inicial

2021-12-12 13:39:23 +00:00 · 2021-12-12 13:39:23 +00:00 · a9f8d69d1d
commit a9f8d69d1d
13 changed files with 163 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,4 @@
+domain.crt 
+domain.csr 
+domain.key 
+domain.pem
--- a/11
+++ b/11
@ -0,0 +1,11 @@
+FROM ubuntu:20.04
+RUN export DEBIAN_FRONTEND=noninteractive \
+ && apt-get update -y -qq \
+ && apt-get install -y \
+        curl jq toilet colorized-logs rsync \
+        dnsutils iputils-ping traceroute iproute2 iptables tcpdump \
+        openvpn \
+        transmission-daemon \
+ && apt-get autoremove -y \
+ && apt-get clean -y \
+ && rm -rf /var/lib/apt/lists/* /var/cache/apt/*
--- a/13
+++ b/13
@ -0,0 +1,13 @@
+# Como funciona a parada:
+
+Wireguard (final 254) passa a ser a única rota de saída do Acu
+O Acu é acessado através do Haproxy (que tem acesso direto à net)
+
+# Alterações realizadas nos containers
+
+- Wireguard teve adicionado o pacote do IPtables e um script de boot que configura
+o mascaramento de IP a partir de qualquer interface. 
+
+- Accunetix teve o script de boot awvs.sh modificado para modificar as rotas padrão
+para sair pela VPN
+
--- a/acunetix/.gitignore
+++ b/acunetix/.gitignore
@ -0,0 +1,2 @@
+license
+licensetar.gz
--- a/awvs.sh
+++ b/awvs.sh
@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+clear
+echo -e "\033[1;31m     ___ _       ___    _______ \033[0m"
+echo -e "\033[1;32m    /   | |     / / |  / / ___/ \033[0m"
+echo -e "\033[1;33m   / /| | | /| / /| | / /\__ \\  \033[0m"
+echo -e "\033[1;34m  / ___ | |/ |/ / | |/ /___/ /  \033[0m"
+echo -e "\033[1;35m /_/  |_|__/|__/  |___//____/   \033[0m"
+echo -e "\033[1;36m \033[0m"
+echo -e "\033[1;34m -------------- \033[0m"
+echo -e "\033[1;31m Thank's fahai && Open Source Enthusiast \n\033[0m"
+echo -e "\033[1;32m [ help ] \033[0m"
+echo -e "\033[1;35m [ https://www.fahai.org/index.php/archives/146/ ] \033[0m"
+echo -e "\033[1;33m [ https://github.com/XRSec/AWVS14-Update ] \n\033[0m"
+echo -e "\033[1;34m [ https://awvs.vercel.app/ ] \n\033[0m"
+
+cat /awvs/acunetix/.hosts >> /etc/hosts
+cat /etc/hosts | grep acunetix
+route del -net default
+route add -net default gw 10.255.252.254
+su -l acunetix -c /home/acunetix/.acunetix/start.sh
--- a/create-networks.sh
+++ b/create-networks.sh
@ -0,0 +1,4 @@
+#docker network create --subnet 10.255.252.0/24 vpn
+docker network create --subnet 10.255.251.0/24 pg_opn
+docker network create --subnet 10.255.252.0/24 pg_vpn
+docker network create --internal --subnet 10.255.253.0/24 pg_bus
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@ -0,0 +1,69 @@
+version: '3'
+
+services:
+
+  wireguard:
+   build: images/wireguard
+   container_name: wireguard
+   privileged: true
+#   ports:
+#      - "3443:3443"
+   cap_add:
+      - NET_ADMIN
+      - SYS_MODULE
+   environment:
+      - PUID=1000
+      - PGID=1000
+   sysctls:
+      - net.ipv4.conf.all.src_valid_mark=0
+      - net.ipv6.conf.all.disable_ipv6=0
+      - net.ipv4.ip_forward=1
+#    restart: unless-stopped
+   volumes:
+      - ./wireguard/wg0.conf:/config/wg0.conf
+      - /lib/modules:/lib/modules
+      - ./iptables.sh:/config/custom-cont-init.d/iptables.sh
+   networks:
+     pg_opn: 
+       ipv4_address: 10.255.251.254
+     pg_vpn:
+       ipv4_address: 10.255.252.254
+
+  acunetix:
+    build: images/acunetix
+    container_name: acunetix
+    privileged: true
+    restart: unless-stopped
+    #ports:
+            # - "3443:3443"
+    volumes:
+      - ./acunetix/license:/home/acunetix/.acunetix/data/license
+      - ./awvs.sh:/awvs/awvs.sh
+    depends_on:
+      - wireguard
+    networks:
+      pg_vpn:
+        ipv4_address: 10.255.252.252
+
+  proxy:
+    image: haproxytech/haproxy-alpine
+    restart: always
+    ports:
+      - "3443:3443"
+    volumes:
+      - ./haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg
+      - ./domain.pem:/domain.pem
+    networks:
+      pg_opn:
+        ipv4_address: 10.255.251.253
+      pg_vpn:
+        ipv4_address: 10.255.252.253
+
+
+networks:
+  pg_opn:
+    external: 
+      name: pg_opn
+  pg_vpn:
+    external: 
+      name: pg_vpn
--- a/haproxy.cfg
+++ b/haproxy.cfg
@ -0,0 +1,14 @@
+global
+defaults
+        timeout connect 5000
+        timeout client  50000
+        timeout server  50000
+
+frontend http-in
+	bind :3443 ssl crt /domain.pem 
+	default_backend main
+
+backend main
+    mode http
+    server main 10.255.252.252:3443 ssl verify none
+
--- a/images/acunetix/Dockerfile
+++ b/images/acunetix/Dockerfile
@ -0,0 +1,6 @@
+FROM xrsec/awvs
+
+RUN apt-get -y update && \
+    apt-get -y install net-tools && \
+    apt-get -y clean && \
+    rm -rf /var/lib/apt/lists/*
--- a/images/wireguard/Dockerfile
+++ b/images/wireguard/Dockerfile
@ -0,0 +1,6 @@
+FROM linuxserver/wireguard
+
+RUN apt-get -y update && \
+    apt-get -y install iptables && \
+    apt-get -y clean && \
+    rm -rf /var/lib/apt/lists/*
--- a/iptables.sh
+++ b/iptables.sh
@ -0,0 +1,2 @@
+#!/bin/bash
+iptables -t nat -A POSTROUTING -j MASQUERADE
--- a/wireguard/.gitignore
+++ b/wireguard/.gitignore
@ -0,0 +1 @@
+wg0.conf
--- a/wireguard/wg0.conf.example
+++ b/wireguard/wg0.conf.example
@ -0,0 +1,11 @@
+[Interface]
+PrivateKey = XXXXXXXXXXXXXXXXXXXXXXXXXXXX
+Address = XXXXXXXXXXXXXXX
+DNS = XXXXXXXXXXXXXXXXX
+PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o enp2s0 -j MASQUERADE
+PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o enp2s0 -j MASQUERADE
+
+[Peer]
+PublicKey = XXXXXXXXXXXXXXXXXXXXXXXXXX
+AllowedIPs = 0.0.0.0/0,::0/0
+Endpoint = XXXXXXXXXXXXXXXXXXXXX