khast3x / redcloud Goto Github PK

Hey, first of all, thanks for the great work on this project. I liked your menu so much that it inspired me to learn python over continuing to script with bash for internal tools at work. That being said, I'm curious if you'd be interested in switching from portainer to Yacht. The only think it's currently missing is the web terminal functionality. I also have built in theming and support templates in both JSON and YAML as well as docker-compose support (still early).

I have done a fair amount of work here:
https://github.com/SelfhostedPro/Redcloud

I wasn't able to get Yacht running on a sub-path though (ie. Portainer) but I also don't have much traefik experience.

Mounted config twice in master for NZBget.

Hi I run this command [1] Deploy redcloud on local machine

I take error:

ERROR: for traefik  Cannot start service traefik: driver failed programming external connectivity on endpoint traefik (74ad67dbcf6fb76e2cf7c2c5bfd07122a6fa26b67a456bebea57a9d8266df8d3): Error starting userland proxy: listen tcp 0.0.0.0:80: bind: address already in use

Help me!

redcloud.py, line 17 has this:
GET_IP = "curl -4 -s icanhazip.com"

This breaks for local installs, although works wonderfully for AWS or other cloud installs.

I tried to update with the following, but however this python script is parsing system commands it does not like pipes.
GET_IP = $(ip -4 addr show wlp0s20f3 | grep -oP '(?<=inet\s)\d+(\.\d+){3}')

It also seems that any place GET_IP is used is only a cmd call, so I can't override this by adding my local IP directly, without a lot of refactoring.

For now I've added a getlocalip script to my ~/bin folder containing ip -4 addr show wlp0s20f3 | grep -oP '(?<=inet\s)\d+(\.\d+){3}' and now line 17 reads as GET_IP = "getlocalip"

Installing docker
[~] This might take a few minutes... Hang in there!

• sh -c apt-get update -qq >/dev/null
• sh -c DEBIAN_FRONTEND=noninteractive apt-get install -y -qq apt-transport-https ca-certificates curl >/dev/null
• sh -c curl -fsSL "https://download.docker.com/linux/debian/gpg" | apt-key add -qq - >/dev/null
  Warning: apt-key output should not be parsed (stdout is not a terminal)
• sh -c echo "deb [arch=amd64] https://download.docker.com/linux/debian kali-rolling stable" > /etc/apt/sources.list.d/docker.list
• sh -c apt-get update -qq >/dev/null
  E: The repository 'https://download.docker.com/linux/debian kali-rolling Release' does not have a Release file.
  [!] Something went wrong with running command
  Command '['sh', 'get-docker.sh']' returned non-zero exit status 100.
  Traceback (most recent call last):
  File "redcloud.py", line 418, in
  menu_deploy_target()
  File "redcloud.py", line 368, in menu_deploy_target
  deploy_local()
  File "redcloud.py", line 156, in deploy_local
  install_docker()
  File "redcloud.py", line 119, in install_docker
  output += run_cmd_output(DOCKER_INSTALL2)
  TypeError: can only concatenate str (not "NoneType") to str

Hi,
I’ve installed RedCloud on a AWS infrastructure (Kali, with all traffic authorized), and then installed GoPhish from the template. However, I have not been able to add any rules in Traeffik to expose the ports remotely.
I’ve tried to modify the docker-compose file and I added some label to expose the 3333 GoPhish’s administration port from an URL with Traefik.
The problem is that when I tried to access to the URL https://my-aws-ip/gophish/ I have an error: “500 internal server error”.
When I install GoPhish on its own on the machine I can access to the GoPhish pages (https://my-aws-ip:3333) so it’s not an AWS rules problem. The listening URL for the GoPhish is 0.0.0.0:3333 in the configuration file.
Here is the lignes that I added in the docker-compose file:

gophish:
  image: matteoggl/gophish
  container_name: “gophish”
  networks: 
    - default
    - inside
  volumes:
    - /var/run/docker.sock:/var/run/docker.sock
    - certs:/certs
    - logs:/logs
  labels:
    - “traefik.frontend.rule=PathPrefixStrip:/gophish”
    - “traefik.port=3333”
    - “traefik.passHostHeader=true”
    - “traefik.docker.network=default”
    - “traefik.frontend.redirect.regex=^(.*)/gophish$$”
    - “traefik.frontend.redirect.replacement=$$1/gophish/”
    - “traefik.frontend.rule=PathPrefix:/gophish;ReplacePathRegex: ^/gophish/(.*) /$$1”

