Home

Awesome

<p align="center"> <img src="https://i.postimg.cc/Dyfz8Q1p/Redcloud-Logo.png" width="540" title="Redcloud menu"> </p> <h4 align="center"> <i>Weather report. Cloudy with a chance of shells!</i> <br> <br> </h4>

Early release. Follow me on Twitter to stay updated on Redcloud's development.
:information_desk_person::cloud::shell::seedling:


Quick Start - Architecture - Use-cases - Screenshots


Introduction

Redcloud is a powerful and user-friendly toolbox for deploying a fully featured Red Team Infrastructure using Docker. Harness the cloud's speed for your tools. Deploys in minutes. Use and manage it with its polished web interface.

Ideal for your penetration tests, shooting ranges, red teaming and bug bounties!

Self-host your attack infrastructure painlessly, deploy your very own live, scalable and resilient offensive infrastructure in a matter of minutes.

<h4 align="center"> <b>Demo</b> <br> <br> </h4> <p align="center"> <img src="https://i.imgur.com/oply6oR.gif" width="540" title="Redcloud menu"> </p>

The following demo showcases deployment of Redcloud through ssh, followed by Metasploit. We then look at Traefik and a live volume attached to Metasploit. Finally, we check that Metasploit's DB is functional with the web terminal, delete the container, and terminate Redcloud.


Features


Quick Start

Setup:

# If deploying using ssh
> cat ~/.ssh/id_rsa.pub | ssh root@your-deploy-target-ip 'cat >> .ssh/authorized_keys'

# If deploying using docker-machine, and using a machine named "default"
> eval (docker-machine env default)

# Check your Python version
# Use python3 if default python version is 2.x
> python --version

Deploy:

> git clone https://github.com/khast3x/redcloud.git
> cd redcloud
> python redcloud.py

Redcloud uses PyYAML to print the list of available templates. It's installed by default on most systems.
If not, simply run:

# Use pip3 if default python version is 2.x
> pip install -r requirements.txt

Redcloud has 3 different deployment methods:

  1. Locally
  2. Remotely, using ssh. Requires having your public key in your target's authorized_keys file.
  3. Remotely, using docker-machine. Run the eval (docker-machine env deploy_target) line to preload your env with your docker-machine, and run redcloud.py. Redcloud should automatically detect your docker-machine, and highlight menu items relevant to a docker-machine deployment.

<h4 align="center"> <b>Templates</b> <br> <br> </h4> <p align="center"> <img src="https://i.imgur.com/8ndvrpq.png" width="540" title="Redcloud templates"> </p>

Briefly,

redcloud.py deploys a Portainer stack, preloaded with many tool templates for your offensive engagements, powered by Docker. Once deployed, control Redcloud with the web interface. Uses Traefik as reverse-proxy. Easy remote deploy to your target server using the system ssh or docker-machine.

Use the web UI to monitor, manage, and interact with each container. Use the snappy web terminal just as you would with yours. Create volumes, networks and port forwards using Portainer's simple UI.

Deploy and handle all your favorite tools and technics with the power of data-center-grade internet :rocket:


In the following section, we'll be going more in-depth inside Redcloud's design concepts. You can get started without having to dive inside though.



Details

Redcloud Architecture

Deployment workflow

Redcloud deployment workflow is as follows:

  1. Clone/Download Redcloud repository.
  2. Launch redcloud.py.
  3. Choose deployment candidate from the menu (local, ssh, docker-machine).
  4. redcloud.py automatically:
    • checks for docker & docker-compose on target machine.
    • installs docker & docker-compose if absent.
    • deploys the web stack on target using docker-compose.
  5. Once deployment is complete, redcloud.py will output the URL. Head over to https://your-deploy-machine-ip/portainer.
  6. Set username/password from the web interface.
  7. Select the endpoint (the only one on the list).
  8. Access the templates using the "App Templates" menu item on the left :rocket:

App Template deployment is as follows:

  1. Choose template.
  2. If you wish to add additional options, select "+ Show advanced options".
  3. Add port mapping, networking options, and volume mapping as you see fit.
  4. Select "Deploy the container".
  5. Portainer will launch the container. It may take a few minutes if it needs to fetch the image. If your server is in a data center, this step will be very fast.
  6. Container should be running :rocket:
  7. Portainer will redirect you to the "Containers" page. From there, you can:
    a. View live container logs.
    b. Inspect container details (docker inspect).
    c. View live container stats (memory/cpu/network/processes).
    d. Use a web shell to interact with your container.
    e. Depending on the App Template, use either bash or sh. Choose accordingly from the drop-down menu.
<p align="center"> <img src="https://i.imgur.com/2rdYzby.png" width="540" title="Redcloud menu"> </p>

Networks

Redcloud makes it easy to play around with networks and containers.
You can create additional networks with different drivers, and attach your containers as you see fit. Redcloud comes with 2 networks, redcloud_default and redcloud_inside.

Volumes

You can share data between containers by sharing volumes. Redcloud comes with 3 volumes:

Accessing containers from the terminal

If you wish to stay in your terminal to work with the deployed containers, its very easy using Docker. Keep these things in mind:

To start interacting with the desired deployed container:

> docker exec -it red_container-name /bin/bash
root@70a819ef0e87:/#

If you see the following message, it means bash is not installed. In that case simply replace /bin/bash with /bin/sh:

> docker exec -it red_container-name /bin/bash
OCI runtime exec failed: exec failed: container_linux.go:344: starting container process caused "exec: \"/bin/bash\": stat /bin/bash: no such file or directory": unknown

> docker exec -it red_container-name /bin/sh
#

To use docker attach, simply run:

> docker attach red_container-name

If using attach, the container needs to be started in interactive mode, so as to land in a interactive shell.

Accessing files

Point your browser to https://your-redcloud-ip/files.
Please refer to the files volume for more information.

SSL Certificates

Redcloud generates a new unsigned SSL certificate when deploying.
The certificate is generated by omgwtfssl, implementing most best practices. Once generated:

It will dump the certificates it generated into /certs by default and will also output them to stdout in a standard YAML form, making them easy to consume in Ansible or other tools that use YAML.

Certificates are stored in a shared docker volume called certs. Your containers can access this volume if you indicate it in "+ Advanced Settings" when deploying it. The Traefik reverse-proxy container fetches the certificates directly from its configuration file. If you wish to replace these certificates with your own, simply replace them on this volume.

It also means you can share the generated certificates into other containers, such Empire or Metasploit for your reverse callbacks, or for a phishing campaign. Most SSL related configurations can be found in traefik/traefik.toml or the docker-compose.yml file.

Stopping Redcloud

You can stop Redcloud directly from the menu.
Deployed App templates need to be stopped manually before stopping Redcloud. You can stop them using the Portainer web interface, or docker rm -f container-name.
If you wish to force the Portainer containers running Redcloud to stop, simply run docker-compose kill inside the redcloud/ folder. The local and docker-machine stop option is the same, thus they are combined in the same option.

Portainer App Templates

Redcloud uses Portainer to orchestrate and interface with the Docker engine. Portainer in itself is a fantastic project to manage Docker deployments remotely. Portainer also includes a very convenient template system, which is the major component for our Redcloud deployment.
Templates can be found in ./templates/templates.yml. Portainer fetches the template file from a dedicated container (templates).

Traefik reverse-proxy

Traefik is a wonderful "cloud-native edge router". It has replaced the previous NGINX reverse-proxy setup.
A Traefik image is built during deployment, using the Dockerfile located in traefik/Dockerfile. It adds a .htpasswd with admin:Redcloud credentials.

By default, deployment spawns the following routes:

Authentications are based of the .htaccess data.

From the Traefik api web interface, you can view your deployed routes, monitor health, as well as real time metrics. Its very neat.

You can add additional labels that tell Traefik where to route traffic, using either:

See the official documentation for more information.

api

<p align="center"> <img src="https://raw.githubusercontent.com/containous/traefik/master/docs/content/assets/img/traefik.icon.png" title="gopher"> </p>

Redcloud security considerations

Redcloud deploys with a self-signed https certificate, and proxies all interactions with the web console through it.
However, the default network exposes your containers' ports to the outside world.

You can:

Additionally:


Tested deployment candidates

Deploy TargetStatus
Ubuntu Bionic:heavy_check_mark:
Ubuntu Xenial:heavy_check_mark:
Debian Strech:heavy_check_mark:

Troubleshooting


Use-cases


Screenshots

<p align="center"> <img src="https://i.imgur.com/8ndvrpq.png" width="540" title="Redcloud templates"> </p> <p align="center"> <img src="https://i.imgur.com/QCR1yHp.png" width="540" title="Redcloud container"> </p> <p align="center"> <img src="https://i.imgur.com/wUcFHbh.png" width="540" title="Redcloud msf"> </p> <p align="center"> <img src="https://i.imgur.com/gWaeykt.png" width="540" title="Traefik api"> </p> <p align="center"> <img src="https://i.imgur.com/YGQBZlf.png" width="540" title="redcloud python"> </p>

Contribution guideline

Any help is appreciated. This is a side project, so it's probably missing a few bolts and screws. Above all:


Hosting Redcloud

You can host Redcloud on any Unix server that runs Docker.
Redcloud is intended to be used in a cloud environment, such as a simple VPS with ssh, or even an AWS EC2, GCP, etc...

A large range of cloud providers offer free credits to get familiar with their services. Many lists and tutorials cover getting free hosting credits from major vendors. This list is a good place to start.

Regarding deployment method, I personally prefer working with docker-machine as it becomes ridiculously easy to spawn new machines and manage them once you've got your cloud provider's driver setup. If you prefer using ssh, be sure to take a look at evilsocket's shellz project to manage your keys and profiles.


Inspirations & Shout-outs


Finally, if you wish to see your tool integrated, hit me up on Twitter. This project is maintained on my free time. Keep an eye out in the dev branch for upcoming features.
Redcloud was originally developed to make deploying training environments for infosec students easier.


If you wish to stay updated on this project:

twitter