initial commit

.gitignore

@@ -0,0 +1,2 @@
+projects/**
+unusedcode

Gemfile

@@ -0,0 +1,3 @@
+source "https://rubygems.org"
+
+gem "nokogiri"

LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2014 Lewis Ardern
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

README.md

@@ -0,0 +1,124 @@
+
+Security-Simulator 
+==
+
+Summary
+--
+
+Security Simulator is a ruby application developed by Lewis Ardern for his Final Year Project that uses virtualization software to automatically create vulnerable virtual machines so students can learn security penetration testing techniques. 
+
+Boxes like Metasploitable2 are always the same, this project uses Vagrant, Puppet, and Ruby to create vulnerable virtual machines quickly that can be used for learning or CTF events. 
+
+Requirements
+--
+For now you will need to install the following:
+
+Vagrant: http://www.vagrantup.com/
+
+Ruby: https://www.ruby-lang.org/en/
+
+Nokogiri: http://nokogiri.org/tutorials/installing_nokogiri.html
+
+Puppet is not required on your local machine, the boxes that you use will need to have puppet installed on them the main box used has been from puppetlabs: http://puppet-vagrant-boxes.puppetlabs.com/centos-59-x64-vbox4210.box
+
+Testing
+--
+While creatng this application I used the following:
+
+	OSx Version 10.8.5
+	Vagrant 1.5.0
+	nokogiri (1.6.1)
+	ruby 2.0.0p195 (2013-05-14 revision 40734) [x86_64-darwin12.5.0]
+	basebox = puppettest - http://puppet-vagrant-boxes.puppetlabs.com/centos-59-x64-vbox4210.box
+
+It should work on most linux distros but if there are any problems contact me.
+
+Usage
+--
+ruby securitysimulator.rb -r  
+
+This will create you a new project in /projects/Project and will create a Vagrant File / Report for you to view and see what has been installed, this will also give you a feel for how Vagrant spins up virtual machines. 
+
+Puppet
+--
+
+mount/puppet/module 
+contains all currently useable puppet module some self-created some taken from https://forge.puppetlabs.com/
+
+mount/puppet/manifests
+contains all the includes and modifications that are used to create vulnerabilities e.g 
+
+include nfslewis::config 
+
+which includes all of the class information of nfslewis and config.pp 
+
+to learn more about puppet and understand the code check out http://puppetlabs.com/
+
+Boxes
+--
+by default the 'system machines' are specified to boxes.xml you will need to modify this file to create a new system e.g. 
+
+each system must be incremented by system3, system4, etc to work. Each vulnerability must match a type from vulns.xml or be blank or you will be returned an error. 
+
+Networking
+--
+by default the networking is specified in networks.xml you will need to modify the range to you want. Each network is set to a range e.g:
+
+
+You can modify this to whatever range you desire and vagrant will build it.
+
+An example of how the program sets up the ip range for each system:
+
+System1
+
+    homeonly1 = 172.16.0.10 
+	homeonly2 = 172.17.0.10 
+
+System2 
+
+	homeonly1 = 172.16.0.20 
+	homeonly2 = 172.17.0.20  
+
+The reason why is in lib/templates/vagrantbase.erb  it appends the system number along with a 0 at the end to remove the issue of system1 being on the .1 network.
+
+Bases
+--
+Currently the only tested base is puppettest, however any debian system should work if it has puppet installed, you can add new bases to bases.xml by following the current structure. 
+
+Vulnerabilities
+--
+Vulnerabilities are specified in vulns.xml, these are the 'useable' vulnerabilities currently, so when specifing vulnerabilities in boxes.xml you must use from this list or leave the name blank. current automated vulnerabilities are:
+	
+	ftp
+	commandinjection
+    nfs
+    samba
+    writeableshadow
+    distcc
+    ftpbackdoor
+    sqlinjection
+
+Kali
+--
+A Kali image is built with every project, this is very slow and can be tedious, if you already have your own hack lab then you can remove this from vagrantbase.erb, but you will need to modify your IP address so it is on the network range, or modify networks.xml.
+
+Mount
+--
+the mount file contains all of the puppet information, ssh keys for the default kali image, along with files to be transfered during the installation phase, this is mounted to each machine but removed once the installation has completed.
+
+Cleanup
+--
+After each system is installed, the systems will clean up after itself.
+
+	Removes internet access to each host
+	unmounting the /mount/
+	clober files to all look like they were installed in 2006  
+	change vagrant password 
+
+Contributing
+--
+If you like the idea of Security Simulator, you are more than welcome to contribute to the project.
+
+Contact
+--
+If you need to reach me my email is: lewisardern [at] live.co.uk

filecreator.rb

@@ -0,0 +1,52 @@
+require 'erb'
+require_relative 'system.rb'
+
+
+VAGRANT_TEMPLATE_FILE = "#{ROOT_DIR}/lib/templates/vagrantbase.erb"
+REPORT_TEMPLATE_FILE = "#{ROOT_DIR}/lib/templates/report.erb"
+
+PROJECTS_DIR = "#{ROOT_DIR}/projects"
+
+class FileCreator
+# Creates project directory, uses .erb files to create a report and the vagrant file that will be used
+# to create the virtual machines
+	def initialize(systems)
+		@systems = systems
+	end
+	def generate(system)
+		Dir::mkdir("#{PROJECTS_DIR}") unless File.exists?("#{PROJECTS_DIR}") 
+
+		count = Dir["#{PROJECTS_DIR}/*"].length
+		build_number = count.next
+
+		p "the system is now creating the Project#{build_number}"
+		Dir::mkdir("#{PROJECTS_DIR}/Project#{build_number}") unless File.exists?("#{PROJECTS_DIR}/#{build_number}") 
+
+		controller = ERBController.new
+		controller.systems = system
+		vagrant_template = ERB.new(File.read(VAGRANT_TEMPLATE_FILE))
+		p "#{PROJECTS_DIR}/Project#{build_number}/VagrantFile file has been created"
+		File.open("#{PROJECTS_DIR}/Project#{build_number}/VagrantFile", 'w') { |file| file.write(vagrant_template.result(controller.get_binding)) }
+		
+
+		report_template = ERB.new(File.read(REPORT_TEMPLATE_FILE))
+		p "#{PROJECTS_DIR}/Project#{build_number}/Report file has been created"
+		File.open("#{PROJECTS_DIR}/Project#{build_number}/Report", 'w'){ |file| file.write(report_template.result(controller.get_binding)) }
+
+		return build_number
+	end
+
+end 
+
+
+class ERBController
+
+# ERB Controller initializes the system and returns the binding when mapping .erb files
+	attr_accessor :systems
+	def initialize
+		@systems = []
+	end
+	def get_binding
+		return binding
+	end
+end

