added tor installer

6 files changed, 108 insertions, 10 deletions

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..96ec1ca
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,3 @@
+*venv*
+*.pub
+id_rsa
diff --git a/attackbox/playbook.yaml b/attackbox/playbook.yaml
index 333e58e..fb5d379 100644
--- a/attackbox/playbook.yaml
+++ b/attackbox/playbook.yaml
@@ -4,13 +4,12 @@
   vars_files:
     - vars/packages.yaml
   tasks:
-    - import_tasks: tasks/apt_packages.yaml
-    - import_tasks: tasks/harden.yaml
-    - import_tasks: tasks/golang_install.yaml
-    - import_tasks: tasks/chrome_install.yaml
-    - import_tasks: tasks/go_tools.yaml
-    - import_tasks: tasks/github_repos.yaml
-    - import_tasks: tasks/generate_readme.yaml
-  handlers:
-    - name: update grub
-      command: update-grub
+    - import_tasks: tasks/handlers.yaml
+    #- import_tasks: tasks/apt_packages.yaml
+    #- import_tasks: tasks/harden.yaml
+    #- import_tasks: tasks/golang_install.yaml
+    #- import_tasks: tasks/chrome_install.yaml
+    - import_tasks: tasks/tor_install.yaml
+    #- import_tasks: tasks/go_tools.yaml
+    #- import_tasks: tasks/github_repos.yaml
+    #- import_tasks: tasks/generate_readme.yaml
diff --git a/attackbox/tasks/handlers.yaml b/attackbox/tasks/handlers.yaml
new file mode 100644
index 0000000..540554f
--- /dev/null
+++ b/attackbox/tasks/handlers.yaml
@@ -0,0 +1,8 @@
+- name: update grub
+  command: update-grub
+
+- name: restart tor
+  systemd:
+    name: tor
+    state: restarted
+  when: ansible_facts['service_mgr'] == 'systemd'
diff --git a/attackbox/tasks/tor_install.yaml b/attackbox/tasks/tor_install.yaml
new file mode 100644
index 0000000..54f8384
--- /dev/null
+++ b/attackbox/tasks/tor_install.yaml
@@ -0,0 +1,47 @@
+- name: install tor and required packages
+  apt:
+    name:
+      - tor
+      - tor-geoipdb
+      - torsocks
+      - proxychains
+    state: present
+    update_cache: yes
+
+- name: check if /etc/tor/torrc exists
+  stat:
+    path: /etc/tor/torrc
+  register: torrc_stat
+
+- name: back up /etc/tor/torrc
+  copy:
+    src: /etc/tor/torrc
+    dest: /etc/tor/torrc.bak
+    remote_src: yes
+    force: no
+  when:
+    - torrc_stat.stat.exists
+
+- name: deploy custom tor configuration
+  template:
+    src: templates/torrc.j2
+    dest: /etc/tor/torrc
+    owner: debian-tor
+    group: debian-tor
+    mode: '0644'
+  notify: restart tor
+
+- name: check if tor is routing traffic correctly
+  command: curl --socks5-hostname 127.0.0.1:9050 https://check.torproject.org/api/ip
+  register: tor_check
+  changed_when: false
+
+- name: print tor check json response
+  debug:
+    msg: "tor check response: {{ tor_check.stdout }}"
+
+- name: verify tor is active
+  fail:
+    msg: "tor is not routing traffic correctly: istor is {{ tor_check.stdout | from_json | json_query('IsTor') }}"
+  when:
+    - tor_check.stdout | from_json | json_query('IsTor') != true
diff --git a/attackbox/templates/torrc.j2 b/attackbox/templates/torrc.j2
new file mode 100644
index 0000000..b12f93c
--- /dev/null
+++ b/attackbox/templates/torrc.j2
@@ -0,0 +1,30 @@
+Log notice file /var/log/tor/notices.log
+Log info file /var/log/tor/info.log
+Log warn file /var/log/tor/warn.log
+SafeLogging 1
+
+RunAsDaemon 1
+
+DataDirectory /var/lib/tor
+
+UseEntryGuards 1
+
+ExitRelay 0
+
+ExcludeNodes {us},{gb},{ca},{nz},{au},{dk},{fr},{nl},{no},{de},{be},{it},{es},{se},{cn},{ru},{ir}
+StrictNodes 1
+
+SOCKSPort 127.0.0.1:9050
+
+DNSPort 127.0.0.1:5353
+TransPort 9040
+VirtualAddrNetworkIPv4 10.192.0.0/10
+AutomapHostsOnResolve 1
+
+HardwareAccel 1
+Sandbox 1
+NoExec 1
+KeepAlivePeriod 60
+ClientRejectInternalAddresses 1
+NewCircuitPeriod 30
+MaxCircuitDirtiness 600
diff --git a/requirements.txt b/requirements.txt
new file mode 100644
index 0000000..219e13c
--- /dev/null
+++ b/requirements.txt
@@ -0,0 +1,11 @@
+ansible==10.7.0
+ansible-core==2.17.12
+cffi==1.17.1
+cryptography==45.0.2
+Jinja2==3.1.6
+jmespath==1.0.1
+MarkupSafe==3.0.2
+packaging==25.0
+pycparser==2.22
+PyYAML==6.0.2
+resolvelib==1.0.1