I’ve also modify the traefik.toml file:

[entryPoints]
  [entryPoints.http]
  address = “:80”
    [entryPoints.http.redirect]
    entryPoint = “https”
    rule = “Path:/portainer,/files/api,/gophish”

[…]

[gophish]
  entryPoint = “gophish”

Do you have any idea of what might cause this error?
Thank you for your time,
Aurélien

Hey again @khast3x,

When attempting to list the available templates, I met a ModuleNotFoundError. I then ran the command that was specified in the documentation, which did not work:

Fortunately, it was just that the file extension was missing! Works like a charm once the file extension is added to the command 👍🏽

The documentation should be updated, though

I'm on AWS using Ubuntu 18.04

I cannot Container connect...

I've stop/start/kill/restart container. I have removed and rebuilt.

Looking in the logs I see the below:

Traceback (most recent call last):
File "empire", line 13, in
from lib.common import empire, helpers
File "/opt/Empire/lib/common/empire.py", line 37, in
import stagers
File "/opt/Empire/lib/common/stagers.py", line 28, in
from ShellcodeRDI import *
File "/opt/Empire/lib/common/ShellcodeRDI.py", line 6, in
import pefile
ImportError: No module named pefile

Then I went into edit and changed the port from 5555 to 1234 and then from python 2.7 to python3

and I see this is the logs now:
File "empire", line 35
, print '[] Fresh start in docker, running reset.sh for you'
, ^
,SyntaxError: Missing parentheses in call to 'print'
, File "empire", line 35
, print '[] Fresh start in docker, running reset.sh for you'

I did some other ports and stuff, but no luck. please help! Thanks for this AWESOME project!

Hi,
I would like to set up a redcloud instance, but would love to have an optional flag to make the web ui listen to localhost only (connecting to it via ssh fowarding) to eliminate the need to expose unwanted ports. I know this can be set in the config, but it would be nifty to have an optional flag for that.

First off, thanks for a great project.

I'm working on Ansible playbooks to deploy Redcloud. Is there a way to deploy Redcloud on a remote machine without requiring user interaction? Not using the menu, but rather supplying all the configuration via a config file or arguments to redcloud.py.

My desired workflow is to non-interactively git clone the repository and run python redcloud.py/installing without a dialog.

Anyway, any suggestions would be great!

During installation on a remote host via ssh, docker-compose gets installed.
To determine the correct platform to download and install docker-compose, uname is called, but on the local system. If the architecture is different to the remote host's architecture, an incorrect binary version of docker-compose is installed.

Should be fixed with PR #16

When I deploy RedCloud on my local Ubuntu after the installation I'm getting an SSL_ERROR_INTERNAL_ERROR alert in my Firefox. The docker logs don't show anything interesting and peeking around in the traefik container also yields no fruit (I'm not familiar with traefik at all so there's a good chance that I'm missing something).

Even when I try my external IP with HTTPS it gives the same error

Hello all, I have been working on using RedCloud for a school project and I have run into a few issues. Some background information: I am using AWS EC2 as my cloud provider to host RedCloud. I am able to successfully install and run RedCloud in my environment with no errors. When I go to launch a container from the templates page is where I run into issues. Some templates work just fine and launch the appropriate container. Others will spin their wheels for a while and then an error message pops up that says the Image does not exist. Both the Kali vms seem to be doing this right now. Other times A container will successfully launch and when I go to launch a terminal it says that the container is restarting, despite the container status being displayed as running. I have checked docker hub, and both of the images the kali vms are missing do not seem to exist on there. I'm not sure if it is something I am doing, or a bug within the current version. Please let me know!

