In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-04 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Development >
Share
Shulou(Shulou.com)06/02 Report--
This article mainly explains "how to configure Docker image Docker-For-Pentest". The explanation in this article is simple and clear, easy to learn and understand. Please follow the ideas of Xiaobian and study and learn "how to configure Docker image Docker-For-Pentest" together!
Docker-For-Pentest
Docker-For-Pentest is a Docker image designed for penetration testers with a large number of pre-configured tools. The image comes with a large number of commonly used security tools and helps researchers set up penetration testing environments in the most convenient and fast way.
function introduction
Operating system, network system, test environment and security tools required for penetration testing are pre-installed;
Support for connecting HTB (Hack the Box) to access HTB devices;
Common dictionaries are pre-installed: SecLists, dirb, dirbuster, fuzzdb, wfuzz, and rockyou;
Support sending traffic from any browser via proxy service, Burp Suite pre-installed in local directory;
Available databases pre-installed;
Pre-installed password cracking tools;
Linux enumeration tools are pre-installed;
Pre-installed service scanning tool;
Pre-installed directory fuzz testing tool;
Linux processes can be monitored without root privileges;
Pre-installed Zsh Shell tool;
List of Pre-Installed Tools Operating System Tools
rdate
vim
zsh
oh-my-zsh
locate
cifs-utils
htop
gotop
networking tools
traceroute
telnet
net-tools
iputils-ping
tcpdump
openvpn
whois
host
prips
dig
developer tools
git
curl
wget
ruby
go
python
python-pip
python3
python3-pip
php
aws-cli
tojson
nodejs
port scanning
nmap
masscan
ScanPorts
subdomain scanning
Amass
GoBuster
Knock
MassDNS
Altdns
spyse
Sublist3r
findomain
subfinder
spiderfoot
haktldextract
subdomain takeover
subjack
SubOver
tko-subs
DNS query
hakrevdns
screen shot
gowitness
aquatone
web crawler
hakrawler
Photon
gospider
gau
otxurls
waybackurls
directory search
dirsearch
fuzz testing
wfuzz
ffuf
Web scanning
whatweb
wafw00z
nikto
arjun
httprobe
striker
hakcheckurl
content management system
wpscan
joomscan
droopescan
cmseek
JS related
LinkFinder
getJS
subjs
dictionary correlation
wfuzz
SecList
Fuzzdb
Dirbuster
Dirb
Rockyou
txt
Crunch
Cewl
Git repository
gitleaks
gitrob
gitGraber
github-search
GitTools
mobile side
apktool
brute force
crowbar
hydra
patator
medusa
password cracking
hashid
john the ripper
hashcat
Operating system enumeration
htbenum
linux-smart-enumeration
linenum
enum4linux
ldapdomaindump
PEASS - Privilege Escalation Awesome Scripts SUITE
Windows Exploit Suggester - Next Generation
smbmap
pspy - unprivileged Linux process snooping
smbclient
ftp
exploitability of the vulnerability in relation to
searchsploit
Metasploit
MS17-010
AutoBlue-MS17-010
PrivExchange
Windows tools
evil-winrm
impacket
CrackMapExec
Nishang
Juicy Potato
PowerSploit
pass-the-hash
mimikatz
gpp-decrypt
reverse Shell
netcat
rlwrap
other services
apache2
squid
Tools Deployment & Use
Before using the tool, we first need to install and configure Docker services. We can use this Docker image in two ways.
Option 1-Use GitHub repository git clone --depth 1 https://github.com/aaaguirrep/pentest.gitcd pentestdocker build -t pentest .docker run --rm -it --name my-pentest pentest /bin/zsh Option 2-Get image from Docker Hub
The Docker Hub address for this project is aaaguirrep/pentest.
docker pull aaaguirrep/pentestdocker run --rm -it --name my-pentest pentest /bin/zsh container run
The use of this mirror applies to a variety of scenarios, and we need to choose how to use this tool for different scenarios.
Use containers and access HTB (Hack the Box) devices via HTB VPN:
docker run --rm -it --cap-add=NET_ADMIN --device=/dev/net/tun --sysctl net.ipv6.conf.all.disable_ipv6=0 --name my-pentest aaaguirrep/pentest /bin/zsh
Share local directory contents with containers and save data in local directories:
docker run --rm -it -v /path/to/local/directory:/pentest --name my-pentest aaaguirrep/pentest /bin/zsh
3. Expose internal Kubernetes Engine (apache, squid) to local environment:
docker run --rm -it --name my-pentest -p 80:80 -p 3128:3128 aaaguirrep/pentest /bin/zsh
In containers, apache2 and squid are turned on by the following aliases:
apacheUp squidUp
4. Load the directory with the following command:
docker run --rm -it --privileged --name my-pentest aaaguirrep/pentest /bin/zsh
At this point, all tools will be downloaded to the/tools directory.
environmental testing
The image has been tested and works correctly in the following environments:
macOS:Docker version 19.03.5, build 633a0ea
Linux:Docker version 19.03.6, build 369ce74a3c
license agreement
This project was developed and released under the MIT Open Source License.
Thank you for reading, the above is "how to configure Docker image Docker-For-Pentest" content, after the study of this article, I believe you have a deeper understanding of how to configure Docker image Docker-For-Pentest this problem, the specific use of the situation still needs to be verified. Here is, Xiaobian will push more articles related to knowledge points for everyone, welcome to pay attention!
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.