# Kybus

Kybus is a repository which aims to provide a vulnerable environment for blue team members to safely experiment with a selected CVE.

## Requirements

Docker, or podman with appropriate aliases is required to be installed.
Docker version `20.10.21` is the version using during testing; however, most version should work.

Python3 is required for certain support functions; version `3.10.8` was used during testing.

Libvirt is used for VM deployment; version `8.9.0` was used during testing.

All versions mentioned above are only what was used during testing, other versions will mostly work.

### Quick Reference

- Docker or podman with appropriate aliases
- Python3
- libvirt/virt-manager

## Getting Started

Running `setup.sh` will ensure prerequisites are installed, and download needed VM images.
The Kybus container image will also be generated during this process.

## Initial Run

When running Kybus for the first time a VM will be created with the name `kybus_kybus`.
Since all setup and tear down is conducted within a temporary container, this will be the only indication left on the system once Kybus is run.

If you run `docker ps` during the run of Kybus, you will see a `kybus:latest` image running; running `docker ps -a` post run will not show anything since the `--rm` flag is passed when creating the container.

## Writing a Plugin

Initial plugin structure can be generated using `ansible-galaxy role init {plugin name}`.
Plugin names are suggested to be the relavent CVE record; however, certain plugins exist as helpers and may deviate.

Once the plugin is created everything follows a standard [ansible role](https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_reuse_roles.html) structure.
The only additional information which needs to be added into the structure is a `meta/kybus.yml` configuration file.
This file defines the appropriate image to be used with the role.
The image name should be exactly as it appears once downloaded in the `download` folder.
An example can be seen below:

```yaml
---
image: {image name with extension}
...

```

If this is still unclean please reference a role which is already complete.

## Completed Roles

Below is a list of completed roles along with there current state of testing:

- CVE-2011-2523