Shulou(Shulou.com)06/02 Report--

This article mainly explains "how to configure Docker image Docker-For-Pentest". The explanation in this article is simple and clear, easy to learn and understand. Please follow the ideas of Xiaobian and study and learn "how to configure Docker image Docker-For-Pentest" together!

Docker-For-Pentest

Docker-For-Pentest is a Docker image designed for penetration testers with a large number of pre-configured tools. The image comes with a large number of commonly used security tools and helps researchers set up penetration testing environments in the most convenient and fast way.

function introduction

Operating system, network system, test environment and security tools required for penetration testing are pre-installed;

Support for connecting HTB (Hack the Box) to access HTB devices;

Common dictionaries are pre-installed: SecLists, dirb, dirbuster, fuzzdb, wfuzz, and rockyou;

Support sending traffic from any browser via proxy service, Burp Suite pre-installed in local directory;

Available databases pre-installed;

Pre-installed password cracking tools;

Linux enumeration tools are pre-installed;

Pre-installed service scanning tool;

Pre-installed directory fuzz testing tool;

Linux processes can be monitored without root privileges;

Pre-installed Zsh Shell tool;

List of Pre-Installed Tools Operating System Tools

rdate

vim

zsh

oh-my-zsh

locate

cifs-utils

htop

gotop

networking tools

traceroute

telnet

net-tools

iputils-ping

tcpdump

openvpn

whois

host

prips

dig

developer tools

git

curl

wget

ruby

go

python

python-pip

python3

python3-pip

php

aws-cli

tojson

nodejs

port scanning

nmap

masscan

ScanPorts

subdomain scanning

Amass

GoBuster

Knock

MassDNS

Altdns

spyse

Sublist3r

findomain

subfinder

spiderfoot

haktldextract

subdomain takeover

subjack

SubOver

tko-subs

DNS query

hakrevdns

screen shot

gowitness

aquatone

web crawler

hakrawler

Photon

gospider

gau

otxurls

waybackurls

directory search

dirsearch

fuzz testing

wfuzz

ffuf

Web scanning

whatweb

wafw00z

nikto

arjun

httprobe

striker

hakcheckurl

content management system

wpscan

joomscan

droopescan

cmseek

JS related

LinkFinder

getJS

subjs

dictionary correlation

wfuzz

SecList

Fuzzdb

Dirbuster

Dirb

Rockyou

txt

Crunch

Cewl

Git repository

gitleaks

gitrob

gitGraber

github-search

GitTools

mobile side

apktool

brute force

crowbar

hydra

patator

medusa

password cracking

hashid

john the ripper

hashcat

Operating system enumeration

htbenum

linux-smart-enumeration

linenum

enum4linux

ldapdomaindump

PEASS - Privilege Escalation Awesome Scripts SUITE

Windows Exploit Suggester - Next Generation

smbmap

pspy - unprivileged Linux process snooping

smbclient

ftp

exploitability of the vulnerability in relation to

searchsploit

Metasploit

MS17-010

AutoBlue-MS17-010

PrivExchange

Windows tools

evil-winrm

impacket

CrackMapExec

Nishang

Juicy Potato

PowerSploit

pass-the-hash

mimikatz

gpp-decrypt

reverse Shell

netcat

rlwrap

other services

apache2

squid

Tools Deployment & Use

Before using the tool, we first need to install and configure Docker services. We can use this Docker image in two ways.

Option 1-Use GitHub repository git clone --depth 1 https://github.com/aaaguirrep/pentest.gitcd pentestdocker build -t pentest .docker run --rm -it --name my-pentest pentest /bin/zsh Option 2-Get image from Docker Hub

The Docker Hub address for this project is aaaguirrep/pentest.

docker pull aaaguirrep/pentestdocker run --rm -it --name my-pentest pentest /bin/zsh container run

The use of this mirror applies to a variety of scenarios, and we need to choose how to use this tool for different scenarios.

Use containers and access HTB (Hack the Box) devices via HTB VPN:

docker run --rm -it --cap-add=NET_ADMIN --device=/dev/net/tun --sysctl net.ipv6.conf.all.disable_ipv6=0 --name my-pentest aaaguirrep/pentest /bin/zsh

Share local directory contents with containers and save data in local directories:

docker run --rm -it -v /path/to/local/directory:/pentest --name my-pentest aaaguirrep/pentest /bin/zsh

3. Expose internal Kubernetes Engine (apache, squid) to local environment:

docker run --rm -it --name my-pentest -p 80:80 -p 3128:3128 aaaguirrep/pentest /bin/zsh

In containers, apache2 and squid are turned on by the following aliases:

apacheUp squidUp

4. Load the directory with the following command:

docker run --rm -it --privileged --name my-pentest aaaguirrep/pentest /bin/zsh

At this point, all tools will be downloaded to the/tools directory.

environmental testing

The image has been tested and works correctly in the following environments:

macOS：Docker version 19.03.5, build 633a0ea

Linux：Docker version 19.03.6, build 369ce74a3c

license agreement

This project was developed and released under the MIT Open Source License.

Thank you for reading, the above is "how to configure Docker image Docker-For-Pentest" content, after the study of this article, I believe you have a deeper understanding of how to configure Docker image Docker-For-Pentest this problem, the specific use of the situation still needs to be verified. Here is, Xiaobian will push more articles related to knowledge points for everyone, welcome to pay attention!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.