Laforge – Security Competition Infrastructure Automation Framework

Laforge – Security Competition Infrastructure Automation Framework

Laforge allows speedy growth of infrastructure for the aim of information safety competitions. Using a easy and intuitive configuration language, Laforge manages a dependency graph and state administration and permits for extremely productive distant collaboration. The Laforge engine makes use of a customized loader to do multi-dimensional, non-damaging configuration overlay. An excellent analogy to that is Docker – while you construct a Docker container, it builds it up layers at a time. It’s this energy that has impressed us to construct Laforge. It’s actually a distinct segment` undertaking, however we actually have discovered an unimaginable use for it.


  • Cross platform
  • Portable – installs as a stand alone native executable.
  • Use what you take pleasure in – Bring Your Own Scripting Language (Y)
  • Fast.
  • Build as soon as, clone to n variety of groups (safety competitions paradigm)
  • Collaborative – makes working in distributed teams very environment friendly


What is Laforge?
Laforge is a framework that permits you to design and implement safety competitions in a scalable, collaborative, and enjoyable method! You write configurations in Laforge Config Language and use the CLI device to examine, validate, construct, and hook up with distant infrastructure with. Historically, it is primarily supported Terraform because it’s “backend” (generates refined terraform configurations), however this will probably be altering quickly over the approaching weeks and months. Laforge presently powers all the infrastructure administration for the National Collegiate Penetration Testing Competition and has supported sport deployments of >1400 distinctive nodes.

Why was it created?
Three causes:

  • Security professionals aren’t probably the most properly versed with operations/infrastructure/devops instruments. They have a steeper than most studying curve, particularly when asking volunteers to attempt to determine it out of their off work time. To make it simpler for individuals, we needed to make a device that mainly did the arduous half for them.
  • As we dug in, we seen that the generally used automation frameworks out there had a lot of painpoints when it got here to constructing safety competitors infrastructure. There are issues that need to happen in safety competitions that are not supported in the true world:
    • large compatibility with plenty of working techniques and software program
    • Mass “clone” skill – snapshot a sport infra and clone it 10-20x – one for every staff.
    • Flexibility to deploy the identical stacks to a large set of potential infrastructure – VMWare, AWS, GCP, and so on.
  • Because competitions deserve it! We work with among the most passionate individuals on these initiatives and something that may make our shared expertise higher is a win win in our e-book.

Why not present DevOps instruments?
No want to enter a flame conflict over this device or that. We frankly like them. Our largest grievance throughout the board is that given how fragmented they’re, it is arduous to ever be actually good at any one in all them. We take pleasure in Terraform and it has been our main backend for the reason that starting.

How does it scale?
We have used the assorted iterations of LaForge to generate competitors environments with tons of of complete hosts for nearly 30 groups. In quick, it might scale as massive as your creativeness (and funds / assets) permits. Furthermore, we now have used this device throughout a staff of over 15 volunteer builders every engaged on their very own elements and have used that suggestions in the latest variations.

What about efficiency?
Depending on the complexity of your atmosphere, constructing LaForge output could take seconds or minutes. In the tip you’ll spend extra time spinning up techniques within the atmosphere of your selection with Terraform or Vagrant than you’ll producing the related configurations for both of them.

Is it manufacturing-prepared?
If by manufacturing, you imply growing reside competitors environments, LaForge has been used for over three years in a “production” capability. If you imply reside techniques at your organization or group, it should most likely work properly, however use at your individual threat.


$ go get

Quick Start

laforge configure
laforge init
laforge instance <mannequin>

Object Models

  • Network
  • Script
  • Environment
  • AMI
  • DNS Record
  • Identity
  • Command
  • Remote File
  • Host


  • Replace YAML
    • Language Definition
    • Configuration Semantics
    • Parser & Lexer
    • Dependency Chaining & Mgmt
    • Loader
    • Graph Relationships
    • Object Definitions
  • Replace CLI
    • construct subcommand
    • configure subcommand
    • deps subcommand
    • obtain subcommand
    • dump subcommand
    • env subcommand
    • instance subcommand
    • explorer subcommand
    • init subcommand
    • question subcommand
    • serve subcommand
    • shell subcommand
    • standing subcommand
    • add subcommand
  • Replace Rendering Engine
    • Builder interface designed
    • New BuildEngine accomplished
    • BuildIssue error kind
    • validations package deal
    • null builder implementation (spec as of now)
    • Template engine WIP
  • Backends
    • Terraform
    • Vagrant
    • Native (pure scripts & laforge)
    • AWS-SDK
    • Docker
  • Bugs
    • It’s actually an alpha preview, there positively are some.
  • Enhancements
  • Performance
    • Explore extra concurrency pipelines within the loader and builder
  • UI/UX Improvements
    • More documentation +++
    • More examples ++
    • Laforge Web UI
  • Moonshots
    • Laforge Server & Gateway
    • Cnditional Logic in Syntax
    • Remote Includes

Hall of Fame
mentors, contributors, and nice buddies of Laforge

  • @1njecti0n
  • @emperorcow
  • @vyrus001
  • @bstax
  • @cmbits
  • @tomk
  • @brianc
  • @rossja
  • @kos
  • @dcam
  • @davehughes
  • @mbm
  • @maus
  • @javuto


  • National CPTC and the CPTC Advisory Board who’s been so affected person with me as I labored by way of this.
  • Rochester Institute of Technology For giving us a spot to expiriment and advance each the expertise in addition to the workforce of our trade.


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.