Question 1

How does SecGen compare to Vulnhub for penetration testing practice?

Accepted Answer

SecGen generates randomized, unique VMs each time, unlike Vulnhub's static images, making it better for preventing memorization but requiring more setup and configuration effort. It's ideal for educators needing fresh challenges.

Question 2

How to install SecGen on Windows or macOS?

Accepted Answer

SecGen is primarily tested on Ubuntu; for other OSes, you must manually install all dependencies like Ruby and Vagrant, but the README notes it's 'in theory' possible with no guarantees, often leading to compatibility headaches.

Question 3

Can SecGen create VMs for cloud platforms like AWS?

Accepted Answer

No, SecGen primarily outputs Vagrant configurations for local VirtualBox VMs, with experimental support for oVirt, ESXi, and Proxmox, but not major public clouds, limiting deployment options.

Question 4

How are flags generated and managed in SecGen for CTFs?

Accepted Answer

SecGen uses generators and encoders in Ruby scripts to create randomized flags and hints, which are compiled into a CTFd-importable ZIP file, as detailed in the modules and output sections.

Question 5

What's the resource usage for running multiple SecGen VMs?

Accepted Answer

Each VM allocates memory and CPU as specified in scenarios, and batch processing can consume significant host resources, so adequate system specs are needed for large-scale lab deployments.

Question 6

How to add a custom vulnerability module to SecGen?

Accepted Answer

Create a new module directory under modules/vulnerabilities with secgen_metadata.xml and Puppet files, following the existing structure and guides like README-Modules-Metadata.md for integration.

SecGen

What is SecGen?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions