Lab4PurpleSec
Lab4PurpleSec is a modular Purple Team homelab combining a vulnerable Active Directory environment (GOAD), a Docker-based web DMZ, pfSense + Suricata, and a Wazuh SIEM. It provides a realistic, open-source training environment for web exploitation, pivoting, Active Directory attacks, and Blue Team detection.
Install / Use
/learn @0xMR007/Lab4PurpleSecREADME
Lab4PurpleSec
Note: This project was previously named "Lab4OffSec" and has been renamed to "Lab4PurpleSec" to better reflect its Purple Team focus.
Note: This is a V1. Feedback and contributions are welcome.
📜 License Notice: The use of this project (including for CTFs, commercial projects, training, or any other purpose) is subject to the terms and conditions of the MIT License. See
LICENSEfor full details. By using this project, you agree to comply with the license terms, including maintaining copyright notices and license information.
Table of Contents
- Lab4PurpleSec
Overview
Lab4PurpleSec is an evolving cybersecurity homelab designed for Red Team and Blue Team training in a near-enterprise environment, integrating network/web pentesting, Active Directory, detection, SIEM, and IDS/IPS.
Project intended for students and cybersecurity enthusiasts!
Prerequisites
Hardware Requirements
Lab4PurpleSec is designed to be flexible and can be deployed according to your needs and available resources. You don't need to run all VMs simultaneously - scenarios are designed to be executed step-by-step.
Minimum Configuration (Limited Scenarios)
- RAM: 16 GB minimum
- CPU: 4-core processor (i5/i7 or equivalent)
- Storage: 150 GB free disk space
- Use Case: Run 2-3 VMs at a time for specific scenarios (e.g., web server + attack machine, or SIEM + one target)
Recommended Configuration (Full Lab Experience)
- RAM: 32 GB recommended
- CPU: 6+ core processor (i5/i7/i9 or equivalent)
- Storage: 200+ GB free disk space (SSD recommended)
- Use Case: Run multiple VMs simultaneously for complex scenarios (e.g., full AD environment + SIEM + web services)
Optimal Configuration (Maximum Performance)
- RAM: 64 GB
- CPU: 8+ core processor (i9/Ryzen 9 or equivalent)
- Storage: 500+ GB free disk space (NVMe SSD recommended)
- Use Case: Run entire lab simultaneously with all services active
Note: These prerequisites are for a reference configuration. You can customize them to fit your needs. Of course, the RAM is the most important resource to consider (for virtualisation, CPU/GPU power is not as important as RAM).
Important Notes:
- You can customize VM resources in the
Vagrantfileto match your hardware (reduce RAM/CPU per VM if needed) - Not all VMs need to run at once - start only the VMs needed for your current scenario
- Wazuh Manager (LAN-SIEM-LIN) requires 8GB RAM - this is the most resource-intensive VM
- GOAD VMs (Windows) require significant resources - consider running them separately if RAM is limited
- Disk space usage: With default settings, the lab uses approximately 130-150 GB
For detailed hardware and software requirements, see docs/SETUP/prereqs.md.
Software Requirements
- Hypervisor: VirtualBox or VMware Workstation/Player
- Vagrant: Version 2.2+ (for automated VMs)
- Ansible: Optional, for manual playbook execution
- ISO Images: See
docs/SETUP/prereqs.mdfor complete list
Project Goals
Lab4PurpleSec does not provide pre-built virtual machines (OVA/OVF). Installation is done entirely "from scratch" by following the detailed guides provided. This approach:
- Encourages learning: Understanding each installation and configuration step
- Ensures reproducibility: Each user builds their environment identically (yet still customizable)
- Strengthens understanding: Mastery of systems, networks, and configurations
- Facilitates customization: Easy adaptation according to specific needs
TL;DR
Lab4PurpleSec includes the following features:
- Segmented architecture (WAN, DMZ, LAN, AD)
- pfSense firewall, Suricata IDS/IPS, Wazuh SIEM
- Vulnerable machines (OWASP, Metasploitable, Windows DC)
- Detailed installation and configuration guides
Network Architecture
Lab4PurpleSec
Lab4PurpleSec is an environment dedicated to application and system vulnerability exploitation, hosting intentionally vulnerable machines (Metasploitable2/3), OWASP web applications in an isolated DMZ zone, as well as a vulnerable Active Directory environment (GOAD MINILAB).
GOAD-MINILAB
GOAD-MINILAB replicates a simplified Active Directory environment with a domain controller and a Windows client workstation (multiple if needed), allowing simulation of various types of Active Directory-oriented attacks.
Repository Structure
This section presents the organization of the Lab4PurpleSec repository and describes the role of each directory and main file. This structure enables clear navigation between installation guides, configurations, tests, and project resources.
Lab4PurpleSec/
├── README.md — General overview and quick start (EN)
├── README_FR.md — General overview and quick start (FR)
├── CONTRIBUTING.md — Contribution guidelines
├── LICENSE — License and usage information
├── .gitignore — Files/directories excluded from Git versioning
├── .github/
│ └── ISSUE_TEMPLATE/
│ ├── bug_report.md — Bug report template
│ ├── feature_request.md — Feature request template
│ └── documentation.md — Documentation improvement template
├── ARCHITECTURE.md — Architecture information, interfaces, network diagrams
├── assets/ — Visual resources (images, diagrams, etc.)
├── INVENTORY.md — Inventory list of all VMs and main characteristics
├── automation/ — Vagrant and Ansible automation for internal VMs
│ ├── README.md — Automation documentation and quick start
│ ├── ORCHESTRATION.md — VM orchestration and external integration guide
│ ├── Vagrantfile — Vagrant configuration for internal VMs
│ ├── ansible/ — Ansible playbooks and roles
│ └── scripts/ — Helper scripts for automation
├── docs/
│ ├── README.md
│ ├── SETUP/
│ │ ├── prereqs.md — Hardware and software requirements
│ │ ├── VMs_installation.md — Detailed VM installation and configuration guide
│ │ ├── pfsense_setup.md — pfSense installation and configuration documentation
│ │ ├── Web_server_setup.md — Web server deployment guide
│ │ ├── Wazuh_setup.md — Wazuh installation and agent enrollment guide
│ │ └── GOAD_setup.md — GOAD Active Directory deployment procedure
│ └── TESTS/
│ ├── Web_server.md — Web server validation checklist
│ ├── pfSense.md — pfSense and Suricata verification
│ ├── Wazuh.md — Wazuh testing/documentation
│ └── GOAD-MINILAB.md — GOAD MINILAB verification documentation
├── CONFIGS/
│ ├── web-server/ — Web server configuration files (Nginx, Docker, etc.)
│ └── pfsense/ — pfSense configuration files (rules, XML exports)
Quick Start
⚠️ Security Warning: This lab contains intentionally vulnerable services. Never connect these machines to a production network. Always change default passwords after installation. This environment is designed for isolated, educational use only.
Option 1: Automated Deployment (Recommended)
Lab4PurpleSec provides semi-automated deployment using Vagrant and Ansible for most internal VMs.
Quick Start:
On Windows:
cd automation # Navigate to the automation directory
$env:VAGRANT_ANSIBLE = "true" # Enable Ansible provisioning
vagrant up # Start the VMs
On Linux/macOS:
cd automation # Navigate to the automation directory
export VAGRANT_ANSIBLE=true # Enable Ansible provisioning
vagrant up # Start the VMs
What is automated:
