-
-
Notifications
You must be signed in to change notification settings - Fork 14
Usage
Using Terry is relatively easy. Start by reading Getting Started. Once finished, start leveraging the power of Terry!
Usage: terry.py [OPTIONS] COMMAND [ARGS]...
Terry will help you with all of your Red Team infrastructure needs! He's not
magic... he's Terry!
Options:
-c, --config PATH Path to configuration file in .yml format
-o, --operation TEXT Name for project or operation [required]
-a, --auto_approve Auto approve the Terraform commands
-f, --force Force the build to go through, even if a
deployment already exists with the operation
name listed
-q, --quiet Don't send Slack messages to configuration-
defined webhook URL upon infrastructure
creation
-v, --verbose Verbose output from Terry (does not change
what is logged in the log file)
-l, --log_file PATH Location to write log file to
-N, --no_nebula Skip setting up Nebula as a mesh VPN overlay
on deployed resources
-Ne, --no_elastic Skip setting up Logstash / Filebeats for
deployed resources
-cR, --container_registry TEXT Container registry to use for deploying
containers (the URL for the registry)
-cRU, --container_registry_username TEXT
Username used to authenticate to the
container registry (required if deploying
containers)
-cRP, --container_registry_password TEXT
Password used to authenticate to the
container registry (required if deploying
containers)
-eS, --elastic_server TEXT Elasticsearch public IP address or FQDN (for
centralized logging) and port
-eK, --elastic_api_key TEXT API Key used to authenticate to the
Elasticsearch server / cluster
-awsAK, --aws_access_key_id TEXT
AWS Access Key ID for AWS API
-awsSAK, --aws_secret_access_key TEXT
AWS Secret Access Key for AWS API
-awsR, --aws_default_region TEXT
AWS region
-doT, --digital_ocean_token TEXT
Token for DigitalOcean API
-ncU, --namecheap_user_name TEXT
Namecheap username for Namecheap API
-ncA, --namecheap_api_user TEXT
Namecheap API username for Namecheap API
(Usually the same as username)
-ncK, --namecheap_api_key TEXT Namecheap API Key for Namecheap API
-gdK, --godaddy_api_key TEXT GoDaddy API Key for GoDaddy API
-gdS, --godaddy_api_secret TEXT
GoDaddy API Key Secret for GoDaddy API
-csP, --cobaltstrike_password TEXT
Password to use when connecting to
teamserver
-csMC2, --cobaltstrike_malleable_c2 PATH
Path to Malleable C2 profile to use when
starting Cobalt Strike
-h, --help, --how-use, --stupid-terry, --freaking-help-plz
Show this message and exit.
Commands:
add Add to an existing deployment
create Create a new deployment
destroy Destroy the deployment
reconfigure Reconfigure a deployment by refreshing deployment state,...
refresh Refresh the deployment state and map results back to an...
show Show all resources in a given deployment
There are base commands and subcommands. Think of the base commands as the action and subcommands as the tangible infrastructure.
Used for creating a new operation (-o <operation_name>). When running this command, Terry will create the basic folder structure for the deployment. If the <operation_name> already exists, you will see errors. You can use the -f / --force flag, but this can cause orphan Terraform resources and/or destroy your existing infrastructure. Use it with caution! When creating a new operation, you can use any of the subcommands chained together to create as many resources as you need.
Usage: terry.py create [OPTIONS] COMMAND1 [ARGS]... [COMMAND2 [ARGS]...]...
Create a new deployment
Options:
-h, --how-use, --stupid-terry, --freaking-help-plz, --help
Show this message and exit.
Commands:
domain Create a domain resource
server Create a server resource
Used to add to an existing operation. By default, Terry will load <operation_name>/.terry/build_manifest.yml from the operation directory and fully regenerate the Terraform plan from that as well as the added resources, then re-run Ansible against all servers. This may change in the future and only run against added servers.
Usage: terry.py add [OPTIONS] COMMAND [ARGS]...
Add to an existing deployment
Options:
-h, --freaking-help-plz, --help, --stupid-terry, --how-use
Show this message and exit.
Commands:
domain Create a domain resource
server Create a server resource
Used to destroy Terraform resources in an operation. You may also want to destroy all files and folders associated with the operation. You can do this with the -r / --recursive flag. Before destroying any resources, Terry will parse <operation_name>/.terry/build_manifest.yml from the operation directory to see what cloud providers were used and validate that all required credentials exist to destroy the resources. If you want to skip this check, use the -f / --force flag. Using Terraform, Terry will attempt to destroy all resources.
