Range Builder Quick Start Guide
Build your first cyber range in 60 minutes using Crucible. This quick start walks through creating a basic penetration testing lab with automated scenario progression in five steps. These steps are:
- Step 1: Build the infrastructure in Caster by creating a project, directory, and Terraform files for a 3‑VM topology.
- Step 2: Create a Player view with applications and teams to present the lab experience.
- Step 3: Define a Steamfitter scenario with a sequence of manual and timed tasks.
- Step 4: Create an Alloy event definition that links the Player view, Caster directory, and Steamfitter scenario.
- Step 5: Launch and validate a test event end‑to‑end, then end it and confirm cleanup.
What You Will Build
Upon completion of this quick start, you will have:
- 3-VM network topology (attacker, target server, monitoring station).
- Automated scenario with timed injects and manual checkpoints.
- Team-based Player interface with documentation and VM access.
- Deployable exercise ready for participants.
Prerequisites
Before starting, confirm the following:
- Content Developer permissions in all required Crucible applications.
- Access to a basic Terraform module in Caster.
- Familiarity with the target virtualization environment.
Step 1: Create the Infrastructure (Caster) ~15 minutes
In Step 1, you create the infrastructure in Caster: a project, a directory, and three Terraform files that define a 3-VM topology.
Create a Project and Directory
- Navigate to Caster, Projects.
-
Click Add New Project and enter:
- Name:
PenTest-Lab-Basic - Description:
Basic penetration testing laboratory
- Name:
-
Save the project.
-
In the new project, click Add Directory and enter:
- Name:
pentest-topology - Description:
Core network topology
- Name:
Create the Base Configuration
In the pentest-topology directory, create three files:
main.tf: core infrastructurevariables.tf: configuration parametersdata.tf: environment references
Main.tf
# Basic 3-VM topology for penetration testing
resource "vsphere_virtual_machine" "attacker_vm" {
name = "${var.exercise_id}-attacker"
resource_pool_id = data.vsphere_resource_pool.pool.id
datastore_id = data.vsphere_datastore.datastore.id
num_cpus = 2
memory = 4096
guest_id = "ubuntu64Guest"
network_interface {
network_id = data.vsphere_network.network.id
}
disk {
label = "disk0"
size = 40
}
clone {
template_uuid = data.vsphere_virtual_machine.template_kali.id
}
}
resource "vsphere_virtual_machine" "target_server" {
name = "${var.exercise_id}-target"
resource_pool_id = data.vsphere_resource_pool.pool.id
datastore_id = data.vsphere_datastore.datastore.id
num_cpus = 1
memory = 2048
guest_id = "ubuntu64Guest"
network_interface {
network_id = data.vsphere_network.network.id
}
disk {
label = "disk0"
size = 20
}
clone {
template_uuid = data.vsphere_virtual_machine.template_vulnerable.id
}
}
resource "vsphere_virtual_machine" "monitor_vm" {
name = "${var.exercise_id}-monitor"
resource_pool_id = data.vsphere_resource_pool.pool.id
datastore_id = data.vsphere_datastore.datastore.id
num_cpus = 2
memory = 4096
guest_id = "ubuntu64Guest"
network_interface {
network_id = data.vsphere_network.network.id
}
disk {
label = "disk0"
size = 30
}
clone {
template_uuid = data.vsphere_virtual_machine.template_monitor.id
}
}
Variables.tf
variable "exercise_id" {
description = "Unique identifier for the exercise"
type = string
}
variable "team_name" {
description = "Team name for resource naming"
type = string
}
variable "vsphere_host_name" {
description = "Target vSphere host"
type = string
}
variable "vsphere_datastore" {
description = "Target datastore"
type = string
}
Data.tf
data "vsphere_datacenter" "dc" {
name = "Crucible-DC"
}
data "vsphere_resource_pool" "pool" {
name = "Crucible-Pool"
datacenter_id = data.vsphere_datacenter.dc.id
}
data "vsphere_datastore" "datastore" {
name = var.vsphere_datastore
datacenter_id = data.vsphere_datacenter.dc.id
}
data "vsphere_network" "network" {
name = "VM Network"
datacenter_id = data.vsphere_datacenter.dc.id
}
data "vsphere_virtual_machine" "template_kali" {
name = "kali-linux-template"
datacenter_id = data.vsphere_datacenter.dc.id
}
data "vsphere_virtual_machine" "template_vulnerable" {
name = "vulnerable-server-template"
datacenter_id = data.vsphere_datacenter.dc.id
}
data "vsphere_virtual_machine" "template_monitor" {
name = "monitoring-template"
datacenter_id = data.vsphere_datacenter.dc.id
}
Step 2: Create Player View ~10 minutes
In Step 2, you create a Player view with applications and teams to present the lab experience to participants.
Create a New View
- Navigate to Player, Administration, Views.
- Click Add New View.
-
Enter:
- Name:
PenTest Lab - Basic - Description:
Basic penetration testing laboratory - Status: Active
- Name:
Add Applications
Add two applications to the view: one for VM access and one for the lab guide.
VM List Application
- Open the Applications tab.
- Click Add New Application.
- Select Template, VM List.
