Skip to content

tenable/SinCity

Repository files navigation

Introduction

Visit the official docs in order to understand how to work with SinCity. Read them at the official SinCity docs website.

Welcome to the official SinCity IaC open source project 🎉! SinCity is still under alpha stages, so there could be major changes to the utility.

What is SinCity IaC?

SinCity is a vulnerable by design infrastructure as code (IaC) open source project designed for cyber security in mind.

It allows the user to provision & configure a whole infrastructure consisting of different attack scenarios on different platforms such as:

  • 💻 - Active directory misconfigurations & vulnerabilities
  • 🕸️ - Vulnerable web platform
  • 🐧 - Vulnerable linux systems
  • ☁️ - Vulnerable cloud misconfigurations

The user will have the flexibility & capability of performing the following with SinCity:

  • Create any kind of network topology he wants
  • Applying any kind of attack scenarios (web attacks, active directory misconfigurations, etc) in a generic way
  • Applying cross the board configurations for either the AD domain, Linux servers, cloud resources, etc

Audience

SinCity could be a valuable tool for security professionals and researchers who want to practice and test different attack techniques in a controlled environment. It provides a safe and predictable way to experiment with different attacks and defenses, allowing users to gain valuable experience and knowledge that can be applied in real-world situations. 💪

Additionally, SinCity can be used as a teaching tool for students and others who are interested in learning about cyber security and attack techniques. The vulnerable by design nature of the infrastructure allows users to safely explore and experiment with different attacks and defenses, without risking harm to real systems or data. 📚

Credits 🚀

Some of the code in this repository and concepts are based on the Orange-Cyberdefense/GOAD by Orange Cyberdefense, licensed under the GNU General Public License v3.0.