An Ansible playbook for automated installation and configuration of various security testing tools. This playbook aims to set up a complete security testing environment with various tools organized into specific roles. Currently, the roles are oriented towards tooling used on external engagements. This will be expanded upon.

.
├── ansible.cfg
├── inventory.yml
├── main.yml
└── roles/
    ├── environment_prep/
    ├── go_tools/
    ├── pipx_tools/
    ├── misc_tools/
    ├── metasploit/
    ├── seclists/
    └── cleanup/

Sets up the basic environment and dependencies:

• System packages and dependencies
• Go installation and configuration
• Python with pyenv installation
• TMux with custom configurations
• Tmuxinator setup
• Pipx installation
• Tag: environment_prep

Installs Go-based security tools:

• ProjectDiscovery tools (nuclei, subfinder, httpx, naabu, etc.)
• Subjack for subdomain takeover scanning
• FFuf for web fuzzing
• Gowitness for web screenshots
• TruffleHog for secret scanning
• Aquatone for web screenshots
• Tag: go_tools

Installs Python-based tools using pipx:

• BBOT for bug bounty recon
• WAFW00F for WAF detection
• NetExec (formerly CrackMapExec)
• Tag: pipx_tools

Various security tools:

• Feroxbuster for web content discovery
• MassDNS for DNS resolving
• Hostess-Pie for host discovery
  • Amass v3 for subdomain enumeration
  • Assetfinder for asset discovery
  • GetAllURLs (gau) for URL extraction
  • Unfurl for URL parsing
• SQLMap for SQL injection testing
• SSTIMap for SST Injection testing
• Fast Google Dorks Scan (FGDS)
• Trevor tools (trevorproxy, trevorspray)
• Postleaks
• Porch-Pirate
• ntlmrecon
• masscan
• Tag: misc_tools

Installs and configures Metasploit Framework:

• Latest version installation
• Environment configuration
• PATH setup
• Tag: metasploit

Installs SecLists:

• Collection of multiple types of lists for security testing
• Wordlists for content discovery
• Payload lists
• Pattern matching lists
• Tag: seclists

Maintenance role for cleaning up after installation:

• Removes temporary downloaded files
• Cleans up build directories
• Verifies successful installations before cleanup
• Tag: cleanup

ansible-playbook main.yml -e "target_ip=10.x.x.x ssh_user=localuser ssh_key_path=/home/acme/.ssh/id_ed25519" --ask-become-pass

You can use tags to run specific roles. This is often preferred over using selected_roles.

ansible-playbook main.yml -e "target_ip=10.x.x.x ssh_user=localuser ssh_key_path=/home/acme/.ssh/id_ed25519" --tags "environment_prep" --ask-become-pass

ansible-playbook main.yml -e "target_ip=10.x.x.x ssh_user=localuser ssh_key_path=/home/acme/.ssh/id_ed25519" --tags "environment_prep,go_tools" --ask-become-pass

ansible-playbook main.yml --list-tags

ansible-playbook main.yml -e "target_ip=10.x.x.x ssh_user=localuser ssh_key_path=/home/acme/.ssh/id_ed25519" --skip-tags "cleanup" --ask-become-pass

• Ansible 2.9+
• SSH access to target machine
• Sudo privileges on target machine

• The cleanup role should typically run last in the sequence
• Always ensure environment_prep is run before installing tools
• Tags can be combined in any order, but roles will execute in the order defined in main.yml