Refactor to support kasm

.github/workflows/publish.yaml

@@ -0,0 +1,148 @@
+name: Build
+
+on:
+  release:
+    types: [published]
+  push:
+    branches:    
+      - 'main'
+    paths-ignore:
+      - '**.md'
+      - 'docs/**'
+  pull_request:
+    branches:
+      - 'main'
+    paths-ignore:
+      - '**.md'
+      - 'docs/**'
+  workflow_dispatch:
+
+env:
+  REGISTRY: ghcr.io
+
+jobs:
+  openvpn:
+    runs-on: ubuntu-22.04
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/double16/openvpn
+        env:
+          DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: openvpn
+        uses: docker/build-push-action@v6
+        with:
+          context: attackhost
+          file: attackhost/Dockerfile.openvpn
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          annotations: ${{ steps.meta.outputs.annotations }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+  kasm-kali:
+    runs-on: ubuntu-22.04
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/double16/kasm-kali
+        env:
+          DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: kasm-kali
+        uses: docker/build-push-action@v6
+        with:
+          context: attackhost
+          file: attackhost/Dockerfile.kasm-kali
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          annotations: ${{ steps.meta.outputs.annotations }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+  kasm-parrot:
+    runs-on: ubuntu-22.04
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/double16/kasm-parrot
+        env:
+          DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: kasm-parrot
+        uses: docker/build-push-action@v6
+        with:
+          context: attackhost
+          file: attackhost/Dockerfile.kasm-parrot
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          annotations: ${{ steps.meta.outputs.annotations }}
+          labels: ${{ steps.meta.outputs.labels }}

.gitignore

@@ -4,3 +4,4 @@
 *.asc
 .DS_Store
 clipboard.txt
+.hosts.ini

attackhost/Dockerfile.kasm-kali

@@ -0,0 +1,22 @@
+FROM kasmweb/kali-rolling-desktop:1.16.0-rolling-weekly
+USER root
+
+ENV HOME /home/kasm-default-profile
+ENV STARTUPDIR /dockerstartup
+ENV INST_SCRIPTS $STARTUPDIR/install
+WORKDIR $HOME
+
+######### Customize Container Here ###########
+
+
+
+######### End Customizations ###########
+
+RUN chown 1000:0 $HOME
+RUN $STARTUPDIR/set_user_permission.sh $HOME
+
+ENV HOME /home/kasm-user
+WORKDIR $HOME
+RUN mkdir -p $HOME && chown -R 1000:0 $HOME
+
+USER 1000

attackhost/Dockerfile.kasm-parrot

@@ -0,0 +1,22 @@
+FROM kasmweb/parrotos-6-desktop:1.16.0-rolling-weekly
+USER root
+
+ENV HOME /home/kasm-default-profile
+ENV STARTUPDIR /dockerstartup
+ENV INST_SCRIPTS $STARTUPDIR/install
+WORKDIR $HOME
+
+######### Customize Container Here ###########
+
+
+
+######### End Customizations ###########
+
+RUN chown 1000:0 $HOME
+RUN $STARTUPDIR/set_user_permission.sh $HOME
+
+ENV HOME /home/kasm-user
+WORKDIR $HOME
+RUN mkdir -p $HOME && chown -R 1000:0 $HOME
+
+USER 1000

attackhost/Dockerfile.openvpn

@@ -0,0 +1,21 @@
+FROM debian:latest
+
+RUN apt update && \
+    apt install -y \
+    iptables \
+    openvpn && \
+    apt clean
+
+# add local files
+COPY /openvpn /
+
+VOLUME [ "/config" ]
+ENTRYPOINT [ "/entrypoint.sh" ]
+
+#
+# Usage:
+#
+# docker network create --driver=bridge --opt icc=true --subnet=172.20.0.0/16 vpn-1
+# docker run -d --cap-add NET_ADMIN --name openvpn-1 --net vpn-1 --ip 172.20.0.2 \
+#   -e VPN_CONFIG=kasm.ovpn -v $(pwd):/config --restart unless-stopped openvpn-client
+#

kali/Vagrantfile → attackhost/Vagrantfile

@@ -25,28 +25,28 @@ Vagrant.configure("2") do |config|
 
   config.vm.provision "shell", name: "config", privileged: true, inline: <<-SCRIPT
     ln -sf /usr/share/zoneinfo/US/Central /etc/localtime
-    cp -u /vagrant/host_arch.sh /vagrant/reg_user.sh /usr/local/bin
+    cp -u /vagrant/provisioners/host_arch.sh /vagrant/provisioners/reg_user.sh /usr/local/bin
   SCRIPT
 
   config.vm.provision "shell", name: "profile", privileged: true, env: { 'DEBIAN_FRONTEND': 'noninteractive'}, inline: <<-SCRIPT
-    cp -u /vagrant/container/kali/{llm-functions,local-bin}.sh /etc/profile.d/
+    cp -u /vagrant/provisioners/llm-functions.sh /vagrant/provisioners/local-bin.sh /etc/profile.d/
   SCRIPT
 
