update docs

hckops · Oct 21, 2023 · e9b2024 · e9b2024
1 parent 74e1607
commit e9b2024
Showing 1 changed file with 30 additions and 22 deletions.
diff --git a/README.md b/README.md
@@ -70,13 +70,14 @@ hckctl box start vulnerable/owasp-juice-shop
 > TODO video
 
 Access your target from a managed [`lab`](https://github.com/hckops/megalopolis/tree/main/lab) to
-* tunnel multiple vpn connections through a high-available ssh proxy
-* expose public endpoints
-* pre-mount saved `dumps` (git, s3)
+* tunnel multiple vpn connections through a highly available ssh proxy
+* expose public endpoints with custom domains
+* mount and keep in sync `dumps` e.g. git, s3
 * load secrets from a vault
 * save/restore workdir snapshots
-* deploy private templates
+* deploy private templates and infrastructures e.g. [Kompose](https://kompose.io), [Helm](https://helm.sh)
 ```bash
+# starts demo lab (cloud only)
 hckctl lab ctf-linux
 ```
 
@@ -93,16 +94,17 @@ hckctl task rustscan
 hckctl task rustscan --input address=127.0.0.1
 hckctl task scanner/rustscan --command default --input address=127.0.0.1
 
-# run the "full" preset command against the retired "Lame" machine (with docker)
+# runs the "full" preset command against the retired "Lame" machine (with docker)
 # see https://app.hackthebox.com/machines/Lame
 hckctl task nmap --network-vpn htb --command full --input address=10.10.10.3 
 # equivalent of (with kube)
 hckctl task nmap --network-vpn htb --provider kube --inline -- nmap 10.10.10.3 -sC -sV
 
-# download common wordlists
+# downloads common wordlists
 git clone --depth 1 https://github.com/danielmiessler/SecLists.git \
   ${HOME}/.local/state/hck/share/wordlists/SecLists
-# fuzzing with gobuster loading a local template against the retired "Knife" machine (with kube)
+# fuzzing loading a local template against the retired "Knife" machine (with kube)
+# see https://app.hackthebox.com/machines/Knife
 hckctl task \
   --local ../megalopolis/task/fuzzer/gobuster.yml \
   --network-vpn htb \
@@ -179,17 +181,21 @@ curl -fsSL https://get.docker.com -o get-docker.sh
 ./sudo sh get-docker.sh
 ```
 
-Recommended tool to watch the container [lazydocker](https://github.com/jesseduffield/lazydocker)
+[lazydocker](https://github.com/jesseduffield/lazydocker) is the recommended tool to watch and monitor containers
 
 ### Kubernetes
 
-If you are looking for a simple and cheap way to get started with a remote cluster use [kube-template](https://github.com/hckops/kube-template) on [DigitalOcean](https://www.digitalocean.com/products/kubernetes)
+#### Remote
+
+If you are looking for a simple and cheap way to get started with a *remote* cluster use [kube-template](https://github.com/hckops/kube-template) on [DigitalOcean](https://www.digitalocean.com/products/kubernetes)
 ```bash
 provider:
   kube:
     configPath: "/PATH/TO/kube-template/clusters/do-template-kubeconfig.yaml"
 ```
 
+#### Local
+
 Use [minikube](https://minikube.sigs.k8s.io), [kind](https://kind.sigs.k8s.io) or [k3s](https://k3s.io) to setup a local cluster
 ```bash
 provider:
@@ -199,19 +205,7 @@ provider:
     namespace: hckops
 ```
 
-Make sure you disable IPv6 in your *local* cluster to use the `--network-vpn` flag and set `--embed-certs` if you need to access the cluster using the dev tools
-```bash
-# starts local cluster
-minikube start --embed-certs \
-  --extra-config="kubelet.allowed-unsafe-sysctls=net.ipv6.conf.all.disable_ipv6"
-
-# runs with temporary privileges to connect to a vpn
-env HCK_CONFIG_NETWORK.PRIVILEGED=true hckctl box alpine --provider kube --network-vpn htb
-
-network:
-  # default is false, required only for local clusters
-  privileged: true
-```
+#### Troubleshooting
 
 Useful dev tools, see [`hckops/kube-base`](https://github.com/hckops/actions/blob/main/docker/Dockerfile.base)
 ```bash
@@ -223,6 +217,20 @@ docker run --rm --name hck-tmp-local --network host -it \
 kubectl klock -n hckops pods
 ```
 
+Depending on your local settings, you might need to override IPv6 config in your *local* cluster to use the `--network-vpn` flag. Set also `--embed-certs` if you need to access the cluster using the dev tools
+```bash
+# starts local cluster
+minikube start --embed-certs \
+  --extra-config="kubelet.allowed-unsafe-sysctls=net.ipv6.conf.all.disable_ipv6"
+
+# runs with temporary privileges to connect to a vpn
+env HCK_CONFIG_NETWORK.PRIVILEGED=true hckctl box alpine --provider kube --network-vpn htb
+# equivalent of
+network:
+  # default is false, override for local clusters
+  privileged: true
+```
+
 ### Cloud
 
 Access to the platform is limited and in ***private preview***. If you are interested, please leave a comment or a :thumbsup: to this [issue](https://github.com/hckops/hckctl/issues/104) and we'll reach out with more details