Skip to content
Traffic Generator

Prerequisites

Required

Section titled “Required”

Azure Subscription

Section titled “Azure Subscription”

An active Azure subscription with Contributor role or equivalent permissions to create:

  • Resource groups
  • Virtual networks and subnets
  • Network security groups
  • Public IP addresses
  • Virtual machines (Standard_F16s_v2 default)

Azure CLI

Section titled “Azure CLI”

Install and authenticate the Azure CLI to retrieve your subscription ID:

Terminal window
curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash


az login


az account show --query '{name:name, id:id}' -o table

Copy the id value — this is the subscription_id required by Terraform.

Terraform

Section titled “Terraform”

Terraform >= 1.5 is required:

Terminal window
terraform version

If not installed, use the HashiCorp APT repository:

Terminal window
wget -O- https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
sudo apt update && sudo apt install terraform

SSH Key Pair

Section titled “SSH Key Pair”

An SSH key pair for VM access. Ed25519 is recommended:

Terminal window
ssh-keygen -t ed25519 -f ~/.ssh/traffic-generator-key -N ""

Network Access

Section titled “Network Access”

The Traffic Generator VM requires outbound HTTPS access during provisioning to download tools from:

  • GitHub Releases (nuclei, dalfox, ffuf, gobuster, feroxbuster, subfinder, httpx, amass)
  • PyPI (sqlmap, scapy, impacket, arjun, pwntools, mitmproxy, sslyze, playwright)
  • npm registry (puppeteer, puppeteer-extra-plugin-stealth)
  • Ubuntu APT repositories (nikto, nmap, masscan, hydra, tshark, and other system packages)
  • Git repositories (testssl.sh, recon-ng, spiderfoot, SecLists)

If your Azure subscription enforces outbound firewall rules or NSG restrictions, ensure HTTPS (port 443) to these sources is allowed during the initial provisioning window (15-25 minutes).

Pre-deployed Components

Section titled “Pre-deployed Components”

Before deploying the Traffic Generator, you should have:

  1. Origin Server deployed and reachable (see origin-server docs)
  2. F5 XC HTTP Load Balancer configured with the origin server as the backend
  3. A WAF policy attached to the load balancer (for WAF traffic validation)

The target_fqdn Terraform variable should be set to the F5 XC load balancer’s public domain.