-
Notifications
You must be signed in to change notification settings - Fork 2
/
main.yml
469 lines (401 loc) · 15.3 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
---
- name: Install essential tools
hosts: localhost
tasks:
- name: Tune system swappiness
ansible.posix.sysctl:
name: vm.swappiness
value: '1'
state: present
sysctl_file: /etc/sysctl.d/99-swappiness.conf
sysctl_set: true
reload: true
- name: Perform a dist upgrade
ansible.builtin.apt:
update_cache: true
upgrade: full
- name: Install some recommended additional packages
ansible.builtin.apt:
pkg: "{{ system_packages }}"
state: present
- name: Install some pipx packages
community.general.pipx:
name: "{{ item }}"
with_items: "{{ pipx_packages }}"
become: true
become_user: "{{ local_username }}"
- name: Create seclists symlink
block:
- name: Gather the package facts
ansible.builtin.package_facts:
manager: auto
no_log: true
- name: Print the package facts
ansible.builtin.debug:
var: ansible_facts.packages
no_log: true
- name: Create symlink to seclists from wordlists dir
ansible.builtin.file:
src: /usr/share/seclists
dest: /usr/share/wordlists/seclists
state: link
when: "'seclists' in ansible_facts.packages"
- name: Setup anonymous browsing capability
block:
- name: Install tor and proxychains
ansible.builtin.apt:
pkg:
- tor
- proxychains4
- name: Copy torrc file
ansible.builtin.copy:
src: etc/tor/torrc
dest: /etc/tor/torrc
owner: root
group: root
mode: '0644'
backup: true
- name: Ensure tor service runs on system startup
ansible.builtin.systemd:
name: tor
state: started
enabled: true
- name: Copy proxychains4 config file
ansible.builtin.copy:
src: etc/proxychains4.conf
dest: /etc/proxychains4.conf
owner: root
group: root
mode: '0644'
backup: true
- name: Setup tmux
block:
- name: Install packages needed for tmux
ansible.builtin.apt:
pkg:
- tmux
- xsel
- name: Git clone tmux plugin repo
ansible.builtin.git:
repo: "{{ tmux_plugin_repo }}"
dest: "~{{ local_username }}/.tmux/plugins/tpm"
clone: true
version: master
become: true
become_user: "{{ local_username }}"
- name: Copy sample .tmux.conf file to the user's homedir
ansible.builtin.copy:
src: home/user/.tmux.conf
dest: "~{{ local_username }}/.tmux.conf"
mode: '0644'
become: true
become_user: "{{ local_username }}"
- name: Install all required tmux plugins
ansible.builtin.shell: "~{{local_username}}/.tmux/plugins/tpm/scripts/install_plugins.sh"
become: true
become_user: "{{ local_username }}"
- name: Setup custom fonts
become: true
become_user: "{{ local_username }}"
block:
- name: Create local fonts directory
ansible.builtin.file:
path: "~{{ local_username }}/.local/share/fonts"
mode: '0755'
state: directory
- name: Download nerd fonts to local fonts folder
ansible.builtin.get_url:
url: "{{ item }}"
dest: "~{{ local_username }}/.local/share/fonts/"
mode: '0644'
with_items: "{{ nerd_fonts }}"
- name: Refresh fonts cache
ansible.builtin.shell: "fc-cache -fv"
- name: "Enable passwordless sudo for user {{ local_username }}"
ansible.builtin.user:
name: "{{ local_username }}"
groups: kali-trusted
append: true
- name: Clone some git repositories
block:
- name: Create base dir for privesc scripts
ansible.builtin.file:
path: /opt/privesc-scripts
state: directory
mode: '0775'
- name: Create symlink from /usr/share
ansible.builtin.file:
src: /opt/privesc-scripts
dest: /usr/share/privesc-scripts
state: link
- name: Git clone PEASS-ng
ansible.builtin.git:
repo: 'https://github.com/carlospolop/PEASS-ng.git'
dest: /opt/privesc-scripts/PEASS-ng
clone: true
version: master
- name: Git clone LinEnum
ansible.builtin.git:
repo: 'https://github.com/rebootuser/LinEnum.git'
dest: /opt/privesc-scripts/LinEnum
clone: true
version: master
- name: Git clone linux-smart-enumeration
ansible.builtin.git:
repo: 'https://github.com/diego-treitos/linux-smart-enumeration'
dest: /opt/privesc-scripts/linux-smart-enumeration
clone: true
version: master
- name: Git clone linux-exploit-suggester
ansible.builtin.git:
repo: 'https://github.com/The-Z-Labs/linux-exploit-suggester.git'
dest: /opt/privesc-scripts/linux-exploit-suggester
clone: true
version: master
- name: Git clone GitTools
ansible.builtin.git:
repo: 'https://github.com/internetwache/GitTools.git'
dest: /opt/GitTools
clone: true
version: master
- name: Git clone zphisher # An automated phishing tool with 30+ templates
ansible.builtin.git:
repo: 'https://github.com/htr-tech/zphisher.git'
dest: /opt/zphisher
clone: true
version: master
depth: 1
- name: Git clone vulhub # Pre-Built Vulnerable Environments Based on Docker-Compose
ansible.builtin.git:
repo: 'https://github.com/vulhub/vulhub.git'
dest: /opt/vulhub
clone: true
version: master
- name: Git clone WEF (Wi-Fi Exploitation Framework)
ansible.builtin.git:
repo: 'https://github.com/D3Ext/WEF.git'
dest: /opt/WEF
clone: true
version: main
- name: Setup some CTF style vulnerable docker images and packages
when: setup_vuln_docker_images
block:
- name: Install docker packages
ansible.builtin.apt:
pkg:
- docker.io
- python3-docker
- name: Make local user able to run docker commands
ansible.builtin.user:
name: "{{ local_username }}"
append: true
groups:
- docker
- name: Pull some vulnerable docker images
community.docker.docker_image:
name: "{{ item }}"
source: pull
loop:
- webgoat/webgoat # docker run --rm -it -p 127.0.0.1:8080:8080 -p 127.0.0.1:9090:9090 -e TZ=UTC --name webgoat webgoat/webgoat
- bkimminich/juice-shop # docker run --rm -d -p 3000:3000 --name juice-shop bkimminich/juice-shop
- name: Install DVWA package
ansible.builtin.apt:
pkg:
- dvwa
# start the service using `sudo systemctl start dvwa`
# navigate to http://localhost:42001
# default creds are admin/password
# Security Level can be changed in /etc/dvwa/config/config.inc.php
- name: Install projectdiscovery.io OSS tools
become: true
become_user: "{{ local_username }}"
block:
- name: Create projectdiscovery temporary directory for extraction
ansible.builtin.file:
path: /tmp/projectdiscovery
state: directory
- name: Get latest release information for pdtm
ansible.builtin.uri:
url: "{{ projectdiscovery_tool_manager_url }}"
return_content: true
register: pdtm_latest_release
- name: Extract pdtm version from the latest release URL
ansible.builtin.set_fact:
pdtm_version: "{{ pdtm_latest_release.json.tag_name | regex_replace('^v', '') }}"
- name: Extract download URL for pdtm
ansible.builtin.set_fact:
pdtm_download_url: "{{ pdtm_latest_release.json.assets | selectattr('name', 'match', '^pdtm_' ~ pdtm_version ~ '_linux_amd64.zip$') | map(attribute='browser_download_url') | first }}"
- name: Download pdtm file
ansible.builtin.get_url:
url: "{{ pdtm_download_url }}"
mode: '0644'
dest: "/tmp/projectdiscovery/pdtm_{{ pdtm_version }}_linux_amd64.zip"
- name: Unzip pdtm file
ansible.builtin.unarchive:
src: "/tmp/projectdiscovery/pdtm_{{ pdtm_version }}_linux_amd64.zip"
dest: /tmp/projectdiscovery
remote_src: true
- name: Execute pdtm file
ansible.builtin.shell:
cmd: "/tmp/projectdiscovery/pdtm -i pdtm" # this will set PATH to ~/.pdtm/go/bin in ~/.zshrc and also install pdtm in ~/.pdtm/go/bin
creates: "~{{ local_username }}/.pdtm/go/bin/pdtm"
- name: Remove projectdiscovery.io temporary download directory
ansible.builtin.file:
path: /tmp/projectdiscovery
state: absent
- name: Install all other projectdiscovery.io tools
ansible.builtin.shell:
cmd: "~{{ local_username }}/.pdtm/go/bin/pdtm -i {{ item }}"
creates: "~{{ local_username }}/.pdtm/go/bin/{{item}}"
with_items: "{{ projectdiscovery_tools }}"
- name: Update all projectdiscovery.io tools
ansible.builtin.shell:
cmd: "~{{ local_username }}/.pdtm/go/bin/pdtm -update-all"
- name: Setup some essential paths
become: true
become_user: "{{ local_username }}"
block:
- name: Set bin path for rust/cargo, pipx, and golang
ansible.builtin.blockinfile:
path: "~{{ local_username }}/.zshrc"
marker: "# {mark} ANSIBLE MANAGED BLOCK - bin paths"
block: |
# rust binaries installed using cargo
export PATH="$PATH:/home/{{ local_username }}/.cargo/bin"
