You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+60-27Lines changed: 60 additions & 27 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -47,32 +47,40 @@
47
47
48
48
## Overview
49
49
50
-
`do-manager` is built on top of [`godo`](https://github.com/digitalocean/godo), the official DigitalOcean Go client. It is designed as a **dual-purpose project**:
50
+
`do-manager` is built directly on [`godo`](https://github.com/digitalocean/godo), the official DigitalOcean Go client. Two interfaces, one codebase:
51
51
52
-
- A **CLI tool** for interacting with your DigitalOcean account from the terminal.
53
-
- A **Go library** (`pkg/`) that can be imported directly into other Go programs.
52
+
- A **CLI tool** for operational use from the terminal - campaign orchestration, IP rotation, node rebuild, security audit.
53
+
- A **Go library** (`pkg/`) that can be imported directly into any Go program.
54
54
55
-
Unlike a wrapper around `doctl`, `do-manager` calls the DigitalOcean API directly via `godo`. No external binary, proper Go types throughout, full composability.
55
+
Unlike `doctl`, `do-manager` calls the API directly via `godo` - no subprocess, no string parsing, proper Go types throughout.
56
56
57
-
The CLI is designed for **operational use cases**: Red Team infrastructure, lab automation, CI/CD provisioning. It supports campaign orchestration (deploy / rotate IPs / destroy a full stack in one command), VPC-isolated networks, firewall presets for common roles, and a security audit scanner.
57
+
The design targets **Red Team infrastructure**: deploy a full engagement stack in one command, rotate IPs when they get burned, rebuild a single compromised node without touching the rest, tear everything down cleanly. The primitive operations (create/list/delete/power) are there, but the value is in the higher-level abstractions: `campaign`, firewall presets, `rotate-ips`, `rebuild`, `audit`.
**doctl** is fine for manual one-off ops. It covers every DO resource but has no campaign concept, no firewall presets, and no Red Team abstractions.
78
+
79
+
**bash + curl** is where most people start. It breaks down under engagement pressure: parallel provisioning races, ID extraction with fragile `grep`/`jq`, no error aggregation per Droplet, scripts that diverge between operators.
80
+
81
+
**Terraform** is the right choice for long-lived stable infrastructure. It is overkill for engagements: statefile management is a liability during ops, the feedback loop is slow, and there are no Red Team primitives.
82
+
83
+
**do-manager** is the choice when you need to deploy a full stack fast, rotate IPs when they get burned, rebuild a single node without disrupting the campaign, tear everything down cleanly, and optionally embed all of that into a Go automation tool.
Snapshots are the foundation for repeatable deployments. The workflow: provision one Droplet, install and configure your tooling (GoPhish, Havoc, evilginx2, nginx redirector config, WireGuard), take a snapshot, delete the source Droplet. On engagement day, `campaign deploy --snapshot <slug>` restores that exact state across N nodes in parallel. No reinstalling, no drift between nodes.
385
+
376
386
```bash
377
387
do-manager snapshot list
378
388
do-manager snapshot get <id>
389
+
390
+
# Freeze a configured Droplet into a reusable image
Workflow: bake your tooling into a snapshot once, then deploy N identical nodes via `campaign deploy --snapshot gophish-v2`.
384
-
385
399
---
386
400
387
401
### VPC
388
402
389
403
An isolated private network scoped to a region. Droplets share a private IP range; traffic between them never leaves the DO fabric.
390
404
405
+
**What VPC is and is not.** A VPC is a network isolation layer - it gives your C2 node a private IP that only other Droplets in the same VPC can reach. It is not the channel you use to proxy C2 traffic; that is the redirector's job. The redirector (nginx, socat, Apache mod_proxy) forwards inbound HTTPS to the C2 over the private IP. No public firewall rule needed on the C2 node.
406
+
407
+
Three common approaches to route traffic from redirector to C2:
408
+
409
+
| Method | How it works | Notes |
410
+
|---|---|---|
411
+
|**DO VPC private IP**| Both nodes same region/VPC. nginx forwards to `10.x.x.x:port`. | Zero extra setup. Same region required. |
412
+
|**WireGuard**| VPN tunnel between redirector and C2. C2 listens on `wg0` only. | Cross-provider, cross-region. Extra cloud-init setup. |
413
+
|**SSH reverse tunnel**| C2 runs `ssh -R 8080:localhost:8080 user@redirector`. | Simple. Use autossh/systemd to survive disconnects. |
414
+
391
415
```
392
-
Internet
393
-
|
394
-
[Redirector] 1.2.3.4:443 (public)
395
-
|
396
-
| VPC 10.20.0.0/24 (private, never reaches internet)
Deploy and tear down a complete infrastructure campaign with a single command. A campaign groups all resources under the tag `campaign:<name>`.
417
448
449
+
The campaign lifecycle exists because Red Team infra has a specific tempo: provision fast, rotate IPs when they get burned, rebuild compromised nodes without disrupting the rest, tear down cleanly at the end. `campaign deploy` creates Droplets, firewall, and reserved IPs in the right order and tags everything. `campaign destroy` deletes all of it in one shot. Nothing left behind.
0 commit comments