Orange-Cyberdefense · MarkusOstermayer · Jan 7, 2026 · Jan 7, 2026 · Jan 16, 2026
diff --git a/ad/GOAD-Light/providers/libvirt/Vagrantfile b/ad/GOAD-Light/providers/libvirt/Vagrantfile
@@ -0,0 +1,8 @@
+boxes = [
+  # windows server 2019
+  { :name => "GOAD-Light-DC01",  :ip => "{{ip_range}}.10", :box => "jborean93/WindowsServer2019", :box_version => "1.2.0", :os => "windows", :cpus => 2, :mem => 3000},
+  # windows server 2019
+  { :name => "GOAD-Light-DC02",  :ip => "{{ip_range}}.11", :box => "jborean93/WindowsServer2019", :box_version => "1.2.0", :os => "windows", :cpus => 2, :mem => 3000},
+  # windows server 2019
+  { :name => "GOAD-Light-SRV02", :ip => "{{ip_range}}.22", :box => "jborean93/WindowsServer2019", :box_version => "1.2.0", :os => "windows", :cpus => 2, :mem => 6000},
+]
diff --git a/ad/GOAD-Light/providers/libvirt/inventory b/ad/GOAD-Light/providers/libvirt/inventory
@@ -0,0 +1,12 @@
+[default]
+; Note: ansible_host *MUST* be an IPv4 address or setting things like DNS
+; servers will break.
+; ------------------------------------------------
+; sevenkingdoms.local
+; ------------------------------------------------
+dc01 ansible_host={{ip_range}}.10 dns_domain=dc01 dict_key=dc01
+; ------------------------------------------------
+; north.sevenkingdoms.local
+; ------------------------------------------------
+dc02 ansible_host={{ip_range}}.11 dns_domain=dc01 dict_key=dc02
+srv02 ansible_host={{ip_range}}.22 dns_domain=dc02 dict_key=srv02
diff --git a/ad/GOAD-Mini/providers/libvirt/Vagrantfile b/ad/GOAD-Mini/providers/libvirt/Vagrantfile
@@ -0,0 +1,4 @@
+boxes = [
+  # windows server 2019
+  { :name => "GOAD-Mini-DC01",  :ip => "{{ip_range}}.10", :box => "jborean93/WindowsServer2019", :box_version => "1.2.0", :os => "windows", :cpus => 2, :mem => 3000}
+]
diff --git a/ad/GOAD-Mini/providers/libvirt/inventory b/ad/GOAD-Mini/providers/libvirt/inventory
@@ -0,0 +1,7 @@
+[default]
+; Note: ansible_host *MUST* be an IPv4 address or setting things like DNS
+; servers will break.
+; ------------------------------------------------
+; sevenkingdoms.local
+; ------------------------------------------------
+dc01 ansible_host={{ip_range}}.10 dns_domain=dc01 dict_key=dc01
diff --git a/ad/GOAD/providers/libvirt/Vagrantfile b/ad/GOAD/providers/libvirt/Vagrantfile
@@ -0,0 +1,12 @@
+boxes = [
+  # windows server 2019
+  { :name => "GOAD-DC01",  :ip => "{{ip_range}}.10", :box => "jborean93/WindowsServer2019", :box_version => "1.2.0", :os => "windows", :cpus => 2, :mem => 3000},
+  # windows server 2019
+  { :name => "GOAD-DC02",  :ip => "{{ip_range}}.11", :box => "jborean93/WindowsServer2019", :box_version => "1.2.0", :os => "windows", :cpus => 2, :mem => 3000},
+  # windows server 2016
+  { :name => "GOAD-DC03",  :ip => "{{ip_range}}.12", :box => "jborean93/WindowsServer2016", :box_version => "1.2.0", :os => "windows", :cpus => 2, :mem => 3000},
+  # windows server 2019
+  { :name => "GOAD-SRV02", :ip => "{{ip_range}}.22", :box => "jborean93/WindowsServer2019", :box_version => "1.2.0", :os => "windows", :cpus => 2, :mem => 6000},
+  # windows server 2016
+  { :name => "GOAD-SRV03", :ip => "{{ip_range}}.23", :box => "jborean93/WindowsServer2016", :box_version => "1.2.0", :os => "windows", :cpus => 2, :mem => 5000}
+]
diff --git a/ad/GOAD/providers/libvirt/inventory b/ad/GOAD/providers/libvirt/inventory
@@ -0,0 +1,17 @@
+[default]
+; Note: ansible_host *MUST* be an IPv4 address or setting things like DNS
+; servers will break.
+; ------------------------------------------------
+; sevenkingdoms.local
+; ------------------------------------------------
+dc01 ansible_host={{ip_range}}.10 dns_domain=dc01 dict_key=dc01
+; ------------------------------------------------
+; north.sevenkingdoms.local
+; ------------------------------------------------
+dc02 ansible_host={{ip_range}}.11 dns_domain=dc01 dict_key=dc02
+srv02 ansible_host={{ip_range}}.22 dns_domain=dc02 dict_key=srv02
+; ------------------------------------------------
+; essos.local
+; ------------------------------------------------
+dc03 ansible_host={{ip_range}}.12 dns_domain=dc03 dict_key=dc03
+srv03 ansible_host={{ip_range}}.23 dns_domain=dc03 dict_key=srv03
diff --git a/docs/mkdocs/docs/developers/add_extension.md b/docs/mkdocs/docs/developers/add_extension.md
@@ -112,6 +112,37 @@ extensions/
         )
         ```
 
