TerraformGoat is selefra research lab’s “Vulnerable by Design” multi cloud deployment tool.
Currently supported cloud vendors include Alibaba Cloud, Tencent Cloud, Huawei Cloud, Amazon Web Services, Google Cloud Platform, Microsoft Azure.
Scenarios
ID | Cloud Service Company | Types Of Cloud Services | Vulnerable Environment |
---|---|---|---|
1 | Alibaba Cloud | Networking | VPC Security Group Open All Ports |
2 | Alibaba Cloud | Networking | VPC Security Group Open Common Ports |
3 | Alibaba Cloud | Object Storage | Bucket HTTP Enable |
4 | Alibaba Cloud | Object Storage | Object ACL Writable |
5 | Alibaba Cloud | Object Storage | Object ACL Readable |
6 | Alibaba Cloud | Object Storage | Special Bucket Policy |
7 | Alibaba Cloud | Object Storage | Bucket Public Access |
8 | Alibaba Cloud | Object Storage | Object Public Access |
9 | Alibaba Cloud | Object Storage | Bucket Logging Disable |
10 | Alibaba Cloud | Object Storage | Bucket Policy Readable |
11 | Alibaba Cloud | Object Storage | Bucket Object Traversal |
12 | Alibaba Cloud | Object Storage | Unrestricted File Upload |
13 | Alibaba Cloud | Object Storage | Server Side Encryption No KMS Set |
14 | Alibaba Cloud | Object Storage | Server Side Encryption Not Using BYOK |
15 | Alibaba Cloud | Elastic Computing Service | ECS SSRF |
16 | Alibaba Cloud | Elastic Computing Service | ECS Unattached Disks Are Unencrypted |
17 | Alibaba Cloud | Elastic Computing Service | ECS Virtual Machine Disks Are Unencrypted |
18 | Tencent Cloud | Networking | VPC Security Group Open All Ports |
19 | Tencent Cloud | Networking | VPC Security Group Open Common Ports |
20 | Tencent Cloud | Object Storage | Bucket ACL Writable |
21 | Tencent Cloud | Object Storage | Bucket ACL Readable |
22 | Tencent Cloud | Object Storage | Bucket Public Access |
23 | Tencent Cloud | Object Storage | Object Public Access |
24 | Tencent Cloud | Object Storage | Unrestricted File Upload |
25 | Tencent Cloud | Object Storage | Bucket Object Traversal |
26 | Tencent Cloud | Object Storage | Bucket Logging Disable |
27 | Tencent Cloud | Object Storage | Server Side Encryption Disable |
28 | Tencent Cloud | Elastic Computing Service | CVM SSRF |
29 | Tencent Cloud | Elastic Computing Service | CBS Storage Are Not Used |
30 | Tencent Cloud | Elastic Computing Service | CVM Virtual Machine Disks Are Unencrypted |
31 | Huawei Cloud | Networking | ECS Unsafe Security Group |
32 | Huawei Cloud | Object Storage | Object ACL Writable |
33 | Huawei Cloud | Object Storage | Special Bucket Policy |
34 | Huawei Cloud | Object Storage | Unrestricted File Upload |
35 | Huawei Cloud | Object Storage | Bucket Object Traversal |
36 | Huawei Cloud | Object Storage | Wrong Policy Causes Arbitrary File Uploads |
37 | Huawei Cloud | Elastic Computing Service | ECS SSRF |
38 | Huawei Cloud | Relational Database Service | RDS Mysql Baseline Checking Environment |
39 | Amazon Web Services | Networking | VPC Security Group Open All Ports |
40 | Amazon Web Services | Networking | VPC Security Group Open Common Ports |
41 | Amazon Web Services | Object Storage | Object ACL Writable |
42 | Amazon Web Services | Object Storage | Bucket ACL Writable |
43 | Amazon Web Services | Object Storage | Bucket ACL Readable |
44 | Amazon Web Services | Object Storage | MFA Delete Is Disable |
45 | Amazon Web Services | Object Storage | Special Bucket Policy |
46 | Amazon Web Services | Object Storage | Bucket Object Traversal |
47 | Amazon Web Services | Object Storage | Unrestricted File Upload |