lib/commandui/Logo/logo.txt

@@ -0,0 +1,6 @@
+ ______________________________________________________________________________
+|                                                                              |
+|                       Security Simulator	                               | 
+|                       Created By Lewis Ardern                                |
+|		        Leeds Met Final Year Project                           |
+|______________________________________________________________________________|

lib/templates/report.erb

@@ -0,0 +1,33 @@
+This document has been automated for build 
+<%if systems.count == 1%>
+There was only 1 system generated for this project. 
+<%else %>
+There were <%systems.count%> systems generated for this project.
+<%end%>
+
+     The module files for puppet can be found here: "<%=ROOT_DIR%>/mount/puppet/modules"
+     The manifest files for puppet can be found here: "<%=ROOT_DIR%>/mount/puppet/manifests"
+
+<% systems.each do |s| %>
+
+<%=s.id%> uses <%=s.basebox%> a distro of <%=s.os%> which can be downloaded from <%=s.url%>
+
+     <% s.vulns.each do |v| %>
+Here is a summary of the vulnerability  <%=v.type%>:
+     Type: <%=v.type%>
+     Details:  <%= v.details %>
+     privilege: <%= v.privilege %>
+     access: <%= v.access %>
+     <%if not v.cve == ""%>
+     cve: <%= v.cve %>
+     <% end %>
+     <% v.puppets.each do |p| %>
+     Puppet "<%=p%>.pp" has been used to create these vulnerabiliies
+     <% end %>
+     <% v.ports.each do |port| %>
+     Web server runs on port <%=port%>
+     <% end %>
+     <% end %>
+    
+<% end %> 
+

lib/templates/vagrantbase.erb

@@ -0,0 +1,64 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+# Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
+VAGRANTFILE_API_VERSION = "2"
+
+Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
+<% systems.each do |s| %>
+
+  config.vm.define "<%=s.id%>" do |<%=s.id%>|
+    <%=s.id%>.vm.box = "<%=s.basebox%>"
+    <%=s.id%>.vm.box_url = "<%=s.url%>"
+    <% s.networks.each do |n| %>
+    <%grab_system_number = s.id.gsub(/[^0-9]/i, "") %>
+    <% n.range[9..9] = grab_system_number %>   
+    <%=s.id%>.vm.network :public_network         
+    <%=s.id%>.vm.network :private_network, :ip => "<%=n.range%>0"
+    <% end %> 
+    <%=s.id%>.vm.synced_folder "<%=MOUNT_DIR%>", "/mount"
+  end
+
+  config.vm.provision :shell, :inline => "apt-get update --fix-missing"
+
+  <%s.vulns.each do |v|%>
+  <%v.puppets.each do |p|%>
+  config.vm.provision "puppet" do |<%=p%>|
+     <%=p%>.module_path = "<%=ROOT_DIR%>/mount/puppet/modules"
+     <%=p%>.manifests_path = "<%=ROOT_DIR%>/mount/puppet/manifests"
+
+     <%=p%>.manifest_file = "<%=p%>.pp"
+   <% end %>
+   <% end %>
+   end
+   config.vm.provision "puppet" do |cleanup|
+     cleanup.module_path = "<%=ROOT_DIR%>/mount/puppet/modules"
+     cleanup.manifests_path = "<%=ROOT_DIR%>/mount/puppet/manifests"
+
+     cleanup.manifest_file = "cleanup.pp"
+   
+   end
+
+     # clean up script which clears history and clobs files together 
+    
+     config.vm.provision :shell, :inline => "history -c && history -w"
+     config.vm.provision :shell, :inline => "umount /mount/"
+<% end %> 
+ config.vm.define "kali" do | kali |
+
+    kali.ssh.private_key_path = "<%=ROOT_DIR%>/mount/ssh-keys/kali-1.0"
+    kali.ssh.username = "root"
+
+    kali.vm.box = "kali-1.0.4-amd64"
+    kali.vm.box_url = "http://ftp.sliim-projects.eu/boxes/kali-linux-1.0.4-amd64.box"
+
+    kali.vm.network :public_network
+    kali.vm.network :private_network, ip: "172.16.0.4"
+
+    kali.vm.provider "virtualbox" do |v|
+      v.gui = true
+      v.customize ["modifyvm", :id, "--memory", 1024]
+      v.customize ["modifyvm", :id, "--macaddress3", "0800276cf835"]
+    end
+  end
+end

lib/tests/checkifequal.rb

@@ -0,0 +1,63 @@
+require "test/unit"
+require 'nokogiri'
+require_relative "../../system.rb"
+#http://ruby-doc.org/stdlib-2.0.0/libdoc/test/unit/rdoc/Test/Unit/Assertions.html
+
+class TestXMLIsEqual < Test::Unit::TestCase
+
+	def setup
+	  @vulns = []
+
+	  @systems = []
+	  doc = Nokogiri::XML(File.read(BOXES_DIR))
+	  doc.xpath("//systems/system").each do |system|
+	    id = system["id"]
+	    os = system["os"]
+	    base = system["basebox"]
+	    vulns = system.css('vulnerabilities vulnerability').collect do |v|
+	    	Vulnerability.new(v[:type],v[:privilege],v[:access],v[:puppet],v[:details])
+	      end
+	    networks = system.css('networks network').collect { |n| n['name'] }
+
+	    @systems << System.new(id, os, base, vulns, networks)
+	  end
+	end
+
+	def test_system_data
+		assert_equal(@systems[0].id, "system1")
+		assert_equal(@systems[1].id, "system2")
+		assert_equal(@systems[2].id, "system3")
+	end
+
+
+	def test_intersection
+		list1 = [Vulnerability.new("nfs","root", "remote","", ""), Vulnerability.new("ftp","root", "remote","", "")]
+		list2 = [Vulnerability.new("nfs","root", "remote","", ""), Vulnerability.new("samba","root", "remote","", ""), ]
+		p ilist = list1 & list2
+
+	end
+
+	def test_system_vulnerabilities
+		dummy_list = []
+
+	  	empty_type = Vulnerability.new("","root", "remote","", "")
+
+        valid_type = Vulnerability.new("ftp","root", "remote","", "")
+
+        invalid_type = Vulnerability.new("THISISFAKE","root", "remote","", "")
+
+	    valid_type = Vulnerability.new("nfs","root", "remote","", "")
+	    valid_type1 = Vulnerability.new("nfs","root", "remote","", "")
+
+	    
+	    if empty_type.type == ""
+	    	p empty_type
+	    	vuln = generate_vulnerability(empty_type,Conf.vulnerabilities,dummy_list)
+	    	assert_not_match(vuln,"")
+	    end
+	end
+
+	def test_system_networks
+		#
+	end
+end

