -y sqlite3
sudo sqlite3 gophish.db;
EOF
tags = {
Name = "Terra_GoPhish_Ec2"
}
}
# Security Group for EC2 Instance
resource "aws_security_group" "Terra_GoPhish_Ec2_sg" {
name = var.security_group
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 3333
to_port = 3333
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
# Default VPC
data "aws_vpc" "default" {
default = true
}
# Output the public IP of the instance
output "instance_ip" {
value = <<EOF
**************************************************************
| 🖥️ Machine Ip: ${aws_instance.Terra_GoPhish_Ec2.public_ip} |
**************************************************************
EOF
}
# Output the Username of the instance
output "username" {
value = <<EOF
**********************************
| 👤 Username of Machine: ubuntu |
**********************************
EOF
}
output "destroy_infra" {
value = <<EOF
**************************************************************
| 🗑️ Command: redinfracraft.py destroy aws phishing gophish |
**************************************************************
EOF
}
================================================
FILE: redinfracraft/Terraform/AWS/AWS_Mythic_C2/main.tf
================================================
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "5.46.0"
}
}
}
# AWS Provider
provider "aws" {
region = var.region
access_key = var.access_key
secret_key = var.secret_key
}
variable "access_key" {
description = "AWS Access Key ID"
}
variable "secret_key" {
description = "AWS Secret Access Key"
}
variable "region" {
description = "AWS Region"
}
variable "key_name" {
description = "EC2 secret file name"
}
variable "security_group" {
description = "Security group for EC2 Instance creatted through Terraform."
default = "Mythic_EC2_sg"
}
data "http" "my_ip" {
url = "https://api.ipify.org?format=text"
}
locals {
my_ip = "${chomp(data.http.my_ip.response_body)}/32"
}
# Key Pair
resource "tls_private_key" "rsa-4096" {
algorithm = "RSA"
rsa_bits = 4096
}
resource "aws_key_pair" "key_pair" {
key_name = var.key_name
public_key = tls_private_key.rsa-4096.public_key_openssh
}
resource "local_file" "private_key" {
content = tls_private_key.rsa-4096.private_key_pem
filename = var.key_name
}
# EC2 Instance
resource "aws_instance" "Mythic_EC2" {
ami = "ami-080e1f13689e07408"
instance_type = "t2.medium"
key_name = aws_key_pair.key_pair.key_name
security_groups = [var.security_group]
availability_zone = "us-east-1e"
root_block_device {
volume_size = 20
delete_on_termination = true
}
user_data = <<EOF
#!/bin/bash
sudo mkdir -p /home/ubuntu/access
cd /home/ubuntu/access
sudo apt-get update -y
sudo apt-get install -y git
sudo git clone https://github.com/its-a-feature/Mythic
cd /home/ubuntu/access/Mythic
sudo apt install -y ca-certificates curl gnupg
# Create the keyrings directory (if not already created)
sudo mkdir -p /etc/apt/keyrings
# Download and add the Docker GPG key
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo tee /etc/apt/keyrings/docker.asc > /dev/null
sudo chmod a+r /etc/apt/keyrings/docker.asc
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt update -y
sudo apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
sudo apt-get install -y make
sudo make
sudo /home/ubuntu/access/Mythic/mythic-cli install github https://github.com/MythicC2Profiles/http
sudo -E /home/ubuntu/access/Mythic/mythic-cli install github https://github.com/MythicAgents/Apollo.git
sudo /home/ubuntu/access/Mythic/mythic-cli start
EOF
tags = {
Name = "Mythic_EC2"
}
}
# Security Group for EC2 Instance
resource "aws_security_group" "Mythic_EC2_sg" {
name = var.security_group
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
# VPC
data "aws_vpc" "default" {
default = true
}
# Output the public IP of the instance
output "instance_ip" {
value = <<EOF
*******************************************************
| 🖥️ Machine Ip: ${aws_instance.Mythic_EC2.public_ip} |
*******************************************************
EOF
}
# Output the Username of the instance
output "username" {
value = <<EOF
**********************************
| 👤 Username of Machine: ubuntu |
**********************************
EOF
}
output "destroy_infra" {
value = <<EOF
*******************************************************
| 🗑️ Command: redinfracraft.py destroy aws c2 mythic |
*******************************************************
EOF
}
================================================
FILE: redinfracraft/Terraform/AWS/AWS_Mythic_C2_with_CloudFront/main.tf
================================================
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "5.46.0"
}
}
}
# AWS Provider
provider "aws" {
region = var.region
access_key = var.access_key
secret_key = var.secret_key
}
variable "access_key" {
description = "AWS Access Key ID"
}
variable "secret_key" {
description = "AWS Secret Access Key"
}
variable "region" {
description = "AWS Region"
}
variable "key_name" {
description = "EC2 secret file name"
}
variable "security_group" {
description = "Security group for EC2 Instance creatted through Terraform."
default = "terra_ec2_sg"
}
data "http" "my_ip" {
url = "https://api.ipify.org?format=text"
}
locals {
my_ip = "${chomp(data.http.my_ip.response_body)}/32"
}
# Key Pair
resource "tls_private_key" "rsa-4096" {
algorithm = "RSA"
rsa_bits = 4096
}
resource "aws_key_pair" "key_pair" {
key_name = var.key_name
public_key = tls_private_key.rsa-4096.public_key_openssh
}
resource "local_file" "private_key" {
content = tls_private_key.rsa-4096.private_key_pem
filename = var.key_name
}
# EC2 Instance
resource "aws_instance" "Terra_Ec2" {
ami = "ami-080e1f13689e07408"
instance_type = "t2.medium"
key_name = aws_key_pair.key_pair.key_name
vpc_security_group_ids = [aws_security_group.Terra_Ec2_sg.id]
availability_zone = "us-east-1e"
root_block_device {
volume_size = 20
delete_on_termination = true
}
user_data = <<EOF
#!/bin/bash
sudo mkdir -p /home/ubuntu/access
cd /home/ubuntu/access
sudo apt-get update -y
sudo apt-get install -y git
sudo git clone https://github.com/its-a-feature/Mythic
cd /home/ubuntu/access/Mythic
sudo apt install -y ca-certificates curl gnupg
# Create the keyrings directory (if not already created)
sudo mkdir -p /etc/apt/keyrings
# Download and add the Docker GPG key
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo tee /etc/apt/keyrings/docker.asc > /dev/null
sudo chmod a+r /etc/apt/keyrings/docker.asc
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt update -y
sudo apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
sudo apt-get install -y make
sudo make
sudo /home/ubuntu/access/Mythic/mythic-cli install github https://github.com/MythicC2Profiles/http
sudo -E /home/ubuntu/access/Mythic/mythic-cli install github https://github.com/MythicAgents/Apollo.git
sudo /home/ubuntu/access/Mythic/mythic-cli start
EOF
tags = {
Name = "Terra_EC2"
}
}
# Security Group for EC2 Instance
resource "aws_security_group" "Terra_Ec2_sg" {
name = var.security_group
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
security_groups = [aws_security_group.terraElbSg.id]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
# VPC
data "aws_vpc" "default" {
default = true
}
# Target Group
resource "aws_lb_target_group" "TerraEC2Tg" {
name = "TerraEC2Tg"
port = 80
protocol = "HTTP"
target_type = "instance"
vpc_id = data.aws_vpc.default.id
}
resource "aws_lb_target_group_attachment" "TerraEC2TgAttach" {
target_group_arn = aws_lb_target_group.TerraEC2Tg.arn
target_id = aws_instance.Terra_Ec2.id
port = 80
}
# Subnet
data "aws_subnets" "GetSubnet" {
filter {
name = "vpc-id"
values = [data.aws_vpc.default.id]
}
filter {
name = "availability-zone"
values = [aws_instance.Terra_Ec2.availability_zone, "us-east-1a"]
}
}
# Load Balancer
resource "aws_lb" "terraElb" {
name = "terraElb"
internal = false
load_balancer_type = "application"
security_groups = [aws_security_group.terraElbSg.id]
subnets = data.aws_subnets.GetSubnet.ids
tags ={
Name = "terraElb"
}
}
resource "aws_lb_listener" "http" {
load_balancer_arn = aws_lb.terraElb.arn
port = "80"
protocol = "HTTP"
default_action {
type = "forward"
forward {
target_group{
arn = aws_lb_target_group.TerraEC2Tg.arn
}
}
}
}
# Security Group for Load Balancer
resource "aws_security_group" "terraElbSg" {
name = "Allow http traffic"
vpc_id = data.aws_vpc.default.id
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
# CloudFront
resource "aws_cloudfront_distribution" "my_cloudfront_distribution" {
origin {
domain_name = aws_lb.terraElb.dns_name # Use the DNS name of the Load Balancer as the origin
origin_id = "my-load-balancer-origin" # Set a unique ID for the origin
custom_origin_config {
http_port = 80
https_port = 443
origin_protocol_policy = "http-only"
origin_ssl_protocols = ["TLSv1.2", "TLSv1.1"]
}
}
enabled = true
is_ipv6_enabled = true
comment = "My CloudFront Distribution"
default_root_object = "index.html"
# Define default cache behavior
default_cache_behavior {
allowed_methods = ["GET", "HEAD", "OPTIONS", "PUT", "POST", "PATCH", "DELETE"]
cached_methods = ["GET", "HEAD"]
target_origin_id = "my-load-balancer-origin" # Use the same origin ID as defined above
viewer_protocol_policy = "allow-all"
forwarded_values {
query_string = false
cookies {
forward = "none"
}
}
min_ttl = 0
default_ttl = 3600
max_ttl = 86400
}
# Define viewer certificate (if using HTTPS)
viewer_certificate {
cloudfront_default_certificate = true
}
# Define restrictions, if needed (e.g., whitelist IP addresses)
restrictions {
geo_restriction {
restriction_type = "none"
}
}
}
# Output the public IP of the instance
output "instance_ip" {
value = <<EOF
******************************************************
| 🖥️ Machine Ip: ${aws_instance.Terra_Ec2.public_ip} |
******************************************************
EOF
}
# Output the Username of the instance
output "username" {
value = <<EOF
**********************************
| 👤 Username of Machine: ubuntu |
**********************************
EOF
}
# Output the Domain of the CloudFront
output "cloudfront_domain_name" {
value = <<EOF
***********************************************************************************************
| 🌍 CloudFront Domain: ${aws_cloudfront_distribution.my_cloudfront_distribution.domain_name} |
***********************************************************************************************
EOF
}
output "destroy_infra" {
value = <<EOF
*********************************************************
| 🗑️ Command: redinfracraft.py destroy aws c2 mythic_lb |
*********************************************************
EOF
}
================================================
FILE: redinfracraft/Terraform/AWS/AWS_Pwndrop_Payload_Server/main.tf
================================================
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "5.46.0"
}
}
}
# AWS Provider
provider "aws" {
region = var.region
access_key = var.access_key
secret_key = var.secret_key
}
variable "access_key" {
description = "AWS Access Key ID"
}
variable "secret_key" {
description = "AWS Secret Access Key"
}
variable "region" {
description = "AWS Region"
}
variable "key_name" {
description = "EC2 secret file name"
}
variable "security_group" {
description = "Security group for EC2 Instance creatted through Terraform."