48 | Amazon Web Services | Object Storage | Bucket Logging Disable |
49 | Amazon Web Services | Object Storage | Bucket Allow HTTP Access |
50 | Amazon Web Services | Object Storage | Bucket Default Encryption Disable |
51 | Amazon Web Services | Elastic Computing Service | EC2 SSRF |
52 | Amazon Web Services | Elastic Computing Service | Console Takeover |
53 | Amazon Web Services | Elastic Computing Service | EBS Volumes Are Not Used |
54 | Amazon Web Services | Elastic Computing Service | EBS Volumes Encryption Is Disabled |
55 | Amazon Web Services | Elastic Computing Service | Snapshots Of EBS Volumes Are Unencrypted |
56 | Amazon Web Services | Identity and Access Management | IAM Privilege Escalation |
57 | Google Cloud Platform | Object Storage | Object ACL Writable |
58 | Google Cloud Platform | Object Storage | Bucket ACL Writable |
59 | Google Cloud Platform | Object Storage | Bucket Object Traversal |
60 | Google Cloud Platform | Object Storage | Unrestricted File Upload |
61 | Google Cloud Platform | Elastic Computing Service | VM Command Execution |
62 | Microsoft Azure | Object Storage | Blob Public Access |
63 | Microsoft Azure | Object Storage | Container Blob Traversal |
64 | Microsoft Azure | Elastic Computing Service | VM Command Execution |
Install
TerraformGoat is deployed using Docker images and therefore requires Docker Engine environment support, Docker Engine installation can be found in https://docs.docker.com/engine/install/
Depending on the cloud service provider you are using, choose the corresponding installation command.
Alibaba Cloud
docker pull registry.cn-beijing.aliyuncs.com/huoxian_pub/terraformgoat_aliyun:0.0.4
docker run -itd –name terraformgoat_aliyun_0.0.4 registry.cn-beijing.aliyuncs.com/huoxian_pub/terraformgoat_aliyun:0.0.4
docker exec -it terraformgoat_aliyun_0.0.4 /bin/bash
Tencent Cloud
docker pull registry.cn-beijing.aliyuncs.com/huoxian_pub/terraformgoat_tencentcloud:0.0.4
docker run -itd –name terraformgoat_tencentcloud_0.0.4 registry.cn-beijing.aliyuncs.com/huoxian_pub/terraformgoat_tencentcloud:0.0.4
docker exec -it terraformgoat_tencentcloud_0.0.4 /bin/bash
Huawei Cloud
docker pull registry.cn-beijing.aliyuncs.com/huoxian_pub/terraformgoat_huaweicloud:0.0.4
docker run -itd –name terraformgoat_huaweicloud_0.0.4 registry.cn-beijing.aliyuncs.com/huoxian_pub/terraformgoat_huaweicloud:0.0.4
docker exec -it terraformgoat_huaweicloud_0.0.4 /bin/bash
Amazon Web Services
docker pull registry.cn-beijing.aliyuncs.com/huoxian_pub/terraformgoat_aws:0.0.4
docker run -itd –name terraformgoat_aws_0.0.4 registry.cn-beijing.aliyuncs.com/huoxian_pub/terraformgoat_aws:0.0.4
docker exec -it terraformgoat_aws_0.0.4 /bin/bash
emo
After entering the container, cd to the corresponding scenario directory and you can start deploying the scenario.
Here is a demonstration of the Alibaba Cloud Bucket Object Traversal scenario build
docker pull registry.cn-beijing.aliyuncs.com/huoxian_pub/terraformgoat_aliyun:0.0.4
docker run -itd –name terraformgoat_aliyun_0.0.4 registry.cn-beijing.aliyuncs.com/huoxian_pub/terraformgoat_aliyun:0.0.4
docker exec -it terraformgoat_aliyun_0.0.4 /bin/bash
Uninstall
If you are in a container, first execute the exit
command to exit the container, and then execute the following command under the host.
docker stop $(docker ps -a -q -f “name=terraformgoat“) docker rm $(docker ps -a -q -f “name=terraformgoat“)
docker rmi $(docker images -a -q -f “reference=registry.cn-beijing.aliyuncs.com/huoxian_pub/terraformgoat*”)