diff options
Diffstat (limited to 'roles')
26 files changed, 579 insertions, 0 deletions
diff --git a/roles/custom-config/README.md b/roles/custom-config/README.md new file mode 100644 index 0000000..65ff9ca --- /dev/null +++ b/roles/custom-config/README.md @@ -0,0 +1,4 @@ +Custom Config +========= + +This role handles customization of the desktop experience only. Adding things like zsh functions I use, getting rid of mouse interactivity with vim (because who in their right mind thought this was a good idea???), and other small tweaks that I needed. Put customization in here. diff --git a/roles/custom-config/defaults/main.yml b/roles/custom-config/defaults/main.yml new file mode 100644 index 0000000..ccefed4 --- /dev/null +++ b/roles/custom-config/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for custom-config diff --git a/roles/custom-config/files/tmux_conf b/roles/custom-config/files/tmux_conf new file mode 100644 index 0000000..55cf067 --- /dev/null +++ b/roles/custom-config/files/tmux_conf @@ -0,0 +1,14 @@ +# remap CTRL-b to CTRL-a because it's better +unbind C-b +set-option -g prefix C-a +bind-key C-a send-prefix + +# vi master race +set -g mode-keys vi +set -sg escape-time 0 + +# I <3 history +set -g history-limit 500000 + +# colors! +set -g default-terminal "screen-256color" diff --git a/roles/custom-config/files/zsh_functions.zsh b/roles/custom-config/files/zsh_functions.zsh new file mode 100644 index 0000000..e6df6e0 --- /dev/null +++ b/roles/custom-config/files/zsh_functions.zsh @@ -0,0 +1,26 @@ +# This is a handy list of functions I use + +scan() { + SCANDIR="${PWD}/nmap_scans" + if [ -z $1 ]; + then + read "TARGET?Enter a target: " + else + TARGET=$1 + fi + + echo "Scanning ${TARGET}..." + mkdir -p $SCANDIR + sudo nmap -sS -sV -sC -oN $SCANDIR/initial-scan -v $TARGET + sudo nmap -sS -p- -oN $SCANDIR/allports -v0 $TARGET &disown + sudo nmap -sU -oN $SCANDIR/udpports -v0 $TARGET &disown +} + +# Get latest version of linpeas and download to current directory +alias getlinpeas='curl -L https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh > linpeas.sh' + +# I use this a ton +alias webserver='python -m http.server' + +# hey why not, change this number to your preferred revshell port. +alias revshell='ncat -lvnp 9090'
\ No newline at end of file diff --git a/roles/custom-config/handlers/main.yml b/roles/custom-config/handlers/main.yml new file mode 100644 index 0000000..2fee87f --- /dev/null +++ b/roles/custom-config/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for custom-config diff --git a/roles/custom-config/meta/main.yml b/roles/custom-config/meta/main.yml new file mode 100644 index 0000000..c572acc --- /dev/null +++ b/roles/custom-config/meta/main.yml @@ -0,0 +1,52 @@ +galaxy_info: + author: your name + description: your role description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Choose a valid license ID from https://spdx.org - some suggested licenses: + # - BSD-3-Clause (default) + # - MIT + # - GPL-2.0-or-later + # - GPL-3.0-only + # - Apache-2.0 + # - CC-BY-4.0 + license: license (GPL-2.0-or-later, MIT, etc) + + min_ansible_version: 2.1 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. diff --git a/roles/custom-config/tasks/main.yml b/roles/custom-config/tasks/main.yml new file mode 100644 index 0000000..ec55f0e --- /dev/null +++ b/roles/custom-config/tasks/main.yml @@ -0,0 +1,131 @@ +--- +# tasks file for custom-config +- name: Getting all interactive users + ansible.builtin.shell: "awk -F: '{ if (($3 >= 1000 && $3 != 65534) || $3 == 0) print $1}' /etc/passwd" + register: users + +- name: Install Kitty Terminal Emulator 🐱 + ansible.builtin.shell: + cmd: "/usr/bin/curl -sL {{ kitty_installer }} | sh /dev/stdin dest=/opt launch=n" + +- name: Create Desktop Icon for Kitty 🐱 + ansible.builtin.copy: + dest: "/usr/share/applications/kitty.desktop" + content: | + [Desktop Entry] + Version=0.26.2 + Type=Application + Name=Kitty Terminal Emulator + Exec=/opt/kitty.app/bin/kitty + Icon=/opt/kitty.app/share/icons/hicolor/256x256/apps/kitty.png + Categories=Utility + +- name: Prepare kitty.conf files for all interactive users 🐱 + loop: "{{ users.stdout_lines }}" + ansible.builtin.file: + dest: "~{{ item }}/.config/kitty/" + state: directory + recurse: yes + owner: "{{ item }}" + group: "{{ item }}" + mode: 0755 + +- name: Prepare personalized configs for Kitty 🐱 + loop: "{{ users.stdout_lines }}" + ansible.builtin.blockinfile: + path: "~{{ item }}/.config/kitty/kitty.conf" + insertafter: EOF + create: yes + state: present + block: | + # New windows open in current directory + map ctrl+shift+enter launch --cwd=current + + # New tabs open in current directory + map ctrl+t new_tab --cwd=current + + # The coveted "zoom" function + map ctrl+shift+z toggle_layout stack + + # disable mouse-click a link to open in a browser + mouse_map left click ungrabbed no_op + +- name: Disable mouse interactivity in vim (╯°□°)╯︵ ┻━┻ + ansible.builtin.blockinfile: + path: /etc/vim/vimrc + marker: "\" {mark} ANSIBLE MANAGED BLOCK" + insertafter: EOF + state: present + block: | + set mouse= + set ttymouse= + +- name: Add sudo-NOPASSWD to users + loop: "{{ users.stdout_lines }}" + ansible.builtin.lineinfile: + path: /etc/sudoers + state: present + insertafter: EOF + line: "{{ item }} ALL=(ALL) NOPASSWD: ALL" + validate: /usr/sbin/visudo -cf %s + +- name: Initialize Gef for all users + ansible.builtin.script: /opt/gef/scripts/gef.sh + become_user: "{{ item }}" + loop: "{{ users.stdout_lines }}" + +- name: Copying over zsh functions file for all users + ansible.builtin.copy: + src: zsh_functions.zsh + dest: "~{{ item }}/.zsh_functions" + owner: "{{ item }}" + group: "{{ item }}" + mode: '0640' + loop: "{{ users.stdout_lines }}" + +- name: Enabling zsh functions + loop: "{{ users.stdout_lines }}" + ansible.builtin.blockinfile: + path: "~{{ item }}/.zshrc" + state: present + insertafter: EOF + owner: "{{ item }}" + block: | + if [ -f ~/.zsh_functions]; then + source ~/.zsh_functions + fi + +- name: Copying over tmux config to all users + ansible.builtin.copy: + src: tmux_conf + dest: "~{{ item }}/.tmux.conf" + owner: "{{ item }}" + group: "{{ item }}" + mode: '0640' + loop: "{{ users.stdout_lines }}" + +- name: Create /srv/smb/ directory for payload population + ansible.builtin.file: + path: /srv/smb + state: directory + mode: '0755' + +- name: Creating IWR share in samba config + ansible.builtin.blockinfile: + path: /etc/samba/smb.conf + insertafter: EOF + state: present + block: | + [iwr] + comment = Invoke-WebReq'd em? Damn near killed em! + path = /srv/smb + guest ok = yes + browseable = yes + create mask = 0600 + directory mask = 0755 + +- name: Ensure that samba doesn't start on boot + ansible.builtin.systemd: + name: smbd + enabled: no + state: stopped diff --git a/roles/custom-config/tests/inventory b/roles/custom-config/tests/inventory new file mode 100644 index 0000000..878877b --- /dev/null +++ b/roles/custom-config/tests/inventory @@ -0,0 +1,2 @@ +localhost + diff --git a/roles/custom-config/tests/test.yml b/roles/custom-config/tests/test.yml new file mode 100644 index 0000000..181d731 --- /dev/null +++ b/roles/custom-config/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - custom-config diff --git a/roles/custom-config/vars/main.yml b/roles/custom-config/vars/main.yml new file mode 100644 index 0000000..60c28e5 --- /dev/null +++ b/roles/custom-config/vars/main.yml @@ -0,0 +1,3 @@ +--- +# vars file for custom-config +kitty_installer: "https://sw.kovidgoyal.net/kitty/installer.sh" diff --git a/roles/individual-apps/README.md b/roles/individual-apps/README.md new file mode 100644 index 0000000..5880d2b --- /dev/null +++ b/roles/individual-apps/README.md @@ -0,0 +1,9 @@ +Individual Apps +========= + +This role will install individual packages that are _not_ tied to the package management system, IE apt. This also applies to git repositories and the like, as well as one-off compilation and build instructions, such as JumboJohn and Kerbrute. + +Role Variables +-------------- + +Just using a link to the compiled ysoserial .jar file. diff --git a/roles/individual-apps/defaults/main.yml b/roles/individual-apps/defaults/main.yml new file mode 100644 index 0000000..ebfe4e0 --- /dev/null +++ b/roles/individual-apps/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for individual-apps diff --git a/roles/individual-apps/handlers/main.yml b/roles/individual-apps/handlers/main.yml new file mode 100644 index 0000000..3c771dd --- /dev/null +++ b/roles/individual-apps/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for individual-apps diff --git a/roles/individual-apps/meta/main.yml b/roles/individual-apps/meta/main.yml new file mode 100644 index 0000000..c572acc --- /dev/null +++ b/roles/individual-apps/meta/main.yml @@ -0,0 +1,52 @@ +galaxy_info: + author: your name + description: your role description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Choose a valid license ID from https://spdx.org - some suggested licenses: + # - BSD-3-Clause (default) + # - MIT + # - GPL-2.0-or-later + # - GPL-3.0-only + # - Apache-2.0 + # - CC-BY-4.0 + license: license (GPL-2.0-or-later, MIT, etc) + + min_ansible_version: 2.1 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. diff --git a/roles/individual-apps/tasks/main.yml b/roles/individual-apps/tasks/main.yml new file mode 100644 index 0000000..7b1b3d6 --- /dev/null +++ b/roles/individual-apps/tasks/main.yml @@ -0,0 +1,106 @@ +--- +# tasks file for individual-apps +- name: Install pwntools + ansible.builtin.pip: + name: git+https://github.com/Gallopsled/pwntools.git@dev + +- name: Clone Invoke-Obfuscation (•_•) ( •_•)>⌐■-■ (⌐■_■) + ansible.builtin.git: + repo: 'https://github.com/danielbohannon/Invoke-Obfuscation' + dest: /opt/Invoke-Obfuscation + +- name: Clone JumboJohn + ansible.builtin.git: + repo: 'https://github.com/magnumripper/JohnTheRipper' + dest: /opt/JohnTheRipper + +- name: Compiling JumboJohn, hold onto yer butts... + ansible.builtin.command: chdir=/opt/JohnTheRipper/src {{ item }} + with_items: + - ./configure + - make + - make install + +- name: Install trufflehog + ansible.builtin.pip: + name: trufflehog + +- name: Install LDAPDomainDump + ansible.builtin.pip: + name: ldapdomaindump + +- name: Clone Nishang + ansible.builtin.git: + repo: 'https://github.com/samratashok/nishang' + dest: /opt/nishang + +- name: Clone Chisel + ansible.builtin.git: + repo: 'https://github.com/jpillora/chisel' + dest: /opt/chisel + +- name: Clone LinEnum + ansible.builtin.git: + repo: 'https://github.com/rebootuser/LinEnum' + dest: /opt/LinEnum + +- name: Clone PowerSploit + ansible.builtin.git: + repo: 'https://github.com/PowerShellMafia/PowerSploit' + dest: /opt/PowerSploit + +- name: Clone Impacket + ansible.builtin.git: + repo: 'https://github.com/SecureAuthCorp/impacket' + dest: /opt/impacket + +- name: Installing Impacket + ansible.builtin.shell: "python3 /opt/impacket/setup.py build && python3 /opt/impacket/setup.py install" + args: + chdir: /opt/impacket + +- name: Clone Bloodhound.py + ansible.builtin.git: + repo: 'https://github.com/fox-it/BloodHound.py.git' + dest: /opt/BloodHound.py + +- name: Clone PyFuscation + ansible.builtin.git: + repo: 'https://github.com/CBHue/PyFuscation.git' + dest: /opt/PyFuscation + +- name: Clone Gef + ansible.builtin.git: + repo: 'https://github.com/hugsy/gef.git' + dest: /opt/gef + +- name: Clone Static Binaries + ansible.builtin.git: + repo: 'https://github.com/andrew-d/static-binaries' + dest: /opt/static-binaries + +- name: Clone Ysoserial + ansible.builtin.git: + repo: 'https://github.com/frohoff/ysoserial' + dest: /opt/ysoserial + +- name: Clone Kerbrute + ansible.builtin.git: + repo: 'https://github.com/ropnop/kerbrute.git' + dest: /opt/kerbrute + +- name: Building Kerbrute... + ansible.builtin.command: chdir=/opt/kerbrute make linux + +- name: Downloading Ysoserial JAR file + ansible.builtin.get_url: + url: "{{ ysoserial_jar }}" + dest: /opt/ysoserial/ysoserial-all.jar + mode: '0644' + +- name: Get Evil-WinRM via gem installer + community.general.gem: + name: evil-winrm + norc: yes + state: latest + user_install: no diff --git a/roles/individual-apps/tests/inventory b/roles/individual-apps/tests/inventory new file mode 100644 index 0000000..878877b --- /dev/null +++ b/roles/individual-apps/tests/inventory @@ -0,0 +1,2 @@ +localhost + diff --git a/roles/individual-apps/tests/test.yml b/roles/individual-apps/tests/test.yml new file mode 100644 index 0000000..9626dd6 --- /dev/null +++ b/roles/individual-apps/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - individual-apps diff --git a/roles/individual-apps/vars/main.yml b/roles/individual-apps/vars/main.yml new file mode 100644 index 0000000..c21af81 --- /dev/null +++ b/roles/individual-apps/vars/main.yml @@ -0,0 +1,3 @@ +--- +# vars file for individual-apps +ysoserial_jar: "https://github.com/frohoff/ysoserial/releases/latest/download/ysoserial-all.jar" diff --git a/roles/package-mgmt/README.md b/roles/package-mgmt/README.md new file mode 100644 index 0000000..01452d7 --- /dev/null +++ b/roles/package-mgmt/README.md @@ -0,0 +1,9 @@ +Package Mgmt +========= + +This role will handle any OS-level patching and package installs, including the installation of keys for repositories and such. This role typically takes a while to run because I always make sure I am patched and up to date before doing anything, and then of course the individual packages just take a while to install. + +Role Variables +-------------- + +I have added the URLs to the specific keys I am using to install the repositories for things like Docker and Sublime Text. diff --git a/roles/package-mgmt/defaults/main.yml b/roles/package-mgmt/defaults/main.yml new file mode 100644 index 0000000..57adef2 --- /dev/null +++ b/roles/package-mgmt/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for package-mgmt diff --git a/roles/package-mgmt/handlers/main.yml