Docker for pentest is an image with the more used tools to create an pentest environment easily and quickly.
- OS, networking, developing and pentesting tools installed.
- Connection to HTB (Hack the Box) vpn to access HTB machines.
- Popular wordlists installed: SecLists, dirb, dirbuster, fuzzdb, wfuzz and rockyou.
- Proxy service to send traffic from any browsers and burp suite installed in your local directory.
- Exploit database installed.
- Tool for cracking password.
- Linux enumeration tools installed.
- Tools installed to discovery services running.
- Tools installed to directory fuzzing.
- Monitor for linux processes without root permissions
- Zsh shell installed.
- rdate
- vim
- zsh
- oh-my-zsh
- locate
- cifs-utils
- htop
- gotop
- traceroute
- telnet
- net-tools
- iputils-ping
- tcpdump
- openvpn
- whois
- host
- prips
- dig
- git
- curl
- wget
- ruby
- go
- python
- python-pip
- python3
- python3-pip
- php
- aws-cli
- tojson
- nodejs
- Subdomains
- Subdomain takeover
- DNS Lookups
- π· Screenshot
- πΈοΈ Crawler
- π Search directories
- Fuzzer
- Web Scanning
- CMS
- Search JS
- htbenum
- linux-smart-enumeration
- linenum
- enum4linux
- ldapdomaindump
- PEASS - Privilege Escalation Awesome Scripts SUITE
- Windows Exploit Suggester - Next Generation
- smbmap
- pspy - unprivileged Linux process snooping
- smbclient
- ftp
- evil-winrm
- impacket
- CrackMapExec
- Nishang
- Juicy Potato
- PowerSploit
- pass-the-hash
- mimikatz
- gpp-decrypt
- pentest-tools from @gwen001
- qsreplace from @tomnomnom
- NmapExtractPorts from @s4vitar
- apache2
- squid
See the project's wiki for documentation.
- Docker service installed
You can use the docker image by the next two options:
git clone --depth 1 https://github.com/aaaguirrep/pentest.git
cd pentest
docker build -t pentest .
docker run --rm -it --name my-pentest pentest /bin/zsh
Use image from docker hub: aaaguirrep/pentest
docker pull aaaguirrep/pentest
docker run --rm -it --name my-pentest pentest /bin/zsh
There are differents use cases for use the image and you should know how to run the container properly.
-
Use the container to access HTB (Hack the Box) machines by HTB vpn.
docker run --rm -it --cap-add=NET_ADMIN --device=/dev/net/tun --sysctl net.ipv6.conf.all.disable_ipv6=0 --name my-pentest aaaguirrep/pentest /bin/zsh -
Share information from your local directory to container directory and save information on your local directory. You should save information under /pentest directory.
docker run --rm -it -v /path/to/local/directory:/pentest --name my-pentest aaaguirrep/pentest /bin/zsh -
Expose internal container services (apache, squid) for your local environment.
docker run --rm -it --name my-pentest -p 80:80 -p 3128:3128 aaaguirrep/pentest /bin/zshInside the container start apache2 and squid services by the aliases.
apacheUp squidUp -
Mount directories by umount command.
docker run --rm -it --privileged --name my-pentest aaaguirrep/pentest /bin/zsh -
Tools are downloaded in /tools directory.
You can set up the docker image with nice configurations like as:
To use access keys, tokens or API Keys in the docker review the next repo docker-pentest-config
To use both options you should use -v option to map local directoty with /pentest container directory.
Add the next line in step "Create shorcuts" in Dockerfile, build a new image and run a new container with the -v option.
RUN echo "alias vpnhtb=\"openvpn /pentest/path/to/ovpn/file\"" >> /root/.zshrc
Create a new Dockerfile with the next steps, build a new image and run a new container with -v option.
FROM aaaguirrep/pentest
# Create a shortcut and load the ovpn file from workstation
RUN echo "alias vpnhtb=\"openvpn /pentest/path/to/ovpn/file\"" >> /root/.zshrc
When you delete a container all information is deleted incluide command history. The next configuration provides you an option for save the command history in your local environment and load it when you run a new container. So, you wont lose your command history when run a new container.
To use both options you should use -v option to map local directoty with /pentest container directory.
Add the next line in step "Create shorcuts" in Dockerfile, build a new image and run a new container.
# Save and load command history in your local environment
RUN sed -i '1i export HISTFILE="/pentest/.zsh_history"' /root/.zshrc
Create a new Dockerfile with the next steps, build a new image and run a new container.
FROM aaaguirrep/pentest
# Save and load command history in your local environment
RUN sed -i '1i export HISTFILE="/pentest/.zsh_history"' /root/.zshrc
The image was tested in the following environments:
-
Docker service for Mac: Docker version 19.03.5, build 633a0ea
-
Docker service for Linux instance on Google Cloud Platform: Docker version 19.03.6, build 369ce74a3c
-
Do not save information on container directories because it will be lost after delete the container, you should save information in your local environment using the parameter -v when you run the container. For instance:
docker run --rm -it -v /path/to/local/directory:/pentest --name my-pentest aaaguirrep/pentest /bin/zshThe above command specify a path local directory mapped with /pentest container directory. You should save all information under /pentest directory.
-
Use hashcat and john the ripper on controlled environments as CTF. You can experiment issues.
Copyright (c) 2020, Arsenio Aguirre
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent