Bloodfire-infra is a Red Team infrastructure that can be deployed on AWS using Terraform and Ansible. The infrastructure includes several components that can be used to conduct Red Team operations, such as phishing attacks and monitoring Red Team activities.
The infrastructure includes the following components:
- Bastion Host: A host that acts as a gateway to access the other hosts in the infrastructure.
- Evilginx: A phishing attack tool that can be used to clone login pages and steal credentials.
- GoPhish: An open-source phishing framework that can be used to run phishing campaigns.
- RedELK: An open-source tool that can be used to monitor and analyze Red Team activities.
-
Customize Modules:
- Open
main.tf
. - Uncomment/comment the modules you wish to use.
- Fill in the required values for each module.
- Open
-
Configure Variables:
- Open
variables.tf
. - Fill in all necessary values.
- Open
-
Initialize and Validate:
- Open a terminal in the project root folder.
- Run
terraform init
to initialize the Terraform configuration. - Run
terraform validate
to ensure there are no errors in the configuration.
-
Plan and Apply:
- Run
terraform plan
to review the changes Terraform will apply to your AWS infrastructure. - Run
terraform apply
to create the infrastructure.
- Run
Note: Make sure you have the necessary AWS credentials configured on your machine using aws configure
.
After terraform apply
is completed, a bash script and an ssh_config
file will be created. You can use these to SSH into the hosts without worrying about port forwarding.
ssh -X -F ssh_config bastion # SSH into Bastion host with X11 forwarding for client
ssh -F ssh_config evilginx # SSH into Evilginx host
ssh -F ssh_config gophish # SSH into GoPhish host
ssh -F ssh_config redelk # SSH into RedELK host
When you SSH into the GoPhish or RedELK hosts, port forwarding will be set up automatically.
- URL: https://127.0.0.1
- Username: redelk
- Password: redelk@123
- URL: https://127.0.0.1:3333
- Username: admin
- Password: gophish@123
This is an optional step, you can install the client wherever you like but make sure to update security group rules to allow traffic from the client to the teamserver (which is only possible from the bastion host by default).
- SSH into the bastion host.
- Move to
/opt/havoc
directory. - Run
./havoc client
to start the client.
Note: Make sure you have the teamserver running, as an example SSH into the teamserver from the bastion host then:
cd /opt/havoc
sudo ./havoc server --profile ./profiles/havoc.yaotl -v --debug
Please refer to the DEVELOPMENT.md file for detailed instructions on how to develop and customize the infrastructure.
When running the client on the bastion host, it gives the following error:
[20:53:30] [info] Havoc Framework [Version: 0.7] [CodeName: Bites The Dust]
[20:53:30] [error] [DB] Failed to open database
[20:53:30] [info] loaded config file: client/config.toml
QSqlQuery::prepare: database not open
[20:53:30] [error] [DB] Error while query teamserver list: No query Unable to fetch row
[20:53:50] [info] Exit program from Connection Dialog
Also note that the client GUI spins up and you can connect to the teamserver but the error is still there.
This project is licensed under the GPL-3.0 License - see the LICENSE file for details.