b/roles/package-mgmt/handlers/main.yml new file mode 100644 index 0000000..ef24490 --- /dev/null +++ b/roles/package-mgmt/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for package-mgmt diff --git a/roles/package-mgmt/meta/main.yml b/roles/package-mgmt/meta/main.yml new file mode 100644 index 0000000..c572acc --- /dev/null +++ b/roles/package-mgmt/meta/main.yml @@ -0,0 +1,52 @@ +galaxy_info: + author: your name + description: your role description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Choose a valid license ID from https://spdx.org - some suggested licenses: + # - BSD-3-Clause (default) + # - MIT + # - GPL-2.0-or-later + # - GPL-3.0-only + # - Apache-2.0 + # - CC-BY-4.0 + license: license (GPL-2.0-or-later, MIT, etc) + + min_ansible_version: 2.1 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. diff --git a/roles/package-mgmt/tasks/main.yml b/roles/package-mgmt/tasks/main.yml new file mode 100644 index 0000000..ca5381e --- /dev/null +++ b/roles/package-mgmt/tasks/main.yml @@ -0,0 +1,79 @@ +--- +# tasks file for package-mgmt +- name: Add Docker repo key + ansible.builtin.shell: curl -fsSL {{ docker_repo_key }} | gpg --dearmor --batch --yes -o /etc/apt/trusted.gpg.d/docker-ce-keyring.gpg + +- name: Add Docker repo + ansible.builtin.apt_repository: + repo: "{{ docker_repo }}" + state: present + +- name: Add Sublime Text repo key + ansible.builtin.shell: curl -fsSL {{ sublime_repo_key }} | gpg --dearmor --batch --yes -o /etc/apt/trusted.gpg.d/sublime-text-keyring.gpg + +- name: Add Sublime Text repo + ansible.builtin.apt_repository: + repo: "{{ sublime_repo }}" + state: present + +- name: Ensuring all packages are up to date + ansible.builtin.apt: + update_cache: yes + upgrade: dist + +- name: Installing one-off packages from package manager + ansible.builtin.package: + name: + - bloodhound + - build-essential + - bytecode-viewer + - clang + - cmake + - crackmapexec + - curl + - default-jdk + - default-jre + - docker + - docker-compose + - eog + - feroxbuster + - flex + - forensics-extra + - gawk + - gdb + - gdbserver + - ghidra + - git + - gobuster + - golang-go + - jq + - jxplorer + - libffi-dev + - liblzma-dev + - libssl-dev + - libxml2-dev + - ltrace + - ncat + - neo4j + - ntpdate + - mingw-w64 + - patch + - powershell + - python3 + - python3-dev + - python3-pip + - p7zip-full + - remmina + - rlwrap + - samba + - seclists + - steghide + - strace + - sublime-text + - terminator + - tmux + - xclip + - xfce4-terminal + - zaproxy + - zlib1g-dev + state: latest diff --git a/roles/package-mgmt/tests/inventory b/roles/package-mgmt/tests/inventory new file mode 100644 index 0000000..878877b --- /dev/null +++ b/roles/package-mgmt/tests/inventory @@ -0,0 +1,2 @@ +localhost + diff --git a/roles/package-mgmt/tests/test.yml b/roles/package-mgmt/tests/test.yml new file mode 100644 index 0000000..929b029 --- /dev/null +++ b/roles/package-mgmt/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - package-mgmt diff --git a/roles/package-mgmt/vars/main.yml b/roles/package-mgmt/vars/main.yml new file mode 100644 index 0000000..8bb393e --- /dev/null +++ b/roles/package-mgmt/vars/main.yml @@ -0,0 +1,6 @@ +--- +# vars file for package-mgmt +docker_repo_key: "https://download.docker.com/linux/debian/gpg" +docker_repo: "deb [arch=amd64] https://download.docker.com/linux/debian bullseye stable" +sublime_repo_key: "https://download.sublimetext.com/sublimehq-pub.gpg" +sublime_repo: "deb https://download.sublimetext.com/ apt/stable/" |