# golang binaries
export PATH="$PATH:/home/{{ local_username }}/go/bin"
# pipx binaries
export PATH="$PATH:/home/{{ local_username }}/.local/bin"
create: false
- name: Generate ssh keys
become: true
become_user: "{{ local_username }}"
block:
- name: Ensure .ssh directory exists
ansible.builtin.file:
path: "~{{ local_username }}/.ssh"
state: directory
mode: '0700'
- name: Generate SSH key pair
community.crypto.openssh_keypair:
state: present
type: rsa
size: 4096
path: "~{{ local_username }}/.ssh/id_rsa"
- name: Setup custom shell aliases and functions
become: true
become_user: "{{ local_username }}"
block:
- name: Copy sample .shell_aliases and .shell_functions files
ansible.builtin.copy:
src: "{{ item }}"
dest: "~{{ local_username }}/{{ item | basename }}"
mode: '0644'
with_items:
- home/user/.shell_aliases
- home/user/.shell_functions
- home/user/.shell_variables
- name: Include .shell_aliases, .shell_functions and .shell_variables files in .zshrc
ansible.builtin.blockinfile:
path: "~{{ local_username }}/.zshrc"
marker: "# {mark} ANSIBLE MANAGED BLOCK - extra shell functions and aliases"
block: |
[[ -f ~/.shell_aliases ]] && source ~/.shell_aliases
[[ -f ~/.shell_functions ]] && source ~/.shell_functions
[[ -f ~/.shell_variables ]] && source ~/.shell_variables
create: false
- name: Install VSCodium and some plugins
block:
- name: Add VSCodium apt key
ansible.builtin.apt_key:
url: "{{ vscodium.apt_key_url }}"
keyring: "{{ vscodium.apt_key_keyring }}"
- name: Add VSCodium repo
ansible.builtin.apt_repository:
repo: "{{ vscodium.repo }}"
state: present
filename: "{{ vscodium.repo_filename }}"
- name: Install the lastest version of VSCodium
ansible.builtin.apt:
name: "{{ vscodium.package }}"
- name: Install some VSCodium extensions
ansible.builtin.command: "codium --install-extension {{ item }}"
with_items: "{{ vscodium.extensions }}"
become: true
become_user: "{{ local_username }}"
- name: build and install rust binaries using cargo
community.general.cargo:
name: "{{ item }}"
locked: true
state: latest
with_items: "{{ cargo_packages }}"
become: true
become_user: "{{ local_username }}"
- name: build and install golang binaries
ansible.builtin.command: "go install {{ item }}"
with_items: "{{ golang_tools }}"
become: true
become_user: "{{ local_username }}"
- name: Set system time to UTC
community.general.timezone:
name: Etc/UTC
- name: Get an offline copy of all tldr pages
ansible.builtin.shell: |
/bin/zsh -i -c 'tldr --update'
become: true
become_user: "{{ local_username }}"
- name: Setup alacritty
block:
- name: Create alacritty config directory
ansible.builtin.file:
path: "~{{ local_username }}/.config/alacritty"
state: directory
mode: '0755'
owner: "{{ local_username }}"
group: "{{ local_username }}"
- name: Clone alacritty themes git repo
ansible.builtin.git:
repo: "{{ alacritty_themes_repo }}"
dest: "~{{ local_username }}/.config/alacritty/themes"
clone: true
- name: Copy sample alacritty config file
ansible.builtin.copy:
src: home/user/.config/alacritty/alacritty.toml
dest: "~{{ local_username }}/.config/alacritty/alacritty.toml"
mode: '0644'
become: true
become_user: "{{ local_username }}"
- block:
- name: Clone lazyvim starter git repo
ansible.builtin.git:
repo: "{{ lazyvim_starter_url }}"
dest: "~{{ local_username }}/.config/nvim"
become: true
become_user: "{{ local_username }}"
- name: Initialize zoxide in zsh shell
ansible.builtin.lineinfile:
path: "~{{ local_username }}/.zshrc"
line: "{{ item }}"
with_items:
- ""
- "# initialize zoxide"
- eval "$(zoxide init zsh)"
- name: Initialize fzf in zsh shell
ansible.builtin.lineinfile:
path: "~{{ local_username }}/.zshrc"
line: "{{ item }}"
with_items:
- ""
- "# Set up fzf key bindings and fuzzy completion"
- source <(fzf --zsh)
- name: Final cleanup
block:
- name: Remove problematic packages
ansible.builtin.apt:
pkg: "{{ problematic_packages }}"
state: absent
purge: true
- name: Cleanup apt packages and repodata
ansible.builtin.apt:
autoremove: true
autoclean: true