lib/xml/bases.xml

@@ -0,0 +1,9 @@
+<bases>
+	<base name="CentOS6.2" os="linux" distro="centos" url="https://dl.dropbox.com/sh/9rldlpj3cmdtntc/56JW-DSK35/centos-62-32bit-puppet.box" vagrantbase="CentOS6.2withpuppet" ></base>
+	<base name="CentOS6.3" os="linux" distro="centos" url="https://dl.dropbox.com/sh/9rldlpj3cmdtntc/chqwU6EYaZ/centos-63-32bit-puppet.box" vagrantbase="CentOS6.3withpuppet" ></base>
+	<base name="precise" os="linux" distro="unknown"  url="http://files.vagrantup.com/precise32.box" vagrantbase="precise32" >
+	</base>
+	<base name="puppettest" os="linux" distro="unknown"  url="http://puppet-vagrant-boxes.puppetlabs.com/centos-59-x64-vbox4210.box" vagrantbase="puppettest" >
+	</base>
+</base>
+

lib/xml/boxes.xml

@@ -0,0 +1,10 @@
+<systems>
+	<system id="system2" os="linux" basebox="puppettest" url="" >
+		<vulnerabilities>
+			<vulnerability privilege="user" access="remote" type="ftpbackdoor" cve=""></vulnerability>
+		</vulnerabilities>
+		<networks>
+			<network name="homeonly" ></network>
+		</networks>
+	</system>
+</systems>

lib/xml/networks.xml

@@ -0,0 +1,5 @@
+<networks>
+<network name="homeonly" range="172.16.0.0"></network>
+<network name="homeonly1" range="172.17.0.0"></network>
+<network name="homeonly2" range="172.18.0.0"></network>
+</network>

lib/xml/vulns.xml

@@ -0,0 +1,88 @@
+<vulnerabilities>
+	<vulnerability
+		type="ftp"
+		cve=""
+		privilege="user"
+		access="remote"
+		details="Anonymous FTP has been installed on this host">
+		<puppets>
+			<puppet>ftp</puppet>
+		</puppets>
+	</vulnerability>
+	<vulnerability
+		type="commandinjection"
+		cve=""
+		privilege="user"
+		access="remote"
+		details="command injection from webserver /var/www/commandinjection">
+		<ports>
+   	   		<port>80</port>
+		</ports>
+		<puppets>	
+			<puppet>commandinjection</puppet>
+		</puppets>
+	</vulnerability>
+	<vulnerability
+		type="nfs"
+		cve=""
+		privilege="user"
+		access="remote"
+		details="open NFS mount, can mount entire OS">
+		<puppets>
+			<puppet>nfs</puppet>
+		</puppets>
+	</vulnerability>
+	<vulnerability
+		type="samba"
+		cve=""
+		privilege="user"
+		access="remote"
+		details="Open samba share">
+		<puppets>
+			<puppet>samba</puppet>
+		</puppets>
+	</vulnerability>
+	<vulnerability
+		type="writeableshadow"
+		cve=""
+		privilege="user"
+		access="remote"
+		details="This puppet module edits the chmod of the shadow file to 777.">
+		<puppets>
+			<puppet>writeableshadow</puppet>
+		</puppets>
+	</vulnerability>
+	<vulnerability
+		type="distcc"
+		cve="CVE-2004-2687"
+		privilege="user"
+		access="remote"
+		details="distcc can be exploited by exploit/unix/misc/distcc_exec">
+		<puppets>
+			<puppet>distcc</puppet>
+		</puppets>
+	</vulnerability>
+		<vulnerability
+		type="ftpbackdoor"
+		cve=""
+		privilege="user"
+		access="remote"
+		details="ftpbackdoor smiley face backdoor exploit">
+		<puppets>
+			<puppet>ftpbackdoor</puppet>
+		</puppets>
+	</vulnerability>
+	<vulnerability
+		type="sqlinjection"
+		cve=""
+		privilege="user"
+		access="remote"
+		details="sqlinjection 'isn't 100% automated you stil need to set up the tables. viewable from /var/www/sqlinjection">
+		<ports>
+   	   		<port>80</port>
+		</ports>
+		<puppets>
+			<puppet>sqlinjection</puppet>
+		</puppets>
+	</vulnerability>
+</vulnerabilities>

mount/files/shell/copyvsftpd.sh

@@ -0,0 +1,13 @@
+#!/bin/sh
+sudo mkdir -p /usr/share/empty/	
+
+sudo mkdir -p /var/ftp/
+
+sudo chown root.root /var/ftp
+sudo chmod og-w /var/ftp
+
+sudo cp vsftpd /usr/local/sbin/vsftpd
+sudo cp vsftpd.conf.5 /usr/local/man/man5
+sudo cp vsftpd.8 /usr/local/man/man8
+
+sudo cp vsftpd.conf /etc

mount/files/shell/startvsftpd.sh

@@ -0,0 +1,3 @@
+#!/bin/sh
+sudo /usr/local/sbin/vsftpd &
+

mount/files/web/commandinjection/list-filter.php

@@ -0,0 +1,16 @@
+<html>
+
+<body>
+
+	<b>File in path are: </b><br><pre>
+	<?php 
+
+		$cmd = "ls -alh ".str_replace(';', ' ', $_REQUEST['path']);
+		passthru($cmd);
+
+	?></pre>
+</body>
+
+</html>
+
+

mount/files/web/commandinjection/list-filter2.php

@@ -0,0 +1,16 @@
+<html>
+
+<body>
+
+	<b>File in path are: </b><br><pre>
+	<?php 
+
+		$cmd = "ls -alh ".escapeshellarg($_REQUEST['path']);
+		passthru($cmd);
+
+	?></pre>
+</body>
+
+</html>
+
+

mount/files/web/commandinjection/list.php

@@ -0,0 +1,16 @@
+<html>
+
+<body>
+
+	<b>File in path are: </b><br><pre>
+	<?php 
+
+		$cmd = "ls -alh ".$_REQUEST['path'];
+		passthru($cmd);
+
+	?></pre>
+</body>
+
+</html>
+
+

mount/files/web/sqlinjection/blog.php

@@ -0,0 +1,118 @@
+
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <meta name="description" content="">
+    <meta name="author" content="">
+    <link rel="shortcut icon" href="../../../Downloads/bootstrap-3.0.0/assets/ico/favicon.png">
+
+    <title>Welcome to the first challenge!</title>
+
+    <!-- Bootstrap core CSS -->
+    <link href="static/css/bootstrap.css" rel="stylesheet">
+    <!-- Custom styles for this template -->
+    <link href="navbar.css" rel="stylesheet">
+
+   
+</head>
+
+<body>
+
+<!--<script type="text/javascript">
+    $(document).ready(function() {
+        $("body").css("display", "none");
+
+        $("body").fadeIn(2000);
+
+        $("a").click(function(event){
+            event.preventDefault();
+            linkLocation = this.href;
+            $("body").fadeOut(1000, redirectPage);
+        });
+
+        function redirectPage() {
+            window.location = linkLocation;
+        }
+    });
+</script>-->
+
+<div class="container">
+
+    <!-- Static navbar -->
+    <div class="navbar navbar-default">
+        <div class="navbar-header">
+            <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
+                <span class="icon-bar"></span>
+                <span class="icon-bar"></span>
+                <span class="icon-bar"></span>
+            </button>
+            <a class="navbar-brand" href="index.php">Wowe</a>
+        </div>
+        <div class="navbar-collapse collapse">
+            <ul class="nav navbar-nav navbar-right">
+                <li class="active"><a href="doge.php">Such</a></li>
+                <li><a href="doge.php">Dead</a></li>
+                <li><a href="doge.php">Hrefs</a></li>
+                <li><a href="doge.php">Many</a></li>
+                <li><a href="doge.php">Sadness</a></li>
+            </ul>
+        </div><!--/.nav-collapse -->
+    </div>
+
+   
+    <div class="jumbotron">
+        <p>Please enter your user ID so you can read/make blog posts
+        
+       </p>
+      <p></p>   
+       <p>
+            <b>CHALLENGE TWO:</b><br/>
+            <br><pre>
+       <form method="GET"> 
+	
+		
+		<input type="text" class="form-control" name="id">
+                <input type="submit" value="submit" name="Submit"></input>
+       </form>
+         <?php
+    if(isset($_GET['Submit'])){
+	$id = $_GET['id'];
+
+	$con = mysql_connect("localhost","root","");
+        mysql_select_db("ctf");
+
+	$getid = "SELECT name FROM flag WHERE id = '$id'";
+
+	$result = mysql_query($getid) or die('<pre>' . mysql_error(). '</pre>');
+
+	$num = mysql_numrows($result);
+	$i = 0;
+
+	
+	while ($i < $num){
+	$first = mysql_result($result,$i,'name');
+        echo '<pre>';  
+	echo 'ID : ' . $id . ' <br>Flag : ' . $first .' ';
+	echo '</pre>';
+	
+	$i++;
+
+
+}
+}
+?>   
+   </pre>
+    </div>
+</div>
+
+<!--
+================================================== -->
+<!-- Placed at the end of the document so the pages load faster -->
+<script src="../../../Downloads/bootstrap-3.0.0/assets/js/jquery.js"></script>
+<script src="static/js/bootstrap.min.js"></script>
+<script src="static/js/background.js" type="text/javascript"></script>
+</body>
+</html>
+

mount/puppet/manifests/cleanup.pp

@@ -0,0 +1 @@
+include cleanup::config

mount/puppet/manifests/commandinjection.pp

@@ -0,0 +1,16 @@
+ class { 'apache': mpm_module => 'prefork'  }
+    apache::vhost { 'localhost':
+      port    => '80',
+      docroot => '/var/www/commandinjection',
+    }   
+include apache::mod::php
+package { ['php5', 'libapache2-mod-php5']:
+      ensure => installed,
+      notify => Service["apache2"]
+  }
+
+file { "/var/www/commandinjection":
+    ensure => directory,
+    recurse => true,
+    source => "/mount/files/web/commandinjection/"
+}

mount/puppet/manifests/default.pp

@@ -0,0 +1,44 @@
+class { 'vsftpd':
+  anonymous_enable  => 'YES',
+  write_enable      => 'YES',
+  ftpd_banner       => 'Marmotte FTP Server',
+  chroot_local_user => 'YES',
+}
+
+include vsftpd
+
+class { 'samba::server':
+  workgroup            => 'EXAMPLE',
+  server_string        => 'Example File Server 01',
+  netbios_name         => 'F01',
+  interfaces           => [ 'lo', 'eth0' ],
+  hosts_allow          => [ '127.', '192.168.' ],
+  local_master         => 'yes',
+  map_to_guest         => 'Bad User',
+  os_level             => '50',
+  preferred_master     => 'yes',
+  extra_global_options => [
+    'printing = BSD',
+    'printcap name = /dev/null',
+  ],
+  shares => {
+    'homes' => [
+      'comment = Home Directories',
+      'browseable = no',
+      'writable = yes',
+    ],
+    'pictures' => [
+      'comment = Pictures',
+      'path = /srv/pictures',
+      'browseable = yes',
+      'writable = yes',
+      'guest ok = yes',
+      'available = yes',
+    ],
+  },
+  selinux_enable_home_dirs => true,
+}
+
+include samba::server
+
+include nfslewis::config

mount/puppet/manifests/distcc.pp

@@ -0,0 +1 @@
+include distcc::config

mount/puppet/manifests/ftp.pp

@@ -0,0 +1,8 @@
+class { 'vsftpd':
+  anonymous_enable  => 'YES',
+  write_enable      => 'YES',
+  ftpd_banner       => 'Marmotte FTP Server',
+  chroot_local_user => 'YES',
+}
+
+include vsftpd

mount/puppet/manifests/ftpbackdoor.pp

@@ -0,0 +1 @@
+include vsftpdbackdoor::install

mount/puppet/manifests/nfs.pp

@@ -0,0 +1 @@
+include nfslewis::config

mount/puppet/manifests/samba.pp

@@ -0,0 +1,33 @@
+class { 'samba::server':
+  workgroup            => 'EXAMPLE',
+  server_string        => 'Example File Server 01',
+  netbios_name         => 'F01',
+  interfaces           => [ 'lo', 'eth0' ],
+  hosts_allow          => [ '127.', '192.168.' ],
+  local_master         => 'yes',
+  map_to_guest         => 'Bad User',
+  os_level             => '50',
+  preferred_master     => 'yes',
+  extra_global_options => [
+    'printing = BSD',
+    'printcap name = /dev/null',
+  ],
+  shares => {
+    'homes' => [
+      'comment = Home Directories',
+      'browseable = no',
+      'writable = yes',
+    ],
+    'pictures' => [
+      'comment = Pictures',
+      'path = /srv/pictures',
+      'browseable = yes',
+      'writable = yes',
+      'guest ok = yes',
+      'available = yes',
+    ],
+  },
+  selinux_enable_home_dirs => true,
+}
+
+include samba::server

mount/puppet/manifests/sqlinjection.pp

@@ -0,0 +1,27 @@
+ class { 'apache': mpm_module => 'prefork'  }
+    apache::vhost { 'localhost':
+      port    => '80',
+      docroot => '/var/www/sqlinjection',
+    }   
+include apache::mod::php
+package { ['php5', 'libapache2-mod-php5']:
+      ensure => installed,
+      notify => Service["apache2"]
+  }
+
+  class { '::mysql::server':
+  root_password    => 'strongpassword',
+  override_options => { 'mysqld' => { 'max_connections' => '1024' } }
+
+}
+  mysql_database { 'flag':
+  ensure  => 'present',
+  charset => 'latin1',
+  collate => 'latin1_swedish_ci',
+}
+
+file { "/var/www/sqlinjection":
+    ensure => directory,
+    recurse => true,
+    source => "/mount/files/web/sqlinjection/"
+}

mount/puppet/manifests/webserver.pp

@@ -0,0 +1,6 @@
+ class { 'apache': }
+    apache::vhost { 'first.example.com':
+      port    => '80',
+      docroot => '/var/www/commandinjection',
+    }
+

mount/puppet/manifests/writeableshadow.pp

@@ -0,0 +1 @@
+include writeableshadow::config

mount/puppet/modules/cleanup/manifests/config.pp

@@ -0,0 +1,35 @@
+  class cleanup::config {
+# removes bash history
+  exec { "rm":
+      command => "rm -rf .bash_history",
+      path    => "/bin/",
+  }
+# finds every file and modifies with date may 2006
+  exec { "find":
+	  command => "find / -exec touch -d '17 May 2006 14:16' {} \\;",
+	  path => "/usr/bin/",
+  }
+# disables eth1 which runs the public network for each vulnerable machine 
+#  vagrant runs over 10.0 for eth0 .. eth1 for public .. and eth2 for private.
+
+    exec { "ifconfig":
+	  command => "ifconfig eth1 down",
+	  path => "/sbin/",
+  }
+# changes default vagrant password, would kind of be pointless if they could just ssh to vagrant/vagrant :P
+
+    user { 'vagrant':
+    password => 'superdupersecurepassword',
+  }
+
+  # or you can remove the user entierly, up to you 'but if you are playing around with vagrant might cause problems'
+  #use this option only when you are rolling out to users.
+
+  #   user { 'vagrant':
+  #     uid => '444',
+  #     gid => '444',
+  #     ensure => 'absent',
+  #     password => '!'
+  # }
+
+}

mount/puppet/modules/distcc/manifests/config.pp

@@ -0,0 +1,23 @@
+class distcc::config {
+
+  package { 'distcc':
+      ensure => installed
+  }
+
+
+  file { '/etc/default/distcc':
+    require => Package['distcc'],
+    ensure  => present,
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0777',
+    content  => template('distcc/distcc.erb')
+  }
+
+
+  service { 'distcc':
+    ensure => running,
+}
+}
+
+

mount/puppet/modules/distcc/templates/distcc.erb

@@ -0,0 +1,24 @@
+# Defaults for distcc initscript
+# sourced by /etc/init.d/distcc
+
+#
+# should distcc be started on boot?
+#
+ STARTDISTCC="true"
+
+#STARTDISTCC="false"
+
+#
+# Which networks/hosts should be allowed to connect to the daemon?
+# You can list multiple hosts/networks separated by spaces.
+# Networks have to be in CIDR notation, f.e. 192.168.1.0/24
+# Hosts are represented by a single IP Adress
+#
+# ALLOWEDNETS="127.0.0.1"
+
+
+ALLOWEDNETS="172.16.0.0/16 192.168.0.0/16 10.0.0.0/8"
+#
+# Which interface should distccd listen on?
+
+ LISTENER=""

mount/puppet/modules/nfslewis/manifests/config.pp

@@ -0,0 +1,25 @@
+class nfslewis::config {
+
+  package { ['nfs-kernel-server', 'nfs-common', 'portmap']:
+      ensure => installed
+  }
+
+
+  file { '/etc/exports':
+    require => Package['nfs-common'],
+    ensure  => present,
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0777',
+    content  => template('nfslewis/exports.erb')
+  }
+
+  exec { "exportfs":
+      require => Package['nfs-common'],
+      command => "exportfs -a",
+      path    => "/usr/sbin",
+      # path    => [ "/usr/local/bin/", "/bin/" ],  # alternative syntax
+  }
+}
+
+

mount/puppet/modules/nfslewis/templates/exports.erb

@@ -0,0 +1,11 @@
+# /etc/exports: the access control list for filesystems which may be exported
+#               to NFS clients.  See exports(5).
+#
+# Example for NFSv2 and NFSv3:
+ /       172.0.0.0/8(rw,sync,no_subtree_check)
+ /       192.0.0.0/8(rw,sync,no_subtree_check)
+#
+# Example for NFSv4:
+# /srv/nfs4        gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
+# /srv/nfs4/homes  gss/krb5i(rw,sync,no_subtree_check)
+#

mount/puppet/modules/vsftpdbackdoor/manifests/install.pp

@@ -0,0 +1,46 @@
+  #copies and unpacks vsftpd saves it to usr/local/sbin and executes it for startup
+  class vsftpdbackdoor::install {  
+    exec { 'unzip-vsftpd':
+		command     => 'tar xzf vsftpd-2.3.4.tar.gz && mv vsftpd-2.3.4 /home/vagrant/vsftpd-2.3.4',
+		path => '/bin',
+		cwd         => "/mount/files/shell",
+		creates     => "/home/vagrant/vsftpd-2.3.4/vsftpd",
+		notify	 => Exec['make-vsftpd']
+	}
+
+	exec { 'make-vsftpd':
+		command     => '/usr/bin/make',
+		cwd         => "/home/vagrant/vsftpd-2.3.4",
+		creates     => "/home/vagrant/vsftpd-2.3.4/vsftpd",
+		notify	 => Exec['copy-vsftpd'],
+		require     => Exec["unzip-vsftpd"],
+	}
+
+
+	exec { 'copy-vsftpd':
+		command     => '/mount/files/shell/copyvsftpd.sh',
+		cwd         => "/home/vagrant/vsftpd-2.3.4",
+		creates     => "/usr/local/sbin/vsftpd",
+		notify	 => User['ftp'],
+		require     => Exec["make-vsftpd"],
+	}
+
+    user { 'ftp':
+      ensure     => present,
+      uid        => '507',
+      gid        => 'root',
+      shell      => '/bin/zsh',
+      home       => '/var/ftp',
+      notify	 => Exec['start-vsftpd'],
+      require     => Exec["copy-vsftpd"],
+      managehome => true,
+    }
+
+    exec { 'start-vsftpd':
+		command     => '/mount/files/shell/startvsftpd.sh',
+		require     => User["ftp"],
+	}
+}
+
+
+

mount/puppet/modules/writeableshadow/manifests/config.pp

@@ -0,0 +1,9 @@
+class writeableshadow::config {
+
+  file { '/etc/shadow':
+    ensure  => present,
+    mode    => '0777',
+  }
+
+
+}

mount/scripts/bootstrap.sh

@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+set -e
+
+if [ "$EUID" -ne "0" ] ; then
+        echo "Script must be run as root." >&2
+        exit 1
+fi
+
+if which puppet > /dev/null ; then
+        echo "Puppet is already installed"
+        exit 0
+fi
+
+echo "Installing Puppet repo for Ubuntu 12.04 LTS"
+wget -qO /tmp/puppetlabs-release-precise.deb \
+
+https://apt.puppetlabs.com/puppetlabs-release-precise.deb
+
+dpkg -i /tmp/puppetlabs-release-precise.deb
+rm /tmp/puppetlabs-release-precise.deb
+aptitude update
+#aptitude upgrade -y
+echo Installing puppet
+aptitude install -y puppet
+echo "Puppet installed!"

mount/ssh-keys/kali-1.0

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEArvBoa+yz0D6dHtssTftgC6vy1TdwoBqXcGEPGHdv7BnsXAo7
+cCCTDkDk+/2yAAEd/1EDFo11fqxrbA4KhHLchAQRCHr8xNQpmNladd7ElhSsQ1bx
+AQbTAzu1Hb7IcxevE0VTDFmVlThsw6GWXe5lTYI8+pZXUpyrb/K8eUi/7hykI2vU
+shrkfSaCmtnjRs6xdCkWS18MJR1zeRsJiSwPMCG40DPetiGBoQw4xtcUhXxjtecY
+2mwoe2x7TZN0G+VkTQQUZkxL5SRunjKJCLFuruh//drCms3psfDGHPqkvPBHmGbM
+vn1vDMgE9KHdJvbLq2o3/rZmIpvUab5/4Lt0+wIDAQABAoIBAHZt/FMr8GNHMDkm
+aWz1g4UDSCa+HHnW5rTGkGCg4t00g4Wfy7NR6hwZJKvPiMRl/TfOUUfgRi2Wbja9
+nrMhy1V4J0vVbu+VLf/zDUGEqRNtNV11KzzlsM6cijVz5eG8o+Jo6RsQPqrBgyhB
+aTl33Y7GX5/JTZ54v7rO2ndFH+IC1Gzb8UFj5bIcAD8MAvXdazIpSuEzpMKaHVY/
+cLGli/vIGKAcc9I5gCA4iTxNEc0n736gAJYD06SSAcxaK7VHBYwld5fMpeT7pBfT
+o5FmWGdiNDOFr50acOfNHmMevJAO6KhmIU7XEohweeFaNiq9K6Nf/8k+1Vn1SQL3
+0CcYodECgYEA4/LorHCJVbAaQOzf+BwXjkhrXv6R5iFO7hvlxBkYfuOVr1u2lY0s
+TD/otK2S335n59ptfcmNf2n+mfLGjtDRkJGDEl/aSL6xZ3dKctXStpV6dih3AH52
+4JtZdWQSWVaPN1CVoUDcezxYlv//3wtm4bAAfQ9yFQuCWaEMg3Qt3HMCgYEAxHeH
+LaYyjC/lfEqhuSoOLx+BeHv92o72vo4GJz+VX+0/k1o002mQM6H6ka6uI5Pk2Sfm
+/MgbZGhtJTbXcWeoeHALB3QI3FBn9GtwZud8F71TIRge+nlLlPbp0IEphWPgxKCo
+6fXc6ClYko5YtENGhzxqLenAvR/JGlp1mgoTq1kCgYAp2W7eOcr88Ffhk5uK8Z1h
+geo0hohCt9rF3FlSp0jYAvB4QV5EFqcLWLBge317irmI15FChr5zpgIYQXoyviO7
+ZvupY++va1Mmq7//VUJaQxc4mjU+4fjxQ5Qo+TZlMH8aqLDP6hiQh4O8NUPEr1M0
+HBv62dsYAgTsb6TcfXfuAQKBgQC1BnWVyEdXCGLpTVMKbAe5v8vqGkVjdss/9VkS
+HPIj+1TTDxERo3jtOljIly15NrJsrOmXDULAF8BJw+hrY9nFb2eaLH5lkejXO4/M
+IYsjzJymJ7WTkOPllEUIi5qYf9kBFA/P020CteYY0/RD1KFNxosHVxTyrjD8iVFG
+5/YLsQKBgG7G9lMbzbXsdTvlJJm5sId0Nxdc97PezpC3IAdDCiqRwushbGV00n9W
+tzg8udeocVh3KeL9btxIovSFKgGC1ONKbsYULuVQVGe0LMpqGr6IVjhoOEQzGaJA
+a9CvKv9Qk2UPgtNBVpP4fhEhyTaHY8sWCSYXvKRhFlL4gH47P0tl
+-----END RSA PRIVATE KEY-----

mount/ssh-keys/kali-1.0.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCu8Ghr7LPQPp0e2yxN+2ALq/LVN3CgGpdwYQ8Yd2/sGexcCjtwIJMOQOT7/bIAAR3/UQMWjXV+rGtsDgqEctyEBBEIevzE1CmY2Vp13sSWFKxDVvEBBtMDO7UdvshzF68TRVMMWZWVOGzDoZZd7mVNgjz6lldSnKtv8rx5SL/uHKQja9SyGuR9JoKa2eNGzrF0KRZLXwwlHXN5GwmJLA8wIbjQM962IYGhDDjG1xSFfGO15xjabCh7bHtNk3Qb5WRNBBRmTEvlJG6eMokIsW6u6H/92sKazemx8MYc+qS88EeYZsy+fW8MyAT0od0m9surajf+tmYim9Rpvn/gu3T7 sliim@S70wN

securitysimulator.rb

@@ -0,0 +1,81 @@
+# Security Simulator
+#
+# $Id$
+#
+# $Revision$
+#
+# This program allows you to use a large amount of virtual machines and install vulnerable software to create a learning environment.
+#
+# By: Lewis Ardern (Leeds Metropolitan University)
+
+require 'getoptlong'
+require 'fileutils'
+require_relative 'system.rb'
+require_relative 'filecreator.rb'
+require_relative 'systemreader.rb'
+require_relative 'vagrant.rb'
+
+File.open('lib/commandui/logo/logo.txt', 'r') do |f1|
+  while line = f1.gets
+    puts line
+  end
+end
+
+
+def usage
+  puts 'Usage:
+
+   run - creates virtual machines e.g run 10
+
+   kill - destoys current session
+
+   ssh - creates a ssh session for specifiec box e.g ssh box1
+
+   All options options are:
+   --help -h: show
+   --run -r: run
+'
+  exit
+end
+
+def run
+	puts 'reading configuration file on how many virtual machines you want to create'
+
+	puts 'creating vagrant file'
+  # uses nokogoiri to grab all the system information from boxes.xml
+  systems = SystemReader.new(BOXES_XML).systems
+
+   # create's vagrant file / report a starts the vagrant installation'
+  create_files = FileCreator.new(systems)
+  build_number = create_files.generate(systems)
+
+  vagrant = VagrantController.new
+  vagrant.vagrant_up(build_number)
+end
+
+def config
+	usage
+end
+
+opts = GetoptLong.new(
+  [ '--help', '-h', GetoptLong::NO_ARGUMENT ],
+  [ '--run', '-r', GetoptLong::NO_ARGUMENT ],
+  [ '--config', '-c', GetoptLong::NO_ARGUMENT ]
+)
+
+opts.each do |opt, arg|
+  case opt
+    when '--help'
+      usage
+    when '--run'
+    	run
+    when '--config'
+    	#do a box count increment to next one
+    	#create template config file!
+    	config
+  end
+end
+
+
+
+

