![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPpGK6ybQTiiGCmXLEZw62LYDU239GYCHC1Czw356H7t8e1pWRGH5vT-F52WmcuAqcUDL1Fv3d2BYCtf8KbhV5f_hFOKuuCtB0g4Okj_SvdcSsyOiqI_f04cmKWvzh2Hx-NhRIX10P0A-hMxx0P5ssXrAKIjilL5nK6hZR9sUOasNsI4NurT0AM2LxmWZS/w640-h284/csaf_1_csaf.png)
The Cyber Security Awareness Framework (CSAF) is a structured approach aimed at enhancing Cybersecurity" title=“Cybersecurity”>cybersecurity awareness and understanding among individuals, organizations, and communities. It provides guidance for the development of effective Cybersecurity" title=“Cybersecurity”>cybersecurity awareness programs, covering key areas such as assessing awareness needs, creating educational m aterials, conducting training and simulations, implementing communication campaigns, and measuring awareness levels. By adopting this framework, organizations can foster a robust security culture, enhance their ability to detect and respond to cyber threats, and mitigate the risks associated with attacks and security breaches.
Requirements
Software
Hardware
Minimum
- 4 Core CPU
- 10GB RAM
- 60GB Disk free
Recommendation
- 8 Core CPU or above
- 16GB RAM or above
- 100GB Disk free or above
Installation
Clone the repository
git clone https://github.com/csalab-id/csaf.git
Navigate to the project directory
cd csaf
Pull the Docker images
docker-compose --profile=all pull
Generate wazuh ssl certificate
docker-compose -f generate-indexer-certs.yml run --rm generator
For security reason you should set env like this first
export ATTACK_PASS=ChangeMePlease
export DEFENSE_PASS=ChangeMePlease
export MONITOR_PASS=ChangeMePlease
export SPLUNK_PASS=ChangeMePlease
export GOPHISH_PASS=ChangeMePlease
export MAIL_PASS=ChangeMePlease
export PURPLEOPS_PASS=ChangeMePlease
Start all the containers
docker-compose --profile=all up -d
You can run specific profiles for running specific labs with the following profiles - all - attackdefenselab - phisinglab - breachlab - soclab
For example
docker-compose --profile=attackdefenselab up -d
Proof
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhhtbWJYsEQMezs0GOq1AuQnQEiW15A2ld7pWRJFnmW1JYl8oSLJ7CNiPul7wTNiLXv23GmLqfNPitffn4XE8o7BO9bHSms4OwaXwYGuFvUbafiLMYtoU0gmNxlQzAtRZueyFiXN27VaeHgM5dhwGJpG7-fJDqU47JT9e0FQ0_kCFhS3aopMHr6GJymoOSR/w640-h408/csaf_6_caldera.png)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjFpKdSALuVqDzbEhksKxAj3cw1kC31g-bumyHOUJW_uLCzZ3fUtGFlkV9q3RxrUuMTGDRHtpNcWPsrU_lDI3Kt4JeNjGM8Wm1LwWJsz7H0-Fdb92S4D1bZoUyLJrFX1KWUxu1lqIncZKbwj7_8vmNPHlgP9dquIT2ZosvTkX3zCwMWUvw3O3Z0A3deJP5D/w640-h408/csaf_7_dvwa_modsecurity.png)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhSg4GnOZ1_nV0BJntyo7JzAuTMQSNSzpqIfW-xQNeb4NE2b05myPWsFtgggRYBydhJ-GzuGmEBgqwZxXvZP16TVBZ0rUJKvQI2ftJG4TB7w6vEJ5_u3r2ziROtpqXi4LDDDhCF941SkoTn3snKgxT-IJ1ZgQLQRxdtR-q9Qv5Z4UKytgFWhVxRo2v3uxfK/w640-h408/csaf_8_gitea.png)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgJRiwvq8o4aOog7QR1TEbxYNz3tIN-TTH98MxJE6zfey3Lb5LJhcxOHJOU0RNnGZJjq1uKtmc9Z_5Owceey9X_4sc7gHfHqU8vgjBmLCTEh2-YHAXrjhG8f5kiNaDz1OWrqT6C6vDEGS1udbHD4wEdzlEuyWnlAS_eChK0SxoSw7n2p37p_MtfnnMjIyNv/w640-h408/csaf_9_gophish.png)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgzuuCmz761EQj5dKTiAjOuPIabd1x7edI71YrwX3kDymK3I5cFp-kwjU8tRE5HWxfSSixoOH8bj46UKVA59TIR5aNnR4Hrw8fyr35RT5J78X3DmtdeGRQB4Qtm5fhNO8-VsjtGzWlZ_eUAIGes8L0pI9EFtbZYfpCfAH1pTqBcCvxHeGbdeBQRpAez3V26/w640-h408/csaf_10_infectionmonkey.png)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEijZ6_7nSXwvuVcKPiEKMR8gShdEyqE6qPa5WsutN7Vmm8PjRXUN0vco_20irn838ZW0Brw1b26WMhbbWB6Yq43dj_D7d9aLxEEVFs-pulDXiHqAKLBxkhNDFZI1YCHJqp54QTKlp-b5qi8yfF8hdeWecFIC2cHERYo_pLksZcyMEAjNxduHNKqjruodstH/w640-h408/csaf_11_iredmail.png)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjedTWWrqW4GbAc1XHXwP10N9DnQjh7h6I_1cpJNS9Jlj9vsxQdoa8JJiKcE7zHhfEItHLYnxQVqAMwRHGlKLsWJSptt0qPi7VUwp3eTUh5tf2QkRlASCPYpu8-jWjtLk5qzAZbVDxVv8bPXY-6UQprLA8SmX92OrLvBu38LUFe56ANa389mPQo924UGB96/w640-h408/csaf_12_juiceshop.png)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiNpNvIrRYUJFqiaosjoaFpQrGgdFxwaY8j4A3-Hrhj29gGad4IroBEObppYaNemI-TWEJJIgvXortNttMI1LqQKEPxjOq_fdr8dDz3s3TzeqFPJcI7NxvLGco46Bpcih4CUFQcB5n_6ZRfdgiY1xfmSGJ03ZZcPcnhjcbexK2L5FGTqaXPDf4UL_WPEVmK/w640-h408/csaf_13_mitmproxy.png)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghm6cYwV4co2_Xnlk3T35SldYsK7uoLcnXXrSOdrS31A1LUIVoQiFSRJMe6o5QCknUtlc-R-PztIV9-0WHn0nt1JW5a_kxOSbVo-P1nHMO0tSYP82990-488Y74_sSXUDKTXuVvg-7XsmKEo-a6Iuce1kwEhbUUE2CiAM4CEMS1HWmS3aBTDtmWdu9I-j1/w640-h408/csaf_14_phising.png)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjG3bLVMQv-wlpe9VJrXXZYoFfGhzyXLJ9EcKBOFVZpUgCF2FLfGUlcMYw-QJQ0mC_b6TbzbWR5Zevs_10NsctUXn3PgLnI1-dWwKDx83V7Jk5_Q3oaLFQrwR6NYFTPrYqOKaWlzIW7rXkxvpbrWQ1PxxjXcAtfD0w4Vc6NoTzGg9eKq0giGO2RuVQit01u/w640-h408/csaf_15_purpleops.png)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEitmkffE2eR5g3bsZ4054bAgMnZOsaf5h2WMB7MxBIyDAkKDRugk6yh8A5tFam8NpuyVTvZknQxpLHvrLAYep4boKsppN3eeHRWTMytgYSu3s6drWH8SxZ_Pq8gxgS7yBVTgOoPVkns-JwLK022Khc_3KEH3bn49H7CFcKhrEkuVsb9ffxHBVfgsOWwP5i7/w640-h408/csaf_16_roundcube.png)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgKBp0dZePq6oD4ugGQ_oiLFxjeZdzzCqmwm3sQvUObE5DmBpg2YTewYxX2YMElQjKDWO2z5CNl8u7KXAHknuC9GWDAldR4w71_hUqesqgkZSbpuhoGb1o95Af4grPPEKyDs6NFmYQNyGNKYtjlUHKwN9FNmn0DIGtny8PsaZa3tz6HAxOtS1QJIVmzrGBM/w640-h408/csaf_17_splunk.png)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiSjX0GevVIG3oSUqB5yUIG87WpZZU937iTlWpEkosiX7jhaOEMHPUdpUKBLRRG-d4Jaf3_uPfg9253QIQxCQ6dNIEEPSVBefaZZygpkWcbKLaIbgvF7yZmMupbZtJatsFYEA7EIvX0P-JcrnzTxwpm_0qc1Iz-_QkZ7bGbojwirHoOlMEibg0yw7FhWrFW/w640-h408/csaf_18_wackopicko.png)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhs3jmVXEKv40C7KeNzshkyL4RNFYnDVm3SpKKSYPsRcnJySYxYWvwOFa1e1h8eUBAwPCCWvR7ZPxl6nhfNKoyTifldI9VxCPogoegokMuEM56D_cr97YGz2fHjz5mjoDmt3qJ4Ehae9wZeQF4jSumBZo9aVBVcKwWFqVYuIxTQWT4oTKbREgI8jK2MUCiN/w640-h408/csaf_19_wazuh.png)
Exposed Ports
An exposed port can be accessed using a proxy socks5 client, SSH client, or HTTP client. Choose one for the best experience.
