Introduction to the Realm Project
Realm is an innovative Adversary Emulation Framework designed with a focus on scalability, reliability, and automation. This cutting-edge tool is perfect for cybersecurity professionals involved in red teaming activities, as it can handle engagements of varying sizes, even managing thousands of beacons efficiently.
Key Features of Realm
Eldritch: A Pythonic DSL for Offensive Security
Realm introduces Eldritch, a Pythonic Domain Specific Language (DSL) that enhances offensive security operations. By using Eldritch, users can write clear, reusable scripts that streamline tasks. Eldritch is based on Google Starlark and is compiled into Rust, providing efficient low-level system interactions.
Simplified Multi-Host Management
For complex engagements requiring task management across numerous machines, Realm offers effortless multi-host management. This feature allows users to control agents on multiple hosts simultaneously, simplifying the juggling of tasks.
Seamless Google Cloud Platform (GCP) Integration
Realm includes native integration with GCP, allowing users to leverage the power and scalability of Google Cloud in their security operations. This integration enhances attack capabilities without the need to reinvent methods or processes.
Stateless Server Architecture
Though Realm supports GCP, it is flexible with its deployment. Users can deploy Realm's stateless Docker container in any environment that suits their needs, providing versatility and adaptability.
Emphasis on Reliability
Realm emphasizes quality and reliability. It undergoes extensive testing and rigorous code reviews to ensure stable performance. With intuitive design and clear documentation, the learning curve for new users remains minimal. Once a stable 1.0.0
release is available, Realm will adopt Semantic Versioning to maintain deployment stability.
Getting Started
Deploying Realm is straightforward:
-
Clone the project repository:
git clone https://github.com/spellshift/realm.git && cd realm
-
Start the server (Tavern):
go run ./tavern
-
In a new terminal, start the agent (Imix):
cd realm/implants/imix && cargo run
For detailed instructions on setting up a production-ready instance, refer to the setup guide.
Project Components
Agent (Imix)
- Developed in Rust and compatible with MacOS, Linux, and Windows.
- Supports long-running tasks with real-time task output monitoring.
- Offers interval callback times and simple file-based configuration.
- Comes with embedded files and an integrated interpreter.
Server (Tavern)
- Provides a web interface and supports group actions.
- Features a GraphQL backend for easy API access and OAuth login support.
- Facilitates cloud-native deployment with pre-made Terraform scripts for production environments.
Built-in Interpreter (Eldritch)
Realm includes an interpreter with features like reflective DLL loading, port scanning, remote execution over SSH, and more, further enhancing its functionality.
Contribution and Support
Realm thrives on community input. Contributions are welcome, and users can refer to the developer documentation for guidance.
For support, users can create an issue on GitHub. Whether dealing with bugs or suggesting new features, detailed information helps the team respond effectively.
Providing Feedback
User feedback is invaluable for improving Realm. Suggestions, comments, and features requests can be submitted on GitHub, aiding in the continuous development of this powerful framework.