default = "Terra_Pwn_Ec2_sg"
}
data "http" "my_ip" {
url = "https://api.ipify.org?format=text"
}
locals {
my_ip = "${chomp(data.http.my_ip.response_body)}/32"
}
# Key Pair
resource "tls_private_key" "rsa-4096" {
algorithm = "RSA"
rsa_bits = 4096
}
resource "aws_key_pair" "key_pair" {
key_name = var.key_name
public_key = tls_private_key.rsa-4096.public_key_openssh
}
resource "local_file" "private_key" {
content = tls_private_key.rsa-4096.private_key_pem
filename = var.key_name
}
# EC2 Instance
resource "aws_instance" "Terra_Pwn_Ec2" {
ami = "ami-080e1f13689e07408"
instance_type = "t2.micro"
key_name = aws_key_pair.key_pair.key_name
security_groups = [var.security_group]
availability_zone = "us-east-1a"
root_block_device {
volume_size = 16
delete_on_termination = true
}
user_data = <<EOF
#!/bin/bash
sudo apt update
cd /home/ubuntu
sudo apt install -y wget
wget https://github.com/kgretzky/pwndrop/releases/download/1.0.1/pwndrop-linux-amd64.tar.gz
tar zxvf pwndrop-linux-amd64.tar.gz
EOF
tags = {
Name = "Terra_Pwn_Ec2"
}
}
# Security Group for EC2 Instance
resource "aws_security_group" "Terra_Pwn_Ec2_sg" {
name = var.security_group
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
# VPC
data "aws_vpc" "default" {
default = true
}
# Output the public IP of the instance
output "instance_ip" {
value = <<EOF
**********************************************************
| 🖥️ Machine Ip: ${aws_instance.Terra_Pwn_Ec2.public_ip} |
**********************************************************
EOF
}
# Output the Username of the instance
output "username" {
value = <<EOF
**********************************
| 👤 Username of Machine: ubuntu |
**********************************
EOF
}
output "destroy_infra" {
value = <<EOF
*************************************************************
| 🗑️ Command: redinfracraft.py destroy aws payload pwndrop |
*************************************************************
EOF
}
================================================
FILE: redinfracraft/Terraform/Azure/Azure_Evilginx_Phishing_Server/main.tf
================================================
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~> 3.0"
}
azuread = {
source = "hashicorp/azuread"
version = "~> 2.0"
}
}
}
/*
Before Executing this terraform script, you need to create one Service Principal with
Owner, User Access Administrator, User Administrator, Global Administrator Permissions.
*/
provider "azurerm" {
features {}
subscription_id = var.subscription_id
client_id = var.client_id
client_secret = var.client_secret
tenant_id = var.tenant_id
}
variable "subscription_id" {
description = "Azure Subscription Id"
type = string
}
variable "client_id" {
description = "Azure Client Id"
type = string
}
variable "client_secret" {
description = "Azure Client Secret"
type = string
}
variable "tenant_id" {
description = "Azure Tenant Id"
type = string
}
variable "vm_key_name" {
description = "VM Secret File Name"
type = string
}
# Key Pair
resource "tls_private_key" "rsa-4096" {
algorithm = "RSA"
rsa_bits = 4096
}
resource "local_file" "private_key" {
content = tls_private_key.rsa-4096.private_key_pem
filename = var.vm_key_name
}
# 1. Create Resource Group
resource "azurerm_resource_group" "rg" {
name = "Mythic"
location = "East US"
}
# 1. Create Virtual Network
resource "azurerm_virtual_network" "vnet" {
name = "myVNet"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
address_space = ["10.0.0.0/16"]
}
# 3. Create Subnet
resource "azurerm_subnet" "subnet" {
name = "mySubnet"
resource_group_name = azurerm_resource_group.rg.name
virtual_network_name = azurerm_virtual_network.vnet.name
address_prefixes = ["10.0.1.0/24"]
}
# 4. Create Public IP
resource "azurerm_public_ip" "pip" {
name = "myPublicIP"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
allocation_method = "Dynamic"
domain_name_label = "mypublicipdns12343131245325675"
}
# 5. Create Network Interface
resource "azurerm_network_interface" "nic" {
name = "myNIC"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
ip_configuration {
name = "myNicConfiguration"
subnet_id = azurerm_subnet.subnet.id
private_ip_address_allocation = "Dynamic"
public_ip_address_id = azurerm_public_ip.pip.id
}
}
# 6. Create Virtual Machine with User Data
resource "azurerm_linux_virtual_machine" "vm" {
name = "myVM"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
network_interface_ids = [azurerm_network_interface.nic.id]
size = "Standard_B1ms"
admin_username = "azureuser"
os_disk {
caching = "ReadWrite"
storage_account_type = "Standard_LRS"
}
source_image_reference {
publisher = "Canonical"
offer = "UbuntuServer"
sku = "18.04-LTS"
version = "latest"
}
admin_ssh_key {
username = "azureuser"
public_key = tls_private_key.rsa-4096.public_key_openssh
}
disable_password_authentication = true
custom_data = base64encode(file("script.sh"))
}
resource "azurerm_network_interface_security_group_association" "example" {
network_interface_id = azurerm_network_interface.nic.id
network_security_group_id = azurerm_network_security_group.nsg.id
}
resource "azurerm_network_security_group" "nsg" {
name = "myNSG"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
security_rule {
name = "Allow-HTTP-Inbound"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "80"
source_address_prefix = "AzureFrontDoor.Backend"
destination_address_prefix = "*"
description = "Allow inbound HTTP traffic using the Http tag"
}
security_rule {
name = "Allow-HTTPS-Inbound"
priority = 110
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "443"
source_address_prefix = "AzureFrontDoor.Backend"
destination_address_prefix = "*"
description = "Allow inbound HTTPS traffic using the Https tag"
}
security_rule {
name = "Allow-SSH"
priority = 120
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "22"
source_address_prefix = "*"
destination_address_prefix = "*"
}
}
data "azurerm_client_config" "current" {}
# Output the public IP of the instance
output "instance_ip" {
value = <<EOF
************************************************************************
| 🖥️ Machine Ip: ${azurerm_linux_virtual_machine.vm.public_ip_address} |
************************************************************************
EOF
}
# Output the Username of the instance
output "username" {
value = <<EOF
*************************************
| 👤 Username of Machine: azureuser |
*************************************
EOF
}
output "destroy_infra" {
value = <<EOF
****************************************************************
| 🗑️ Command: redinfracraft.py destroy azure phishing evilginx |
****************************************************************
EOF
}
================================================
FILE: redinfracraft/Terraform/Azure/Azure_Evilginx_Phishing_Server/script.sh
================================================
#!/bin/bash
sudo apt update
cd /home/azureuser
sudo apt install -y wget
wget https://golang.org/dl/go1.19.5.linux-amd64.tar.gz
sudo tar -C /usr/local -xvf go1.19.5.linux-amd64.tar.gz
echo -e "export GOROOT=/usr/local/go" | sudo tee -a .profile
echo -e 'export GOPATH=$HOME/go' | sudo tee -a /home/azureuser/.profile
echo -e 'export PATH=$GOPATH/bin:$GOROOT/bin:$PATH' | sudo tee -a /home/azureuser/.profile
source .profile
sudo apt-get -y install git make
sudo git clone https://github.com/kgretzky/evilginx2.git
cd /home/azureuser/evilginx2/
sudo /usr/local/go/bin/go build -o /home/azureuser/evilginx2/evilginx2 -ldflags="-s -w -buildid=" -buildvcs=false
sudo hostnamectl set-hostname cwltraining.live
sudo reboot
================================================
FILE: redinfracraft/Terraform/Azure/Azure_GoPhish_Phishing_Server/main.tf
================================================
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~> 3.0"
}
azuread = {
source = "hashicorp/azuread"
version = "~> 2.0"
}
}
}
/*
Before Executing this terraform script, you need to create one Service Principal with
Owner, User Access Administrator, User Administrator, Global Administrator Permissions.
*/
provider "azurerm" {
features {}
subscription_id = var.subscription_id
client_id = var.client_id
client_secret = var.client_secret
tenant_id = var.tenant_id
}
variable "subscription_id" {
description = "Azure Subscription Id"
type = string
}
variable "client_id" {
description = "Azure Client Id"
type = string
}
variable "client_secret" {
description = "Azure Client Secret"
type = string
}
variable "tenant_id" {
description = "Azure Tenant Id"
type = string
}
variable "vm_key_name" {
description = "VM Secret File Name"
type = string
}
# Key Pair
resource "tls_private_key" "rsa-4096" {
algorithm = "RSA"
rsa_bits = 4096
}
resource "local_file" "private_key" {
content = tls_private_key.rsa-4096.private_key_pem
filename = var.vm_key_name
}
# 1. Create Resource Group
resource "azurerm_resource_group" "rg" {
name = "Mythic"
location = "East US"
}
# 1. Create Virtual Network
resource "azurerm_virtual_network" "vnet" {
name = "myVNet"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
address_space = ["10.0.0.0/16"]
}
# 3. Create Subnet
resource "azurerm_subnet" "subnet" {
name = "mySubnet"
resource_group_name = azurerm_resource_group.rg.name
virtual_network_name = azurerm_virtual_network.vnet.name
address_prefixes = ["10.0.1.0/24"]
}
# 4. Create Public IP
resource "azurerm_public_ip" "pip" {
name = "myPublicIP"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
allocation_method = "Dynamic"
domain_name_label = "mypublicipdns12343131245325675"
}
# 5. Create Network Interface
resource "azurerm_network_interface" "nic" {
name = "myNIC"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
ip_configuration {
name = "myNicConfiguration"
subnet_id = azurerm_subnet.subnet.id
private_ip_address_allocation = "Dynamic"
public_ip_address_id = azurerm_public_ip.pip.id
}
}
# 6. Create Virtual Machine with User Data
resource "azurerm_linux_virtual_machine" "vm" {
name = "myVM"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
network_interface_ids = [azurerm_network_interface.nic.id]
size = "Standard_B1ms"
admin_username = "azureuser"
os_disk {
caching = "ReadWrite"
storage_account_type = "Standard_LRS"
}
source_image_reference {
publisher = "Canonical"
offer = "UbuntuServer"
sku = "18.04-LTS"
version = "latest"
}
admin_ssh_key {
username = "azureuser"
public_key = tls_private_key.rsa-4096.public_key_openssh
}
disable_password_authentication = true
custom_data = base64encode(file("script.sh"))
}
resource "azurerm_network_interface_security_group_association" "example" {
network_interface_id = azurerm_network_interface.nic.id
network_security_group_id = azurerm_network_security_group.nsg.id
}
resource "azurerm_network_security_group" "nsg" {
name = "myNSG"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
security_rule {
name = "Allow-HTTP-Inbound"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "80"
source_address_prefix = "AzureFrontDoor.Backend"
destination_address_prefix = "*"
description = "Allow inbound HTTP traffic using the Http tag"
}
security_rule {
name = "Allow-HTTPS-Inbound"
priority = 110
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "443"
source_address_prefix = "AzureFrontDoor.Backend"
destination_address_prefix = "*"
description = "Allow inbound HTTPS traffic using the Https tag"
}
security_rule {
name = "Allow-SSH"
priority = 120
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "22"
source_address_prefix = "*"
destination_address_prefix = "*"
}
}
data "azurerm_client_config" "current" {}
# Output the public IP of the instance
output "instance_ip" {
value = <<EOF
************************************************************************
| 🖥️ Machine Ip: ${azurerm_linux_virtual_machine.vm.public_ip_address} |
************************************************************************
EOF
}
# Output the Username of the instance
output "username" {
value = <<EOF
*************************************
| 👤 Username of Machine: azureuser |
*************************************
EOF
}
output "destroy_infra" {
value = <<EOF
***************************************************************
| 🗑️ Command: redinfracraft.py destroy azure phishing gophish |
***************************************************************
EOF
}
================================================
FILE: redinfracraft/Terraform/Azure/Azure_GoPhish_Phishing_Server/script.sh
================================================
#!/bin/bash
sudo apt update
cd /home/azureuser
sudo apt install -y git
sudo apt install -y wget
sudo wget https://github.com/gophish/gophish/releases/download/0.7.1/gophish-v0.7.1-linux-64bit.zip
sudo apt install -y unzip
sudo unzip gophish-v0.7.1-linux-64bit.zip
chmod +x gophish
sudo sh -c 'echo "" > config.json'
echo '{
"admin_server": {
"listen_url": "0.0.0.0:3333",
"use_tls": true,
"cert_path": "gophish_admin.crt",
"key_path": "gophish_admin.key"
},
"phish_server": {
"listen_url": "0.0.0.0:80",
"use_tls": false,
"cert_path": "example.crt",
"key_path": "example.key"
},
"db_name": "sqlite3",
"db_path": "gophish.db",
"migrations_prefix": "db/db_",
"contact_address": ""
}' | sudo tee config.json > /dev/null
sudo apt install -y sqlite3
sudo sqlite3 gophish.db;
================================================
FILE: redinfracraft/Terraform/Azure/Azure_Mythic_C2/main.tf
================================================
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~> 3.0"
}
azuread = {
source = "hashicorp/azuread"
version = "~> 2.0"
}
}
}
/*
Before Executing this terraform script, you need to create one Service Principal with
Owner, User Access Administrator, User Administrator, Global Administrator Permissions.
*/
provider "azurerm" {
features {}
subscription_id = var.subscription_id
client_id = var.client_id
client_secret = var.client_secret
tenant_id = var.tenant_id
}
variable "subscription_id" {
description = "Azure Subscription Id"
type = string
}
variable "client_id" {
description = "Azure Client Id"
type = string
}
variable "client_secret" {
description = "Azure Client Secret"
type = string
}
variable "tenant_id" {
description = "Azure Tenant Id"
type = string
}
variable "vm_key_name" {
description = "VM Secret File Name"
type = string
}
# Key Pair
resource "tls_private_key" "rsa-4096" {
algorithm = "RSA"
rsa_bits = 4096
}
resource "local_file" "private_key" {
content = tls_private_key.rsa-4096.private_key_pem
filename = var.vm_key_name
}
# 1. Create Resource Group
resource "azurerm_resource_group" "rg" {
name = "Mythic"
location = "East US"
}
# 1. Create Virtual Network
resource "azurerm_virtual_network" "vnet" {
name = "myVNet"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
address_space = ["10.0.0.0/16"]
}
# 3. Create Subnet
resource "azurerm_subnet" "subnet" {
name = "mySubnet"
resource_group_name = azurerm_resource_group.rg.name
virtual_network_name = azurerm_virtual_network.vnet.name
address_prefixes = ["10.0.1.0/24"]
}
# 4. Create Public IP
resource "azurerm_public_ip" "pip" {
name = "myPublicIP"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
allocation_method = "Dynamic"
domain_name_label = "mypublicipdns12343131245325675"
}
# 5. Create Network Interface
resource "azurerm_network_interface" "nic" {
name = "myNIC"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
ip_configuration {
name = "myNicConfiguration"
subnet_id = azurerm_subnet.subnet.id
private_ip_address_allocation = "Dynamic"
public_ip_address_id = azurerm_public_ip.pip.id
}
}
# 6. Create Virtual Machine with User Data
resource "azurerm_linux_virtual_machine" "vm" {
name = "myVM"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
network_interface_ids = [azurerm_network_interface.nic.id]
size = "Standard_B1ms"
admin_username = "azureuser"
os_disk {
caching = "ReadWrite"
storage_account_type = "Standard_LRS"
}
source_image_reference {
publisher = "Canonical"
offer = "UbuntuServer"
sku = "18.04-LTS"
version = "latest"
}
admin_ssh_key {
username = "azureuser"
public_key = tls_private_key.rsa-4096.public_key_openssh
}
disable_password_authentication = true
custom_data = base64encode(file("script.sh"))
}
resource "azurerm_network_interface_security_group_association" "example" {
network_interface_id = azurerm_network_interface.nic.id
network_security_group_id = azurerm_network_security_group.nsg.id
}
resource "azurerm_network_security_group" "nsg" {
name = "myNSG"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
security_rule {
name = "Allow-HTTP-Inbound"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "80"
source_address_prefix = "AzureFrontDoor.Backend"
destination_address_prefix = "*"
description = "Allow inbound HTTP traffic using the Http tag"
}
security_rule {
name = "Allow-HTTPS-Inbound"
priority = 110
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "443"
source_address_prefix = "AzureFrontDoor.Backend"
destination_address_prefix = "*"
description = "Allow inbound HTTPS traffic using the Https tag"
}
security_rule {
name = "Allow-SSH"
priority = 120
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "22"
source_address_prefix = "*"
destination_address_prefix = "*"
}
}
data "azurerm_client_config" "current" {}
# Output the public IP of the instance
output "instance_ip" {
value = <<EOF
************************************************************************
| 🖥️ Machine Ip: ${azurerm_linux_virtual_machine.vm.public_ip_address} |
************************************************************************
EOF
}
# Output the Username of the instance
output "username" {
value = <<EOF
*************************************
| 👤 Username of Machine: azureuser |
*************************************
EOF
}
output "destroy_infra" {
value = <<EOF
********************************************************
| 🗑️ Command: redinfracraft.py destroy azure c2 mythic |
********************************************************
EOF
}
================================================
FILE: redinfracraft/Terraform/Azure/Azure_Mythic_C2/script.sh
================================================
#!/bin/bash
sudo mkdir -p /home/azureuser/access
cd /home/azureuser/access
sudo apt-get update -y
sudo apt-get install -y git
sudo git clone https://github.com/its-a-feature/Mythic
cd /home/azureuser/access/Mythic
sudo apt install -y ca-certificates curl gnupg
# Create the keyrings directory (if not already created)
sudo mkdir -p /etc/apt/keyrings
# Download and add the Docker GPG key
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo tee /etc/apt/keyrings/docker.asc > /dev/null
sudo chmod a+r /etc/apt/keyrings/docker.asc
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt update -y
sudo apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
sudo apt-get install -y make
sudo make
sudo /home/azureuser/access/Mythic/mythic-cli install github https://github.com/MythicC2Profiles/http
sudo -E /home/azureuser/access/Mythic/mythic-cli install github https://github.com/MythicAgents/Apollo.git
sudo /home/azureuser/access/Mythic/mythic-cli start
================================================
FILE: redinfracraft/Terraform/Azure/Azure_Mythic_C2_with_Frontdoor/main.tf
================================================
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~> 3.0"
}
azuread = {
source = "hashicorp/azuread"
version = "~> 2.0"
}
}
}
/*
Before Executing this terraform script, you need to create one Service Principal with
Owner, User Access Administrator, User Administrator, Global Administrator Permissions.
*/
provider "azurerm" {
features {}
subscription_id = var.subscription_id
client_id = var.client_id
client_secret = var.client_secret
tenant_id = var.tenant_id
}
variable "subscription_id" {
description = "Azure Subscription Id"
type = string
}
variable "client_id" {
description = "Azure Client Id"
type = string
}
variable "client_secret" {
description = "Azure Client Secret"
type = string
}
variable "tenant_id" {
description = "Azure Tenant Id"
type = string
}
variable "vm_key_name" {
description = "VM Secret File Name"
type = string
}
# Key Pair
resource "tls_private_key" "rsa-4096" {
algorithm = "RSA"
rsa_bits = 4096
}
resource "local_file" "private_key" {
content = tls_private_key.rsa-4096.private_key_pem
filename = var.vm_key_name
}
# 1. Create Resource Group
resource "azurerm_resource_group" "rg" {
name = "Mythic"
location = "East US"
}
# 1. Create Virtual Network
resource "azurerm_virtual_network" "vnet" {
name = "myVNet"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
address_space = ["10.0.0.0/16"]
}
# 3. Create Subnet
resource "azurerm_subnet" "subnet" {
name = "mySubnet"
resource_group_name = azurerm_resource_group.rg.name
virtual_network_name = azurerm_virtual_network.vnet.name
address_prefixes = ["10.0.1.0/24"]
}
# 4. Create Public IP
resource "azurerm_public_ip" "pip" {
name = "myPublicIP"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
allocation_method = "Dynamic"
domain_name_label = "mypublicipdns12343131245325675"
}
# 5. Create Network Interface
resource "azurerm_network_interface" "nic" {
name = "myNIC"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
ip_configuration {
name = "myNicConfiguration"
subnet_id = azurerm_subnet.subnet.id
private_ip_address_allocation = "Dynamic"
public_ip_address_id = azurerm_public_ip.pip.id
}
}
# 6. Create Virtual Machine with User Data
resource "azurerm_linux_virtual_machine" "vm" {
name = "myVM"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
network_interface_ids = [azurerm_network_interface.nic.id]
size = "Standard_B1ms"
admin_username = "azureuser"
os_disk {
caching = "ReadWrite"
storage_account_type = "Standard_LRS"
}
source_image_reference {
publisher = "Canonical"
offer = "UbuntuServer"
sku = "18.04-LTS"
version = "latest"
}
admin_ssh_key {
username = "azureuser"
public_key = tls_private_key.rsa-4096.public_key_openssh
}
disable_password_authentication = true
custom_data = base64encode(file("script.sh"))
}
resource "azurerm_network_interface_security_group_association" "example" {
network_interface_id = azurerm_network_interface.nic.id
network_security_group_id = azurerm_network_security_group.nsg.id
}
resource "azurerm_network_security_group" "nsg" {
name = "myNSG"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
security_rule {
name = "Allow-HTTP-Inbound"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "80"
source_address_prefix = "AzureFrontDoor.Backend"
destination_address_prefix = "*"
description = "Allow inbound HTTP traffic using the Http tag"
}
security_rule {
name = "Allow-HTTPS-Inbound"
priority = 110
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "443"
source_address_prefix = "AzureFrontDoor.Backend"
destination_address_prefix = "*"
description = "Allow inbound HTTPS traffic using the Https tag"
}
security_rule {
name = "Allow-SSH"
priority = 120
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "22"
source_address_prefix = "*"
destination_address_prefix = "*"
}
}
data "azurerm_client_config" "current" {}
resource "azurerm_cdn_frontdoor_profile" "example" {
name = "example-profile"
resource_group_name = azurerm_resource_group.rg.name
sku_name = "Premium_AzureFrontDoor"
}
resource "azurerm_cdn_frontdoor_origin_group" "example" {
name = "example-origingroup"
cdn_frontdoor_profile_id = azurerm_cdn_frontdoor_profile.example.id
health_probe {
interval_in_seconds = 240
path = "/"
protocol = "Http"
request_type = "HEAD"
}
load_balancing {}
}
resource "azurerm_cdn_frontdoor_origin" "example" {
name = "example-origin"
cdn_frontdoor_origin_group_id = azurerm_cdn_frontdoor_origin_group.example.id
enabled = true
certificate_name_check_enabled = true
host_name = azurerm_linux_virtual_machine.vm.public_ip_address
http_port = 80
https_port = 443
origin_host_header = azurerm_linux_virtual_machine.vm.public_ip_address
priority = 1
weight = 1
}
resource "azurerm_cdn_frontdoor_endpoint" "example" {
name = "example-xoxo-testing-endpoint"
cdn_frontdoor_profile_id = azurerm_cdn_frontdoor_profile.example.id
}
resource "azurerm_cdn_frontdoor_route" "example" {
name = "example-route"
cdn_frontdoor_endpoint_id = azurerm_cdn_frontdoor_endpoint.example.id
cdn_frontdoor_origin_group_id = azurerm_cdn_frontdoor_origin_group.example.id
cdn_frontdoor_origin_ids = [azurerm_cdn_frontdoor_origin.example.id]
enabled = true
forwarding_protocol = "HttpOnly"
https_redirect_enabled = true
patterns_to_match = ["/*"]
supported_protocols = ["Http", "Https"]
}
# Output the public IP of the instance
output "instance_ip" {
value = <<EOF
************************************************************************
| 🖥️ Machine Ip: ${azurerm_linux_virtual_machine.vm.public_ip_address} |
************************************************************************
EOF
}
# Output the Username of the instance
output "username" {
value = <<EOF
*************************************
| 👤 Username of Machine: azureuser |
*************************************
EOF
}
# Output the Domain of the CloudFront
output "cloudfront_domain_name" {
value = <<EOF
*****************************************************************************
| 🌍 CloudFront Domain: ${azurerm_cdn_frontdoor_endpoint.example.host_name} |
*****************************************************************************
EOF
}
output "destroy_infra" {
value = <<EOF
***********************************************************
| 🗑️ Command: redinfracraft.py destroy azure c2 mythic_lb |
***********************************************************
EOF
}
================================================
FILE: redinfracraft/Terraform/Azure/Azure_Mythic_C2_with_Frontdoor/script.sh
================================================
#!/bin/bash
sudo mkdir -p /home/azureuser/access
cd /home/azureuser/access
sudo apt-get update -y
sudo apt-get install -y git
sudo git clone https://github.com/its-a-feature/Mythic
cd /home/azureuser/access/Mythic
sudo apt install -y ca-certificates curl gnupg
# Create the keyrings directory (if not already created)
sudo mkdir -p /etc/apt/keyrings
# Download and add the Docker GPG key
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo tee /etc/apt/keyrings/docker.asc > /dev/null
sudo chmod a+r /etc/apt/keyrings/docker.asc
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt update -y
sudo apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
sudo apt-get install -y make
sudo make
sudo /home/azureuser/access/Mythic/mythic-cli install github https://github.com/MythicC2Profiles/http
sudo -E /home/azureuser/access/Mythic/mythic-cli install github https://github.com/MythicAgents/Apollo.git
sudo /home/azureuser/access/Mythic/mythic-cli start
================================================
FILE: redinfracraft/Terraform/Azure/Azure_Pwndrop_Payload_Server/main.tf
================================================
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~> 3.0"
}
azuread = {
source = "hashicorp/azuread"
version = "~> 2.0"
}
}
}
/*
Before Executing this terraform script, you need to create one Service Principal with
Owner, User Access Administrator, User Administrator, Global Administrator Permissions.
*/
provider "azurerm" {
features {}
subscription_id = var.subscription_id
client_id = var.client_id
client_secret = var.client_secret
tenant_id = var.tenant_id
}
variable "subscription_id" {
description = "Azure Subscription Id"
type = string
}
variable "client_id" {
description = "Azure Client Id"
type = string
}
variable "client_secret" {
description = "Azure Client Secret"
type = string
}
variable "tenant_id" {
description = "Azure Tenant Id"
type = string
}
variable "vm_key_name" {
description = "VM Secret File Name"
type = string
}
# Key Pair
resource "tls_private_key" "rsa-4096" {
algorithm = "RSA"
rsa_bits = 4096
}
resource "local_file" "private_key" {
content = tls_private_key.rsa-4096.private_key_pem
filename = var.vm_key_name
}
# 1. Create Resource Group
resource "azurerm_resource_group" "rg" {
name = "Mythic"
location = "East US"
}
# 1. Create Virtual Network
resource "azurerm_virtual_network" "vnet" {
name = "myVNet"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
address_space = ["10.0.0.0/16"]
}
# 3. Create Subnet
resource "azurerm_subnet" "subnet" {
name = "mySubnet"
resource_group_name = azurerm_resource_group.rg.name
virtual_network_name = azurerm_virtual_network.vnet.name
address_prefixes = ["10.0.1.0/24"]
}
# 4. Create Public IP
resource "azurerm_public_ip" "pip" {
name = "myPublicIP"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
allocation_method = "Dynamic"
domain_name_label = "mypublicipdns12343131245325675"
}
# 5. Create Network Interface
resource "azurerm_network_interface" "nic" {
name = "myNIC"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
ip_configuration {
name = "myNicConfiguration"
subnet_id = azurerm_subnet.subnet.id
private_ip_address_allocation = "Dynamic"
public_ip_address_id = azurerm_public_ip.pip.id
}
}
# 6. Create Virtual Machine with User Data
resource "azurerm_linux_virtual_machine" "vm" {
name = "myVM"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
network_interface_ids = [azurerm_network_interface.nic.id]
size = "Standard_B1ms"
admin_username = "azureuser"
os_disk {
caching = "ReadWrite"
storage_account_type = "Standard_LRS"
}
source_image_reference {
publisher = "Canonical"
offer = "UbuntuServer"
sku = "18.04-LTS"
version = "latest"
}
admin_ssh_key {
username = "azureuser"
public_key = tls_private_key.rsa-4096.public_key_openssh
}
disable_password_authentication = true
custom_data = base64encode(file("script.sh"))
}
resource "azurerm_network_interface_security_group_association" "example" {
network_interface_id = azurerm_network_interface.nic.id
network_security_group_id = azurerm_network_security_group.nsg.id
}
resource "azurerm_network_security_group" "nsg" {
name = "myNSG"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
security_rule {
name = "Allow-HTTP-Inbound"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "80"
source_address_prefix = "AzureFrontDoor.Backend"
destination_address_prefix = "*"
description = "Allow inbound HTTP traffic using the Http tag"
}
security_rule {
name = "Allow-HTTPS-Inbound"
priority = 110
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "443"
source_address_prefix = "AzureFrontDoor.Backend"
destination_address_prefix = "*"
description = "Allow inbound HTTPS traffic using the Https tag"
}
security_rule {
name = "Allow-SSH"
priority = 120
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "22"
source_address_prefix = "*"
destination_address_prefix = "*"
}
}
data "azurerm_client_config" "current" {}
# Output the public IP of the instance
output "instance_ip" {
value = <<EOF
************************************************************************
| 🖥️ Machine Ip: ${azurerm_linux_virtual_machine.vm.public_ip_address} |
************************************************************************
EOF
}
# Output the Username of the instance
output "username" {
value = <<EOF
*************************************
| 👤 Username of Machine: azureuser |
*************************************
EOF
}
output "destroy_infra" {
value = <<EOF
**************************************************************
| 🗑️ Command: redinfracraft.py destroy azure payload pwndrop |
**************************************************************
EOF
}
================================================
FILE: redinfracraft/Terraform/Azure/Azure_Pwndrop_Payload_Server/script.sh
================================================
#!/bin/bash
sudo apt update
cd /home/azureuser
sudo apt install -y wget
wget https://github.com/kgretzky/pwndrop/releases/download/1.0.1/pwndrop-linux-amd64.tar.gz
tar zxvf pwndrop-linux-amd64.tar.gz
================================================
FILE: redinfracraft/Terraform/GCP/GCP_Mythic_C2_with_ELB/mythic.tf
================================================
provider "google" {
project = "${var.project_id}"
region = var.location
}
variable "location" {
description = "GCP Location for Cloud Function"
}
variable "project_id" {
description = "GCP Project ID"
}
resource "google_compute_instance" "default" {
name = "test-instance"
machine_type = "n2-standard-2"
zone = "us-central1-c"
tags = ["foo", "bar"]
boot_disk {
initialize_params {
image = "debian-cloud/debian-11"
labels = {
my_label = "value"
}
}
}
// Local SSD disk
scratch_disk {
interface = "NVME"
}
network_interface {
network = "default"
access_config {
// Ephemeral public IP
}
}
metadata = {
foo = "bar"
}
service_account {
# Google recommends custom service accounts that have cloud-platform scope and permissions granted via IAM Roles.
email = "517443832736-compute@developer.gserviceaccount.com"
scopes = ["cloud-platform"]
}
}
# Allow HTTP traffic
resource "google_compute_firewall" "allow_http" {
name = "allow-http"
network = "default"
allow {
protocol = "tcp"
ports = ["80"]
}
source_ranges = ["34.49.246.127/32"]
target_tags = ["foo", "bar"]
}
# Allow HTTPS traffic
resource "google_compute_firewall" "allow_https" {
name = "allow-https"
network = "default"
allow {
protocol = "tcp"
ports = ["443"]
}
source_ranges = [google_compute_global_address.default.address]
target_tags = ["foo", "bar"]
}
# Allow Load Balancer Health Checks
resource "google_compute_firewall" "allow_health_checks" {
name = "allow-health-checks"
network = "default"
allow {
protocol = "tcp"
ports = ["80", "443"]
}
source_ranges = [
"130.211.0.0/22",
"35.191.0.0/16",
"108.170.220.0/23",
"108.170.221.0/24"
]
target_tags = ["foo", "bar"]
}
resource "google_compute_instance_group" "webservers" {
name = "test-webservers"
description = "Terraform test instance group"
instances = [
google_compute_instance.default.id,
]
named_port {
name = "http"
port = "80"
}
zone = "us-central1-c"
}
# Create a Global HTTP Load Balancer
resource "google_compute_global_address" "default" {
name = "testelb"
}
# Backend Service using the Instance Group
resource "google_compute_backend_service" "default" {
name = "test-backend-service"
health_checks = [google_compute_health_check.default.id]
backend {
group = google_compute_instance_group.webservers.id
}
}
# Health Check for the Backend
resource "google_compute_health_check" "default" {
name = "test-health-check"
tcp_health_check {
port = 80
}
}
# URL Map (Default Routing)
resource "google_compute_url_map" "default" {
name = "test-url-map"
default_service = google_compute_backend_service.default.id
}
# Target HTTP Proxy
resource "google_compute_target_http_proxy" "default" {
name = "test-target-proxy"
url_map = google_compute_url_map.default.id
}
# Global Forwarding Rule (Frontend)
resource "google_compute_global_forwarding_rule" "default" {
name = "test-forwarding-rule"
target = google_compute_target_http_proxy.default.id
port_range = "80"
ip_address = google_compute_global_address.default.address
}
================================================
FILE: redinfracraft/Terraform/GCP/GCP_Mythic_C2_with_ELB/script.sh
================================================
#!/bin/bash
set -ex
mkdir /home/access
cd /home/access
sudo mkdir -p /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo tee /etc/apt/keyrings/docker.asc > /dev/null
sudo apt update -y
echo "deb [signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian bullseye stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt update -y
sudo apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
sudo git clone https://github.com/its-a-feature/Mythic
sudo apt-get install -y make
cd /home/access/Mythic
sudo make
sudo /home/access/Mythic/mythic-cli install github https://github.com/MythicC2Profiles/http
sudo /home/access/Mythic/mythic-cli install github https://github.com/MythicAgents/Apollo.git
sudo /home/access/Mythic/mythic-cli start
================================================
FILE: redinfracraft/Terraform/terraform.auto.tfvars
================================================
# AWS Authentication
access_key = "YOUR_ACCESS_KEY_ID"
secret_key = "YOUR_SECRET_ACCESS_KEY"
region = "YOUR_AWS_REGION"
# EC2 Secret File Name without.PEM
key_name = "EC2_PEM_FILE_NAME"
# Azure Authentication
subscription_id = "YOUR_SUBSCRIPTION_ID"
client_id = "_YOUR_CLIENT_ID"
client_secret = "YOUR_CLIENT_SECRET"
tenant_id = "YOUR_TENANT_ID"
# VM Secret File Name without.PEM
vm_key_name = "EC2_PEM_FILE_NAME"
# GCP Authentication
project_id = "YOUR_PROJECT_ID"
location = "YOUR_GCP_LOCATION"
================================================
FILE: redinfracraft/redinfracraft.py
================================================
import argparse
import os
current_dir = os.getcwd()
tfvars_file = os.path.join(current_dir, "Terraform", "terraform.auto.tfvars")
def change_directory(path):
# Use os.path.join to handle cross-platform paths
target_path = os.path.join(current_dir, path)
os.chdir(target_path)
def createTerrformCommand():
os.system('terraform init')
os.system(f'terraform apply -auto-approve -var-file={tfvars_file}')
def destroyTerrformCommand():
os.system('terraform init')
os.system(f'terraform destroy -auto-approve -var-file={tfvars_file}')
# Function to deploy Mythic C2 for AWS
def deploy_mythic_c2_aws():
change_directory("Terraform/AWS/AWS_Mythic_C2")
createTerrformCommand()
# Function to deploy Mythic C2 for Azure
def deploy_mythic_c2_azure():
change_directory("Terraform/Azure/Azure_Mythic_C2")
createTerrformCommand()
# Function to deploy Mythic C2 with ELB and CloudFront for AWS
def deploy_elb_c2_aws():
change_directory("Terraform/AWS/AWS_Mythic_C2_with_CloudFront")
createTerrformCommand()
# Function to deploy Mythic C2 with Frontdoor for Azure
def deploy_elb_c2_azure():
change_directory("Terraform/Azure/Azure_Mythic_C2_with_Frontdoor")
createTerrformCommand()
# Function to deploy Mythic C2 with ELB for GCP
def deploy_elb_c2_gcp():
change_directory("Terraform/GCP/GCP_Mythic_C2_with_ELB")
createTerrformCommand()
# Function to deploy Pwndrop for AWS
def deploy_pwndrop_aws():
change_directory("Terraform/AWS/AWS_Pwndrop_Payload_Server")
createTerrformCommand()
# Function to deploy Pwndrop for Azure
def deploy_pwndrop_azure():
change_directory("Terraform/Azure/Azure_Pwndrop_Payload_Server")
createTerrformCommand()
# Function to deploy gophish for AWS
def deploy_gophish_aws():
change_directory("Terraform/AWS/AWS_GoPhish_Phishing_Server")
createTerrformCommand()
# Function to deploy gophish for Azure
def deploy_gophish_azure():
change_directory("Terraform/Azure/Azure_GoPhish_Phishing_Server")
createTerrformCommand()
# Function to deploy Evilginx for AWS
def deploy_evilginx_aws():
change_directory("Terraform/AWS/AWS_Evilginx_Phishing_Server")
createTerrformCommand()
# Function to deploy Evilginx for Azure
def deploy_evilginx_azure():
change_directory("Terraform/Azure/Azure_Evilginx_Phishing_Server")
createTerrformCommand()
# Function to destroy Mythic C2 for AWS
def destroy_mythic_c2_aws():
change_directory("Terraform/AWS/AWS_Mythic_C2")
destroyTerrformCommand()
# Function to destroy Mythic C2 for Azure
def destroy_mythic_c2_azure():
change_directory("Terraform/Azure/Azure_Mythic_C2")
destroyTerrformCommand()
# Function to destroy Mythic C2 with ELB and CloudFront for AWS
def destroy_elb_c2_aws():
change_directory("Terraform/AWS/AWS_Mythic_C2_with_CloudFront")
destroyTerrformCommand()
# Function to destroy Mythic C2 with Frontdoor for Azure
def destroy_elb_c2_azure():
change_directory("Terraform/Azure/Azure_Mythic_C2_with_Frontdoor")
destroyTerrformCommand()
# Function to destroy Mythic C2 with ELB for GCP
def destroy_elb_c2_gcp():
change_directory("Terraform/GCP/GCP_Mythic_C2_with_Frontdoor")
destroyTerrformCommand()
# Function to destroy Pwndrop for AWS
def destroy_pwndrop_aws():
change_directory("Terraform/AWS/AWS_Pwndrop_Payload_Server")
destroyTerrformCommand()
# Function to destroy Pwndrop for Azure
def destroy_pwndrop_azure():
change_directory("Terraform/Azure/Azure_Pwndrop_Payload_Server")
destroyTerrformCommand()
# Function to destroy gophish for AWS
def destroy_gophish_aws():
change_directory("Terraform/AWS/AWS_GoPhish_Phishing_Server")
destroyTerrformCommand()
# Function to destroy GoPhish for Azure
def destroy_gophish_azure():
change_directory("Terraform/Azure/Azure_GoPhish_Phishing_Server")
destroyTerrformCommand()
# Function to destroy Evilginx for AWS
def destroy_evilginx_aws():
change_directory("Terraform/AWS/AWS_Evilginx_Phishing_Server")
destroyTerrformCommand()
# Function to destroy Evilginx for Azure
def destroy_evilginx_azure():
change_directory("Terraform/Azure/Azure_Evilginx_Phishing_Server")
destroyTerrformCommand()
# Main function
def main():
parser = argparse.ArgumentParser(description='Tool for deploying or destroying infrastructure.')
subparsers = parser.add_subparsers(dest='action', help='Action to perform')
# Sub-parser for creating infrastructure
parser_create = subparsers.add_parser('create', help='To Create infrastructure')
parser_create.add_argument('cloud', choices=['aws', 'azure', 'gcp'], help='Cloud provider (aws/azure/gcp)')
parser_create.add_argument('infra', choices=['c2', 'payload', 'phishing', 'full_infra'],
help='Infrastructure to create')
parser_create.add_argument('type', nargs='?', choices=['mythic', 'mythic_lb', 'pwndrop', 'gophish', 'evilginx'],
help='Type of infrastructure')
# Sub-parser for destroying infrastructure
parser_destroy = subparsers.add_parser('destroy', help='To Destroy infrastructure')
parser_destroy.add_argument('cloud', choices=['aws', 'azure', 'gcp'], help='Cloud provider (aws/azure/gcp)')
parser_destroy.add_argument('infra', choices=['c2', 'payload', 'phishing', 'full_infra'],
help='Infrastructure to destroy')
parser_destroy.add_argument('type', nargs='?', choices=['mythic', 'mythic_lb', 'pwndrop', 'gophish', 'evilginx'],
help='Type of infrastructure to destroy')
# Add info command
parser_info = subparsers.add_parser('info',
help='Shows info message, Try "redinfracraft.py.py info" to know more about this tool.')
# Add help command
parser_help = subparsers.add_parser('help',
help='Shows help message, Try "redinfracraft.py.py help" to view available options.')
args = parser.parse_args()
# Mapping infrastructure and cloud types to functions
action_map = {
'create': {
'aws': {
'c2': {'mythic': deploy_mythic_c2_aws, 'mythic_lb': deploy_elb_c2_aws},
'payload': {'pwndrop': deploy_pwndrop_aws},
'phishing': {'gophish': deploy_gophish_aws, 'evilginx': deploy_evilginx_aws},
'full_infra': lambda: (
deploy_elb_c2_aws(), deploy_pwndrop_aws(), deploy_gophish_aws(), deploy_evilginx_aws())
},
'azure': {
'c2': {'mythic': deploy_mythic_c2_azure, 'mythic_lb': deploy_elb_c2_azure},
'payload': {'pwndrop': deploy_pwndrop_azure},
'phishing': {'gophish': deploy_gophish_azure, 'evilginx': deploy_evilginx_azure},
'full_infra': lambda: (
deploy_elb_c2_azure(), deploy_pwndrop_azure(), deploy_gophish_azure(), deploy_evilginx_azure())
},
'gcp': {
'c2': {'mythic_lb': deploy_elb_c2_gcp}
}
},
'destroy': {
'aws': {
'c2': {'mythic': destroy_mythic_c2_aws, 'mythic_lb': destroy_elb_c2_aws},
'payload': {'pwndrop': destroy_pwndrop_aws},
'phishing': {'gophish': destroy_gophish_aws, 'evilginx': destroy_evilginx_aws},
'full_infra': lambda: (
destroy_elb_c2_aws(), destroy_pwndrop_aws(), destroy_gophish_aws(), destroy_evilginx_aws())
},
'azure': {
'c2': {'mythic': destroy_mythic_c2_azure, 'mythic_lb': destroy_elb_c2_azure},
'payload': {'pwndrop': destroy_pwndrop_azure},
'phishing': {'gophish': destroy_gophish_azure, 'evilginx': destroy_evilginx_azure},
'full_infra': lambda: (
destroy_elb_c2_azure(), destroy_pwndrop_azure(), destroy_gophish_azure(), destroy_evilginx_azure())
},
'gcp': {
'c2': {'mythic_lb': destroy_elb_c2_gcp},
}
}
}
# Execute the mapped function
if args.action in action_map:
try:
if args.infra == 'full_infra':
action_map[args.action][args.cloud][args.infra]()
else:
action_map[args.action][args.cloud][args.infra][args.type]()
except KeyError:
print("""
Invalid combination of arguments!!
I am here to assist You :)
Try "redinfracraft.py info" to know more about this tool.
Try "redinfracraft.py --help" to know about arguments.
Try "redinfracraft.py help" to view available options.
""")
elif args.action == 'info':
print_info_message()
elif args.action == 'help':
print_help_message()
def print_info_message():
print("""
**********************************************************************************************************************************************************
* ________ _______ _____ _________ ___ _ _______ ________ ---- _______ ________ ---- _______ _________ *
* ( ____ ) ( _____) ( __ \ (___ ___) ( \ | ) ( _____) ( ____ ) / __ \ / ______) ( ____ ) / __ \ ( _____) (___ ___) *
* | | | | | ( | ( \ \ | | | |\ \ | | | ( | | | | / / \ \ / / | | | | / / \ \ | ( | | *
* | |____| | | | | | \ \ | | | | \ \ | | | | | |____| | | | | | / / | |____| | | | | | | | | | *
* | _ ____) | (_____ | | \ \ | | | | \ \ | | | (_____ | _ ____) | (____) | | | | _ ____) | (____) | | (_____ | | *
* | |\ \ | _____) | | | | | | | | \ \ | | | _____) | |\ \ | ____ | | | | |\ \ | ____ | | _____) | | *
* | | \ \ | ( | | / / | | | | \ \ | | | ( | | \ \ | ( ) | | | | | \ \ | ( ) | | ( | | *
* | | \ \ | | | | / / | | | | \ \ | | | | | | \ \ | | | | \ \ | | \ \ | | | | | | | | *
* | | \ \ | (_____ | (__/ / ___| |___ | | \ \| | | | | | \ \ | | | | \ \______ | | \ \ | | | | | | | | *
* (_| \_\ (_______) (_____/ (_________) (_| \___) (_| (_| \_\ (_| |_) \_______) (_| \_\ (_| |_) (_| |_| *
* *
* - Version-2 *
* *
**********************************************************************************************************************************************************
Introducing RedInfraCraft (V2) - your go-to tool for seamlessly crafting and overseeing cloud infrastructures, tailored
specifically for Red Teamers!! With RedInfraCraft (V2), you're not just deploying some infrastructures; you are crafting a digital
masterpiece. Whether you're forging Mythic C2s, shaping ELB architectures, or crafting cunning phishing setups, RedInfraCraft (V2)
empowers you to build, deploy, and manage with unparalleled ease. Let's turn your cloud dreams into infrastructural realities with
RedInfraCraft (V2) - where every deployment is a stroke of genius!"
- CyberWarFare Labs
""")
def print_help_message():
print("""
Infrastructures:
1) C2 - "Mythic C2", "Mythic C2 with CloudFront and Load Balancer", "Mythic C2 with Frontdoor & CDN"
2) Payload - "Pwndrop"
3) Phishing - "EvilGinx", "GoPhish"
4) All in One Infra - "Mythic C2 with CloudFront and Load Balancer, Pwndrop, EvilGinx, GoPhish", "Mythic C2 with Frontdoor & CDN, pwndrop, Gophish, and Evilginx"
Cloud Providers:
1) AWS
2) Azure
3) GCP
Command Explanation:
--> redinfracraft.py action cloud_provider infra_type infra
E.g redinfracraft.py create aws c2 mythic
E.g redinfracraft.py destroy azure c2 mythic
E.g redinfracraft.py create gcp c2 mythic
Commands to Create Infrastructure:
--> Create Mythic C2 infrastructure for AWS:
redinfracraft.py create aws c2 mythic
--> Create Mythic C2 infrastructure for Azure:
redinfracraft.py create azure c2 mythic
--> Create ELB with Mythic C2 infrastructure for AWS:
redinfracraft.py create aws c2 mythic_lb
--> Create ELB with Mythic C2 infrastructure for Azure:
redinfracraft.py create azure c2 mythic_lb
--> Create ELB with Mythic C2 infrastructure for GCP:
redinfracraft.py create gcp c2 mythic_lb
--> Create pwndrop payload infrastructure for AWS:
redinfracraft.py create aws payload pwndrop
--> Create pwndrop payload infrastructure for Azure:
redinfracraft.py create azure payload pwndrop
--> Create Gophish phishing infrastructure for AWS:
redinfracraft.py create aws phishing gophish
--> Create Gophish phishing infrastructure for Azure:
redinfracraft.py create azure phishing gophish
--> Create Evilginx phishing infrastructure for AWS:
redinfracraft.py create aws phishing evilginx
--> Create Evilginx phishing infrastructure for Azure:
redinfracraft.py create azure phishing evilginx
--> Create full infrastructure (Mythic C2 with ELB & CloudFront, pwndrop, Gophish, and Evilginx):
redinfracraft.py create aws full_infra
--> Create full infrastructure (Mythic C2 with Frontdoor & CDN, pwndrop, Gophish, and Evilginx):
redinfracraft.py create azure full_infra
Commands to Destroy Infrastructure:
--> Destroy Mythic C2 infrastructure for AWS:
redinfracraft.py destroy aws c2 mythic
--> Destroy Mythic C2 infrastructure for Azure:
redinfracraft.py destroy azure c2 mythic
--> Destroy ELB with Mythic C2 infrastructure for AWS:
redinfracraft.py destroy aws c2 mythic_lb
--> Destroy ELB with Mythic C2 infrastructure for Azure:
redinfracraft.py destroy azure c2 mythic_lb
--> Destroy ELB with Mythic C2 infrastructure for GCP:
redinfracraft.py destroy gcp c2 mythic_lb
--> Destroy pwndrop payload infrastructure for AWS:
redinfracraft.py destroy aws payload pwndrop
--> Destroy pwndrop payload infrastructure for Azure:
redinfracraft.py destroy azure payload pwndrop
--> Destroy GoPhish phishing infrastructure for AWS:
redinfracraft.py destroy aws phishing gophish
--> Destroy GoPhish phishing infrastructure for Azure:
redinfracraft.py destroy azure phishing gophish
--> Destroy EvilGinx phishing infrastructure for AWS:
redinfracraft.py destroy aws phishing evilginx
--> Destroy EvilGinx phishing infrastructure for Azure:
redinfracraft.py destroy azure phishing evilginx
--> Destroy full infrastructure (Mythic C2 with ELB & CloudFront, pwndrop, Gophish, and Evilginx):
redinfracraft.py destroy aws full_infra
--> Destroy full infrastructure (Mythic C2 with Frontdoor & CDN, pwndrop, Gophish, and Evilginx):
redinfracraft.py destroy azure full_infra
""")
# Execute main function
if __name__ == "__main__":
main()
gitextract_pfekmv1c/
├── LICENSE
├── README.md
├── html/
│ ├── EvilGinx.html
│ ├── Full_Infra.html
│ ├── GoPhish.html
│ ├── Mythic_C2.html
│ ├── Mythic_C2_with_ELB.html
│ └── pwndrop.html
├── infra_deployment_guide/
│ ├── AWS/
│ │ ├── assets/
│ │ │ └── test
│ │ └── readme.md
│ ├── Azure/
│ │ └── readme.md
│ └── GCP/
│ └── readme.md
└── redinfracraft/
├── Terraform/
│ ├── AWS/
│ │ ├── AWS_Evilginx_Phishing_Server/
│ │ │ └── main.tf
│ │ ├── AWS_GoPhish_Phishing_Server/
│ │ │ └── main.tf
│ │ ├── AWS_Mythic_C2/
│ │ │ └── main.tf
│ │ ├── AWS_Mythic_C2_with_CloudFront/
│ │ │ └── main.tf
│ │ └── AWS_Pwndrop_Payload_Server/
│ │ └── main.tf
│ ├── Azure/
│ │ ├── Azure_Evilginx_Phishing_Server/
│ │ │ ├── main.tf
│ │ │ └── script.sh
│ │ ├── Azure_GoPhish_Phishing_Server/
│ │ │ ├── main.tf
│ │ │ └── script.sh
│ │ ├── Azure_Mythic_C2/
│ │ │ ├── main.tf
│ │ │ └── script.sh
│ │ ├── Azure_Mythic_C2_with_Frontdoor/
│ │ │ ├── main.tf
│ │ │ └── script.sh
│ │ └── Azure_Pwndrop_Payload_Server/
│ │ ├── main.tf
│ │ └── script.sh
│ ├── GCP/
│ │ └── GCP_Mythic_C2_with_ELB/
│ │ ├── mythic.tf
│ │ └── script.sh
│ └── terraform.auto.tfvars
└── redinfracraft.py
SYMBOL INDEX (28 symbols across 1 files) FILE: redinfracraft/redinfracraft.py function change_directory (line 8) | def change_directory(path): function createTerrformCommand (line 14) | def createTerrformCommand(): function destroyTerrformCommand (line 19) | def destroyTerrformCommand(): function deploy_mythic_c2_aws (line 25) | def deploy_mythic_c2_aws(): function deploy_mythic_c2_azure (line 31) | def deploy_mythic_c2_azure(): function deploy_elb_c2_aws (line 37) | def deploy_elb_c2_aws(): function deploy_elb_c2_azure (line 43) | def deploy_elb_c2_azure(): function deploy_elb_c2_gcp (line 49) | def deploy_elb_c2_gcp(): function deploy_pwndrop_aws (line 55) | def deploy_pwndrop_aws(): function deploy_pwndrop_azure (line 61) | def deploy_pwndrop_azure(): function deploy_gophish_aws (line 67) | def deploy_gophish_aws(): function deploy_gophish_azure (line 73) | def deploy_gophish_azure(): function deploy_evilginx_aws (line 79) | def deploy_evilginx_aws(): function deploy_evilginx_azure (line 85) | def deploy_evilginx_azure(): function destroy_mythic_c2_aws (line 91) | def destroy_mythic_c2_aws(): function destroy_mythic_c2_azure (line 97) | def destroy_mythic_c2_azure(): function destroy_elb_c2_aws (line 103) | def destroy_elb_c2_aws(): function destroy_elb_c2_azure (line 109) | def destroy_elb_c2_azure(): function destroy_elb_c2_gcp (line 115) | def destroy_elb_c2_gcp(): function destroy_pwndrop_aws (line 120) | def destroy_pwndrop_aws(): function destroy_pwndrop_azure (line 126) | def destroy_pwndrop_azure(): function destroy_gophish_aws (line 132) | def destroy_gophish_aws(): function destroy_gophish_azure (line 138) | def destroy_gophish_azure(): function destroy_evilginx_aws (line 144) | def destroy_evilginx_aws(): function destroy_evilginx_azure (line 150) | def destroy_evilginx_azure(): function main (line 156) | def main(): function print_info_message (line 254) | def print_info_message(): function print_help_message (line 286) | def print_help_message():
Condensed preview — 31 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (134K chars).
[
{
"path": "LICENSE",
"chars": 11357,
"preview": " Apache License\n Version 2.0, January 2004\n "
},
{
"path": "README.md",
"chars": 9874,
"preview": "\n\n<div align=\"center\">\n<picture>\n <source media=\"(prefers-color-scheme: dark)\" srcset=\"assets/RedinfraCraft_White.png\">"
},
{
"path": "html/EvilGinx.html",
"chars": 574,
"preview": "<!DOCTYPE html>\r\n<html lang=\"en\">\r\n<head>\r\n <meta charset=\"UTF-8\">\r\n <title>Asciinema Demo</title>\r\n <link rel="
},
{
"path": "html/Full_Infra.html",
"chars": 563,
"preview": "<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n <meta charset=\"UTF-8\">\n <title>Asciinema Demo</title>\n <link rel=\"styl"
},
{
"path": "html/GoPhish.html",
"chars": 574,
"preview": "<!DOCTYPE html>\r\n<html lang=\"en\">\r\n<head>\r\n <meta charset=\"UTF-8\">\r\n <title>Asciinema Demo</title>\r\n <link rel="
},
{
"path": "html/Mythic_C2.html",
"chars": 555,
"preview": "<!DOCTYPE html>\r\n<html lang=\"en\">\r\n<head>\r\n <meta charset=\"UTF-8\">\r\n <title>Asciinema Demo</title>\r\n <link rel="
},
{
"path": "html/Mythic_C2_with_ELB.html",
"chars": 563,
"preview": "<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n <meta charset=\"UTF-8\">\n <title>Asciinema Demo</title>\n <link rel=\"styl"
},
{
"path": "html/pwndrop.html",
"chars": 574,
"preview": "<!DOCTYPE html>\r\n<html lang=\"en\">\r\n<head>\r\n <meta charset=\"UTF-8\">\r\n <title>Asciinema Demo</title>\r\n <link rel="
},
{
"path": "infra_deployment_guide/AWS/assets/test",
"chars": 1,
"preview": "\n"
},
{
"path": "infra_deployment_guide/AWS/readme.md",
"chars": 9473,
"preview": "# Infrastructure Walkthroughs:\n\n**Common steps required to perform for each infrastructure deployment.**\n\nUpon executin"
},
{
"path": "infra_deployment_guide/Azure/readme.md",
"chars": 8653,
"preview": "# Infrastructure Walkthroughs:\n\n**Common steps required to perform for each infrastructure deployment.**\n\nBefore spinni"
},
{
"path": "infra_deployment_guide/GCP/readme.md",
"chars": 3419,
"preview": "# Infrastructure Walkthroughs:\n\n**Common steps required to perform for each infrastructure deployment.**\n\nStep-1: Befor"
},
{
"path": "redinfracraft/Terraform/AWS/AWS_Evilginx_Phishing_Server/main.tf",
"chars": 3603,
"preview": "terraform {\n required_providers {\n aws = {\n source = \"hashicorp/aws\"\n version = \"5.46.0\"\n }\n }\n}\n\n\n# "
},
{
"path": "redinfracraft/Terraform/AWS/AWS_GoPhish_Phishing_Server/main.tf",
"chars": 3953,
"preview": "terraform {\n required_providers {\n aws = {\n source = \"hashicorp/aws\"\n version = \"5.46.0\"\n }\n }\n}\n\n\n# "
},
{
"path": "redinfracraft/Terraform/AWS/AWS_Mythic_C2/main.tf",
"chars": 3722,
"preview": "terraform {\n required_providers {\n aws = {\n source = \"hashicorp/aws\"\n version = \"5.46.0\"\n }\n }\n}\n\n\n# "
},
{
"path": "redinfracraft/Terraform/AWS/AWS_Mythic_C2_with_CloudFront/main.tf",
"chars": 7328,
"preview": "terraform {\n required_providers {\n aws = {\n source = \"hashicorp/aws\"\n version = \"5.46.0\"\n }\n }\n}\n\n\n# "
},
{
"path": "redinfracraft/Terraform/AWS/AWS_Pwndrop_Payload_Server/main.tf",
"chars": 2914,
"preview": "terraform {\n required_providers {\n aws = {\n source = \"hashicorp/aws\"\n version = \"5.46.0\"\n }\n }\n}\n\n\n# "
},
{
"path": "redinfracraft/Terraform/Azure/Azure_Evilginx_Phishing_Server/main.tf",
"chars": 5972,
"preview": "terraform {\n required_providers {\n azurerm = {\n source = \"hashicorp/azurerm\"\n version = \"~> 3.0\"\n }\n "
},
{
"path": "redinfracraft/Terraform/Azure/Azure_Evilginx_Phishing_Server/script.sh",
"chars": 724,
"preview": "#!/bin/bash\n\nsudo apt update\n\ncd /home/azureuser\n\nsudo apt install -y wget\nwget https://golang.org/dl/go1.19.5.linux-amd"
},
{
"path": "redinfracraft/Terraform/Azure/Azure_GoPhish_Phishing_Server/main.tf",
"chars": 5968,
"preview": "terraform {\n required_providers {\n azurerm = {\n source = \"hashicorp/azurerm\"\n version = \"~> 3.0\"\n }\n "
},
{
"path": "redinfracraft/Terraform/Azure/Azure_GoPhish_Phishing_Server/script.sh",
"chars": 970,
"preview": "#!/bin/bash\n\nsudo apt update\n\ncd /home/azureuser\n\nsudo apt install -y git \nsudo apt install -y wget\nsudo wget https://gi"
},
{
"path": "redinfracraft/Terraform/Azure/Azure_Mythic_C2/main.tf",
"chars": 5946,
"preview": "terraform {\n required_providers {\n azurerm = {\n source = \"hashicorp/azurerm\"\n version = \"~> 3.0\"\n }\n "
},
{
"path": "redinfracraft/Terraform/Azure/Azure_Mythic_C2/script.sh",
"chars": 1184,
"preview": "#!/bin/bash\n\nsudo mkdir -p /home/azureuser/access\ncd /home/azureuser/access\n\nsudo apt-get update -y\nsudo apt-get install"
},
{
"path": "redinfracraft/Terraform/Azure/Azure_Mythic_C2_with_Frontdoor/main.tf",
"chars": 8069,
"preview": "terraform {\n required_providers {\n azurerm = {\n source = \"hashicorp/azurerm\"\n version = \"~> 3.0\"\n }\n "
},
{
"path": "redinfracraft/Terraform/Azure/Azure_Mythic_C2_with_Frontdoor/script.sh",
"chars": 1184,
"preview": "#!/bin/bash\n\nsudo mkdir -p /home/azureuser/access\ncd /home/azureuser/access\n\nsudo apt-get update -y\nsudo apt-get install"
},
{
"path": "redinfracraft/Terraform/Azure/Azure_Pwndrop_Payload_Server/main.tf",
"chars": 5966,
"preview": "terraform {\n required_providers {\n azurerm = {\n source = \"hashicorp/azurerm\"\n version = \"~> 3.0\"\n }\n "
},
{
"path": "redinfracraft/Terraform/Azure/Azure_Pwndrop_Payload_Server/script.sh",
"chars": 203,
"preview": "#!/bin/bash\n\nsudo apt update\n\ncd /home/azureuser\n\nsudo apt install -y wget\nwget https://github.com/kgretzky/pwndrop/rele"
},
{
"path": "redinfracraft/Terraform/GCP/GCP_Mythic_C2_with_ELB/mythic.tf",
"chars": 3314,
"preview": "provider \"google\" {\n project = \"${var.project_id}\"\n region = var.location\n}\n\nvariable \"location\" {\n description = \"G"
},
{
"path": "redinfracraft/Terraform/GCP/GCP_Mythic_C2_with_ELB/script.sh",
"chars": 856,
"preview": "#!/bin/bash\nset -ex\n\nmkdir /home/access\ncd /home/access\n\nsudo mkdir -p /etc/apt/keyrings\n\ncurl -fsSL https://download.do"
},
{
"path": "redinfracraft/Terraform/terraform.auto.tfvars",
"chars": 504,
"preview": "# AWS Authentication\naccess_key = \"YOUR_ACCESS_KEY_ID\"\nsecret_key = \"YOUR_SECRET_ACCESS_KEY\"\nregion = \"YOUR_AWS_REGI"
},
{
"path": "redinfracraft/redinfracraft.py",
"chars": 16122,
"preview": "import argparse\nimport os\n\ncurrent_dir = os.getcwd()\ntfvars_file = os.path.join(current_dir, \"Terraform\", \"terraform.aut"
}
]
About this extraction
This page contains the full source code of the RedTeamOperations/Red-Infra-Craft GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 31 files (121.8 KB), approximately 32.8k tokens, and a symbol index with 28 extracted functions, classes, methods, constants, and types. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.