Automatically Deploy WAAP and Vulnerable Web App

This playbook will install Nginx and Docker on a Ubuntu VM within Azure.

It will then download OWASP Juice Shop and run as a container.

Finally, it will deploy the WAAP and register it.

Terraform

Azure CLI

Clone the repository

git clone https://github.com/metalstormbass/WAAP-TF.git

Ensure that you have Azure CLI installed. Once installed run the following command in Powershell.

az login

Edit the variables as required. You can create a terraform.tfvars file and fill it our like below. Otherwise, you will be prompted for the information.

victim_company = "MikeNet"
victim-network-vnet-cidr = "10.22.0.0/16" 
victim-network-subnet-cidr = "10.22.0.0/24" 
environment = "Staging"
vulnvm-name = "VulnServer"
username = "mike" 
password = "Vpn123vpn123!"
token = INSERT WAAP Token here

Run the following commands in Terraform:

terraform init

then:

terraform apply

Finally, wait until Terraform has completed. Then wait an addtional 5-10 mins for the VM to complete bootstrapping.

To destroy, you need to run:

terraform destroy

At this point, sometimes you need to run the destroy command several (~3) times for the environment to be completely removed. This appears to be a bug in the dependency handling within Terraform.