+=== ":simple-libvirt: Libvirt"
+    - As an example to add a new box for libvirt:
+        - Create the folder `extensions/<extension_name>/providers/libvirt/`
+        - Add a file named Vagrantfile
+        - Add the following code for a linux machine  (and change box, ip, name, cpu, ram):
+        ```
+        boxes.append(
+            { :name => "{{lab_name}}-EXTNAME",
+            :ip => "{{ip_range}}.66",
+            :box => "bento/ubuntu-22.04", 
+            :os => "linux",
+            :cpus => 2,
+            :mem => 4000,
+            :forwarded_port => [ {:guest => 22, :host => 2210, :id => "ssh"} ]
+            }
+        )
+        ```
+        - Add the following code for a windows machine (and change box, ip, name, cpu, ram):
+        ```
+        # add windows box (windows server 2016 in this case)
+        boxes.append(
+            { :name => "{{lab_name}}-EXTNAME",
+                :ip => "{{ip_range}}.66",
+                :box => "jborean93/WindowsServer2016",
+                :os => "windows",
+                :cpus => 2,
+                :mem => 3000
+            }
+        )
+        ```
+
 === ":material-microsoft-azure: Azure"
     - As an example to add a new box for azure :
         - Create the folder `extensions/<extension_name>/providers/azure/`

diff --git a/docs/mkdocs/docs/img/icon_libvirt.png b/docs/mkdocs/docs/img/icon_libvirt.png
diff --git a/docs/mkdocs/docs/installation/linux.md b/docs/mkdocs/docs/installation/linux.md
@@ -5,6 +5,30 @@
 
 ## Prepare your Provider
 
+=== ":simple-libvirt: Libvirt"
+
+    - Vagrant
+        - In order to download vm and create them on libvirt you need to install vagrant
+        - [https://developer.hashicorp.com/vagrant/install#linux](https://developer.hashicorp.com/vagrant/install#linux)
+
+    - libvirt
+        - Install libvirt
+        ```bash
+        sudo apt-get install qemu-system-x86 libvirt-daemon-system ebtables libguestfs-tools ruby-fog-libvirt
+        ```
+
+    - Install vagrant plugins
+    ```bash
+    vagrant plugin install vagrant-reload vagrant-libvirt winrm winrm-fs winrm-elevated
+    ```
+
+    !!! warning "Disk space"
+        The lab takes about 77GB (but you have to get the space for the vms vagrant images windows server 2016 (22GB) / windows server 2019 (14GB) / ubuntu 18.04 (502M))
+        The total space needed for the lab is ~115 GB (depend on the lab you use and it will take more space if you take snapshots), be sure you have enough disk space before install.
+
+    !!! warning "RAM"
+        Depending on the lab you will need a lot of ram to run all the virtual machines. Be sure to have at least 20GB for GOAD-Light and 24GB for GOAD.
+
 === ":simple-virtualbox: Virtualbox"
 
     - Vagrant

diff --git a/docs/mkdocs/docs/providers/index.md b/docs/mkdocs/docs/providers/index.md
@@ -4,6 +4,7 @@
 
 - Goad actually support the following providers:
     - On your own computer :
+        - :simple-libvirt: [Libvirt](libvirt.md)
         - :simple-virtualbox: [Virtualbox](virtualbox.md)
         - :simple-vmware: [VmWare](vmware.md)
 

