This plugin adds features for cyber exercises to your NetBox instance. It should be used exclusively for IT security trainings and cyber exercises where applications such as Netbox are out of scope. Do not use parts of this plugin (e.g., the credentials section) in a non-training environment!
# Dockerfile-Plugins
FROM netboxcommunity/netbox:latest
COPY ./plugin_requirements.txt /opt/netbox/
RUN /opt/netbox/venv/bin/pip install --no-warn-script-location -r /opt/netbox/plugin_requirements.txt
# These lines are only required if your plugin has its own static files.
COPY configuration/ /etc/netbox/config/
RUN SECRET_KEY="dummydummydummydummydummydummydummydummydummydummy" /opt/netbox/venv/bin/python /opt/netbox/netbox/ collectstatic --no-input
- override mountpoint for templates:
# docker-compose.override.yml
version: '3.4'
image: netbox:latest-plugins
- 8000:8080
context: .
dockerfile: Dockerfile-Plugins
- "./netbox_cybex/netbox_cybex/templates/dcim/device.html:/opt/netbox/netbox/templates/dcim/device.html"
- "./netbox_cybex/netbox_cybex/templates/virtualization/virtualmachine.html:/opt/netbox/netbox/templates/virtualization/virtualmachine.html"
- "./netbox_cybex/netbox_cybex/templates/netbox_cyber:/opt/netbox/netbox/templates/netbox_cyber/"
image: netbox:latest-plugins
context: .
dockerfile: Dockerfile-Plugins
image: netbox:latest-plugins
context: .
dockerfile: Dockerfile-Plugins
A default netbox deployment for NixOS can be found on github:secshellnet/nixos, you can add plugins like this:
{ lib
, ...
}: let
netbox_cybex = ps: ps.buildPythonPackage rec {
pname = "netbox_cybex";
version = "0.1";
format = "pyproject";
src = ps.fetchPypi {
inherit pname version;
hash = "sha256-YfC5aOHQQqjTCv2mac+p/1zX/8M+TemYyoim9YSXJPs=";
nativeBuildInputs = with ps; [
meta = with lib; {
description = "Features for cyber exercises in NetBox";
homepage = "";
license = licenses.mpl20;
platforms = platforms.linux;
in {
# Your NetBox configuration
# ...
services.netbox.plugins = (ps: [ (netbox_cybex ps) ]);
services.netbox.settings.PLUGINS = [ "netbox_cybex" ];
git clone --branch v3.7.2 --single-branch ~/netbox
python3 -m venv ~/netbox/venv
source ~/netbox/venv/bin/activate
pip3 install -r ~/netbox/requirements.txt
# create configuration from example
cat ~/netbox/netbox/netbox/ | \
sed -e "s/^DEBUG.*/DEBUG = True/" | \
sed -e "s/^SECRET_KEY.*/SECRET_KEY = '$(~/netbox/netbox/'/" | \
sed -e "s/^ALLOWED_HOSTS.*/ALLOWED_HOSTS = \[\'\'\]/" | \
sed -e "s/'USER': ''/'USER': 'postgres'/" > ~/netbox/netbox/netbox/
# start database and redis
docker compose up -d
~/netbox/netbox/ migrate
~/netbox/netbox/ createsuperuser \
--username admin \
--email [email protected]
~/netbox/netbox/ runserver
# netbox should now reachable on:
# build plugin
python3 develop
# add plugin to configuration
sed -i -e "s/^PLUGINS.*/PLUGINS = \['netbox_cybex'\]/" ~/netbox/netbox/netbox/
# enable developer mode to enable usage of makemigrations
echo "DEVELOPER=True" >> ~/netbox/netbox/netbox/
# Building the app
~/netbox/netbox/ makemigrations
~/netbox/netbox/ migrate
# Publish
python3 -m pip install --upgrade build twine
python3 -m build
python3 -m twine upload --repository pypi dist/*
- Think about other useful extensions
- Firewall
- generate rules for iptables/vyatta/firewalld (maybe even commands to add them to pfsense if somehow possible)
- need to be easily manageable using importable data, otherwise gui needs to be used, which sucks... (same with pfSense)
- Firewall
- Test API (Make sure it's working as expected)
- Create ansible module
to add creds to existing virtual machine - Package for nix