-  config.vm.provision "shell", name: "packages", path: "packages.sh", privileged: true
+  config.vm.provision "shell", name: "packages", path: "provisioners/packages.sh", privileged: true
   config.vm.provision "shell", name: "google-chrome",
-                      path: "google-chrome-install.sh",
+                      path: "provisioners/google-chrome-install.sh",
                       privileged: true,
                       run: host_arch == 'amd64' ? "once" : "never"
-  config.vm.provision "shell", name: "docker", path: "docker-install.sh", privileged: true, run: "never"
-  config.vm.provision "shell", name: "repos", path: "repos.sh", privileged: false
-  config.vm.provision "shell", name: "pia", path: "pia-install.sh", privileged: false
-  config.vm.provision "shell", name: "obsidian", path: "obsidian-install.sh", privileged: false
-  config.vm.provision "shell", name: "caido", path: "caido-install.sh", privileged: false
-  config.vm.provision "shell", name: "zap", path: "zap-install.sh", privileged: false
-  config.vm.provision "shell", name: "autologin", path: "autologin.sh", privileged: true
-  config.vm.provision "shell", name: "lockscreen", path: "lockscreen-disable.sh", privileged: false
+  config.vm.provision "shell", name: "docker", path: "provisioners/docker-install.sh", privileged: true, run: "never"
+  config.vm.provision "shell", name: "repos", path: "provisioners/repos.sh", privileged: false
+  config.vm.provision "shell", name: "pia", path: "provisioners/pia-install.sh", privileged: false
+  config.vm.provision "shell", name: "obsidian", path: "provisioners/obsidian-install.sh", privileged: false
+  config.vm.provision "shell", name: "caido", path: "provisioners/caido-install.sh", privileged: false
+  config.vm.provision "shell", name: "zap", path: "provisioners/zap-install.sh", privileged: false
+  config.vm.provision "shell", name: "autologin", path: "provisioners/autologin.sh", privileged: true
+  config.vm.provision "shell", name: "lockscreen", path: "provisioners/lockscreen-disable.sh", privileged: false
   config.vm.provision "shell", name: "dropbox",
-                      path: "dropbox-install.sh",
+                      path: "provisioners/dropbox-install.sh",
                       privileged: false,
                       run: "never"
 

attackhost/build-oci.sh

@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+
+docker build -f Dockerfile.openvpn -t ghcr.io/double16/openvpn:latest .
+docker build -f Dockerfile.kasm-kali -t ghcr.io/double16/kasm-kali:1.16.0-rolling-weekly .
+docker build -f Dockerfile.kasm-parrot -t ghcr.io/double16/kasm-parrot:1.16.0-rolling-weekly .

attackhost/hosts.ini

@@ -0,0 +1,2 @@
+# [ubuntu_server]
+# 192.168.1.100 ansible_user=your_username ansible_ssh_private_key_file=~/.ssh/id_rsa

attackhost/kasm.yml

@@ -0,0 +1,13 @@
+---
+- name: KASM Workspaces
+  hosts: kasm_server
+  become: yes
+  vars_files:
+    - vars/kasm.yml
+
+  tasks:
+#   - include_tasks: tasks/install_docker.yml
+#   - include_tasks: tasks/vpn_containers.yml
+#   - include_tasks: tasks/install_kasm.yml
+   - include_tasks: tasks/repos.yml
+   - include_tasks: tasks/wordlists.yml

attackhost/openvpn/entrypoint.sh

@@ -0,0 +1,13 @@
+#!/usr/bin/env sh
+
+# create tun device
+if [ ! -c /dev/net/tun ]; then
+  mkdir -p /dev/net
+  mknod /dev/net/tun c 10 200
+fi
+
+# Enable devices MASQUERADE mode
+iptables -t nat -A POSTROUTING -o tun+ -j MASQUERADE
+
+# start vpn client
+openvpn --config /config/${VPN_CONFIG}

attackhost/provisioners/htbacademy-compose.yml

@@ -0,0 +1,28 @@
+volumes:
+  config:
+
+networks:
+  htbacademy:
+    driver: bridge
+    driver_opts:
+      icc: "true"
+    ipam:
+      config:
+        - subnet: 172.22.0.0/16
+
+services:
+  vpn:
+    image: ghcr.io/double16/openvpn:latest
+    restart: no
+    cap_add:
+      - NET_ADMIN
+    networks:
+      htbacademy:
+        ipv4_address: 172.22.0.2
+    dns:
+      - 8.8.8.8
+      - 8.8.4.4
+    environment:
+      VPN_CONFIG: config.ovpn
+    volumes:
+      - config:/config

attackhost/provisioners/htblab-compose.yml

@@ -0,0 +1,28 @@
+volumes:
+  config:
+
+networks:
+  htblab:
+    driver: bridge
+    driver_opts:
+      icc: "true"
+    ipam:
+      config:
+        - subnet: 172.21.0.0/16
+
+services:
+  vpn:
+    image: ghcr.io/double16/openvpn:latest
+    restart: no
+    cap_add:
+      - NET_ADMIN
+    networks:
+      htblab:
+        ipv4_address: 172.21.0.2
+    dns:
+      - 8.8.8.8
+      - 8.8.4.4
+    environment:
+      VPN_CONFIG: config.ovpn
+    volumes:
+      - config:/config