- Port 6080 (Access to attack network)
- Port 7080 (Access to defense network)
- Port 8080 (Access to monitor network)
Example usage
Access internal network with proxy socks5
Remote ssh with ssh client
- ssh kali@ipaddress -p 6080 (default password: attackpassword)
- ssh kali@ipaddress -p 7080 (default password: defensepassword)
- ssh kali@ipaddress -p 8080 (default password: monitorpassword)
Access kali linux desktop with curl / browser
Domain Access
- http://attack.lab/vnc.html (default password: attackpassword)
- http://defense.lab/vnc.html (default password: defensepassword)
- http://monitor.lab/vnc.html (default password: monitorpassword)
- https://gophish.lab:3333/ (default username: admin, default password: gophishpassword)
- https://server.lab/ (default username: [email protected], default passowrd: mailpassword)
- https://server.lab/iredadmin/ (default username: [email protected], default passowrd: mailpassword)
- https://mail.server.lab/ (default username: [email protected], default passowrd: mailpassword)
- https://mail.server.lab/iredadmin/ (default username: [email protected], default passowrd: mailpassword)
- http://phising.lab/
- http://10.0.0.200:8081/
- http://gitea.lab/ (default username: csalab, default password: giteapassword)
- http://dvwa.lab/ (default username: admin, default passowrd: password)
- http://dvwa-monitor.lab/ (default username: admin, default passowrd: password)
- http://dvwa-modsecurity.lab/ (default username: admin, default passowrd: password)
- http://wackopicko.lab/
- http://juiceshop.lab/
- https://wazuh-indexer.lab:9200/ (default username: admin, default passowrd: SecretPassword)
- https://wazuh-manager.lab/
- https://wazuh-dashboard.lab:5601/ (default username: admin, default passowrd: SecretPassword)
- http://splunk.lab/ (default username: admin, default password: splunkpassword)
- https://infectionmonkey.lab:5000/
- http://purpleops.lab/ (default username: [email protected], default password: purpleopspassword)
- http://caldera.lab/ (default username: red/blue, default password: calderapassword)
Network / IP Address
Attack
- 10.0.0.100 attack.lab
- 10.0.0.200 phising.lab
- 10.0.0.201 server.lab
- 10.0.0.201 mail.server.lab
- 10.0.0.202 gophish.lab
- 10.0.0.110 infectionmonkey.lab
- 10.0.0.111 mongodb.lab
- 10.0.0.112 purpleops.lab
- 10.0.0.113 caldera.lab
Defense
- 10.0.1.101 defense.lab
- 10.0.1.10 dvwa.lab
- 10.0.1.13 wackopicko.lab
- 10.0.1.14 juiceshop.lab
- 10.0.1.20 gitea.lab
- 10.0.1.110 infectionmonkey.lab
- 10.0.1.112 purpleops.lab
- 10.0.1.113 caldera.lab
Monitor
- 10.0.3.201 server.lab
- 10.0.3.201 mail.server.lab
- 10.0.3.9 mariadb.lab
- 10.0.3.10 dvwa.lab
- 10.0.3.11 dvwa-monitor.lab
- 10.0.3.12 dvwa-modsecurity.lab
- 10.0.3.102 monitor.lab
- 10.0.3.30 wazuh-manager.lab
- 10.0.3.31 wazuh-indexer.lab
- 10.0.3.32 wazuh-dashboard.lab
- 10.0.3.40 splunk.lab
Public
- 10.0.2.101 defense.lab
- 10.0.2.13 wackopicko.lab
Internet
- 10.0.4.102 monitor.lab
- 10.0.4.30 wazuh-manager.lab
- 10.0.4.32 wazuh-dashboard.lab
- 10.0.4.40 splunk.lab
Internal
- 10.0.5.100 attack.lab
- 10.0.5.12 dvwa-modsecurity.lab
- 10.0.5.13 wackopicko.lab
License
This Docker Compose application is released under the MIT License. See the LICENSE file for details.
Download Csaf