For more information about this project have a look at my blog.
Infrastructure as Code: Setting up a web application penetration testing laboratory
- Terraform is installed and in the current $PATH
- You know your AWS access and secret keys. Official Documentation
- You created an AWS SSH Key. Official Documentation
- Create a variables.tf file.
- Copy example Content in Variables file. Enter your own access and secret key and change instance size preferences.
- Enter the name of your Aws EC2 SSH key name. If you are on windows you can also enter the path to the SSH key for a convenient putty command to directly connect to the instance.
- Execute
terraform init - Execute
terraform apply
variables.tf file:
variable "aws_access_key" { default = "D0NTPV5HCR3DST0G1THVB" } variable "aws_secret_key" { default = "D0NTPV5HCR3DST0G1THVB" } variable "aws_region" { default = "eu-central-1" } variable "ssh_key_path" { default = "C:/Users/...." } variable "instance_type" { default = "t2.large" } variable "ssh_key_name" { default = "terraform-key" } variable "ip_whitelist" { default = ["1.3.3.7/32"] } https://hub.docker.com/r/hmlio/vaas-cve-2014-6271/
https://hub.docker.com/r/hmlio/vaas-cve-2014-0160/
https://hub.docker.com/r/opendns/security-ninjas/
https://hub.docker.com/r/danmx/docker-owasp-webgoat/
https://github.com/owasp/nodegoat#option-3---run-nodegoat-on-docker
https://hub.docker.com/r/citizenstig/nowasp/