-
Enter:
- Name:
Virtual Machines - Icon:
fas fa-desktop
- Name:
Documentation Application
- Click Add New Application.
- Select Blank Application.
-
Enter:
- Name:
Lab Guide - URL:
https://your-lab-guide-url.com - Icon:
fas fa-book
- Name:
Create a Team
- Open the Teams tab.
- Click Add New Team.
-
Enter:
- Team Name:
Red Team - Role:
Participant
- Team Name:
-
Assign both applications,
Virtual MachinesandLab Guide. - Add users to the team using the search function.
Step 3: Create Scenario (Steamfitter) ~20 minutes
In Step 3, you define a Steamfitter scenario template with a sequence of manual and timed tasks.
Create a Scenario Template
- Navigate to Steamfitter, Scenario Templates.
- Click Add New Scenario Template.
-
Enter:
- Name:
PenTest-Basic-Scenario - Description:
Basic penetration testing scenario with automated progression - Duration:
3600(1 hour)
- Name:
Add Scenario Tasks
Create the following tasks in order to build scenario progression.
Task 1: Initial Setup (Manual)
- Name:
Environment Setup Complete - Description:
Confirm all systems are online and accessible - Action:
Manual Task - Trigger Condition:
Manual - VM Mask:
attacker - Expected Output:
ready
Task 2: Discovery Phase (Timed)
- Name:
Start Network Discovery - Description:
Begin network reconnaissance phase - Action:
guest.run_command - Trigger Condition:
Success(depends on previous task) - Delay:
300(5 minutes after setup) - VM Mask:
attacker - Command:
nmap -sn 192.168.1.0/24 - Expected Output:
192.168.1
Task 3: Vulnerability Scanning (Timed)
- Name:
Vulnerability Scan - Description:
Scan target for vulnerabilities - Action:
guest.run_command - Trigger Condition:
Success(depends on previous task) - Delay:
600(10 minutes after discovery) - VM Mask:
attacker - Command:
nmap -sV -O target-ip - Expected Output:
open
Task 4: Exploitation Checkpoint (Manual)
- Name:
Exploitation Attempt - Description:
Manual exploitation phase - report findings - Action:
Manual Task - Trigger Condition:
Success(depends on previous task) - VM Mask:
attacker - Expected Output:
exploited
Task 5: Monitoring Alert (Timed)
- Name:
Security Alert Generated - Description:
Generate security alert on monitoring system - Action:
guest.run_command - Trigger Condition:
Time - Delay:
1800(30 minutes from scenario start) - VM Mask:
monitor - Command:
logger "ALERT: Suspicious network activity detected" - Expected Output:
ALERT
Step 4: Create Alloy Definition ~5 minutes
In Step 4, you create an Alloy event definition that links the Player view, Caster directory, and Steamfitter scenario together.
Create an Event Definition
- Navigate to Alloy, Administration, Event Templates.
- Click Add New Definition.
-
Enter:
- Name:
PenTest Lab - Basic Event - Description:
Complete basic penetration testing exercise - Duration:
3600
- Name:
Link Range Components
Connect the range components to the event definition:
- Player Exercise ID: Copy the View ID from Player (available in the view details or URL).
- Caster Directory ID: Copy the Directory ID from
pentest-topologyin Caster. - Steamfitter Scenario ID: Copy the Scenario ID from
PenTest-Basic-Scenarioin Steamfitter. - Click Save Definition.
Step 5: Test Deployment ~10 minutes
In Step 5, you launch a test event end-to-end, validate each component, then end the event and confirm cleanup.
Launch a Test Event
- In Alloy, locate your event definition.
- Click Launch.
-
Monitor deployment progress:
- Caster workspace creation
- Terraform plan and apply
- Steamfitter scenario start
- Player exercise clone
Validate Components
After launching, confirm that each component deployed successfully.
Infrastructure
- Navigate to the Caster workspace.
- Verify all virtual machines deploy successfully.
- Confirm resource states report healthy.
Player Access
- Open Player as a test user.
- Confirm the VM list displays all machines.
- Verify VM console access.
Scenario Execution
- Navigate to the Steamfitter scenario.
- Confirm manual tasks appear for participants.
- Verify timed tasks display countdowns.
End the Test Event
- Return to Alloy.
- Click End Event.
-
Verify cleanup:
- Caster destroys all virtual machines.
- Steamfitter ends the scenario.
- Player removes the exercise.
Lab Complete
This quick start results in a basic penetration testing lab that includes:
- Automated infrastructure deployment.
- Scenario progression with timed events.
- Team-based user interface.
- Full exercise lifecycle management.
Next Steps
Now that you have a working lab, here are some ways to build on it.
Enhance Infrastructure
- Add more complex networking topologies.
- Include additional security tools.
- Implement a realistic enterprise environment.
Expand the Scenario
- Add conditional branching based on participant actions.
- Create multiple difficulty paths.
- Include assessment and scoring.
Improve User Experience
- Add custom maps and navigation.
- Create comprehensive documentation.
- Set up chat and collaboration tools.
Scale for Multiple Teams
- Create team-specific variations.
- Implement competitive elements.
- Add real-time monitoring and analytics.