Tools/SSL-Sniffer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial Commit

Browse Source
This commit is contained in:
CnF-Gris 2025-06-23 16:42:16 +02:00
commit cc7f8bcba8
16 changed files with 341 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
.devcontainer/devcontainer.json Normal file
View File

@ -0,0 +1,35 @@
{
// Displayed name
"name": "Vulnbox",
// Service name from compose file
"service": "vulnbox",
// Compose-File
"dockerComposeFile": ["../compose.yaml"],
// Customization
"customizations": {
"vscode": {
"extensions": [
"william-voyek.vscode-nginx",
"fabiospampinato.vscode-highlight",
"fabiospampinato.vscode-todo-plus"
]
}
},
// The WorkspaceFolder inside container
"workspaceFolder": "/etc/nginx",
// Env in container
"containerEnv": {
}
}

4
.gitignore vendored Normal file
View File

@ -0,0 +1,4 @@
config/*/*
private/**
!**/*.gitkeep
!**/*.example

34
compose.yaml Normal file
View File

@ -0,0 +1,34 @@
services:
vulnbox:
privileged: true
env_file:
- ./config/vulnbox/.env
build:
context: ./vulnbox
dockerfile: DOCKERFILE
volumes:
- ./vulnbox/nginx:/etc/nginx/
- ./private/:/services-keys
ports:
- 8080:80
- 3000:3000
- 3443:3443
- 0.0.0.0:22:22
networks:
- test-net
entrypoint: entry.sh
express-tls:
build:
context: ./services/ExpressTLS
dockerfile: DOCKERFILE
volumes:
- ./private/ExpressTLS:/workspace/keys
networks:
- test-net
ports:
- 0.0.0.0:8443:8443
networks:
test-net:

1
config/vulnbox/.env.example Normal file
View File

@ -0,0 +1 @@
VULNBOX_PASSWORD = BEST_PASSWORD

0
config/vulnbox/.gitkeep Normal file
View File

0
private/.gitkeep Normal file
View File

0
services/.gitkeep Normal file
View File

30
vulnbox/DOCKERFILE Normal file
View File

@ -0,0 +1,30 @@
FROM alpine
ENV PATH "$PATH:/docker-bin"
RUN apk update && apk upgrade
RUN apk add nginx openssh openrc \
nano openssl git nginx-mod-stream \
nginx-mod-http-headers-more \
tcpdump
# NGINX
RUN adduser -D -g 'www' www
RUN mkdir /www
RUN chown -R www:www /var/lib/nginx
RUN chown -R www:www /www
RUN cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.orig
# SSHD
RUN rc-update add sshd
RUN touch /run/openrc/softlevel
COPY ./ssh/sshd_config /etc/ssh/sshd_config
WORKDIR /docker-bin
COPY ./helper-scripts /docker-bin
RUN chmod +x /docker-bin/*

9
vulnbox/helper-scripts/entry.sh Normal file
View File

@ -0,0 +1,9 @@
#!/bin/sh
echo "root:${VULNBOX_PASSWORD}" | chpasswd
rc-service sshd start
rc-service nginx start
# This is needed, otherwise
# the machine will close
sleep infinity

0
vulnbox/nginx/http/.gitkeep Normal file
View File

23
vulnbox/nginx/http/prova.conf Normal file
View File

@ -0,0 +1,23 @@
server {
listen *:3443 ssl;
ssl_certificate /services-keys/ExpressTLS/cert.pem;
ssl_certificate_key /services-keys/ExpressTLS/key.pem;
ssl_protocols TLSv1.3;
location / {
proxy_pass http://localhost:3080/;
}
}
server {
listen 127.0.0.1:3080;
location / {
proxy_pass https://express-tls:8443/;
}
}

49
vulnbox/nginx/nginx.conf Normal file
View File

@ -0,0 +1,49 @@
user nginx;
# Set number of worker processes automatically based on number of CPU cores.
worker_processes auto;
# Load ngx_stream_module
load_module /usr/lib/nginx/modules/ngx_stream_module.so;
load_module /usr/lib/nginx/modules/ngx_http_headers_more_filter_module.so;
# Enables the use of JIT for regular expressions to speed-up their processing.
pcre_jit on;
events {
# The maximum number of simultaneous connections that can be opened by
# a worker process.
worker_connections 1024;
}
http {
more_clear_headers Server;
# Helper variable for proxying websockets.
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
# Specifies the main log format.
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
# Includes virtual hosts configs.
include /etc/nginx/http/*.conf;
}
stream {
include /etc/nginx/stream*.conf;
}

0
vulnbox/nginx/quic/.gitkeep Normal file
View File

0
vulnbox/nginx/stream/.gitkeep Normal file
View File

33
vulnbox/nginx/stream/ssl-termination.conf Normal file
View File

@ -0,0 +1,33 @@
upstream backend_ssl_ter {
server localhost:3080;
}
upstream backend {
server https://express-tls:8443;
}
server {
listen 3443 ssl;
more_clear_headers Server;
proxy_pass backend_ssl_ter;
ssl_certificate /services-keys/ExpressTLS/cert.pem;
ssl_certificate_key /services-keys/ExpressTLS/key.pem;
ssl_protocols TLSv1.3;
}
server {
more_clear_headers Server;
listen 3080;
proxy_pass backend;
}

123
vulnbox/ssh/sshd_config Normal file
View File

@ -0,0 +1,123 @@
# $OpenBSD: sshd_config,v 1.105 2024/12/03 14:12:47 dtucker Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
# Include configuration snippets before processing this file to allow the
# snippets to override directives set in this file.
Include /etc/ssh/sshd_config.d/*.conf
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key
# Ciphers and keying
#RekeyLimit default none
# Logging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
#AuthorizedPrincipalsFile none
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to "no" here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
# Change to "no" to disable keyboard-interactive authentication. Depending on
# the system's configuration, this may involve passwords, challenge-response,
# one-time passwords or some combination of these and other methods.
#KbdInteractiveAuthentication yes
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the KbdInteractiveAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via KbdInteractiveAuthentication may bypass
# the setting of "PermitRootLogin prohibit-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and KbdInteractiveAuthentication to 'no'.
#UsePAM no
#AllowAgentForwarding yes
# Feel free to re-enable these if your use case requires them.
AllowTcpForwarding no
GatewayPorts no
X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# override default of no subsystems
Subsystem sftp internal-sftp
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server