A heavily modified fork of GOAD (Game of Active Directory) by Orange Cyberdefense. DreadGOAD deploys vulnerable Active Directory lab environments for penetration testing and security research.
Warning: This lab is extremely vulnerable by design. Do not deploy it on the internet without proper network isolation, and do not reuse any of these configurations in production environments.
DreadGOAD extends the upstream GOAD project with:
- Go CLI (
dreadgoad) -- single binary for provisioning, health checks, trust verification, and vulnerability validation - AWS infrastructure automation -- Terragrunt/Terraform modules for deploying labs in AWS with SSM-based management (no open ports)
- Modular extension system -- plug-in extensions for ELK, Exchange, Wazuh, Guacamole, and more
- Variant generator -- create graph-isomorphic lab copies with randomized entity names while preserving all attack paths
- Ansible collection (
dreadnode.goad) -- 80+ roles packaged as a reusable collection - Multi-provider support -- VirtualBox, VMware, Proxmox, AWS, Azure, and Ludus
| Lab | VMs | Forests | Domains | Description |
|---|---|---|---|---|
| GOAD | 5 | 2 | 3 | Full lab -- the complete Game of Active Directory experience |
| GOAD-Light | 3 | 1 | 2 | Lighter variant for resource-constrained setups |
| GOAD-Mini | 1 | 1 | 1 | Minimal single-DC lab |
| MINILAB | 2 | 1 | 1 | One DC + one workstation |
| SCCM | 4 | 1 | 1 | MECM/SCCM attack scenarios |
| NHA | 5 | 2 | 3 | Ninja Hacker Academy -- challenge mode |
| DRACARYS | 4 | 1 | 2 | Training challenge variant |
All labs feature 50+ intentional vulnerabilities including Kerberoasting, AS-REP roasting, ACL abuse chains, ADCS misconfigurations (ESC1-8), MSSQL attacks, delegation abuse, and more. See docs/GOAD-vulnerabilities-comprehensive.md for the full catalog.
- Ansible >= 2.15
- Go 1.21+ (for building the CLI)
- A supported infrastructure provider (VirtualBox, VMware, Proxmox, AWS, Azure, or Ludus)
# Clone the repo
git clone https://github.com/dreadnode/DreadGOAD.git
cd DreadGOAD
# Install Ansible dependencies
ansible-galaxy collection install -r ansible/requirements.yml
# Build the CLI
cd cli && go build -o dreadgoad . && cd ..# Provision the full GOAD lab
./cli/dreadgoad provision
# Health check all instances
./cli/dreadgoad health-check
# Validate vulnerabilities are configured
./cli/dreadgoad validate --quickFor provider-specific setup instructions, see the provider documentation.
Create a randomized copy of any lab with unique names but identical attack paths:
./cli/dreadgoad variant generate --source ad/GOAD --target ad/my-variant --name my-variant- CLI configuration -- Viper-based config, environment variables, per-environment settings
- Domains and users -- full network topology, credentials, and attack paths
- Vulnerability catalog -- all 50+ vulnerabilities with exploitation techniques
- Validation guide -- automated vulnerability validation
- Provider guides -- VirtualBox, VMware, Proxmox, AWS, Azure, Ludus
- AWS AMI build & deploy workflow -- end-to-end warpgate + Terragrunt + Ansible
- Extension guides -- ELK, Exchange, Wazuh, hardened workstation
- Architecture diagram
- Upstream GOAD docs -- original project documentation
DreadGOAD/
├── ad/ # Lab definitions (GOAD, GOAD-Light, MINILAB, SCCM, NHA, ...)
├── ansible/ # Ansible collection with 80+ roles and custom modules
├── cli/ # Go CLI source (dreadgoad)
├── docs/ # Documentation and architecture diagrams
├── extensions/ # Pluggable lab extensions (ELK, Exchange, Wazuh, ...)
├── infra/ # Terragrunt configurations for AWS deployments
├── modules/ # Terraform modules (AWS networking, instance factory)
├── packer/ # VM templating (Vagrant, Proxmox)
├── tools/ # Variant generator and utilities
├── warpgate-templates/ # Golden AMI build templates (warpgate)
└── template/ # Provider templates
Contributions are welcome! Please see CONTRIBUTING.md for guidelines.
DreadGOAD is built on the excellent work of the GOAD project by Mayfly and Orange Cyberdefense. If you find this useful, consider sponsoring the original creator.
Additional references and credits can be found in the upstream documentation.
GPL-3.0-or-later -- see LICENSE.
This project deploys intentionally vulnerable configurations for security research and penetration testing training. Do not use in production environments. Use at your own risk.