I also have an additional question about the dvwa container. Dvwa is one of the containers that seems to work properly, however I am unsure how to access the web UI once the container is deployed. I tried clicking on the "published ports" within the portainer UI, however that does not lead anywhere. Any help would be greatly apricated! Thanks!

👋🏽@khast3x !

Decided to give Redcloud a try since it looks pretty awesome, but I haven't been able to deploy it locally on my macOS machine.

Here is some info that might help in understanding what's going on:

• OS: macOS 10.14.3 (18D109) (darwin amd64)
• docker-compose version: 1.23.2, build 1110ad01
• docker-py version: 3.6.0
• Docker client version: 18.09.2 (Docker Desktop)
• Docker engine version: 18.09.2 (Docker Engine - Community)

When running docker-compose up --build -d manually to get the logs, I'm getting:

Starting portainer-app       ... error
Starting redcloud_cert_gen_1 ...

ERROR: for portainer-app  Cannot start service portainer: b'Mounts denied: \r\nThe path /opt/portainer/data\r\nis not shared from OS X and is not known to Docker.\r\nYou can configure shared paths from Docker -> Preferences... -> File Sharing.\r\nSee https://docs.docker.com/docker-for-mac/osxfs/#namespaces for more iStarting redcloud_cert_gen_1 ... done
portainer-proxy is up-to-date

ERROR: for portainer  Cannot start service portainer: b'Mounts denied: \r\nThe path /opt/portainer/data\r\nis not shared from OS X and is not known to Docker.\r\nYou can configure shared paths from Docker -> Preferences... -> File Sharing.\r\nSee https://docs.docker.com/docker-for-mac/osxfs/#namespaces for more info.\r\n.'
ERROR: Encountered errors while bringing up the project.

Which seems to be related to the fact that the volume /opt/portainer/data that is specified in the compose file is not shared by default on macOS. Unfortunately, it seems that the current version of Docker for Mac doesn't even allow users to mount anything in /opt 😞

Conclusion

In order to support macOS deployment, it seems all that is needed is to allow users to customize the path in which portainer data is stored 🤔

Let me know if that makes sense to you!

paulchikkkk@PauldeMBP redcloud % python3 redcloud.py

....----'" '. ..--".-:.-' .' . ,''. ,' --'
" mGk "" _.-'' .-'-.:..__...--' -._ ,-"' -'
_.--' _.-' .' .' .' `"""""
__.-'' _.-' .-' .' / ~~~
' _.-' .-' .-' .'
_.-' .-' .-' .' .' / R e d C l o u d
_.-' .-' .-' .' .'
_.-' .-' .' .' / ~~~
_.-' .-' .' .' github.com/khast3x
.-' .'

[] protip: redcloud works better using bash or sh
[] protip: root on candidate is required to install docker

[MAIN MENU]
Choose deploy action:
[1] Deploy redcloud on local machine
[2] Deploy redcloud on remote ssh machine
[3] Deploy redcloud on remote docker-machine
[4] Stop local or docker-machine redcloud deployment
[5] Stop remote ssh redcloud deployment
[6] List available templates
[q] Quit

1
[>] Deploying redcloud locally
[] curl installation found
[] docker installation found
[~] docker-compose installation found
[>] Deploying redcloud
[+] Running 14/3
✔ cert_gen 4 layers [⣿⣿⣿⣿] 0B/0B Pulled 12.4s
✔ portainer 4 layers [⣿⣿⣿⣿] 0B/0B Pulled 18.2s
✔ public-files 3 layers [⣿⣿⣿] 0B/0B Pulled 23.3s
open /Users/paulchikkkk/.docker/buildx/activity/desktop-linux: permission denied
[!] Something went wrong with running command
Command '['docker-compose', 'up', '--build', '-d']' returned non-zero exit status 1.
None
[>] Done

=========================================================================
[>] Please find your running instance at https://183.179.123.160/portainer
[] Files are available at https://183.179.123.160/files
[] Live Reverse Proxy data is available at https://183.179.123.160/api

if it doesn't have docker compose installed first it will break
please add to the installation script.

thank you