diff --git a/docs/mkdocs/docs/providers/libvirt.md b/docs/mkdocs/docs/providers/libvirt.md
@@ -0,0 +1,68 @@
+# :simple-libvirt: Libvirt
+
+<div align="center">
+  <img alt="vagrant" width="153" height="150" src="../img/icon_vagrant.png">
+  <img alt="icon_libvirt" width="150"  height="150" src="../img/icon_libvirt.png">
+  <img alt="icon_ansible" width="150"  height="150" src="../img/icon_ansible.png">
+</div>
+
+## Prerequisites
+
+- Providing
+    - [Libvirt](https://libvirt.org/)
+    - [Vagrant](https://developer.hashicorp.com/vagrant/docs)
+    - Vagrant plugins:
+        - vagrant-reload
+        - vagrant-libvirt
+        - winrm
+        - winrm-fs
+        - winrm-elevated
+
+- Provisioning
+    - Python3 >=3.8
+    - goad requirements
+    - ansible-galaxy goad requirements
+
+
+## Check dependencies
+
+```bash
+./goad.sh -p libvirt
+GOAD/libvirt/local/192.168.56.X > check
+```
+
+```bash
+GOAD/libvirt/local/192.168.56.X > check
+[+] vagrant found in PATH 
+[-] not enough disk space, only 69.75680923461914 Gb available 
+[+] ansible-playbook found in PATH 
+[+] Ansible galaxy collection ansible.windows is installed 
+[+] Ansible galaxy collection community.general is installed 
+[+] Ansible galaxy collection community.windows is installed 
+[+] vagrant plugin vagrant-reload is installed 
+[+] libvirtd is running 
+[+] vagrant plugin vagrant-libvirt is installed 
+```
+
+!!! info
+    If there is some missing dependencies goes to the [installation](../installation/index.md) chapter and follow the guide according to your os.
+
+!!! note
+    check give mandatory dependencies in red and non mandatory in yellow (but you should be compliant with them too depending one your operating system)
+
+## Install
+
+- To install run the goad script and launch install or use the goad script arguments
+
+```bash
+./goad.sh -p libvirt
+GOAD/libvirt/local/192.168.56.X > set_lab <lab>  # here choose the lab you want (GOAD/GOAD-Light/NHA/SCCM)
+GOAD/libvirt/local/192.168.56.X > set_ip_range <ip_range>  # here choose the  ip range you want to use ex: 192.168.56
+GOAD/libvirt/local/192.168.56.X > install
+```
+
+- or all in command line with arguments
+
+```bash
+./goad.sh -t install -p libvirt -l <lab> -ip <ip_range_to_use>
+```
diff --git a/docs/mkdocs/mkdocs.yml b/docs/mkdocs/mkdocs.yml
@@ -11,6 +11,7 @@ nav:
   - 🏗 Providers:
     - index: providers/index.md
     - Virtualbox: providers/virtualbox.md
+    - Libvirt: providers/libvirt.md
     - Vmware Workstation: providers/vmware.md
     - Vmware Esxi: providers/vmware_esxi.md
     - Aws: providers/aws.md

diff --git a/goad/command/linux.py b/goad/command/linux.py
@@ -32,6 +32,18 @@ def check_gem(self, gem_name):
     def check_vmware(self):
         return self.is_in_path('vmrun')
 
+    def check_libvirt(self):
+        try:
+            result = subprocess.run(
+                ['systemctl', 'is-active', '--quiet', 'libvirtd'],
+                check=True
+            )
+            Log.success(f'libvirtd is running')
+            return True
+        except subprocess.CalledProcessError:
+            Log.error("libvirtd is not installed or not running")
+            return False
+
     def check_vmware_utility(self):
         try:
             result = subprocess.run(

diff --git a/goad/dependencies.py b/goad/dependencies.py
@@ -3,6 +3,7 @@
 
 class Dependencies:
     # Can change enabled providers (useful if you don't want some dependencies)
+    libvirt_enabled = True
     vmware_enabled = True
     vmware_esxi_enabled = True
     virtualbox_enabled = True

diff --git a/goad/instance.py b/goad/instance.py
@@ -81,7 +81,7 @@ def is_terraform(self):
         return self.provider_name == AWS or self.provider_name == AZURE or self.provider_name == PROXMOX
 
     def is_vagrant(self):
-        return self.provider_name == VMWARE or self.provider_name == VMWARE_ESXI or self.provider_name == VIRTUALBOX
+        return self.provider_name == VMWARE or self.provider_name == VMWARE_ESXI or self.provider_name == VIRTUALBOX or self.provider_name == LIBVIRT
 
     def is_ludus(self):
         return self.provider_name == LUDUS

diff --git a/goad/provider/provider_factory.py b/goad/provider/provider_factory.py
@@ -1,6 +1,8 @@
 from goad.utils import *
 from goad.dependencies import Dependencies
 
