Skip to content

feat: add GOAD variant generator for randomized AD lab environments#62

Merged
l50 merged 5 commits into
mainfrom
feat/cli-variant-diagnose
Apr 1, 2026
Merged

feat: add GOAD variant generator for randomized AD lab environments#62
l50 merged 5 commits into
mainfrom
feat/cli-variant-diagnose

Conversation

@l50
Copy link
Copy Markdown
Contributor

@l50 l50 commented Apr 1, 2026
edited
Loading

Key Changes:

  • Implemented a generator to create graph-isomorphic GOAD variants with randomized names
  • Added CLI commands for variant generation and diagnostics
  • Introduced comprehensive mapping, replacement, and validation logic for AD entities
  • Provided extensive test coverage for generator and name generation components

Added:

  • GOAD variant generator core - Implemented cli/internal/variant/generator.go to perform
    entity extraction, randomization, mapping, file transformation, and validation for all
    Active Directory objects (domains, users, hosts, groups, OUs, passwords, etc.)
  • Name generation system - Added cli/internal/variant/namegen.go for realistic, unique,
    pronounceable entity names (domains, users, hosts, groups, OUs, passwords, cities, etc.)
  • CLI integration - Introduced variant and variant generate commands in
    cli/cmd/variant.go to invoke the generator with flexible source/target parameters
  • Diagnostic command - Added diagnose command in cli/cmd/diagnose.go to run
    connectivity and service checks between domain controllers via Ansible
  • Unit and integration tests - Created comprehensive tests for the generator and name
    generator in cli/internal/variant/generator_test.go and namegen_test.go

Changed:

  • Project structure - Integrated new variant generation and diagnostic commands into the
    CLI application, ensuring seamless user experience and maintainability

l50 added 3 commits April 1, 2026 10:26
@l50
feat: add GOAD variant generator with entity randomization and tests
24efdf5 
**Added:**

- Introduced a `variant` subcommand to generate randomized GOAD lab variants with
  preserved structure and attack paths (`cli/cmd/variant.go`)
- Added a `diagnose` command to run domain controller diagnostics
  (`cli/cmd/diagnose.go`)
- Implemented a full variant generator with entity mapping, transformation, and
  mapping documentation (`cli/internal/variant/generator.go`)
- Added a name generator for unique, realistic usernames, hostnames, groups,
  OUs, and passwords (`cli/internal/variant/namegen.go`)
- Comprehensive unit and end-to-end tests for generator logic and name
  generation (`cli/internal/variant/generator_test.go`, `cli/internal/variant/namegen_test.go`)

**Changed:**

- No changes to existing files; all functionality introduced in new files

**Removed:**

- Nothing removed
@l50
docs: reorganize mermaid diagram into categorized role groups
cd12197 
Replaced flat list of 94 individual role nodes with 8 high-level
categories (Active Directory, Server Roles, LAPS, Vulnerabilities,
SCCM, Security, Settings, Playbooks) for improved readability.
@l50
Merge branch 'main' into feat/cli-variant-diagnose
533e0dc
@dreadnode-renovate-bot dreadnode-renovate-bot Bot added the area/readme Changes made to README.md file label Apr 1, 2026
l50 added 2 commits April 1, 2026 10:36
@l50
refactor: modularize generator logic and improve password generation
3642649 
**Added:**

- Introduced helper functions for collecting passwords from domains, hosts,
  MSSQL, and vulnerabilities to modularize password mapping logic
- Added helper methods to build ordered replacements, such as
  `appendHostReplacements`, `appendQualifiedUserReplacements`,
  `appendDNReplacements`, and `appendDomainReplacements`
- Created `mapUserNameComponents` to encapsulate user name mapping logic
- Added `findNameViolations` and `printViolations` functions for clearer
  validation reporting
- Defined a `charClasses` type with helpers for password character analysis in
  password generation logic

**Changed:**

- Refactored `mapPasswords` to delegate password collection to new helper
  functions, improving clarity and maintainability
- Refactored the construction of ordered replacements to use new modular
  methods, reducing code repetition and improving logical grouping
- Refactored validation logic to use new helper functions for violation finding
  and reporting, and extracted structure count validation to a dedicated method
- Improved password generation logic to more accurately match the character
  classes of the original password, ensuring complexity is preserved and code
  is clearer
- Extracted and reused test configuration setup in generator tests, reducing
  duplication and clarifying test intent

**Removed:**

- Eliminated repetitive code for iterating and mapping over various password
  sources and replacement categories
- Removed inline logic in favor of calling newly added modular helper functions
  throughout generator and test code
@l50
fix: correct logic for name component character validation
12b40f1 
**Changed:**

- Fixed character validation logic in the name component check to properly
  identify valid alphabetic characters and reject invalid ones in the
  `isNameComponent` method of the generator
@l50 l50 merged commit ae186d0 into main Apr 1, 2026
6 checks passed
@l50 l50 deleted the feat/cli-variant-diagnose branch April 1, 2026 17:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

area/readme Changes made to README.md file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@l50