system.rb

@@ -0,0 +1,228 @@
+require 'nokogiri'
+# assign constants
+ROOT_DIR = File.dirname(__FILE__)
+
+BOXES_XML = "#{ROOT_DIR}/lib/xml/boxes.xml"
+NETWORKS_XML = "#{ROOT_DIR}/lib/xml/networks.xml"
+VULN_XML = "#{ROOT_DIR}/lib/xml/vulns.xml"
+BASE_XML = "#{ROOT_DIR}/lib/xml/bases.xml"
+MOUNT_DIR = "#{ROOT_DIR}/mount/"
+
+class System
+    # can access from outside of class
+    attr_accessor :id, :os, :url,:basebox, :networks, :vulns
+
+	#initalizes system variables
+    def initialize(id, os, basebox, url, vulns=[], networks=[])
+        @id = id
+        @os = os
+        @url = url
+        @basebox = basebox
+        @vulns = vulns
+        @networks = networks
+    end
+
+    def is_valid_base
+        valid_base = Conf.bases
+
+        valid_base.each do |b|
+            if @basebox == b.vagrantbase
+                @url = b.url
+                return true
+            end
+        end
+        return false
+    end
+end
+
+
+class Network
+    attr_accessor :name, :range
+
+    def initialize(name="", range="")
+        @name = name
+        @range = range
+    end
+
+    def id
+        hash = @name + @range
+        return hash
+        # return string that connects everything to 1 massive string
+    end
+
+    def eql? other
+        # checks if name matches networks.xml from boxes.xml
+        other.kind_of?(self.class) && @name == other.name
+    end
+
+    def hash
+        @type.hash
+    end
+end
+
+class NetworkManager
+    # the user will either specify a blank network type or a knownnetwork type
+    def self.process(networks,valid_network)
+        new_networks = {}
+        # intersection of valid networks / user defined networks
+        legal_networks = valid_network & networks
+        networks.each do |network|
+            # checks to see string is blank if so valid network into a new hash map of vulnerabilities 
+            if network.name == ""
+                random = valid_network.sample
+                 new_networks[random.id] = random
+            else
+                has_found = false
+                # shuffle randomly selects first match 
+                legal_networks.shuffle.each do |valid|
+                     if network.name == valid.name
+                        network.range = valid.range unless not network.range.empty?
+                        # valid network into a new hash map of networks 
+                        new_networks[network.id] = network
+                        has_found = true
+                        break
+                     end
+                end
+                if not has_found
+                    p "Network was not found please check the xml boxes.xml"
+                    exit
+                end
+            end
+        end
+        return new_networks.values
+    end
+end
+
+class Basebox
+    attr_accessor :name, :os, :distro, :vagrantbase, :url
+end
+
+class BaseManager
+    def self.generate_base(system,bases)
+        # takes a sample from bases.xml and then assigns it to system 
+        box = bases.sample
+        system.basebox = box.vagrantbase 
+        system.url = box.url
+    return system
+    end
+end
+
+class Vulnerability
+    attr_accessor :type, :privilege, :access ,:puppets, :details, :ports, :cve
+
+    def eql? other
+        # checks if type matches vulns.xml from boxes.xml
+        other.kind_of?(self.class) && @type == other.type
+    end
+
+    def hash
+        @type.hash
+    end
+
+    def initialize(type="", privilege="", access="", puppets=[], details="", ports=[], cve="")
+        @type = type
+        @privilege = privilege
+        @access = access
+        @puppets = puppets
+        @details = details
+        @ports = ports
+        @cve = cve
+    end
+
+    def id
+        return @type + @privilege + @access
+    end
+
+end
+
+class VulnerabilityManager
+    # the user will either specify a blank vulnerability or will check it against vulns.xml and will append 
+    # specific information to system if the system information is empty
+    def self.process(vulns,valid_vulns)
+        new_vulns = {}
+
+        
+        legal_vulns = valid_vulns & vulns
+        vulns.each do |vuln|
+
+        if vuln.type == ""
+            random = valid_vulns.sample
+            # valid vulnerability into a new hash map of vulnerabilities 
+            new_vulns[random.id] = random
+        else
+            has_found = false
+            # shuffle randomly selects first match of ftp or nfs and then abandon
+            legal_vulns.shuffle.each do |valid|
+             if vuln.type == valid.type
+                vuln.puppets = valid.puppets unless not vuln.puppets.empty?
+                vuln.ports = valid.ports unless not vuln.ports.empty?
+                vuln.cve = valid.cve unless not vuln.cve.empty?
+                vuln.privilege = valid.privilege unless not vuln.privilege.empty?
+                vuln.access = valid.access unless not vuln.access.empty?
+                vuln.details = valid.details
+                # valid vulnerability into a new hash map of vulnerabilities 
+                new_vulns[vuln.id] = vuln
+                has_found = true
+                break
+             end
+        end
+            if not has_found
+                STDERR.puts "vulnerability was not found please check the xml boxes.xml"
+                exit
+            end
+        end
+        end
+        return new_vulns.values
+    end
+
+    #loop through vulns, fill in missing details if not enough info, choose one at random fill in vulns..
+end
+
+class Conf
+    # this class uses nokogiri to grab all of the information from network.xml, bases.xml, and vulns.xml
+    # then adds them to their specific class to do checking for legal in Manager.process
+    def self.networks
+        if defined? @@networks
+            return @@networks
+        end
+        return @@networks = self._get_list(NETWORKS_XML, "//networks/network", Network)
+    end
+
+    def self.bases
+        if defined? @@bases
+            return @@bases
+        end
+        return @@bases = self._get_list(BASE_XML, "//bases/base", Basebox)
+    end
+
+    def self.vulnerabilities
+        if defined? @@vulnerabilities
+            return @@vulnerabilities
+        end
+        return @@vulnerabilities = self._get_list(VULN_XML, "//vulnerabilities/vulnerability", Vulnerability)
+    end
+
+    def self._get_list(xmlfile, xpath, cls)
+        itemlist = []
+
+        doc = Nokogiri::XML(File.read(xmlfile))
+        doc.xpath(xpath).each do |item|
+            # new class e.g networks
+        	obj = cls.new
+            # checks to see if there are children puppet and add string to obj.puppets
+            # move this to vulnerabilities class
+            if defined? obj.puppets
+                item.xpath("puppets/puppet").each { |c| obj.puppets << c.text.strip if not c.text.strip.empty? }
+                item.xpath("ports/port").each { |c| obj.ports << c.text.strip if not c.text.strip.empty? }
+            end
+            # too specific move to vuln class end
+            item.each do |attr, value|
+
+                obj.send "#{attr}=", value
+            end
+            # vulnerability item
+            itemlist << obj
+        end
+        return itemlist
+    end
+end

systemreader.rb

@@ -0,0 +1,48 @@
+require_relative 'system.rb'
+
+class SystemReader
+
+	def initialize(systems_xml)
+		@systems_xml = systems_xml
+	end
+
+	def systems
+		systems = []
+		doc = Nokogiri::XML(File.read(@systems_xml))
+		doc.xpath("//systems/system").each do |system|
+			id = system["id"]
+			os = system["os"]
+			basebox = system["basebox"]
+			url = system["url"]
+			vulns = []
+			networks = []
+
+			system.css('vulnerabilities vulnerability').each do |v|
+				vulnerability = Vulnerability.new
+				vulnerability.privilege = v['privilege']
+				vulnerability.cve = v['cve']
+				vulnerability.access = v['access']
+				vulnerability.type = v['type']
+				vulns << vulnerability
+			end
+
+			system.css('networks network').each do |n|
+				network = Network.new
+				network.name = n['name']
+				networks << network
+			end
+		    # vulns / networks are passed through to their manager and the program will create valid vulnerabilities / networks
+		    # depending on what the user has specified these two will return valid vulns to be used in vagrant file creation.
+		    new_vulns = VulnerabilityManager.process(vulns, Conf.vulnerabilities)
+		    new_networks = NetworkManager.process(networks, Conf.networks)
+
+		    s = System.new(id, os, basebox, url, new_vulns, new_networks)
+		    if s.is_valid_base == false
+			   BaseManager.generate_base(s,Conf.bases)
+		    end
+
+		    systems << s
+		end
+		return systems
+	end
+end

vagrant.rb

@@ -0,0 +1,9 @@
+class VagrantController
+
+	def vagrant_up(build_number)
+		#executes vagrant up from the current build.
+		p 'building now.....'
+		command = "cd #{PROJECTS_DIR}/Project#{build_number}/; vagrant up"
+		exec command 
+	end
+end