Usage: terry.py destroy [OPTIONS]
Destroy the deployment
Options:
-r, --recursive Destroy all files and folders associated
with the deployment as well
-h, --stupid-terry, --freaking-help-plz, --how-use, --help
Show this message and exit.
Will load <operation_name>/.terry/build_manifest.yml from the operation directory and pull down all remote_configurations as defined in config.yml and re-run all Ansible playbooks with the updated remote_configurations.
Usage: terry.py reconfigure [OPTIONS]
Reconfigure a deployment by refreshing deployment state, getting updated
remote configurations, and re-running playbooks against each host
Options:
-h, --freaking-help-plz, --help, --stupid-terry, --how-use
Show this message and exit.
The reason this command exists is so that if you have remote configurations (which in our use case, we have a private git repository with JSON files for each user that contains each operator's username, public IP address/CIDR, and public SSH key), Terry will reload those values, reset all firewall rules, remove any users that were removed from the remote_configuration, and reconfigure the users and firewall rules for all servers. I realize this is a specific use case, but you may also want to run this if you change some of the Ansible <operation_name>/ansible/inventory/hosts file manually and want to re-run all the playbooks without having to import the SSH key manually and run all playbooks manually.
Refresh the Terraform state and map the updated information back <operation_name>/.terry/build_manifest.yml.
Usage: terry.py refresh [OPTIONS]
Refresh the deployment state and map results back to an updated build
manifest
Options:
-h, --help, --freaking-help-plz, --stupid-terry, --how-use
Show this message and exit.
Show the resources in a given <operation_name>. What you see is what you get! It will also notify the webhook if you are not using -q / --quiet.
Usage: terry.py show [OPTIONS]
Show all resources in a given deployment
Options:
-h, --how-use, --freaking-help-plz, --stupid-terry, --help
Show this message and exit.
The subcommands are all the deployable resources.
NOTE: It is not very intuitive getting to the help menu for these objects, but it is still possible. In order to show all options available for the resource commands, run ./terry.py -o <arbitrary-name> create server -h where <arbitrary-name> can truly be anything (as long as there is not already an operation with that name)
Used to build a server resource. It can be used when the create or add command is run.
Usage: terry.py create server [OPTIONS]
Create a server resource
Options:
-p, --provider [aws|digitalocean|azure|google|linode]
The cloud provider to use when creating the
server [required]
-t, --type [bare|categorize|teamserver|lighthouse|redirector|mailserver]
The type of server to create [required]
-sN, --name TEXT Name of the server (used for creating
corresponding DNS records if you use the
"domain" command)
-cT, --container TEXT Containers to install onto the server (must
be defined in container_mappings.yml to be
used)
-rT, --redirector_type [http|https|dns|custom]
Type redirector to build (options are
['http', 'https', 'dns', 'custom'])
-r2, --redirect_to TEXT Name / UUID of server to redirect to (or
just a FQDN / IP address for static
redirection)
-dI, --domain_to_impersonate TEXT
FQDN of the domain to impersonate when
traffic that doesn't match your C2
redirection rules hits a redirector (or just
domain to impersonate for categorization
server)
-d, --fqdn TEXT Domain and registrar to use in creation of
an A record for the resource formatted as
"<domain>:<registrar>" (Example: domain
example.com with registrar aws should be
"example.com:aws)"
-h, --how-use, --help, --freaking-help-plz, --stupid-terry
Show this message and exit.
Allows an operator to build a domain or DNS resource. This subcommand can be used when the create or add command is run.
Usage: terry.py create domain [OPTIONS]
Create a domain resource
Options:
-p, --provider [aws|digitalocean|azure|google|linode|namecheap|cloudflare|godaddy]
The cloud/infrastructure provider to use
when creating the server [required]
-d, --domain TEXT FQDN to use in creation of an record type
"<type>" (if no subdomain provided, the root
will be used) [required]
-t, --type TEXT The type of record to create
-v, --value TEXT Value of the record (use this if you have a
STATIC DNS record that does not depend on
dynamic data returned from Terraform)
-sN, --server_name TEXT Name / UUID of the server resource whose
public IP that you want to populate the
value of the record (a resource with this
name / uuid must exist in the build)
-h, --stupid-terry, --freaking-help-plz, --how-use, --help
Show this message and exit.
Use Terry at your own risk. I do not claim responsibility for any changes to the code that may break your configurations. I also do not condone any illegal actions performed after using this tool.