Virtua Lab lets you build your own cloud virtual machine lab, whether you want to teach a class, train professionals, run a hackathon, host a hands-on-lab, etc.
The lab infrastructure runs on DigitalOcean infrastructure. It consists of a jumphost running Apache Guacamole and as many lab boxes as you want (or can) spin up.
This project originated from the Hack The Box Meetup: Zurich, CH, where I wanted to offer participants ready-to-use Kali boxes to avoid the time spent on VM setup. This setup conveniently provides access to the lab machines through the browser.
You will need the following software to build the lab:
- Terraform, or alternatively OpenTofu (not tested) to provision the DigitalOcean resources
- Packer to create the VM images (jumphost and lab boxes)
- VirtualBox
- Python 3
Obviously, you will also need a DigitalOcean subscription. Get $200 of credit using the following link:
Copy config.yaml.example to config.yaml. This is where all the lab's configuration settings are stored.
Create a full access personal access token and store it in config.yaml under digitalocean.token.
For details follow the instructions at How to Create a Personal Access Token.
You need to delegate your lab DNS domain to digitalocean. To update your domain's delegation, set the following name server addresses at your registrar:
ns1.digitalocean.com
ns2.digitalocean.com
ns3.digitalocean.com
For details, see: Point to DigitalOcean Name Servers From Common Domain Registrars.
Store the lab domain name in config.yaml under digitalocean.domain.
Add at least one SSH key to your DigitalOcean account. This will be used to access your running droplets. See How to Add SSH Public Keys to DigitalOcean for details.
By default the expected name of the SSH key is terraform. You can change this in config.yaml under digitalocean.ssh_key_name.
For the lab operation, you will need to create at least two virtual machine images for the jumphost and the lab boxes.
See the instructions under packer/jumphost to create the jumphost image. You will find corresponding configuration settings in config.yaml under digitalocean.jumphost.
The lab boxes are based on a snapshot or custom image of your choice. There is an example of a Kali Linux image under packer/kali. You will find corresponding configuration settings in config.yaml under digitalocean.labbox.
See instructions under terraform/setup to deploy the initial cloud setup (e.g. DNS domain, certificate, lab project, etc).
See instructions under terraform/infra to deploy the lab infrastructure. You can sepcify the number of lab boxes to deploy in config.yaml under digitalocean.labbox.count.
The last step consists in provisioning users on the jumphost and setting up corresponding RDP connections. This is achieved with the script in utils/labmanger.
If you need to create more droplets than your current limit allows, you can request an increase. See How do I increase my Droplet limit? for details.
After destroying the lab infrastructure and removing the corresponding DNS records, any DNS resolver will start caching the inexistent records as negative results. This means that if you redeploy the lab in short time, it will not be reachable for the time specified by the TTL (usually 1800s = 30mins).