cnappgoat: modularly provision vulnerable-by-design components in cloud environments

by ddos · Published · Updated

CNAPPgoat

CNAPPgoat is a multi-cloud, vulnerable-by-design environment deployment tool – specifically engineered to facilitate practice arenas for defenders and pentesters. Its main function is to deploy intentionally vulnerable environments across multiple cloud service providers, to help you sharpen your skills in exploiting, detecting, and preventing such vulnerabilities.

vulnerable-by-design cloud

CNAPPgoat operates as a Command Line Interface (CLI) tool, capable of deploying vulnerable environments to a multitude of cloud service providers. Built with Go and utilizing Pulumi and the Pulumi automation API, it ensures seamless environment deployment. One of its unique features is its modular design, which allows for effortless extension to support an array of cloud service providers and new vulnerable environments. As of now, CNAPPgoat supports AWS, Azure, and GCP.

Use

NAME:
   cnappgoat - A multicloud open-source tool for deploying vulnerable-by-design cloud resources

USAGE:
   cnappgoat [global options] command [command options] [arguments...]

VERSION:
   0.1.0-beta, date: 2023-08-02T13:02:46Z, commit: 6bef61857d9f3cf88215269df8976f96317711dc


COMMANDS:
   clean      clean and remove all created resources and delete all scenarios and any related files
   describe   describe a scenario
   destroy    Destroy CNAPPgoat module scenarios
   list       List CNAPPgoat module scenarios
   provision  Provision CNAPPgoat module scenarios
   help, h    Shows a list of commands or help for one command

GLOBAL OPTIONS:
   --debug        Enable debug mode (default: false)
   --help, -h     show help
   --version, -v  print the version
Command Description Usage
list Lists all available scenarios for provisioning. cnappgoat list
describe Provides detailed information about the specified scenario. cnappgoat describe <scenario name>
provision Provisions the scenario specified by the scenario name. To provision all scenarios, simply use cnappgoat provision cnappgoat provision <scenario name>
destroy Destroys the scenario specified by the scenario name. To destroy all scenarios, simply use cnappgoat destroy cnappgoat destroy <scenario name>
clean Cleans up all scenarios and deletes the .cnappgoat local directory cnappgoat clean
--version-v Displays the current version of CNAPPgoat cnappgoat --version
--help-h Displays the help menu. cnappgoat --help

You may use multiple arguments separated by spaces. For example:

cnappgoat provision <scenario-1> <scenario-2> <scenario-N>

Flags:

  • --module – Filters scenarios by module (e.g. CSPM, CIEM, CWPP, DSPM, KSPM etc.)
  • --platform – Filters scenarios by platform (e.g. AWS, Azure, GCP)
  • --force – Enables force mode (unlock locked stacks with pulumi cancel)
  • --debug – Enables debug logging.

These flags are command flags and should be placed after the command. For example:

cnappgoat provision –module CSPM –platform AWS

This command will provision all AWS CSPM scenarios.

Install

Copyright (C) 2023 ermetic-research

Tags: cloudVulnerable by Designvulnerable-by-design cloud