+if Dependencies.libvirt_enabled:
+    from goad.provider.vagrant.libvirt import LibvirtProvider
 if Dependencies.vmware_enabled:
     from goad.provider.vagrant.vmware import VmwareProvider
 if Dependencies.vmware_esxi_enabled:
@@ -24,6 +26,8 @@ def get_provider(provider_name, lab_name, config):
         provider = None
         if provider_name == VIRTUALBOX and Dependencies.virtualbox_enabled:
             provider = VirtualboxProvider(lab_name)
+        elif provider_name == LIBVIRT and Dependencies.libvirt_enabled:
+            provider = LibvirtProvider(lab_name)
         elif provider_name == VMWARE and Dependencies.vmware_enabled:
             provider = VmwareProvider(lab_name)
         elif provider_name == VMWARE_ESXI and Dependencies.vmware_esxi_enabled:

diff --git a/goad/provider/vagrant/libvirt.py b/goad/provider/vagrant/libvirt.py
@@ -0,0 +1,16 @@
+from goad.provider.vagrant.vagrant import VagrantProvider
+from goad.utils import *
+
+
+class LibvirtProvider(VagrantProvider):
+    provider_name = LIBVIRT
+    default_provisioner = PROVISIONING_LOCAL
+    allowed_provisioners = [PROVISIONING_LOCAL, PROVISIONING_RUNNER, PROVISIONING_DOCKER, PROVISIONING_VM]
+
+    def check(self):
+        checks = [
+            super().check(),
+            self.command.check_libvirt(),
+            self.command.check_vagrant_plugin('vagrant-libvirt', False)
+        ]
+        return all(checks)
diff --git a/goad/utils.py b/goad/utils.py
@@ -17,14 +17,15 @@
 DEBUG = 1
 
 # providers
+LIBVIRT = 'libvirt'
 AWS = 'aws'
 VIRTUALBOX = 'virtualbox'
 AZURE = 'azure'
 VMWARE = 'vmware'
 VMWARE_ESXI = 'vmware_esxi'
 PROXMOX = 'proxmox'
 LUDUS = 'ludus'
-ALLOWED_PROVIDERS = [AWS, VIRTUALBOX, AZURE, VMWARE, VMWARE_ESXI, PROXMOX, LUDUS]
+ALLOWED_PROVIDERS = [LIBVIRT, AWS, VIRTUALBOX, AZURE, VMWARE, VMWARE_ESXI, PROXMOX, LUDUS]
 
 # provisioning method
 PROVISIONING_LOCAL = 'local'

diff --git a/template/provider/libvirt/Vagrantfile b/template/provider/libvirt/Vagrantfile
@@ -0,0 +1,69 @@
+Vagrant.configure("2") do |config|
+
+# Uncomment this depending on the provider you want to use
+ENV['VAGRANT_DEFAULT_PROVIDER'] = 'libvirt'
+
+{{lab}}
+
+{{extensions}}
+
+{% if use_provisioning_vm %}
+boxes.append(
+    { :name => "PROVISIONING",
+      :ip => "{{ip_range}}.3",
+      :box => "bento/ubuntu-22.04",
+      :os => "linux",
+      :cpus => 2,
+      :mem => 2000,
+      :forwarded_port => [ {:guest => 22, :host => 2210, :id => "ssh"} ]
+    }
+)
+{% endif %}
+
+  # disable rdp forwarded port inherited from StefanScherer box
+  config.vm.network :forwarded_port, guest: 3389, host: 3389, id: "rdp", auto_correct: true, disabled: true
+
+  config.vm.boot_timeout = 600
+  config.vm.graceful_halt_timeout = 600
+  config.winrm.retry_limit = 30
+  config.winrm.retry_delay = 10
+
+  boxes.each do |box|
+    config.vm.define box[:name] do |target|
+      # BOX
+      target.vm.provider "libvirt" do |v|
+        v.title = box[:name]
+        v.memory = box[:mem]
+        v.cpus = box[:cpus]
+      end
+      target.vm.box_download_insecure = box[:box]
+      target.vm.box = box[:box]
+      if box.has_key?(:box_version)
+        target.vm.box_version = box[:box_version]
+      end
+
+      # issues/49
+      target.vm.synced_folder '.', '/vagrant', disabled: true
+
+      # IP
+      target.vm.network :private_network, ip: box[:ip]
+
+      # OS specific
+      if box[:os] == "windows"
+        target.vm.guest = :windows
+        target.vm.communicator = "winrm"
+        target.vm.provision :shell, :path => "../../../vagrant/Install-WMF3Hotfix.ps1", privileged: false
+        target.vm.provision :shell, :path => "../../../vagrant/ConfigureRemotingForAnsible.ps1", privileged: false
+      else
+        target.vm.communicator = "ssh"
+      end
+
+      if box.has_key?(:forwarded_port)
+        # forwarded port explicit
+        box[:forwarded_port] do |forwarded_port|
+          target.vm.network :forwarded_port, guest: forwarded_port[:guest], host: forwarded_port[:host], host_ip: "127.0.0.1", id: forwarded_port[:id]
+        end
+      end
+    end
+  end
+end