XM Goat consists of XM Cyber terraform templates that assist you to find out about widespread Azure safety points. Every template is a weak atmosphere, with some vital misconfigurations. Your job is to assault and compromise the environments.
Here is what to do for every atmosphere:
-
Run set up after which get began.
-
With the preliminary person and repair principal credentials, assault the atmosphere primarily based on the state of affairs circulate (for instance, XMGoat/situations/scenario_1/scenario1_flow.png).
-
If you happen to need assistance along with your assault, confer with the answer (for instance, XMGoat/situations/scenario_1/resolution.md).
-
Once you’re accomplished studying the assault, clear up.
Necessities
- Azure tenant
- Terafform model 1.0.9 or above
- Azure CLI
- Azure Person with Proprietor permissions on Subscription and International Admin privileges in AAD
Set up
Run these instructions:
$ az login
$ git clone https://github.com/XMCyber/XMGoat.git
$ cd XMGoat
$ cd situations
$ cd scenario_<SCENARIO>
The place <SCENARIO> is the state of affairs quantity you need to full
$ terraform init
$ terraform plan -out <FILENAME>
$ terraform apply <FILENAME>
The place <FILENAME> is the title of the output file
Get began
To get the preliminary person and repair principal credentials, run the next question:
$ terraform output --json
For Service Principals, use application_id.worth and application_secret.worth.
For Customers, use username.worth and password.worth.
Cleansing up
After finishing the state of affairs, run the next command with a purpose to clear all of the assets created in your tenant
$ az login
$ cd XMGoat
$ cd situations
$ cd scenario_<SCENARIO>
The place <SCENARIO> is the state of affairs quantity you need to full
$ terraform destroy