ThreatBox is a standard and controlled attack platform based on the Linux operating system.
It started out as a collection of scripts, established itself as a virtual machine, existed as code for building a Linux ISO, and has now been transformed into a number of playbooks.
The project is designed to be used as a startup process to create, manage and use a typical attack platform for penetration testing.
Details on the idea of a Standard Attack platform can be found in the book Red Team Development and Operations - A Practical Guide, written by Joe Vest and James Tubberville.
- Basic tools ansible roles
- Adjustments designed to facilitate security screening
- Variable list for adding or removing git repositories, operating system packages, or python drives. (ancbox.yml)
- Automatic switching of SSH port. Development starts at port 22, but resets the destination system to the desired SSH port using the ansible_port variable in yml
- Download and collect many .net tools (eg SeatBelt.exe from Ghostpack https://github.com/GhostPack/Seatbelt)
- Most pythonprojects were installed using pipenv. Use the pipenv shell in the directory to access. See address https://realpython.com/pipenv-guide/ for instructions for use of pipenv
Information on installing and using the program, you will find here.